• Home
• jakarta.platform
• jakarta.jakartaee-api
• 10.0.0
• source code
• ServerAuthContext.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

jakarta.security.auth.message.config.ServerAuthContext Maven / Gradle / Ivy

/*
 * Copyright (c) 1997, 2020 Oracle and/or its affiliates and others.
 * All rights reserved.
 *
 * This program and the accompanying materials are made available under the
 * terms of the Eclipse Public License v. 2.0, which is available at
 * http://www.eclipse.org/legal/epl-2.0.
 *
 * This Source Code may also be made available under the following Secondary
 * Licenses when the conditions for such availability set forth in the
 * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
 * version 2 with the GNU Classpath Exception, which is available at
 * https://www.gnu.org/software/classpath/license.html.
 *
 * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
 */

package jakarta.security.auth.message.config;

import jakarta.security.auth.message.ServerAuth;
import jakarta.security.auth.message.module.ServerAuthModule;

/**
 * This ServerAuthContext class encapsulates ServerAuthModules that are used to validate service requests received from
 * clients, and to secure any response returned for those requests. A caller typically uses this class in the following
 * manner:
 *
 * 

 *   
Retrieve an instance of this class via ServerAuthConfig.getAuthContext.
 *   
Invoke validateRequest. 

 *       ServerAuthContext implementation invokes validateRequest of one or more encapsulated ServerAuthModules. Modules
 *       validate credentials present in request (for example, decrypt and verify a signature).
 *   
If credentials valid and sufficient, authentication complete. 

 *       Perform authorization check on authenticated identity and, if successful, dispatch to requested service application.
 *   
Service application finished.
 *   
Invoke secureResponse. 

 *       ServerAuthContext implementation invokes secureResponse of one or more encapsulated ServerAuthModules. Modules secure
 *       response (sign and encrypt response, for example), and prepare response message.
 *   
Send secured response to client.
 *   
Invoke cleanSubject (as necessary) to clean up any authentication state in Subject(s).
 * 
 *
 * 

 * A ServerAuthContext instance may be used concurrently by multiple callers.
 *
 * 

 * Implementations of this interface are responsible for constructing and initializing the encapsulated modules. The
 * initialization step includes passing the relevant request and response MessagePolicy objects to the encapsulated
 * modules. The MessagePolicy objects are obtained by the ServerAuthConfig instance used to obtain the
 * ServerAuthContext object. See ServerAuthConfig.getAuthContext for more information.
 *
 * 

 * Implementations of this interface are instantiated by their associated configuration object such that they know which
 * modules to invoke, in what order, and how results returned by preceding modules are to influence subsequent module
 * invocations.
 *
 * 

 * Calls to the inherited methods of this interface delegate to the corresponding methods of the encapsulated
 * authentication modules.
 *
 * @see ServerAuthConfig
 * @see ServerAuthModule
 */
public interface ServerAuthContext extends ServerAuth {

}