UnsecuredServiceEntry: called from an unsecured environment via the "unsecuredServiceEntry" invoked in the LoginDisplay class. This allows a pass-through of an unsecured conversation to the user custom code.
User Authentication Methods
public void ucUnsecuredServiceEntry( HttpServletRequest request, // the servlet request HttpServletResponse response, // the servlet response Connection dbconn, // the database connection SesameSession session) // current session throws Exception
You must be very careful not to do anything that would violate security concerns in this method, because there is no prior check for passwords, or the User ID, or for session cookies. This is currently used for an anchor call (action = unsecuredServiceEntry, option = LoginDisplay) in a form for modifying the user's password, which may be expired.
public void ucUnsecuredServiceEntry( HttpServletRequest request, // the servlet request HttpServletResponse response, // the servlet response Connection dbconn, // the database connection SesameSession session) // current session throws Exception { String stateVar = "doDisplay"; if (request.getParameter("stateVar") instanceof String) { stateVar = (String) request.getParameter("stateVar"); } if (stateVar != null && "doEdit".equals(stateVar)) RequestPasswordDisplay.doEdit( request, response, dbconn, session); else RequestPasswordDisplay.doDisplay( request, response, dbconn, session); }