- All Implemented Interfaces:
- java.io.Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig
public class LoginHandler
extends javax.servlet.http.HttpServlet
This class handles to basic login/logout functionality and session creation/destruction.
This class defines the APIs available for client authentication. Note that it is also possible to authenticate by IP address without username or password check, but the functionality must be enabled per IP basis using the front-end system configuration, and is in general recommended only for analysis back-ends. The IP authentication configuration is out of scope for this documentation.
The user authorization is done by checking the presence and validity of a session ID in the header list (cookie) of the executed HTTP request. The session ID can be generated by any of the login methods documented in this specification. It is also possible to provide the authentication details, such as username and password for HTTP basic authentication, for each request, though this is not necessary.
The default configuration prevents multiple logins, and re-authentication will automatically invalidate the previous session, creating a new a session and a new session ID.
This class is generally bound using web.xml to be outside of REST handler, working independently from the service invocation functionality.
- See Also:
- Serialized Form