J F W

HOW TO : CORE

authentication process

The authentication process is based on the database schema you can find at here and the authentication logic must be implemented in the main project action.

Let's see now the classes offered by the framework for authenticating a user.

com.jfw.authentication. Authentication

For authenticating a user, all you have to do is to use this class as in the next example:

Authentication authentication = new Authentication(); UserData userData = authentication.authenticate(request, response);

The method authenticate return a not null UserData object if:

1. exist in HttpSession (associated with key USER_DATA_IN_SESSION_KEY) a UserData object. This is possible only if the user is already authenticated.
2. parameters username and password found in HttpServletRequest and exist in table USERS a user with that credentials.
   In this case will be set in the HttpServletResponse object, a cookie with user credentials and also the UserData object will be added to the session.
   Remember that from your actions you can use the method getUser for getting the UserData object.
3. exist the authentication cookie and contains the credential data (user_id and user_name) of an existing user.

If the return value is null then:

1. or the username/password parameters not found in the request.
2. or are not exist in database a user with that data.

You can distinguish the two above cases using the method existUserInRequest.

com.jfw.authentication. AuthenticationCookie

This cookie is set in method authenticate when the credentials data found in the request belong to a registered user.
The name of the cookie is jfw and the value is the user_id and the user_name.
By default, the cookie is valid until the close of the browser: if you want to change this behavior, you have to set the value of the attribute DEFAULT_COOKIE_AGE.

com.jfw.authentication. UserData

This object is returned by method authenticate when the credentials data found in the request belong to a registered user.
In this object are saved the credential data of a user. The type of data saved in this object are the same for all projects based on JFW. The project relative user data is saved in the UserProfile object.

com.jfw.authentication. UserProfile

In this object are saved the project specific user data. You have to create a class that implements this one.
Normally, after a successfully authentication, a project specific class/method will be called for retrieving that data (for example from the database or from another system).
Once the UserProfile object is created you have to add it in UserData using method setUserProfile.
Of course, if your application doesn't need other than the default user data, then you don't have to create and set this object.

com.jfw.authentication. UserDataDB

This class is used for check if the username/password found in request or the user_id/user_name found in the authentication cookie belongs to a registered user.
Here is an example of use:

LoginForm loginForm = new LoginForm(); loginForm.setUsername("username"); loginForm.setPassword("password"); HashMap outputdata = new HashMap(); UserDataDB userDataDB = new UserDataDB(); userDataDB.setData(loginForm); userDataDB.execute(outputdata); userData = (UserData)outputdata.get(UserDataDB.USER_DATA_KEY);