...
| Panel |
|---|
| title | LoginController inheritence |
|---|
|
For reference, the following is the class hierarchy for LoginController. Highlighted methods are those involved in the discussion below. | Tip |
|---|
| icon | false |
|---|
| title | LoginController |
|---|
| |
extends | Note |
|---|
| icon | false |
|---|
| title | SimpleFormController |
|---|
| |
extends | Note |
|---|
| icon | false |
|---|
| title | AbstractFormController |
|---|
| - protected abstract ModelAndView processFormSubmission(
HttpServletRequest request, HttpServletResponse response, Object command, BindException errors) throws Exception; - protected final Object getCommand(HttpServletRequest request) throws Exception;
- protected Object formBackingObject(HttpServletRequest request) throws Exception {};
|
extends | Note |
|---|
| icon | false |
|---|
| title | BaseCommandController |
|---|
| - protected Object getCommand(HttpServletRequest request) {}
- protected final Object createCommand() throws InstantiationException, IllegalAccessException;
- protected final ServletRequestDataBinder bindAndValidate(HttpServletRequest request, Object command) throws Exception {}
|
extends | Note |
|---|
| icon | false |
|---|
| title | AbstractController |
|---|
| - public final ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) throws Exception {}
- protected abstract ModelAndView handleRequestInternal(HttpServletRequest request, HttpServletResponse response) throws Exception;
|
extends | Note |
|---|
| icon | false |
|---|
| title | WebContentGenerator |
|---|
| |
extends | Note |
|---|
| icon | false |
|---|
| title | WebApplicationObjectSupport |
|---|
| |
extends | Note |
|---|
| icon | false |
|---|
| title | ApplicationObjectSupport |
|---|
| |
|
...
What we need to do is to examine the request and determine what kind of Credentials we need and to instantiate that credentials and configure it accordingly. We need to do so in complete freedom to come back with any kind of Credentials.
Accordingly, here is 's an alternative formulation of the interface for the plugin that goes from HttpServletRequests to Credentials:
| Code Block |
|---|
/**
* Interface for components that know how to extract from HttpServletRequest
* whatever it is that constitutes actual arguments of the request for authentication.
*/
public interface RequestToCredentials {
/**
* Parse an HttpServletRequest and extract from it whatever it is that is necessary as input to the AuthenticationHandler
* which will examine the request for authentication represented by the HttpServletRequest. Return an Object
* encapsulating that extracted information. Specific implementations will return specific objects which in turn specific
* AuthenticationHandler implementations will expect and consume.
* @returns an object representing the relevant information for the authentication request
* @throws RuntimeException - indicates failure
*/
Object credentialsFromHttpServletRequest(HttpServletRequest httpServletRequest);
/**
* Returns true if authenticationRequestFromHttpServletRequest() will return an Object for the given
* argument. Returns false if this other method will throw a RuntimeException for the given argument.
*
* This method exists to allow a client of this class to efficiently determine whether it should use this
* RequestToCredentials or whether doing so will only throw an exception.
*/
boolean supports(HttpServletRequest httpServletRequest);
}
|
Now, we might like to over-ride the BaseCommandController's implmentation of getCommand():
| Code Block |
|---|
| title | BaseCommandController's implementation of getCommand() |
|---|
|
protected Object getCommand(HttpServletRequest request) throws Exception {
return createCommand();
}
|
to apply a RequestToCredentials instance that we've added as a dependency of LoginController:
| Code Block |
|---|
| title | a getCommand() implementation that delegates to a RequestToCredentials |
|---|
|
protected Object getCommand(HttpServletRequest request) throws Exception {
return this.requestToCredentials.credentialsFromHttpServletRequest(request);
}
|
however, we cannot do this, because AbstractFormController finalized its implementation of getCommand(), which attempts to provide an instance of a JavaBean to back the HTML Form, because after all AbstractFormController is about forms.
| Code Block |
|---|
| title | AbstractFormController's getCommand() implementation |
|---|
|
protected final Object getCommand(HttpServletRequest request) throws Exception {
if (!isSessionForm()) {
return formBackingObject(request);
}
HttpSession session = request.getSession(false);
if (session == null) {
throw new ServletException("Must have session when trying to bind");
}
Object formObject = session.getAttribute(getFormSessionAttributeName());
session.removeAttribute(getFormSessionAttributeName());
if (formObject == null) {
throw new ServletException("Form object not found in session");
}
return formObject;
}
|
However, it does have that formBackingObject() method:
| Code Block |
|---|
| title | AbstractFormController formBackingObject() |
|---|
|
protected Object formBackingObject(HttpServletRequest request) throws Exception {
return createCommand();
}
|
Copyright notice
Cited code snippets from The Spring Framework are used here for the purpose of explaining CAS 3's usage of this framework. The Spring Framework is subject to license agreement.