This ServerAuthContext class encapsulates ServerAuthModules that are used
to validate service requests received from clients, and to secure any
response returned for those requests. A caller typically uses this class
in the following manner:
- Retrieve an instance of this class via
ServerAuthConfig.getAuthContext.
- Invoke validateRequest.
ServerAuthContext implementation invokes validateRequest of
one or more encapsulated
ServerAuthModules. Modules validate credentials present in request
(for example, decrypt and verify a signature).
- If credentials valid and sufficient, authentication complete.
Perform authorization check on authenticated identity and,
if successful, dispatch to requested service application.
- Service application finished.
- Invoke secureResponse.
ServerAuthContext implementation invokes secureResponse of
one or more encapsulated
ServerAuthModules. Modules secure response
(sign and encrypt response, for example), and prepare response message.
- Send secured response to client.
- Invoke cleanSubject (as necessary)
to clean up any authentication state in Subject(s).
A ServerAuthContext instance may be used concurrently by multiple
callers.
Implementations of this interface are responsible for constructing
and initializing the encapsulated modules. The initialization step
includes passing the relevant request and response MessagePolicy objects
to the encapsulated modules. The MessagePolicy objects are obtained
by the ServerAuthConfig instance used to ontain the ServerAuthContext
object.
See ServerAuthConfig.getAuthContext for more information.
Implementations of this interface are instantiated by their associated
configuration object such that they know which modules to invoke, in what
order, and how results returned by preceding modules are to influence
subsequent module invocations.
Calls to the inherited methods of this interface delegate to the
corresponding methods of the encapsulated authentication modules. |
