public abstract class AbstractSecurityContext extends Object implements SecurityContext
SecurityContext
implementations predominantly focusing on the notification handling allowing the
specific implementation for focus on authentication.Modifier and Type | Class and Description |
---|---|
protected static class |
AbstractSecurityContext.Node<T>
To reduce allocations we use a custom linked list data structure
|
Modifier and Type | Field and Description |
---|---|
protected HttpServerExchange |
exchange |
Modifier | Constructor and Description |
---|---|
protected |
AbstractSecurityContext(HttpServerExchange exchange) |
Modifier and Type | Method and Description |
---|---|
void |
authenticationComplete(Account account,
String mechanism,
boolean cachingRequired)
Called by the
AuthenticationMechanism to indicate that an account has been successfully authenticated. |
protected void |
authenticationComplete(Account account,
String mechanism,
boolean programatic,
boolean cachingRequired) |
void |
authenticationFailed(String message,
String mechanism)
Called by the
AuthenticationMechanism to indicate that an authentication attempt has failed. |
Account |
getAuthenticatedAccount()
Obtain the
Account for the currently authenticated identity. |
String |
getMechanismName() |
boolean |
isAuthenticated() |
boolean |
isAuthenticationRequired()
Returns true if authentication is required
|
void |
logout()
de-authenticates the current exchange.
|
void |
registerNotificationReceiver(NotificationReceiver receiver)
Register a
NotificationReceiver interested in receiving notifications for security events that happen on this SecurityContext. |
void |
removeNotificationReceiver(NotificationReceiver receiver)
Remove a previously registered
NotificationReceiver from this SecurityContext. |
void |
setAuthenticationRequired()
Marks this request as requiring authentication.
|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
addAuthenticationMechanism, authenticate, getAuthenticationMechanisms, getIdentityManager, login
protected final HttpServerExchange exchange
protected AbstractSecurityContext(HttpServerExchange exchange)
public void setAuthenticationRequired()
SecurityContext
SecurityContext.authenticate()
is called without first calling this method then the request will continue as normal even if the authentication
was not successful.setAuthenticationRequired
in interface SecurityContext
public boolean isAuthenticationRequired()
SecurityContext
isAuthenticationRequired
in interface SecurityContext
true
If authentication is requiredpublic boolean isAuthenticated()
isAuthenticated
in interface SecurityContext
public Account getAuthenticatedAccount()
SecurityContext
Account
for the currently authenticated identity.getAuthenticatedAccount
in interface SecurityContext
Account
for the currently authenticated identity or null
if no account is currently authenticated.public String getMechanismName()
getMechanismName
in interface SecurityContext
public void authenticationComplete(Account account, String mechanism, boolean cachingRequired)
SecurityContext
AuthenticationMechanism
to indicate that an account has been successfully authenticated.
Note: A successful verification of an account using the IdentityManager
is not the same as a successful
authentication decision, other factors could be taken into account to make the final decision.authenticationComplete
in interface SecurityContext
account
- - The authenticated Account
mechanism
- - The name of the mechanism used to authenticate the account.cachingRequired
- - If this mechanism requires cachingprotected void authenticationComplete(Account account, String mechanism, boolean programatic, boolean cachingRequired)
public void authenticationFailed(String message, String mechanism)
SecurityContext
AuthenticationMechanism
to indicate that an authentication attempt has failed.
This should only be called where an authentication attempt has truly failed, for authentication mechanisms where an
additional round trip with the client is expected this should not be called.
Where possible the failure message should contain the name of the identity that authentication was being attempted for,
however as this is not always possible to identify in advance a generic message may be all that can be reported.authenticationFailed
in interface SecurityContext
message
- - The message describing the failure.mechanism
- - The name of the mechanism reporting the failure.public void registerNotificationReceiver(NotificationReceiver receiver)
SecurityContext
NotificationReceiver
interested in receiving notifications for security events that happen on this SecurityContext.registerNotificationReceiver
in interface SecurityContext
receiver
- - The NotificationReceiver
to register.public void removeNotificationReceiver(NotificationReceiver receiver)
SecurityContext
NotificationReceiver
from this SecurityContext.
If the supplied receiver has not been previously registered this method will fail silently.removeNotificationReceiver
in interface SecurityContext
receiver
- - The NotificationReceiver
to remove.public void logout()
SecurityContext
logout
in interface SecurityContext
Copyright © 2017 JBoss by Red Hat. All rights reserved.