Purpose
UnsecuredServiceEntry: called from an unsecured environment via the “unsecuredServiceEntry” invoked in the LoginDisplay class. This allows a pass-through of an unsecured conversation to the user custom code.
Applies To
User Authentication Methods
Signature
public void ucUnsecuredServiceEntry(
HttpServletRequest request, // the servlet request
HttpServletResponse response, // the servlet response
Connection dbconn, // the database connection
SesameSession session) // current session
throws Exception
Notes
You must be very careful not to do anything that would violate security concerns in this method, because there is no prior check for passwords, or the User ID, or for session cookies. This is currently used for an anchor call (action = unsecuredServiceEntry, option = LoginDisplay) in a form for modifying the user’s password, which may be expired.
Example
public void ucUnsecuredServiceEntry(
HttpServletRequest request, // the servlet request
HttpServletResponse response, // the servlet response
Connection dbconn, // the database connection
SesameSession session) // current session
throws Exception {
String stateVar = "doDisplay";
if (request.getParameter("stateVar") instanceof String) {
stateVar = (String) request.getParameter("stateVar");
}
if (stateVar != null && "doEdit".equals(stateVar)) RequestPasswordDisplay.doEdit(
request, response, dbconn, session);
else RequestPasswordDisplay.doDisplay(
request, response, dbconn, session);
}