Class FormAuthenticationErrorInterceptor<A extends ExchangeContext,B extends ErrorExchange<A>>
- Type Parameters:
A- the context typeB- the error echange type
- All Implemented Interfaces:
ExchangeInterceptor<A,B>
An authentication error interceptor that redirects (302) the client to a login page.
This interceptor is usually used in conjunction with a LoginActionHandler and a LogoutActionHandler. The login action is targeted by the login page in order to authenticate the
login credentials provided by the user and the logout action allows to free resources and invalidate any temporary credentials resulting from the login process and communicated to the authenticated
user.
It is important to understand the difference between login and authentication: whereas authentication is involved in the login process to authenticate login credentials with the aim of signing in a user in an application, login is usually not involved during authentication which consists in validating credentials with the aim of granting access to a protected resource.
More specifically, a successful login usually results in temporary credentials (e.g. a token) being created and communicated to the authenticated user which can reuse them to access protected services or resources in further requests. The login process is then performed once whereas the authentication process is performed on all requests.
- Since:
- 1.5
- Author:
- Jeremy Kuhn
-
Field Summary
FieldsFields inherited from class io.inverno.mod.security.http.AuthenticationErrorInterceptor
terminal -
Constructor Summary
ConstructorsConstructorDescriptionCreates a form authentication error interceptor that redirects the client to the default login page URI.FormAuthenticationErrorInterceptor(String loginUri) Creates a form authentication error interceptor that redirects the client to the specified login page URI. -
Method Summary
Modifier and TypeMethodDescriptionReturns the login page URI.Intercepts the exchange before the exchange handler is invoked.protected voidinterceptUnauthorized(B exchange) Intercepts an unauthorized exchange.Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface io.inverno.mod.http.server.ExchangeInterceptor
andThen, compose
-
Field Details
-
DEFAULT_LOGIN_PAGE_URI
The default login page URI:/login.- See Also:
-
-
Constructor Details
-
FormAuthenticationErrorInterceptor
public FormAuthenticationErrorInterceptor()Creates a form authentication error interceptor that redirects the client to the default login page URI.
-
FormAuthenticationErrorInterceptor
Creates a form authentication error interceptor that redirects the client to the specified login page URI.
- Parameters:
loginUri- the login page URI
-
-
Method Details
-
getLoginUri
Returns the login page URI.
- Returns:
- the login page URI
-
intercept
Description copied from interface:ExchangeInterceptorIntercepts the exchange before the exchange handler is invoked.
- Specified by:
interceptin interfaceExchangeInterceptor<A extends ExchangeContext,B extends ErrorExchange<A>> - Overrides:
interceptin classAuthenticationErrorInterceptor<A extends ExchangeContext,B extends ErrorExchange<A>> - Parameters:
exchange- the server exchange to handle- Returns:
- a Mono emitting the exchange or an instrumented exchange to continue the exchange handling chain or an empty Mono to stop the exchange handling chain
-
interceptUnauthorized
Description copied from class:AuthenticationErrorInterceptorIntercepts an unauthorized exchange.
- Specified by:
interceptUnauthorizedin classAuthenticationErrorInterceptor<A extends ExchangeContext,B extends ErrorExchange<A>> - Parameters:
exchange- the unauthorized exchange to intercept- Throws:
HttpException- if there was an error intercepting the exchange
-