Barracuda Application Server C/C++ Reference
NO
Authentication and authorization

Detailed Description

Please see Authenticating and authorizing users for an introduction to the classes in the Authentication group.

See also
Barracuda Introduction

Classes

struct  AuthorizerIntf
 An abstract class, which you must implement, provides a method of authorizing an authenticated user. More...
 
struct  UserIntf
 Interface class used by the Authentication classes. More...
 
struct  AuthenticatedUser
 Abstract base class implemented by BasicAuthUser, FormAuthUser and DigestAuthUser. More...
 
struct  AuthenticatorIntf
 Abstract interface class implemented by DigestAuthenticator, FormAuthenticator and DigestAuthenticator. More...
 
struct  LoginRespIntf
 The LoginRespIntf is an abstract class, which must be implemented when using one of DigestAuthenticator, BasicAuthenticator, and FormAuthenticator. More...
 
struct  AuthInfo
 An instance of the AuthInfo struct is created on the stack in the Barracuda authenticators and is used as a container object for sending information to the registered user callback methods. More...
 
struct  LoginTrackerIntf
 The interface between the LoginTracker and the application code. More...
 
struct  LoginTrackerNode
 A LoginTrackerNode keeps track of how many times a user using a specific IP address has attempted to login to the server. More...
 
struct  LoginTracker
 The LoginTracker class is an optional security enhancement that can be installed in an instance of one of the authenticator classes. More...
 
struct  Authenticator
 This class implements HTTP Basic, HTTP Digest, and Form-Based Authentication. More...
 
struct  BasicAuthenticator
 Implements Basic Authentication. More...
 
struct  DigestAuthenticator
 Implements Digest Authentication. More...
 
struct  FormAuthenticator
 Implements Form-Based Authentication. More...
 
struct  DavAuth
 This class implements HTTP Basic and HTTP Digest authentication. More...
 

Typedefs

typedef BaBool(* AuthorizerIntf_Authorize) (struct AuthorizerIntf *intf, struct AuthenticatedUser *user, HttpMethod httpMethod, const char *path)
 Prototype for the Authorize callback method. More...
 
typedef struct AuthorizerIntf AuthorizerIntf
 An abstract class, which you must implement, provides a method of authorizing an authenticated user.
 
typedef void(* UserIntf_GetPwd) (struct UserIntf *intf, struct AuthInfo *info)
 The GetPwd callback function searches for info->username and sets AuthInfo::password if found and/or the AuthInfo::ct parameter. More...
 
typedef struct UserIntf UserIntf
 Interface class used by the Authentication classes. More...
 
typedef struct AuthenticatedUser AuthenticatedUser
 Abstract base class implemented by BasicAuthUser, FormAuthUser and DigestAuthUser. More...
 
typedef AuthenticatedUser *(* AuthenticatorIntf_Authenticate) (struct AuthenticatorIntf *super, const char *relPath, HttpCommand *cmd)
 The authenticator callback method for the abstract class AuthenticatorIntf. More...
 
typedef struct AuthenticatorIntf AuthenticatorIntf
 Abstract interface class implemented by DigestAuthenticator, FormAuthenticator and DigestAuthenticator.
 
typedef void(* LoginRespIntf_Service) (struct LoginRespIntf *intf, struct AuthInfo *info)
 This callback function is called if the user failed to authenticate with one of DigestAuthenticator, BasicAuthenticator, or FormAuthenticator. More...
 
typedef struct LoginRespIntf LoginRespIntf
 The LoginRespIntf is an abstract class, which must be implemented when using one of DigestAuthenticator, BasicAuthenticator, and FormAuthenticator. More...
 
typedef struct AuthInfo AuthInfo
 An instance of the AuthInfo struct is created on the stack in the Barracuda authenticators and is used as a container object for sending information to the registered user callback methods.
 
typedef BaBool(* LoginTrackerIntf_Validate) (struct LoginTrackerIntf *o, AuthInfo *info, struct LoginTrackerNode *node)
 Prototype for the validate callback method. More...
 
typedef void(* LoginTrackerIntf_Login) (struct LoginTrackerIntf *o, AuthInfo *info, struct LoginTrackerNode *node)
 Prototype for the Login tracker method. More...
 
typedef void(* LoginTrackerIntf_LoginFailed) (struct LoginTrackerIntf *o, AuthInfo *info, struct LoginTrackerNode *node)
 Prototype for the LoginFailed callback method. More...
 
typedef void(* LoginTrackerIntf_TerminateNode) (struct LoginTrackerIntf *o, struct LoginTrackerNode *node)
 Prototype for the TerminateNode callback method. More...
 
typedef struct LoginTrackerIntf LoginTrackerIntf
 The interface between the LoginTracker and the application code. More...
 
typedef struct LoginTrackerNode LoginTrackerNode
 A LoginTrackerNode keeps track of how many times a user using a specific IP address has attempted to login to the server. More...
 
typedef struct LoginTracker LoginTracker
 The LoginTracker class is an optional security enhancement that can be installed in an instance of one of the authenticator classes. More...
 
typedef Authenticator Authenticator
 This class implements HTTP Basic, HTTP Digest, and Form-Based Authentication. More...
 
typedef BasicAuthenticator BasicAuthenticator
 Implements Basic Authentication. More...
 
typedef DigestAuthenticator DigestAuthenticator
 Implements Digest Authentication. More...
 
typedef FormAuthenticator FormAuthenticator
 Implements Form-Based Authentication. More...
 
typedef DavAuth DavAuth
 This class implements HTTP Basic and HTTP Digest authentication. More...
 

Enumerations

enum  AuthenticatedUserType
 The authenticator types.
 
enum  AuthInfoCT { AuthInfoCT_Password =5, AuthInfoCT_HA1, AuthInfoCT_Valid, AuthInfoCT_Invalid }
 AuthInfo Credential Type can optionally be used by the UserIntf_GetPwd callback function. More...
 

Functions

 AuthorizerIntf::AuthorizerIntf (AuthorizerIntf_Authorize authorize)
 The constructor. More...
 
bool AuthorizerIntf::authorize (struct AuthenticatedUser *user, HttpMethod method, const char *path)
 Returns TRUE if user is authorized. More...
 
 UserIntf::UserIntf (UserIntf_GetPwd getPwd)
 The UserIntf constructor. More...
 
static AuthenticatedUserAuthenticatedUser::get (HttpRequest *request)
 Returns a pointer to an instance of class AuthenticatedUser if a session object exists and if the user is authenticated, otherwise NULL is returned. More...
 
static AuthenticatedUserAuthenticatedUser::get (HttpSession *session)
 Returns a pointer to an instance of class AuthenticatedUser if the user is authenticated, otherwise NULL is returned. More...
 
const char * AuthenticatedUser::getName ()
 Returns the user's name.
 
HttpSessionAuthenticatedUser::getSession ()
 Get the session object. More...
 
const char * AuthenticatedUser::getPassword ()
 Returns the user's password.
 
void AuthenticatedUser::logout (bool all=false)
 Logout user and terminate the session object. More...
 
AuthenticatedUserType AuthenticatedUser::getType ()
 Returns the authenticator type that was used to authenticate this user. More...
 
static AuthenticatedUserAuthenticatedUser::getAnonymous ()
 non public
 
 AuthenticatorIntf::AuthenticatorIntf (AuthenticatorIntf_Authenticate authenticate)
 The constructor is used by one of the BasicAuthenticator, DigestAuthenticator or FormAuthenticator constructors.
 
AuthenticatedUserAuthenticatorIntf::authenticate (const char *relPath, HttpCommand *cmd)
 Authenticate the user. More...
 
 LoginRespIntf::LoginRespIntf (LoginRespIntf_Service service)
 The UserIntf constructor. More...
 
 LoginTrackerIntf::LoginTrackerIntf (LoginTrackerIntf_Validate validate, LoginTrackerIntf_Login login, LoginTrackerIntf_LoginFailed loginFailed, LoginTrackerIntf_TerminateNode terminateNode)
 Create a LoginTrackerIntf. More...
 
U32 LoginTrackerNode::getCounter ()
 Returns the number of login attempts.
 
U32 LoginTrackerNode::getAuxCounter ()
 Get auxiliary counter.
 
void LoginTrackerNode::setAuxCounter (U32 count)
 Set auxiliary counter.
 
HttpSockaddr * LoginTrackerNode::getAddr ()
 Return the HttpSockaddr.
 
void LoginTrackerNode::setUserData (void *data)
 Store application data in this node.
 
void * LoginTrackerNode::getUserData ()
 Fetch stored application data in this node.
 
BaTime LoginTrackerNode::getTime ()
 Returns the time for the latest login attempt.
 
 LoginTracker::LoginTracker (U32 noOfLoginTrackerNodes, LoginTrackerIntf *intf, AllocatorIntf *allocator=AllocatorIntf::getDefault())
 Create a LoginTracker instance. More...
 
void LoginTracker::clearCache ()
 Clear the LoginTrackerNode cache.
 
LoginTrackerNodeLoginTracker::getFirstNode ()
 Return first LoginTrackerNode in the cache or NULL if cache empty.
 
LoginTrackerNodeLoginTracker::getNextNode (LoginTrackerNode *n)
 Return the next LoginTrackerNode in the cache or NULL if no more nodes.
 
LoginTrackerNodeLoginTracker::find (HttpRequest *request)
 Find LoginTrackerNode in cache by using the IP address from the request object. More...
 
 Authenticator::Authenticator (UserIntf *userDbIntf, const char *realm, LoginRespIntf *sendLogin)
 
void Authenticator::setLoginTracker (LoginTracker *tracker)
 Prevent dictionary attacks. More...
 
BasicAuthenticatorAuthenticator::getBasicAuthenticator ()
 Get the internal BasicAuthenticator.
 
DigestAuthenticatorAuthenticator::getDigestAuthenticator ()
 Get the internal DigestAuthenticator.
 
FormAuthenticatorAuthenticator::getFormAuthenticator ()
 Get the internal FormAuthenticator.
 
 BasicAuthenticator::BasicAuthenticator (UserIntf *userDbIntf, const char *realm, LoginRespIntf *sendLogin)
 
void BasicAuthenticator::setLoginTracker (LoginTracker *tracker)
 Prevent dictionary attacks. More...
 
static void BasicAuthenticator::setAutHeader (const char *realm, HttpResponse *response)
 Sets a HTTP basic authenticate header and sets status to. More...
 
 DigestAuthenticator::DigestAuthenticator (UserIntf *userDbIntf, const char *realm, LoginRespIntf *sendLogin)
 
void DigestAuthenticator::setLoginTracker (LoginTracker *tracker)
 Prevent dictionary attacks. More...
 
static void DigestAuthenticator::setAutHeader (const char *realm, HttpResponse *response)
 Sets a HTTP digest authenticate header and sets status to. More...
 
void DigestAuthenticator::setStrictMode (bool enableStrictMode=false)
 Enable strict mode. More...
 
 FormAuthenticator::FormAuthenticator (UserIntf *userDbIntf, const char *realm, LoginRespIntf *sendLogin)
 
void FormAuthenticator::setLoginTracker (LoginTracker *tracker)
 Prevent dictionary attacks. More...
 
void FormAuthenticator::setSecure ()
 Set authenticator into secure mode and accept only SSL connections. More...
 
 DavAuth::DavAuth (UserIntf *userDbIntf, const char *realm)
 Create a DavAuth instance. More...
 
BasicAuthenticatorDavAuth::getBasicAuth ()
 Get the internal BasicAuthenticator.
 
DigestAuthenticatorDavAuth::getDigestAuth ()
 Get the internal DigestAuthenticator.
 
void DavAuth::setLoginTracker (LoginTracker *tracker)
 Prevent dictionary attacks. More...
 

Typedef Documentation

◆ AuthenticatedUser

Abstract base class implemented by BasicAuthUser, FormAuthUser and DigestAuthUser.

Please see the User Authentication documentation for more information.

◆ Authenticator

This class implements HTTP Basic, HTTP Digest, and Form-Based Authentication.

The Authentication class, which implements all authentication methods in the server, is very useful in a mixed client environment. A limitation with Basic and Digest authentication is that the pop-up window presented by the browser is not user friendly. Consequently, it is common to use a customizable HTML user interface for login. A non-browser client such as a C program, a Java program, or a Python script will usually not be able to display a HTML based login user interface. For this reason, it is recommended to use Basic or Digest authentication for non-browser clients.

The Authentication class makes it possible for the client to decide on the authentication method used. The default authentication is a "form login" and will automatically be used by a HTML browser interface.

A non-HTML client can force the authentication to be one of Basic or Digest by explicitly setting the "Authorization" HTTP header. An instance of the Authentication class analyzes the "Authorization" HTTP header and forwards the request to one of Basic, Digest, or form based login classes. A non-authenticated user requesting a resource without an "Authorization" header is forwarded to the form login class.

It is very simple to use the Authentication class if you use a client HTTP library that automatically handles Digest and/or Basic authentication. You simply set the header to one of Basic or Digest and leave the implementation details to the client HTTP library.

Forcing the login to be Basic or Digest from a client using a client HTTP library:

setHttpHeader("PrefAuth", "Basic"); /* force basic authentication */
setHttpHeader("PrefAuth", "Digest"); /* force digest authentication */

Other uses for the Authentication class include use of Digest authentication for clients that can properly handle Digest authentication and use of Basic authentication for clients that cannot properly handle or do not implement Digest authentication.

◆ AuthenticatorIntf_Authenticate

typedef AuthenticatedUser*(* AuthenticatorIntf_Authenticate) (struct AuthenticatorIntf *super, const char *relPath, HttpCommand *cmd)

The authenticator callback method for the abstract class AuthenticatorIntf.

Parameters
supera pointer to the super class.
cmdThe HttpRequest HttpResponse container.
Returns
The AuthenticatedUser if authenticated, otherwise NULL is returned.

◆ AuthorizerIntf_Authorize

typedef BaBool(* AuthorizerIntf_Authorize) (struct AuthorizerIntf *intf, struct AuthenticatedUser *user, HttpMethod httpMethod, const char *path)

Prototype for the Authorize callback method.

Parameters
intfThe object pointer, which you must upcast to your class implementation; i.e., MySecurityRealm* o = (MySecurityRealm*)intf;
user.A reference to the authenticated user. The method must return false if user is NULL.
httpMethodThe HTTP method type: From HttpRequest::getMethodType
paththe path to the requested resource.

◆ BasicAuthenticator

Implements Basic Authentication.

Please see the User Authentication documentation for more information.

◆ DavAuth

typedef DavAuth DavAuth

This class implements HTTP Basic and HTTP Digest authentication.

The client selects the HTTP authentication method it wants to use. The authenticator also handles the domain name prefix added to the user name by many Microsoft HTTP clients.

This class was specifically designed for our WebDAV plugin, but the authenticator is also useful when authenticating non-browser clients in a mixed environment.

◆ DigestAuthenticator

Implements Digest Authentication.

Please see the User Authentication documentation for more information.

◆ FormAuthenticator

Implements Form-Based Authentication.

See the User Authentication documentation for an introduction to authentication and authorization. A form authenticator can be used only by browser clients.

See also
Authenticator

◆ LoginRespIntf

typedef struct LoginRespIntf LoginRespIntf

The LoginRespIntf is an abstract class, which must be implemented when using one of DigestAuthenticator, BasicAuthenticator, and FormAuthenticator.

The Barracuda authenticators call the service method if the user is not authenticated or failed to login. The service method must respond by sending a message to the client.

◆ LoginRespIntf_Service

typedef void(* LoginRespIntf_Service) (struct LoginRespIntf *intf, struct AuthInfo *info)

This callback function is called if the user failed to authenticate with one of DigestAuthenticator, BasicAuthenticator, or FormAuthenticator.

The service function must send an appropriate error message to the client.

The callback is also called when a FormAuthenticator instance needs to send the form login page to the client. This callback can detect the difference between sending the login page and the error page by checking info->username. This variable is NULL when the callback must send the login page.

◆ LoginTracker

typedef struct LoginTracker LoginTracker

The LoginTracker class is an optional security enhancement that can be installed in an instance of one of the authenticator classes.

A hacker may write an automated password cracker tool to exploit weak passwords. This is often referred to as a Dictionary attack.

The purpose with the LoginTracker is to make it virtually impossible to perform dictionary attacks on the Barracuda authenticator classes. The LoginTracker keeps track of IP addresses that failed to supply the correct user and/or password. The LoginTracker keeps a cache of LoginTrackerNode instances where each LoginTrackerNode stores information such as IP address and time of login attempt.

You can download and try the FuguHub demo for a practical example of using the LoginTracker. Enter an invalid user/password when logging into the FuguHub Web Server and observe the response message.

◆ LoginTrackerIntf

The interface between the LoginTracker and the application code.

You must inherit and implement the callback methods required for the LoginTrackerIntf.

◆ LoginTrackerIntf_Login

typedef void(* LoginTrackerIntf_Login) (struct LoginTrackerIntf *o, AuthInfo *info, struct LoginTrackerNode *node)

Prototype for the Login tracker method.

The Login method is called when a user is authenticated.

Parameters
infoThe AuthInfo container object.
nodemay be be NULL if the object was recycled. This object is automatically terminated as soon as this callback returns; i.e., the terminate callback is called.

◆ LoginTrackerIntf_LoginFailed

typedef void(* LoginTrackerIntf_LoginFailed) (struct LoginTrackerIntf *o, AuthInfo *info, struct LoginTrackerNode *node)

Prototype for the LoginFailed callback method.

The LoginFailed method is called when a user attempts to log in and the user and/or password is incorrect.

One can potentially tarpit the failed login attempt if you run the HTTP server in threaded mode, but a short "login window" is probably more than sufficient in most applications. The "login window" length is controlled in the LoginTrackerIntf_Validate callback method.

◆ LoginTrackerIntf_TerminateNode

typedef void(* LoginTrackerIntf_TerminateNode) (struct LoginTrackerIntf *o, struct LoginTrackerNode *node)

Prototype for the TerminateNode callback method.

The TerminateNode method is called when the LoginTracker reuses a node in the internal node cache. The TerminateNode method can be used for clearing/releasing any data set with method LoginTrackerNode::setUserData.

◆ LoginTrackerIntf_Validate

typedef BaBool(* LoginTrackerIntf_Validate) (struct LoginTrackerIntf *o, AuthInfo *info, struct LoginTrackerNode *node)

Prototype for the validate callback method.

The validate callback method is called before attempting to authorize a user. The validate callback method can keep track of the login counter in the LoginTrackerNode and either accepts or denies the user. The method should return true if the request is accepted and false if the request is denied. Attribute info.denied is set by the LoginTracker if this method returns false.

◆ LoginTrackerNode

A LoginTrackerNode keeps track of how many times a user using a specific IP address has attempted to login to the server.

The LoginTracker stores LoginTrackerNodes internally in a cache.

◆ UserIntf

typedef struct UserIntf UserIntf

Interface class used by the Authentication classes.

The getPwd function returns the user's password if user found.

◆ UserIntf_GetPwd

typedef void(* UserIntf_GetPwd) (struct UserIntf *intf, struct AuthInfo *info)

The GetPwd callback function searches for info->username and sets AuthInfo::password if found and/or the AuthInfo::ct parameter.

info->userObj is NULL, but can be set in this callback to signal information to the other callbacks such as LoginRespIntf_Service.

info->user is NULL when this method is called.

The method is allowed to set header values and work with the response object. The authenticator stops authentication and returns FALSE if the response object is committed; i.e., the login fails.

The authenticator checks if the response is committed on return. The authenticator assumes the user is not authenticated if the response is committed.

Enumeration Type Documentation

◆ AuthInfoCT

enum AuthInfoCT

AuthInfo Credential Type can optionally be used by the UserIntf_GetPwd callback function.

Enumerator
AuthInfoCT_Password 

The default.

Password is returned in plaintext.

AuthInfoCT_HA1 

The password is returned as a HA1 hash, which is: MD5(username ":" realm ":" password)

AuthInfoCT_Valid 

Set when getpwd callback successfully compared AuthInfo::upwd with stored password.

AuthInfoCT_Invalid 

Set when getpwd callback failed comparing AuthInfo::upwd with stored password.

Function Documentation

◆ authenticate()

AuthenticatedUser * AuthenticatorIntf::authenticate ( const char *  relPath,
HttpCommand cmd 
)

Authenticate the user.

Returns
The AuthenticatedUser if authenticated, otherwise NULL is returned.

◆ Authenticator()

Authenticator::Authenticator ( UserIntf userDbIntf,
const char *  realm,
LoginRespIntf sendLogin 
)
Parameters
userDbIntfis a reference to a user database you must provide/implement.
realmis the name of the Basic Authenticator realm.
sendLoginmust be an implementation of LoginRespIntf.

◆ authorize()

bool AuthorizerIntf::authorize ( struct AuthenticatedUser user,
HttpMethod  method,
const char *  path 
)

Returns TRUE if user is authorized.

Parameters
userAuthenticatedUser::get
methodThe HTTP method type: From HttpRequest::getMethodType
pathThe relative path element of the URL requested by the user.

◆ AuthorizerIntf()

AuthorizerIntf::AuthorizerIntf ( AuthorizerIntf_Authorize  authorize)

The constructor.

Parameters
authorizePointer to authorize method.

◆ BasicAuthenticator()

BasicAuthenticator::BasicAuthenticator ( UserIntf userDbIntf,
const char *  realm,
LoginRespIntf sendLogin 
)
Parameters
userDbIntfis a reference to a user database you must provide/implement.
realmis the name displayed in the browser's pop-up window.
sendLoginmust be an implementation of LoginRespIntf.

◆ DavAuth()

DavAuth::DavAuth ( UserIntf userDbIntf,
const char *  realm 
)

Create a DavAuth instance.

Parameters
userDbIntfis a reference to a user database you must provide/implement.
realmis the realm name provided to the client.

◆ DigestAuthenticator()

DigestAuthenticator::DigestAuthenticator ( UserIntf userDbIntf,
const char *  realm,
LoginRespIntf sendLogin 
)
Parameters
userDbIntfis a reference to a user database you must provide/implement.
realmis the name displayed in the browser's pop-up window.
sendLoginmust be an implementation of LoginRespIntf.

◆ find()

LoginTrackerNode * LoginTracker::find ( HttpRequest request)

Find LoginTrackerNode in cache by using the IP address from the request object.

Returns
the LoginTrackerNode if the user is in the cache or NULL if the user either never has failed a login attempt or the user is authenticated.

◆ FormAuthenticator()

FormAuthenticator::FormAuthenticator ( UserIntf userDbIntf,
const char *  realm,
LoginRespIntf sendLogin 
)
Parameters
userDbIntfis a reference to a user database you must provide/implement.
realmis required when using HA1 password hashes.
sendLoginmust be an implementation of LoginRespIntf.

◆ get() [1/2]

AuthenticatedUser * AuthenticatedUser::get ( HttpRequest request)
static

Returns a pointer to an instance of class AuthenticatedUser if a session object exists and if the user is authenticated, otherwise NULL is returned.

user = AuthenticatedUser::get(reguest);

C name: AuthenticatedUser_get1

◆ get() [2/2]

AuthenticatedUser * AuthenticatedUser::get ( HttpSession session)
static

Returns a pointer to an instance of class AuthenticatedUser if the user is authenticated, otherwise NULL is returned.

user = AuthenticatedUser::get(reguest->getSession(false));

C name: AuthenticatedUser_get2

See also
HttpServer::getSession

◆ getSession()

HttpSession * AuthenticatedUser::getSession ( )

Get the session object.

See also
HttpSession::getId

◆ getType()

AuthenticatedUserType AuthenticatedUser::getType ( )

Returns the authenticator type that was used to authenticate this user.

See also
attribute type in AuthInfo.

◆ LoginRespIntf()

LoginRespIntf::LoginRespIntf ( LoginRespIntf_Service  service)

The UserIntf constructor.

Parameters
servicea pointer to the response service callback function.

◆ LoginTracker()

LoginTracker::LoginTracker ( U32  noOfLoginTrackerNodes,
LoginTrackerIntf intf,
AllocatorIntf allocator = AllocatorIntf::getDefault() 
)

Create a LoginTracker instance.

Parameters
noOfLoginTrackerNodessize of internal LoginTrackerNode cache.
intfthe application interface used by the LoginTracker.
allocatorthe allocator uses when allocating the LoginTracker nodes.

◆ LoginTrackerIntf()

LoginTrackerIntf::LoginTrackerIntf ( LoginTrackerIntf_Validate  validate,
LoginTrackerIntf_Login  login,
LoginTrackerIntf_LoginFailed  loginFailed,
LoginTrackerIntf_TerminateNode  terminateNode 
)

Create a LoginTrackerIntf.

Parameters
validatevalidate a user.
loginA user successfully logged in.
loginFailedThe login attempt failed.
terminateNodeThe LoginTrackerNode is recycled.

◆ logout()

void AuthenticatedUser::logout ( bool  all = false)

Logout user and terminate the session object.

You should use this method and not HttpSession:terminate when logging out a user.

Example

// The following code works if AuthenticatedUser::get returns NULL.

Basic and Digest logout:

With Basic and Digest authentication, the browser remembers the user and password. This means that this method will not have any effect with Basic and Digest since the user will be automatically logged in as soon as the browser sends a request to the server.

The only viable solution to logging out using Basic and Digest is to terminate the browser client.

Parameters
allSet to true if you want to terminate all of the user's active sessions. A user may be logged in using more than one client. One must typically set all=true when changing password as all clients must be terminated or the clients may get a 403 response.

◆ setAutHeader() [1/2]

void BasicAuthenticator::setAutHeader ( const char *  realm,
HttpResponse response 
)
static

Sets a HTTP basic authenticate header and sets status to.

  1. This method can be used to design logic for invalidating the user and password saved by a browser.

◆ setAutHeader() [2/2]

void DigestAuthenticator::setAutHeader ( const char *  realm,
HttpResponse response 
)
static

Sets a HTTP digest authenticate header and sets status to.

  1. This method can be used to design logic for invalidating the user and password saved by a browser.

◆ setLoginTracker() [1/5]

void BasicAuthenticator::setLoginTracker ( LoginTracker tracker)

Prevent dictionary attacks.

Parameters
trackerthe IP address tracker.

◆ setLoginTracker() [2/5]

void DigestAuthenticator::setLoginTracker ( LoginTracker tracker)

Prevent dictionary attacks.

Parameters
trackerthe IP address tracker.

◆ setLoginTracker() [3/5]

void Authenticator::setLoginTracker ( LoginTracker tracker)

Prevent dictionary attacks.

Parameters
trackerthe IP address tracker.

◆ setLoginTracker() [4/5]

void DavAuth::setLoginTracker ( LoginTracker tracker)

Prevent dictionary attacks.

Parameters
trackerthe IP address tracker.

◆ setLoginTracker() [5/5]

void FormAuthenticator::setLoginTracker ( LoginTracker tracker)

Prevent dictionary attacks.

An interesting feature of the FormAuthenticator is that the form authenticator makes it difficult to perform dictionary attacks even without using the LoginTracker. The FormAuthenticator will make it extremely difficult to distinguish between valid and invalid login attempts, since the form authenticator sends HTTP 200 OK response messages instead of the numerous 400 type errors.

\param tracker the IP address tracker.

◆ setSecure()

void FormAuthenticator::setSecure ( )

Set authenticator into secure mode and accept only SSL connections.

The authenticator ignores non secure connections and directly calls the LoginRespIntf callback if not secure. You must add logic for testing for non secure connections in your callback.

◆ setStrictMode()

void DigestAuthenticator::setStrictMode ( bool  enableStrictMode = false)

Enable strict mode.

Few browsers support this.

◆ UserIntf()

UserIntf::UserIntf ( UserIntf_GetPwd  getPwd)

The UserIntf constructor.

Parameters
getPwda pointer to the get password callback function.
AuthenticatedUser
Abstract base class implemented by BasicAuthUser, FormAuthUser and DigestAuthUser.
Definition: AuthenticatedUser.h:243
AuthenticatedUser::logout
void logout(bool all=false)
Logout user and terminate the session object.
Definition: AuthenticatedUser.h:369
AuthenticatedUser::get
static AuthenticatedUser * get(HttpRequest *request)
Returns a pointer to an instance of class AuthenticatedUser if a session object exists and if the use...
Definition: AuthenticatedUser.h:359