Class HttpAuthenticationMechanismWrapper
- java.lang.Object
-
- jakarta.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanismWrapper
-
- All Implemented Interfaces:
HttpAuthenticationMechanism
public class HttpAuthenticationMechanismWrapper extends Object implements HttpAuthenticationMechanism
This class is an implementation of theHttpAuthenticationMechanism
interface that can be subclassed by developers wishing to provide extra or different functionality.All methods default to calling the wrapped object.
- Since:
- 3.0
-
-
Constructor Summary
Constructors Constructor Description HttpAuthenticationMechanismWrapper()
This constructor is intended for proxy usuage only.HttpAuthenticationMechanismWrapper(HttpAuthenticationMechanism httpAuthenticationMechanism)
Constructs the wrapper with the object being delegated to.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
cleanSubject(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext)
Remove mechanism specific principals and credentials from the subject and any other state the mechanism might have used.HttpAuthenticationMechanism
getWrapped()
Returns the object that's being wrapped.AuthenticationStatus
secureResponse(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext)
Secure the response, optionally.AuthenticationStatus
validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext)
Authenticate an HTTP request.
-
-
-
Constructor Detail
-
HttpAuthenticationMechanismWrapper
public HttpAuthenticationMechanismWrapper()
This constructor is intended for proxy usuage only.
-
HttpAuthenticationMechanismWrapper
public HttpAuthenticationMechanismWrapper(HttpAuthenticationMechanism httpAuthenticationMechanism)
Constructs the wrapper with the object being delegated to.- Parameters:
httpAuthenticationMechanism
- The wrapped object which all methods call.
-
-
Method Detail
-
getWrapped
public HttpAuthenticationMechanism getWrapped()
Returns the object that's being wrapped.- Returns:
- the object that's being wrapped.
-
validateRequest
public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException
Description copied from interface:HttpAuthenticationMechanism
Authenticate an HTTP request.This method is called in response to an HTTP client request for a resource, and is always invoked before any
Filter
orHttpServlet
. Additionally this method is called in response toHttpServletRequest.authenticate(HttpServletResponse)
Note that by default this method is always called for every request, independent of whether the request is to a protected or non-protected resource, or whether a caller was successfully authenticated before within the same HTTP session or not.
A CDI/Interceptor spec interceptor can be used to prevent calls to this method if needed. See
AutoApplySession
andRememberMe
for two examples.- Specified by:
validateRequest
in interfaceHttpAuthenticationMechanism
- Parameters:
request
- contains the request the client has maderesponse
- contains the response that will be send to the clienthttpMessageContext
- context for interacting with the container- Returns:
- the completion status of the processing performed by this method
- Throws:
AuthenticationException
- when the processing failed
-
secureResponse
public AuthenticationStatus secureResponse(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException
Description copied from interface:HttpAuthenticationMechanism
Secure the response, optionally.This method is called to allow for any post processing to be done on the request, and is always invoked after any
Filter
orHttpServlet
.Note that this method is only called when a (Servlet) resource has indeed been invoked, i.e. if a previous call to
validateRequest
that was invoked before anyFilter
orHttpServlet
returned SUCCESS.- Specified by:
secureResponse
in interfaceHttpAuthenticationMechanism
- Parameters:
request
- contains the request the client has maderesponse
- contains the response that will be send to the clienthttpMessageContext
- context for interacting with the container- Returns:
- the completion status of the processing performed by this method
- Throws:
AuthenticationException
- when the processing failed
-
cleanSubject
public void cleanSubject(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext)
Description copied from interface:HttpAuthenticationMechanism
Remove mechanism specific principals and credentials from the subject and any other state the mechanism might have used.This method is called in response to
HttpServletRequest.logout()
and gives the authentication mechanism the option to remove any state associated with an earlier established authenticated identity. For example, an authentication mechanism that stores state within a cookie can send remove that cookie here.- Specified by:
cleanSubject
in interfaceHttpAuthenticationMechanism
- Parameters:
request
- contains the request the client has maderesponse
- contains the response that will be send to the clienthttpMessageContext
- context for interacting with the container
-
-