FileDocCategorySizeDatePackage
ClientAuthContext.javaAPI DocGlassfish v2 API6839Fri May 04 22:35:42 BST 2007com.sun.enterprise.security.jauth

ClientAuthContext

public interface ClientAuthContext
This ClientAuthContext class manages AuthModules that may be used to secure requests made as a client. A caller typically uses this class in the following manner:
  1. Retrieve an instance of this class via AuthConfig.getClientAuthContext.
  2. Invoke secureRequest.
    ClientAuthContext implementation invokes configured plug-in modules. Modules attach credentials to initial request object (for example, a username and password), and/or secure the request (for example, sign and encrypt the request).
  3. Issue request.
  4. Receive response and pass it to validateResponse.
    ClientAuthContext implementation invokes configured plug-in modules. Modules verify or decrypt response as necessary.
  5. The disposeSubject method may be invoked if necessary to clean up any authentication state in the Subject.

An instance may reuse module instances it previously created. As a result a single module instance may be used to issue different requests as different clients. It is the module implementation's responsibility to properly store and restore any necessary state. A module that does not need to do so may remain completely stateless.

Instances of this class have custom logic to determine what modules to invoke, and in what order. In addition, this custom logic may control whether subsequent modules are invoked based on the success or failure of previously invoked modules.

The caller is responsible for passing in a state Map that can be used by underlying modules to save state across a sequence of calls from secureRequest to validateResponse to disposeSubject. The same Map instance must be passed to all methods in the call sequence. Furthermore, each call sequence should be passed its own unique shared state Map instance.

version
%I%, %G%
see
AuthConfig
see
SOAPAuthParam

Fields Summary
Constructors Summary
Methods Summary
public voiddisposeSubject(javax.security.auth.Subject subject, java.util.Map sharedState)
Dispose of the Subject (remove Principals or credentials from the Subject object that were stored during validateResponse).

This method invokes configured modules to dispose the Subject.

param
subject the subject to be disposed.
param
sharedState a Map for modules to save state across a sequence of calls from secureRequest to validateResponse to disposeSubject.
exception
AuthException if the operation failed.

public voidsecureRequest(AuthParam param, javax.security.auth.Subject subject, java.util.Map sharedState)
Secure a request message.

Attach authentication credentials to an initial request, sign/encrypt a request, or respond to a server challenge, for example.

This method invokes configured modules to secure the request.

param
param an authentication parameter that encapsulates the client request and server response objects.
param
subject the subject may be used by configured modules to obtain Principals and credentials necessary to secure the request, or null. If null, the module may use a CallbackHandler to obtain any information necessary to secure the request.
param
sharedState a Map for modules to save state across a sequence of calls from secureRequest to validateResponse to disposeSubject.
exception
AuthException if the operation failed.

public voidvalidateResponse(AuthParam param, javax.security.auth.Subject subject, java.util.Map sharedState)
Validate received response.

Validation may include verifying signature in response, or decrypting response contents, for example.

This method invokes configured modules to validate the response.

param
param an authentication parameter that encapsulates the client request and server response objects.
param
subject the subject may be used by configured modules to store the Principals and credentials related to the identity validated in the response.
param
sharedState a Map for modules to save state across a sequence of calls from secureRequest to validateResponse to disposeSubject.
exception
AuthException if the operation failed.