io.undertow.security.impl

Class SecurityContextImpl

java.lang.Object

io.undertow.security.impl.AbstractSecurityContext

io.undertow.security.impl.SecurityContextImpl

All Implemented Interfaces:

AuthenticationMechanismContext, SecurityContext

public class SecurityContextImpl
extends AbstractSecurityContext
implements AuthenticationMechanismContext

The internal SecurityContext used to hold the state of security for the current exchange.

Author:

Darran Lofthouse, Stuart Douglas

Field Summary

Fields inherited from class io.undertow.security.impl.AbstractSecurityContext

exchange

Constructor Summary

Constructors

Constructor and Description
SecurityContextImpl(HttpServerExchange exchange, AuthenticationMode authenticationMode, IdentityManager identityManager)
SecurityContextImpl(HttpServerExchange exchange, IdentityManager identityManager)

Method Summary

Modifier and Type	Method and Description
void	addAuthenticationMechanism(AuthenticationMechanism handler) Adds an authentication mechanism to this context.
boolean	authenticate() Performs authentication on the request.
List<AuthenticationMechanism>	getAuthenticationMechanisms() Deprecated.
IdentityManager	getIdentityManager() Deprecated.
boolean	login(String username, String password) Attempts to log the user in using the provided credentials.
void	logout() de-authenticates the current exchange.
void	setProgramaticMechName(String programaticMechName) Set the name of the mechanism used for authentication to be reported if authentication was handled programatically.

Methods inherited from class io.undertow.security.impl.AbstractSecurityContext

authenticationComplete, authenticationComplete, authenticationFailed, getAuthenticatedAccount, getMechanismName, isAuthenticated, isAuthenticationRequired, registerNotificationReceiver, removeNotificationReceiver, setAuthenticationRequired

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.undertow.security.api.SecurityContext

authenticationComplete, authenticationFailed, getAuthenticatedAccount, getMechanismName, isAuthenticated, isAuthenticationRequired, registerNotificationReceiver, removeNotificationReceiver, setAuthenticationRequired

Constructor Detail

SecurityContextImpl

public SecurityContextImpl(HttpServerExchange exchange,
                           IdentityManager identityManager)

SecurityContextImpl

public SecurityContextImpl(HttpServerExchange exchange,
                           AuthenticationMode authenticationMode,
                           IdentityManager identityManager)

Method Detail

authenticate

public boolean authenticate()

Description copied from interface: SecurityContext

Performs authentication on the request. If authentication is REQUIRED then setAuthenticationRequired() should be called before calling this method. If the result indicates that a response has been sent to the client then no further attempts should be made to modify the response. The caller of this method is responsible for ending the exchange. If this method returns true it can still have committed the response (e.g. form auth redirects back to the original page). Callers should check that the exchange has not been ended before proceeding.

Specified by:

authenticate in interface SecurityContext

Returns:

true if either the request is successfully authenticated or if there is no failure validating the current request so that the request should continue to be processed, false if authentication was not completed and challenge has been prepared for the client.

setProgramaticMechName

public void setProgramaticMechName(String programaticMechName)

Set the name of the mechanism used for authentication to be reported if authentication was handled programatically.

Parameters:

programaticMechName -

addAuthenticationMechanism

public void addAuthenticationMechanism(AuthenticationMechanism handler)

Description copied from interface: AuthenticationMechanismContext

Adds an authentication mechanism to this context. When SecurityContext.authenticate() is called mechanisms will be iterated over in the order they are added, and given a chance to authenticate the user.

Specified by:

addAuthenticationMechanism in interface AuthenticationMechanismContext

Specified by:

addAuthenticationMechanism in interface SecurityContext

Parameters:

handler - The mechanism to add

getAuthenticationMechanisms

@Deprecated
public List<AuthenticationMechanism> getAuthenticationMechanisms()

Deprecated.

Specified by:

getAuthenticationMechanisms in interface SecurityContext

Returns:

A list of all authentication mechanisms in this context

getIdentityManager

@Deprecated
public IdentityManager getIdentityManager()

Deprecated.

Description copied from interface: SecurityContext

Obtain the associated IdentityManager to use to make account verification decisions.

Specified by:

getIdentityManager in interface SecurityContext

Returns:

The associated IdentityManager

login

public boolean login(String username,
                     String password)

Description copied from interface: SecurityContext

Attempts to log the user in using the provided credentials. This result will be stored in the current AuthenticatedSessionManager (if any), so subsequent requests will automatically be authenticated as this user.

This operation may block

Specified by:

login in interface SecurityContext

Parameters:

username - The username

password - The password

Returns:

true if the login succeeded, false otherwise

logout

public void logout()

Description copied from interface: SecurityContext

de-authenticates the current exchange.

Specified by:

logout in interface SecurityContext

Overrides:

logout in class AbstractSecurityContext