diff --git a/projects/samskivert/src/java/com/samskivert/servlet/user/UserManager.java b/projects/samskivert/src/java/com/samskivert/servlet/user/UserManager.java index 11496ccf..2b2f7c29 100644 --- a/projects/samskivert/src/java/com/samskivert/servlet/user/UserManager.java +++ b/projects/samskivert/src/java/com/samskivert/servlet/user/UserManager.java @@ -1,5 +1,5 @@ // -// $Id: UserManager.java,v 1.11 2002/05/01 01:50:05 shaper Exp $ +// $Id: UserManager.java,v 1.12 2002/05/02 01:15:09 shaper Exp $ // // samskivert library - useful routines for java programs // Copyright (C) 2001 Michael Bayne @@ -148,10 +148,44 @@ public class UserManager return user; } + /** + * Authenticates the requester and initiates an authenticated session + * for them. Note: The caller should make sure the user has + * been authenticated through some other means before calling this + * method. An authenticated session involves their receiving a cookie + * that proves them to be authenticated and an entry in the session + * database being created that maps their information to their + * userid. If this call completes, the session was established and the + * proper cookies were set in the supplied response object. If some + * other error occurs, an exception will be thrown. + * + * @param username The username supplied by the user. + * @param persist If true, the cookie will expire in one month, if + * false, the cookie will expire in 24 hours. + * @param rsp the response in which the cookie is to be set. + * + * @return the user object of the authenticated user. + */ + public User login (String username, boolean persist, + HttpServletResponse rsp) + throws PersistenceException, NoSuchUserException + { + // load up the requested user + User user = _repository.loadUser(username); + if (user == null) { + throw new NoSuchUserException("error.no_such_user"); + } + + // generate a session and set the user's auth cookie + generateSession(user, persist, rsp); + + return user; + } + /** * Attempts to authenticate the requester and initiate an * authenticated session for them. An authenticated session involves - * their receiving a cookie that provides them to be authenticated and + * their receiving a cookie that proves them to be authenticated and * an entry in the session database being created that maps their * information to their userid. If this call completes, the session * was established and the proper cookies were set in the supplied @@ -162,6 +196,7 @@ public class UserManager * @param password The plaintext password supplied by the user. * @param persist If true, the cookie will expire in one month, if * false, the cookie will expire in 24 hours. + * @param rsp the response in which the cookie is to be set. * * @return the user object of the authenticated user. */ @@ -179,6 +214,26 @@ public class UserManager throw new InvalidPasswordException("error.invalid_password"); } + // generate a session and set the user's auth cookie + generateSession(user, persist, rsp); + + return user; + } + + /** + * Creates a new session for the specified user in the session + * database table and sets an authentication cookie in the supplied + * servlet response. + * + * @param user the user for whom a session is to be generated. + * @param persist If true, the cookie will expire in one month, if + * false, the cookie will expire in 24 hours. + * @param rsp the response in which the cookie is to be set. + */ + protected void generateSession (User user, boolean persist, + HttpServletResponse rsp) + throws PersistenceException + { // generate a new session for this user String authcode = _repository.createNewSession(user, persist); // stick it into a cookie for their browsing convenience @@ -190,8 +245,6 @@ public class UserManager acookie.setMaxAge(24*60*60); // expire in 24 hours } rsp.addCookie(acookie); - - return user; } public void logout (HttpServletRequest req, HttpServletResponse rsp)