- All Implemented Interfaces:
public class LoginFilter
- extends PasswordBasedLoginFilter
This is a filter that logs the user in. It works a little like J2EE form-based seraph, except it looks for the
parameters 'os_username' and 'os_password' instead of j_username and j_password.
The form post/get action should be the URL of the login servlet/JSP/action - given by SecurityFilter.LOGIN_URL.
If the parameters exist and authentication is successful, the user will be redirected by the filter to the URL given
by the session attribute at SecurityFilter.ORIGINAL_URL_KEY.
If this URL doesn't exist, it will look for a parameter 'os_destination' to use as the redirected URL instead.
If neither is found, it is assumed that the page will check the authorisation status and handle redirection itself.
From the any other filter in the request, or the servlet/JSP/action which processes the request, you can look up the
status of the authorisation attempt. The status is a String request attribute, with the key 'os_authstatus'.
The possible statuses are:
- LoginFilter.LOGIN_SUCCESS - the login was processed, and user was logged in
- LoginFilter.LOGIN_FAILURE - the login was processed, the user gave a bad username or password
- LoginFilter.LOGIN_ERROR - the login was processed, an exception occurred trying to log the user in
- LoginFilter.LOGIN_NOATTEMPT - the login was no processed, no form parameters existed
|Methods inherited from class com.atlassian.seraph.filter.BaseLoginFilter
destroy, doFilter, getAuthenticationContext, getAuthenticator, getElevatedSecurityGuard, getFilterConfig, getSecurityConfig, init, isAbsoluteUrl, redirectToOriginalDestination, setFilterConfig
|Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
protected PasswordBasedLoginFilter.UserPasswordPair extractUserPasswordPair(javax.servlet.http.HttpServletRequest request)
- Description copied from class:
- Returns a username password pair for this request. If this request does not contain user credentials - returns
- Specified by:
extractUserPasswordPair in class
request - the HTTP request in play
- user credentials or null
Copyright © 2013 Atlassian. All Rights Reserved.