All Downloads are FREE. Search and download functionalities are using the official Maven repository.

jakarta.security.auth.message.ServerAuth Maven / Gradle / Ivy

/*
 * Copyright (c) 2020, 2021 Contributors to Eclipse Foundation. All rights reserved.
 * Copyright (c) 1997, 2020 Oracle and/or its affiliates and others.
 * All rights reserved.
 *
 * This program and the accompanying materials are made available under the
 * terms of the Eclipse Public License v. 2.0, which is available at
 * http://www.eclipse.org/legal/epl-2.0.
 *
 * This Source Code may also be made available under the following Secondary
 * Licenses when the conditions for such availability set forth in the
 * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
 * version 2 with the GNU Classpath Exception, which is available at
 * https://www.gnu.org/software/classpath/license.html.
 *
 * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
 */

package jakarta.security.auth.message;

import javax.security.auth.Subject;

/**
 * An implementation of this interface is used to validate received service request messages, and to secure service
 * response messages.
 *
 * @see MessageInfo
 * @see Subject
 */
public interface ServerAuth {

    /**
     * Authenticate a received service request.
     *
     * 

* This method is called to transform the mechanism-specific request message acquired by calling getRequestMessage (on * messageInfo) into the validated application message to be returned to the message processing runtime. If the received * message is a (mechanism-specific) meta-message, the method implementation must attempt to transform the meta-message * into a corresponding mechanism-specific response message, or to the validated application request message. The * runtime will bind a validated application message into the the corresponding service invocation. * *

* This method conveys the outcome of its message processing either by returning an AuthStatus value or by throwing an * AuthException. * * @param messageInfo A contextual object that encapsulates the client request and server response objects, and that may * be used to save state across a sequence of calls made to the methods of this interface for the purpose of completing * a secure message exchange. * * @param clientSubject A Subject that represents the source of the service request. It is used by the method * implementation to store Principals and credentials validated in the request. * * @param serviceSubject A Subject that represents the recipient of the service request, or null. It may be used by the * method implementation as the source of Principals or credentials to be used to validate the request. If the Subject * is not null, the method implementation may add additional Principals or credentials (pertaining to the recipient of * the service request) to the Subject. * * @return An AuthStatus object representing the completion status of the processing performed by the method. The * AuthStatus values that may be returned by this method are defined as follows: * *

    *
  • AuthStatus.SUCCESS when the application request message was successfully validated. The validated request message * is available by calling getRequestMessage on messageInfo. * *
  • AuthStatus.SEND_SUCCESS to indicate that validation/processing of the request message successfully produced the * secured application response message (in messageInfo). The secured response message is available by calling * getResponseMessage on messageInfo. * *
  • AuthStatus.SEND_CONTINUE to indicate that message validation is incomplete, and that a preliminary response was * returned as the response message in messageInfo. * * When this status value is returned to challenge an application request message, the challenged request must be saved * by the authentication module such that it can be recovered when the module's validateRequest message is called to * process the request returned for the challenge. * *
  • AuthStatus.SEND_FAILURE to indicate that message validation failed and that an appropriate failure response * message is available by calling getResponseMessage on messageInfo. *
* * @exception AuthException When the message processing failed without establishing a failure response message (in * messageInfo). */ AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException; /** * Secure a service response before sending it to the client. * * This method is called to transform the response message acquired by calling getResponseMessage (on messageInfo) into * the mechanism-specific form to be sent by the runtime. *

* This method conveys the outcome of its message processing either by returning an AuthStatus value or by throwing an * AuthException. * * @param messageInfo A contextual object that encapsulates the client request and server response objects, and that may * be used to save state across a sequence of calls made to the methods of this interface for the purpose of completing * a secure message exchange. * * @param serviceSubject A Subject that represents the source of the service response, or null. It may be used by the * method implementation to retrieve Principals and credentials necessary to secure the response. If the Subject is not * null, the method implementation may add additional Principals or credentials (pertaining to the source of the service * response) to the Subject. * * @return An AuthStatus object representing the completion status of the processing performed by the method. The * AuthStatus values that may be returned by this method are defined as follows: * *

    *
  • AuthStatus.SEND_SUCCESS when the application response message was successfully secured. The secured response * message may be obtained by calling getResponseMessage on messageInfo. * *
  • AuthStatus.SEND_CONTINUE to indicate that the application response message (within messageInfo) was replaced with * a security message that should elicit a security-specific response (in the form of a request) from the peer. * * This status value serves to inform the calling runtime that (to successfully complete the message exchange) it will * need to be capable of continuing the message dialog by processing at least one additional request/response exchange * (after having sent the response message returned in messageInfo). * * When this status value is returned, the application response must be saved by the authentication module such that it * can be recovered when the module's validateRequest message is called to process the elicited response. * *
  • AuthStatus.SEND_FAILURE to indicate that a failure occurred while securing the response message and that an * appropriate failure response message is available by calling getResponseMeessage on messageInfo. *
* * @exception AuthException When the message processing failed without establishing a failure response message (in * messageInfo). */ default AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException { return AuthStatus.SEND_SUCCESS; } /** * Remove method specific principals and credentials from the subject. * * @param messageInfo a contextual object that encapsulates the client request and server response objects, and that may * be used to save state across a sequence of calls made to the methods of this interface for the purpose of completing * a secure message exchange. * * @param subject the Subject instance from which the Principals and credentials are to be removed. * * @exception AuthException If an error occurs during the Subject processing. */ default void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException { } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy