ServerAuthContextpublic interface ServerAuthContext This ServerAuthContext class manages AuthModules that may be used
to validate client requests. A caller typically uses this class
in the following manner:
- Retrieve an instance of this class via AuthConfig.getServerAuthContext.
- Receive initial client request and pass it to validateRequest.
Configured plug-in modules validate credentials present in request
(for example, decrypt and verify a signature).
If credentials valid and sufficient, return.
Otherwise throw an AuthException.
- Authentication complete.
Perform authorization check on authenticated identity and,
if successful, dispatch to requested service application.
- Service application finished.
- Invoke secureResponse.
Configured modules secure response (sign and encrypt it, for example).
- Send final response to client.
- The disposeSubject method may be invoked it necessary
to clean up any authentication state in the Subject.
An instance may reuse module instances it previous created.
As a result a single module instance may be used to process
different requests from different clients.
It is the module implementation's responsibility to properly
store and restore any state necessary to associate new requests
with previous responses. A module that does not need to do so
may remain completely stateless.
Instances of this class have custom logic to determine
what modules to invoke, and in what order. In addition,
this custom logic may control whether subsequent modules are invoked
based on the success or failure of previously invoked modules.
The caller is responsible for passing in a state Map
that can be used by underlying modules to save state across
a sequence of calls from validateRequest
to secureResponse to disposeSubject.
The same Map instance must be passed to all methods in the call sequence.
Furthermore, each call sequence should be passed its own unique
shared state Map instance. |
| Methods Summary |
|---|
| public void | disposeSubject(javax.security.auth.Subject subject, java.util.Map sharedState)Dispose of the Subject
(remove Principals or credentials from the Subject object
that were stored during validateRequest).
This method invokes configured modules to dispose the Subject.
| | public boolean | managesSessions(java.util.Map sharedState)modules manage sessions
used by calling container to determine if it should delegate session
management (including the mapping of requests to authentication
results established from previous requests) to the underlying
authentication modules of the context.
When this method returns true,
the container should call validate on every request, and as such
may depend on the invoked modules to determine when a request
pertains to an existing authentication session.
When this method returns false,
the container may employ is own session management functionality, and
may use this functionality to recognize when an exiting request
is to be interpretted in the context of an existing authentication
session.
| | public void | secureResponse(AuthParam param, javax.security.auth.Subject subject, java.util.Map sharedState)Secure the response to the client
(sign and encrypt the response, for example).
This method invokes configured modules to secure the response.
| | public void | validateRequest(AuthParam param, javax.security.auth.Subject subject, java.util.Map sharedState)Authenticate a client request.
(decrypt the message and verify a signature, for exmaple).
This method invokes configured modules to authenticate the request.
|
|
