AuthUser is a DxpNode that implements the Authenticator interface restrict access to a DxpPage.
@see com.plands.servlet.util.Authenticator.

Before a DxpPage is run by the DxpServlet it is checked for an Authenticator. If one is present on the page that is used to check the privilege of a user request to access the page. This can be be done by checking a user's password to a protected realm resource or by checkig for a sessionID that has been granted for this user to this resource. The action taken depends on other tags enclosed by the AuthUser tag.

When a user is successfully authenticated and authorized to access a resource name at the requested privilege level a UserSession will be returned and to servlet. Then the servlet will create a DxpRequest that contains the UserSession and pass that to the page to run. User authentication is done by an AuthService used by the DxpServlet.

In the first example the tag is used to check a username and password and see if this identifies a user that has the required privilege to the named resource. This may be found in a cache operated by the AuthService or that service may have checked with another source to get it. The type attribute defines the authentication process.

Lifespan defines how many minutes the authentication for this user is cached. After that the UserSession may be removed from the AuthService cache. For type PW the database will be rechecked automatically if the user is not found in the cache.

  
<dxp:AuthUser type="PW" lifespan="120" store="user">
   <dxp:Referer>http://mydomain.com/postform.html</dxp:Referer>
   <dxp:Resource priv="POST" name="mycompany.timelog" />
</dxp:AuthUser>

In the second example the username and password is checked and then a sessionID is created for the user. This is a new session so the cached data is not used. If the user is authenticated and authorized a session record will be entered into a session database and the UserSession will be stored in a cache. There is also a new attribute called database which must hold the name of the database connection pool used to access the database that stores session records for this page.

<dxp:AuthUser type="PWSESSION" database="mycompany" lifespan="120" store="user">
   <dxp:Resource priv="POST" name="mycompany.timelog" />
</dxp:AuthUser>

PWSESSION creates sessions that can be found on another page using the following:

<dxp:AuthUser type="SESSION" database="mycompany" lifespan="120" store="user">
   <dxp:Resource priv="POST" name=".timelog" />
   <dxp:Redirect>http://mydomain.com/timeout.html</dxp:Redirect>
</dxp:AuthUser>

NOTE: there is an important difference in the name attribute of the Resource tag surrounded by this session. The realm part of the Resource name is missing so that "mycompany.timelog" is now ".timelog". Note that the resource name is preceeded by a '.' char. The realm name will be added automatically by the backend system when the type="SESSION". If the tag that created this session specified a realm name without a subresource (mycompay rather than mycompany.shopping) then just use a '.' char in the SESSION tag.

Creating a session in one zone and then using it in another can be used to span the user across different zones or virtual hosts. This is often used to loing a user in SSL with the username and password, and type="PWSESSION" and then move them to a non-SSL host with type="SESSION". The SESSION will be used as a standin for their username and password until it expires.

Return to Index

Note: We have tried to test all of the code examples but they may contain errors. Any questions, comments, suggestions, or problems should be sent to info@plands.com.