diff --git a/src/java/com/samskivert/servlet/user/Authenticator.java b/src/java/com/samskivert/servlet/user/Authenticator.java index 979bb750..b3fd725e 100644 --- a/src/java/com/samskivert/servlet/user/Authenticator.java +++ b/src/java/com/samskivert/servlet/user/Authenticator.java @@ -37,13 +37,10 @@ public interface Authenticator * repository against which the user-supplied data is to be checked. * @param username the username supplied by the user. * @param password the plaintext password supplied by the user. - * @param persist if true, the cookie will expire in one month, if - * false, the cookie will expire in 24 hours. * * @throws AuthenticationFailedException if the user failed to pass * the authentication check. */ - public void authenticateUser ( - User user, String username, Password password, boolean persist) + public void authenticateUser (User user, String username, Password password) throws AuthenticationFailedException; } diff --git a/src/java/com/samskivert/servlet/user/UserManager.java b/src/java/com/samskivert/servlet/user/UserManager.java index 21d3a8a1..f17a2ea2 100644 --- a/src/java/com/samskivert/servlet/user/UserManager.java +++ b/src/java/com/samskivert/servlet/user/UserManager.java @@ -36,9 +36,8 @@ import com.samskivert.util.StringUtil; import com.samskivert.util.Tuple; /** - * The user manager provides easy access to user objects for servlets. It - * takes care of cookie management involved in login, logout and loading a - * user record during an authenticated session. + * The user manager provides easy access to user objects for servlets. It takes care of cookie + * management involved in login, logout and loading a user record during an authenticated session. */ public class UserManager { @@ -51,16 +50,14 @@ public class UserManager new PasswordAuthenticator(); /** - * A totally insecure authenticator that authenticates any user. - * Note: Applications that make use of this authenticator - * should make sure the user has already been authenticated through - * some other means. + * A totally insecure authenticator that authenticates any user. Note: Applications + * that make use of this authenticator should make sure the user has already been authenticated + * through some other means. */ public static class InsecureAuthenticator implements Authenticator { // documentation inherited - public void authenticateUser ( - User user, String username, Password password, boolean persist) + public void authenticateUser (User user, String username, Password password) throws InvalidPasswordException { // don't care @@ -68,14 +65,13 @@ public class UserManager } /** - * An authenticator that requires that the user-supplied password - * match the actual user password. + * An authenticator that requires that the user-supplied password match the actual user + * password. */ public static class PasswordAuthenticator implements Authenticator { // documentation inherited - public void authenticateUser ( - User user, String username, Password password, boolean persist) + public void authenticateUser (User user, String username, Password password) throws AuthenticationFailedException { if (!user.passwordsMatch(password)) { @@ -85,27 +81,25 @@ public class UserManager } /** - * Prepares this user manager it for operation. Presently the user manager - * requires the following configuration information: + * Prepares this user manager it for operation. Presently the user manager requires the + * following configuration information: * *
login_url: Should be set to the URL to which to
- * redirect a requester if they are required to login before accessing
- * the requested page. For example:
+ * login_url: Should be set to the URL to which to redirect a requester if
+ * they are required to login before accessing the requested page. For example:
*
*
* login_url = /usermgmt/login.ajsp?return=%R
*
*
- * The %R will be replaced with the URL encoded URL the
- * user is currently requesting (complete with query parameters) so
- * that the login code can redirect the user back to this request once
- * they are authenticated.
+ * The %R will be replaced with the URL encoded URL the user is currently
+ * requesting (complete with query parameters) so that the login code can redirect the user
+ * back to this request once they are authenticated.
* userdb which you'll
- * probably need to know to provide the proper configuration to your
- * connection provider.
+ * The database identifier used to obtain a connection from our connection provider. The value
+ * is userdb which you'll probably need to know to provide the proper
+ * configuration to your connection provider.
*/
public static final String USER_REPOSITORY_IDENT = "userdb";
/**
- * Creates the repository and opens the user database. The database
- * identifier used to fetch our database connection is documented by
- * {@link #USER_REPOSITORY_IDENT}.
+ * Creates the repository and opens the user database. The database identifier used to fetch
+ * our database connection is documented by {@link #USER_REPOSITORY_IDENT}.
*
* @param provider the database connection provider.
*/
@@ -81,16 +78,15 @@ public class UserRepository extends JORARepository
* @param password the password for the new user.
* @param realname the user's real name.
* @param email the user's email address.
- * @param siteId the unique identifier of the site through which this
- * account is being created. The resulting user will be tracked as
- * originating from this site for accounting purposes ({@link
- * SiteIdentifier#DEFAULT_SITE_ID} can be used by systems that don't
- * desire to perform site tracking.
+ * @param siteId the unique identifier of the site through which this account is being
+ * created. The resulting user will be tracked as originating from this site for accounting
+ * purposes ({@link SiteIdentifier#DEFAULT_SITE_ID} can be used by systems that don't desire to
+ * perform site tracking.
*
* @return The userid of the newly created user.
*/
- public int createUser (Username username, Password password,
- String realname, String email, int siteId)
+ public int createUser (
+ Username username, Password password, String realname, String email, int siteId)
throws UserExistsException, PersistenceException
{
// create a new user object...
@@ -106,8 +102,7 @@ public class UserRepository extends JORARepository
/**
* Looks up a user by username.
*
- * @return the user with the specified user id or null if no user with
- * that id exists.
+ * @return the user with the specified user id or null if no user with that id exists.
*/
public User loadUser (String username)
throws PersistenceException
@@ -118,8 +113,7 @@ public class UserRepository extends JORARepository
/**
* Looks up a user by userid.
*
- * @return the user with the specified user id or null if no user with
- * that id exists.
+ * @return the user with the specified user id or null if no user with that id exists.
*/
public User loadUser (int userId)
throws PersistenceException
@@ -130,15 +124,14 @@ public class UserRepository extends JORARepository
/**
* Looks up a user by a session identifier.
*
- * @return the user associated with the specified session or null of
- * no session exists with the supplied identifier.
+ * @return the user associated with the specified session or null of no session exists with the
+ * supplied identifier.
*/
public User loadUserBySession (String sessionKey)
throws PersistenceException
{
- User user = load(_utable, "sessions",
- "where authcode = '" + sessionKey + "' AND " +
- "sessions.userId = users.userId");
+ User user = load(_utable, "sessions", "where authcode = '" + sessionKey + "' " +
+ "AND sessions.userId = users.userId");
if (user != null) {
user.setDirtyMask(_utable.getFieldMask());
}
@@ -165,12 +158,10 @@ public class UserRepository extends JORARepository
}
/**
- * Lookup a user by email address, something that is not efficient and
- * should really only be done by site admins attempting to look up a
- * user record.
+ * Lookup a user by email address, something that is not efficient and should really only be
+ * done by site admins attempting to look up a user record.
*
- * @return the user with the specified user id or null if no user with
- * that id exists.
+ * @return the user with the specified user id or null if no user with that id exists.
*/
public ArrayList Temporary sessions are set to expire in two days (the assumption is
- * that the browser will be given a non-persistent cookie and we should
- * prune the session table entry after some reasonable amount of time),
- * persistent sessions expire after one month.
+ * @param expireDays the number of days in which the session token should expire.
*/
- public String registerSession (final User user, boolean persist)
+ public String registerSession (User user, int expireDays)
throws PersistenceException
{
- // figure out when to expire the session
- Calendar cal = Calendar.getInstance();
- cal.add(Calendar.DATE, persist ? 30 : 2);
- final Date expires = new Date(cal.getTime().getTime());
-
// look for an existing session for this user
- Tuple