Class AuthConfigFactory

java.lang.Object
jakarta.security.auth.message.config.AuthConfigFactory

public abstract class AuthConfigFactory extends Object
This class is used to obtain AuthConfigProvider objects that can be used to obtain authentication context configuration objects, that is, ClientAuthConfig and ServerAuthConfig objects.

Authentication context configuration objects are used to obtain authentication context objects. Authentication context objects, that is, ClientAuthContext and ServerAuthContex objects, encapsulate authentication modules. Authentication modules are pluggable components that perform security-related processing of request and response messages.

Callers do not operate on modules directly. Instead they rely on an authentication context to manage the invocation of modules. A caller obtains an authentication context by calling the getAuthContext method on a ClientAuthConfig or ServerAuthConfig obtained from an AuthConfigProvider.

The following represents a typical sequence of calls for obtaining a client authentication context, and then using it to secure a request.

  1. AuthConfigFactory factory = AuthConfigFactory.getFactory();
  2. AuthConfigProvider provider = factory.getConfigProvider(layer,appID,listener);
  3. ClientAuthConfig config = provider.getClientAuthConfig(layer,appID,cbh)
  4. String authContextID = config.getAuthContextID(messageInfo);
  5. ClientAuthContext context = config.getAuthContext(authContextID,subject,properties);
  6. context.secureRequest(messageInfo,subject);

A system-wide AuthConfigFactory implementation can be set by invoking setFactory, and retrieved using getFactory.

Every implementation of this abstract class must offer a public, zero argument constructor. This constructor must support the construction and registration (including self-registration) of AuthConfigProviders from a persistent declarative representation. For example, a factory implementation class could interpret the contents of a file containing a sequence of configuration entries, with one entry per AuthConfigProvider, and with each entry representing:

  • The fully qualified name of the provider implementation class (or null)
  • The list of provider initialization properties (which could be empty)
Any provider initialization properties must be specified in a form that can be passed to the provider constructor within a Map of key, value pairs, and where all keys and values within the Map are of type String.

The entry syntax must also provide for the optional inclusion of information sufficient to define a RegistrationContext. This information would only be present when the factory will register the provider. For example, each entry could provide for the inclusion of one or more RegistrationContext objects of the following form:

  • The message layer name (or null)
  • The application context identifier (or null)
  • The registration description (or null)
When a RegistrationContext is not included, the factory must make it convenient for the provider to self-register with the factory during the provider construction (see registerConfigProvider(AuthConfigProvider provider, ...)).

An AuthConfigFactory implementation is free to choose is own persistent declarative syntax as long as it conforms to the requirements defined by this class.

See Also: