ucUnsecuredServiceEntry

Purpose

UnsecuredServiceEntry: called from an unsecured environment via the "unsecuredServiceEntry" invoked in the LoginDisplay class. This allows a pass-through of an unsecured conversation to the user custom code.

Applies To

User Authentication Methods

Signature

public void ucUnsecuredServiceEntry( 
               HttpServletRequest request,     // the servlet request
               HttpServletResponse response,   // the servlet response
               Connection dbconn,              // the database connection
               SesameSession session)          // current session
                    throws Exception 

Notes

You must be very careful not to do anything that would violate security concerns in this method, because there is no prior check for passwords, or the User ID, or for session cookies. This is currently used for an anchor call (action = unsecuredServiceEntry, option = LoginDisplay) in a form for modifying the user's password, which may be expired.

Example

public void ucUnsecuredServiceEntry(
                HttpServletRequest request,      // the servlet request
                HttpServletResponse response,    // the servlet response
                Connection dbconn,               // the database connection
                SesameSession session)           // current session
                throws Exception { 

        String stateVar = "doDisplay";
        if (request.getParameter("stateVar") instanceof String) {
            stateVar = (String) request.getParameter("stateVar");
        }
        if (stateVar != null && "doEdit".equals(stateVar)) RequestPasswordDisplay.doEdit(
                                      request, response, dbconn, session);
        else RequestPasswordDisplay.doDisplay(
                                      request, response, dbconn, session);
    }