You will find here the implementation details how I have implemented http digest and persistent logins for this http based site. You can read about the theory that is the basis for this implementation here. Please note that these are my working notes and does not follow a pedantic sequence.
satya - 5/22/2013 9:34:57 AM
See the research here for various login mechanisms
See the research here for various login mechanisms
covers http digest, and login rememberance ideas.
satya - 5/22/2013 9:35:38 AM
aspire login/session related classes
DefaultSessionSupport1.java
satya - 5/22/2013 9:36:02 AM
in aspire.properties I have the following settings
aspire.sessionSupport.applySessionManagement=no
aspire.applySessionManagement=no
request.aspire.sessionSupport.sessionSupportObject.className=com.ai.servlets.DefaultSessionSupport1
satya - 5/22/2013 9:54:12 AM
and user authorization directives
aspire.authentication.userAuthorization=yes
aspire.authentication.verifyPageAccess=yes
satya - 5/22/2013 12:50:41 PM
BaseServlet behavior on session
satya - 5/22/2013 1:47:03 PM
The password authentication support is implemented in
com.ai.aspire.authentication package
satya - 5/22/2013 1:48:32 PM
DefaultSessionSupport calls the verifypassword
from the current authenticator that is configured, while handling the http details of challenging the browser itself.
satya - 5/22/2013 2:09:05 PM
Aspire constants are defined in
com.ai.aspire.servelets.AspireConstants
satya - 5/25/2013 9:16:12 AM
Key classes this is implemented in
//Packages
com.ai.aspire.authentication
com.ai.aspire.authentication.pls
//pls: Persistent login support
//Authentication method support
IHttpAuthenticationMethod
BaseAuthenticationMethod
DigestAuthenticationMethod
DigestAuthenticationWithPersistentLoginSupport
//Additions to earlier classes
DefaultSessionSupport2 //to delegate http authentication methd
IAuthentication //to support http authentication methd
ServletUtils //minor additions
//Just related classes
BaseServletSupport
satya - 5/25/2013 9:21:05 AM
Test cases
//Previous functionality should be intact
Should be able to access public pages with out prompt
Should be challenged when accessing private pages
Once logged in the private pages should work
After 30 minutes or so I should be logged out
//Persistent login test cases
Should be able to request persistent login
Should be able to unrequest a persistent login
Should be able to remove all persistent logins
Should be able to access private pages after 1 hour, 1 day
satya - 5/28/2013 2:29:21 PM
Changes to Aspire.properties
request.aspire.sessionSupport.sessionSupportObject.className=com.ai.servlets.DefaultSessionSupport3
request.aspire.authentication.httpAuthenticationMethodObject.className=com.ai.aspire.authentication.DigestAuthenticationMethod
request.aspire.authentication.persistentSupportLoginObject.className=com.ai.aspire.authentication.pls.PersistentLoginSupport
satya - 5/28/2013 2:32:14 PM
Key Conditionals
New keys are issued
********************
1. On a good login give a new key
2. Keep userid as part of the key
3. when key is recognized for a session issue a new key
4. Keys expire after 3 months
Challenge is issued
*********************
1. Key or an auth header is not available
2. userid/pw is not valid
3. Key is not valid
satya - 5/28/2013 2:33:00 PM
Expected behavior in the log file
we should see new keys only once per session
satya - 5/31/2013 12:10:54 PM
Changes to aspire for this release work
//*********************************************************
//Release 36
//Name: persistent-login-release
//For release 35
//Total files that have changed: 23
//*********************************************************
\ai\aspire\AspireReleaseNotes.java
\ai\aspire\authentication\BaseAuthenticationMethod.java
\ai\aspire\authentication\DefaultAuthentication.java
\ai\aspire\authentication\DigestAuthenticationMethod.java
\ai\aspire\authentication\DigestAuthenticationWithPersistentLoginMethod.java
\ai\aspire\authentication\IAuthentication.java
\ai\aspire\authentication\IAuthentication1.java
\ai\aspire\authentication\IHttpAuthenticationMethod.java
\ai\aspire\authentication\IHttpCookieEnabledAuthenticationMethod.java
\ai\aspire\authentication\IPersistentLoginSupport.java
\ai\aspire\authentication\SimpleDBAuthentication.java
\ai\aspire\authentication\pls\PersistentLoginEvaluator.java
\ai\aspire\authentication\pls\PersistentLoginSupport.java
\ai\filters\SingleColumnToStringConverter.java
\ai\parts\RemovePersistentLoginPart.java
\ai\parts\RequestPersistentLoginPart.java
\ai\servlets\AspireConstants.java
