Package auth.gui

Class AuthService

java.lang.Object

auth.gui.AuthService

@Singleton
public class AuthService
extends java.lang.Object

Service class around authentication and the session cookie. It works together with the Signin controller and the @AuthAction.Auth annotation defined in AuthAction.

Field Summary

Fields

Modifier and Type	Field	Description
static java.lang.String	SESSION_KEEP_SIGNEDIN	Parameter name in Play's session cookie: true if the user wants to be kept signed in.
static java.lang.String	SESSION_LAST_ACTIVITY_TIME	Parameter name in Play's session cookie: It contains a timestamp of the last HTTP request done by the browser with this cookie
static java.lang.String	SESSION_SIGNIN_TIME	Parameter name in Play's session cookie: It contains the timestamp of the sign-in time
static java.lang.String	SESSION_USERNAME	Parameter name in Play's session cookie: It contains the username of the signed-in user
static java.lang.String	SIGNEDIN_USER	Key name used in RequestScope to store the signed-in User

Method Summary

Modifier and Type	Method	Description
boolean	authenticate(User user, java.lang.String password)	Authenticates the user with the given password.
java.lang.String	getRedirectPageAfterSignin(User user)	Returns the URL of the page the user visited last - or the URL of the home page.
User	getSignedinUser()	Gets the signed-in user from the RequestScope.
User	getSignedinUserBySessionCookie(play.mvc.Http.Session session)	Retrieves the signed-in user from Play's session.
boolean	isInactivityTimeout(play.mvc.Http.Session session)	Returns true if the session inactivity time as saved in Play's session cookie is older than allowed.
boolean	isRepeatedSigninAttempt(java.lang.String normalizedUsername, java.lang.String remoteAddress)	Returns true if there were already 3 sign-in attempts within the last minute with this username from this remoteAddress
boolean	isSessionKeepSignedin(play.mvc.Http.Session session)	Returns true if the user decided to be kept signed (checkbox on the sign-in page) AND if it is allowed to be kept signed in.
boolean	isSessionTimeout(play.mvc.Http.Session session)	Returns true if the session sign-in time as saved in Play's session cookie is older than allowed.
void	writeSessionCookie(play.mvc.Http.Session session, java.lang.String normalizedUsername, boolean keepSignedin)	Prepares Play's session cookie for the user with the given username to be signed-in.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SESSION_USERNAME

public static final java.lang.String SESSION_USERNAME

Parameter name in Play's session cookie: It contains the username of the signed-in user

See Also:

Constant Field Values

SESSION_SIGNIN_TIME

public static final java.lang.String SESSION_SIGNIN_TIME

Parameter name in Play's session cookie: It contains the timestamp of the sign-in time

See Also:

Constant Field Values

SESSION_LAST_ACTIVITY_TIME

public static final java.lang.String SESSION_LAST_ACTIVITY_TIME

Parameter name in Play's session cookie: It contains a timestamp of the last HTTP request done by the browser with this cookie

See Also:

Constant Field Values

SESSION_KEEP_SIGNEDIN

public static final java.lang.String SESSION_KEEP_SIGNEDIN

Parameter name in Play's session cookie: true if the user wants to be kept signed in. This means the session does not time out.

See Also:

Constant Field Values

SIGNEDIN_USER

public static final java.lang.String SIGNEDIN_USER

Key name used in RequestScope to store the signed-in User

See Also:

Constant Field Values

Method Detail

authenticate

public boolean authenticate(User user,
                            java.lang.String password)
                     throws javax.naming.NamingException

Authenticates the user with the given password.

Throws:

javax.naming.NamingException

isRepeatedSigninAttempt

public boolean isRepeatedSigninAttempt(java.lang.String normalizedUsername,
                                       java.lang.String remoteAddress)

Returns true if there were already 3 sign-in attempts within the last minute with this username from this remoteAddress

getSignedinUserBySessionCookie

public User getSignedinUserBySessionCookie(play.mvc.Http.Session session)

Retrieves the signed-in user from Play's session. If a user is signed-in their username is stored in Play's session cookie. With the username, a user can be retrieved from the database. Returns null if the session doesn't contain a username or if the user doesn't exist in the database.

In most cases, getSignedinUser() is faster since it doesn't have to query the database.

getSignedinUser

public User getSignedinUser()

Gets the signed-in user from the RequestScope. It was put into the RequestScope by the AuthenticationAction. Therefore, this method works only if you use the @Auth annotation at your action.

writeSessionCookie

public void writeSessionCookie(play.mvc.Http.Session session,
                               java.lang.String normalizedUsername,
                               boolean keepSignedin)

Prepares Play's session cookie for the user with the given username to be signed-in. Does not authenticate the user (use authenticate() for this).

isSessionKeepSignedin

public boolean isSessionKeepSignedin(play.mvc.Http.Session session)

Returns true if the user decided to be kept signed (checkbox on the sign-in page) AND if it is allowed to be kept signed in.

isSessionTimeout

public boolean isSessionTimeout(play.mvc.Http.Session session)

Returns true if the session sign-in time as saved in Play's session cookie is older than allowed.

isInactivityTimeout

public boolean isInactivityTimeout(play.mvc.Http.Session session)

Returns true if the session inactivity time as saved in Play's session cookie is older than allowed.

getRedirectPageAfterSignin

public java.lang.String getRedirectPageAfterSignin(User user)

Returns the URL of the page the user visited last - or the URL of the home page.