AuthenticatedWebSession (Wicket Auth Roles 7.2.0 API)

java.lang.Object
- org.apache.wicket.Session
- - org.apache.wicket.protocol.http.WebSession
  - - org.apache.wicket.authroles.authentication.AbstractAuthenticatedWebSession
    - - org.apache.wicket.authroles.authentication.AuthenticatedWebSession

All Implemented Interfaces:

Serializable, IEventSink, org.apache.wicket.util.io.IClusterable
```
public abstract class AuthenticatedWebSession
extends AbstractAuthenticatedWebSession
```
Basic authenticated web session. Subclasses must provide a method that authenticates the session based on a username and password, and a method implementation that gets the Roles

Author:

Jonathan Locke

See Also:
Serialized Form

Field Summary
- Fields inherited from class org.apache.wicket.Session
  clientInfo, SESSION_ATTRIBUTE_NAME

Constructor Summary

Constructors
Constructor and Description

AuthenticatedWebSession(org.apache.wicket.request.Request request)
Construct.

Constructors
Constructor and Description
`AuthenticatedWebSession(org.apache.wicket.request.Request request)` Construct.

Method Summary

Methods
Modifier and Type	Method and Description
`protected abstract boolean`	`authenticate(String username, String password)` Actual authentication check, has to be implemented by subclasses.
`static AuthenticatedWebSession`	`get()`
`void`	`invalidate()` Call signOut() and remove the logon data from where ever they have been persisted (e.g.
`boolean`	`isSignedIn()`
`protected void`	`signIn(boolean value)` Cookie based logins (remember me) may not rely on putting username and password into the cookie but something else that safely identifies the user.
`boolean`	`signIn(String username, String password)` Try to logon the user.
`void`	`signOut()` Sign the user out.

Methods inherited from class org.apache.wicket.authroles.authentication.AbstractAuthenticatedWebSession
getRoles

Methods inherited from class org.apache.wicket.protocol.http.WebSession
getClientInfo, newBrowserInfoPage

Methods inherited from class org.apache.wicket.Session
bind, clear, debug, detach, dirty, dirty, error, exists, fatal, getApplication, getAttribute, getAttributeNames, getAuthorizationStrategy, getClassResolver, getFeedbackMessages, getId, getLocale, getMetaData, getPageFactory, getPageManager, getSessionStore, getSizeInBytes, getStyle, info, internalDetach, invalidateNow, isSessionInvalidated, isTemporary, newPageAccessSynchronizer, nextPageId, nextSequenceValue, onEvent, onInvalidate, removeAttribute, replaceSession, setAttribute, setClientInfo, setLocale, setMetaData, setStyle, success, warn

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - AuthenticatedWebSession
```
public AuthenticatedWebSession(org.apache.wicket.request.Request request)
```
    Construct.
    
    Parameters:
    request - The current request object
- Method Detail
  - get
```
public static AuthenticatedWebSession get()
```
    Returns:
    Current authenticated web session
  - signIn
```
public final boolean signIn(String username,
             String password)
```
    Try to logon the user. It'll call authenticate(String, String) to do the real work and that is what you need to subclass to provide your own authentication mechanism.
    
    Parameters:
    username -
    password -
    
    Returns:
    true, if logon was successful
  - authenticate
```
protected abstract boolean authenticate(String username,
                   String password)
```
    Actual authentication check, has to be implemented by subclasses.
    
    Parameters:
    username - The username
    password - The password
    
    Returns:
    True if the user was authenticated successfully
  - signIn
```
protected final void signIn(boolean value)
```
    Cookie based logins (remember me) may not rely on putting username and password into the cookie but something else that safely identifies the user. This method is meant to support these use cases. It is protected (and not public) to enforce that cookie based authentication gets implemented in a subclass (like you need to implement authenticate(String, String) for 'normal' authentication).
    
    Parameters:
    value -
    See Also:
    authenticate(String, String)
  - isSignedIn
```
public final boolean isSignedIn()
```
    Specified by:
    
    isSignedIn in class AbstractAuthenticatedWebSession
    
    Returns:
    true, if user is signed in
  - signOut
```
public void signOut()
```
    Sign the user out.
  - invalidate
```
public void invalidate()
```
    Call signOut() and remove the logon data from where ever they have been persisted (e.g. Cookies)
    
    Overrides:
    
    invalidate in class WebSession

Class AuthenticatedWebSession

Field Summary

Fields inherited from class org.apache.wicket.Session

Constructor Summary

Method Summary

Methods inherited from class org.apache.wicket.authroles.authentication.AbstractAuthenticatedWebSession

Methods inherited from class org.apache.wicket.protocol.http.WebSession

Methods inherited from class org.apache.wicket.Session

Methods inherited from class java.lang.Object

Constructor Detail

AuthenticatedWebSession

Method Detail

get

signIn

authenticate

signIn

isSignedIn

signOut

invalidate