\ai\servlets\AspireSession.java
\ai\servlets\AspireSession1.java
\ai\servlets\BaseServlet.java
\ai\servlets\DefaultSessionSupport1.java
\ai\servlets\DefaultSessionSupport2.java
\ai\servletutils\ServletUtils.java
//*********************************************************
// Key files that have changed
//*********************************************************
//Key entry points
\ai\servlets\DefaultSessionSupport1.java
\ai\servlets\DefaultSessionSupport2.java
//Carries all authentication related inforamation
//*********************************************************
\ai\aspire\authentication\IAuthentication.java
\ai\aspire\authentication\IAuthentication1.java
\ai\aspire\authentication\DefaultAuthentication.java
\ai\aspire\authentication\SimpleDBAuthentication.java
//A new concept of authentication method introduced
//*********************************************************
\ai\aspire\authentication\IHttpAuthenticationMethod.java
\ai\aspire\authentication\BaseAuthenticationMethod.java
\ai\aspire\authentication\DigestAuthenticationMethod.java
\ai\aspire\authentication\DigestAuthenticationWithPersistentLoginMethod.java
\ai\aspire\authentication\IHttpCookieEnabledAuthenticationMethod.java
//The above method is supplemented with persistent login support
//*********************************************************
\ai\aspire\authentication\IPersistentLoginSupport.java
\ai\aspire\authentication\pls\PersistentLoginEvaluator.java
\ai\aspire\authentication\pls\PersistentLoginSupport.java
\ai\parts\RemovePersistentLoginPart.java
\ai\parts\RequestPersistentLoginPart.java
//Some miscellaneous changes
//*********************************************************
\ai\filters\SingleColumnToStringConverter.java
\ai\servlets\AspireSession.java
\ai\servlets\AspireSession1.java
satya - 5/31/2013 2:24:33 PM
Here are changes to the akc
//*********************************************************
//Release Name: persistent-login-release
//Uses aspire release 36
//Total files that have changed: 7
//*********************************************************
\akc-sqlserver\properties\aspire.properties
\akc-sqlserver\properties\user_login.properties
\akc-sqlserver\reports\home\developer-home.html
\akc-sqlserver\reports\users\pls-view.html
\akc-sqlserver\reports\users\pls.properties
\akc-sqlserver\WEB-INF\lib\aspire_jsdk23.jar
\akc-sqlserver\WEB-INF\lib\commons-codec-1.8.jar
satya - 6/4/2013 9:44:40 AM
Enhancing akc with http digest and persistent login over http
This is just rough sketch of the logic. Actually code may differ a good bit. It is posted here as mainly as a reminder not to loose the work and possibly provide a marker on the road should i not have time to redocument.
satya - 6/4/2013 9:53:17 AM
Here is another image that deals with joining session with the user
Again these are early thoughts and not actuals.
satya - 6/4/2013 9:57:12 AM
Here is a bit more detail of the same
satya - 6/4/2013 9:59:48 AM
Here are the final changes to aspire.properties
//*********************************************************
//Release Name: persistent-login-release
//Uses aspire release 36
//Total files that have changed: 7
//*********************************************************
\akc-sqlserver\properties\aspire.properties
\akc-sqlserver\properties\user_login.properties
\akc-sqlserver\reports\home\developer-home.html
\akc-sqlserver\reports\users\pls-view.html
\akc-sqlserver\reports\users\pls.properties
\akc-sqlserver\WEB-INF\lib\aspire_jsdk23.jar
\akc-sqlserver\WEB-INF\lib\commons-codec-1.8.jar
//*********************************************************
//Changes to aspire.properties
//*********************************************************
#Session and Http Digest configuration
#request.aspire.sessionSupport.sessionSupportObject.className=com.ai.servlets.DefaultSessionSupport1
1) ==> Add the following three lines
request.aspire.sessionSupport.sessionSupportObject.className=com.ai.servlets.DefaultSessionSupport2
request.aspire.authentication.httpAuthenticationMethodObject.className=com.ai.aspire.authentication.DigestAuthenticationWithPersistentLoginMethod
request.aspire.authentication.persistentSupportLoginObject.className=com.ai.aspire.authentication.pls.PersistentLoginSupport
aspire:\\reports\\users\\users.properties,2) ==>Add the following line
aspire:\\reports\\users\\pls.properties,\
aspire:\\reports\\home\\home.properties,
#add this line
request.Aspire.BooleanFunction.whitespace.classname=com.ai.htmlgen.CommonBEEvaluator
3)
request.Aspire.BooleanFunction.persistentloginenabled.classname=com.ai.aspire.authentication.pls.PersistentLoginEvaluator