jakarta.security.auth.message.config.ServerAuthContext Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of jakarta.authentication-api Show documentation

Jakarta Authentication defines a general low-level SPI for authentication mechanisms, which are controllers that interact with a caller and a container's environment to obtain the caller's credentials, validate these, and pass an authenticated identity (such as name and groups) to the container. Jakarta Authentication consists of several profiles, with each profile telling how a specific container (such as Jakarta Servlet) can integrate with- and adapt to this SPI.

There is a newer version: 3.1.0

Show newest version

/*
 * Copyright (c) 1997, 2020 Oracle and/or its affiliates and others.
 * All rights reserved.
 *
 * This program and the accompanying materials are made available under the
 * terms of the Eclipse Public License v. 2.0, which is available at
 * http://www.eclipse.org/legal/epl-2.0.
 *
 * This Source Code may also be made available under the following Secondary
 * Licenses when the conditions for such availability set forth in the
 * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
 * version 2 with the GNU Classpath Exception, which is available at
 * https://www.gnu.org/software/classpath/license.html.
 *
 * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
 */

package jakarta.security.auth.message.config;

import jakarta.security.auth.message.ServerAuth;
import jakarta.security.auth.message.module.ServerAuthModule;

/**
 * This ServerAuthContext class encapsulates ServerAuthModules that are used to validate service requests received from
 * clients, and to secure any response returned for those requests. A caller typically uses this class in the following
 * manner:
 *
 * 
 *   Retrieve an instance of this class via ServerAuthConfig.getAuthContext.
 *   
Invoke validateRequest. 

 *       ServerAuthContext implementation invokes validateRequest of one or more encapsulated ServerAuthModules. Modules
 *       validate credentials present in request (for example, decrypt and verify a signature).
 *   
If credentials valid and sufficient, authentication complete. 

 *       Perform authorization check on authenticated identity and, if successful, dispatch to requested service application.
 *   
Service application finished.
 *   
Invoke secureResponse. 

 *       ServerAuthContext implementation invokes secureResponse of one or more encapsulated ServerAuthModules. Modules secure
 *       response (sign and encrypt response, for example), and prepare response message.
 *   
Send secured response to client.
 *   
Invoke cleanSubject (as necessary) to clean up any authentication state in Subject(s).
 * 
 *
 * 
 * A ServerAuthContext instance may be used concurrently by multiple callers.
 *
 * 

 * Implementations of this interface are responsible for constructing and initializing the encapsulated modules. The
 * initialization step includes passing the relevant request and response MessagePolicy objects to the encapsulated
 * modules. The MessagePolicy objects are obtained by the ServerAuthConfig instance used to obtain the
 * ServerAuthContext object. See ServerAuthConfig.getAuthContext for more information.
 *
 * 

 * Implementations of this interface are instantiated by their associated configuration object such that they know which
 * modules to invoke, in what order, and how results returned by preceding modules are to influence subsequent module
 * invocations.
 *
 * 
 * Calls to the inherited methods of this interface delegate to the corresponding methods of the encapsulated
 * authentication modules.
 *
 * @see ServerAuthConfig
 * @see ServerAuthModule
 */
public interface ServerAuthContext extends ServerAuth {

}