All Downloads are FREE. Search and download functionalities are using the official Maven repository.

jakarta.security.enterprise.SecurityContext Maven / Gradle / Ivy

/*
 * Copyright (c) 2015, 2022 Oracle and/or its affiliates. All rights reserved.
 *
 * This program and the accompanying materials are made available under the
 * terms of the Eclipse Public License v. 2.0, which is available at
 * http://www.eclipse.org/legal/epl-2.0.
 *
 * This Source Code may also be made available under the following Secondary
 * Licenses when the conditions for such availability set forth in the
 * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
 * version 2 with the GNU Classpath Exception, which is available at
 * https://www.gnu.org/software/classpath/license.html.
 *
 * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
 */

package jakarta.security.enterprise;

import java.security.Principal;
import java.util.Set;

import jakarta.security.enterprise.authentication.mechanism.http.AuthenticationParameters;
import jakarta.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;

/**
 * The SecurityContext provides an access point for programmatic security; an injectable type that is intended to be
 * used by application code to query and interact with Jakarta Security.
 *
 * 

* Unless otherwise indicated, this type must be usable in all Jakarta EE containers, specifically the Jakarta Servlet * and Jakarta Enterprise Beans containers. * */ public interface SecurityContext { /** * Retrieve the platform-specific java.security.Principal that represents * the name of authenticated caller, or null if the current caller is not authenticated. * * @return Principal representing the name of the current authenticated user, or null if not authenticated. */ Principal getCallerPrincipal(); /** * Retrieve all Principals of the given type from the authenticated caller's Subject, * or an empty set if the current caller is not authenticated, or if the specified type * isn't found in the Subject. *

* This can be used to retrieve application-specific * Principals when the platform's representation of the caller uses a different principal type. *

* The returned Set is not backed by the Subject's internal Principal Set. * A new Set is created and returned for each method invocation. * Modifications to the returned Set will not affect the internal Principal Set. * * @param pType Class object representing the type of Principal to return. * @param The actual type represented by the pType argument * * @return Set of Principals of the given type, or an empty set. */ Set getPrincipalsByType(Class pType); /** * Checks whether the authenticated caller is included in the specified logical application "role". * If the caller is not authenticated, this always returns false. * *

* This method can not be used to test for roles that are mapped to specific named Jakarta Servlets or * named Jakarta Enterprise Beans. For a Servlet an example of this would be the role-name nested in a * security-role-ref element nested in a servlet element in web.xml. * *

* Should code in either such Jakarta Servlet or Jakarta Enterprise Bean wish to take such mapped (aka referenced, linked) * roles into account, the facilities for that specific container should be used instead. For instance for Servlet that * would be {@link HttpServletRequest#isUserInRole(String)} and for Jakarta Enterprise Beans that would be * jakarta.ejb.SessionContext#isCallerInRole(String). * * @param role a String specifying the name of the logical application role * @return true if the authenticated caller is in the given role, false if the caller is not authentication or * is not in the given role. */ boolean isCallerInRole(String role); /** * Checks whether the caller has access to the provided "web resource" using the given methods, * as specified by section 13.8 of the Servlet specification. * *

* A caller has access if the web resource is either not protected (constrained), or when it is protected by a role * and the caller is in that role. * * @param resource the name of the web resource to test access for. This is a URLPatternSpec that * identifies the application specific web resources to which the permission pertains. For a full specification of this * pattern see {@link jakarta.security.jacc.WebResourcePermission#WebResourcePermission(String, String)}. * @param methods one or more methods to check for whether the caller has access to the web resource using one of those methods. * * @return true if the caller has access to the web resource using one of the given methods, false otherwise. */ boolean hasAccessToWebResource(String resource, String... methods); /** * Signal to the container (programmatically trigger) that it should start or continue a web/HTTP based authentication dialog with * the caller. * *

* Programmatically triggering means that the container responds as if the caller had attempted to access a constrained resource * and acts by invoking a configured authentication mechanism (such as the {@link HttpAuthenticationMechanism}). * *

* Whether the authentication dialog is to be started or continued depends on the (logical) state of the authentication dialog. If * such dialog is currently in progress, a call to this method will continue it. If such dialog is not in progress a new one will be * started. A new dialog can be forced to be started regardless of one being in progress or not by providing a value of * true for the {@link AuthenticationParameters#newAuthentication} parameter with this call. * *

* This method requires an {@link HttpServletRequest} and {@link HttpServletResponse} argument to be passed in, and * can therefore only be used in a valid Servlet context. * * @param request The HttpServletRequest associated with the current web resource invocation. * @param response The HttpServletResponse associated with the given HttpServletRequest. * @param parameters The parameters that are provided along with a programmatic authentication request, for instance the credentials. * collected by the application for continuing an authentication dialog. * * @return The state of the authentication mechanism after being triggered by this call */ AuthenticationStatus authenticate(HttpServletRequest request, HttpServletResponse response, AuthenticationParameters parameters); }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy