Package jakarta.security.enterprise.authentication.mechanism.http

Class HttpAuthenticationMechanismWrapper

java.lang.Object

jakarta.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanismWrapper

All Implemented Interfaces:

HttpAuthenticationMechanism

public class HttpAuthenticationMechanismWrapper
extends Object
implements HttpAuthenticationMechanism

This class is an implementation of the HttpAuthenticationMechanism interface that can be subclassed by developers wishing to provide extra or different functionality.

All methods default to calling the wrapped object.

Since:

3.0

Constructor Summary

Constructors

Constructor	Description
HttpAuthenticationMechanismWrapper()	This constructor is intended for proxy usuage only.
HttpAuthenticationMechanismWrapper(HttpAuthenticationMechanism httpAuthenticationMechanism)	Constructs the wrapper with the object being delegated to.

Method Summary

Modifier and Type	Method	Description
void	cleanSubject(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext)	Remove mechanism specific principals and credentials from the subject and any other state the mechanism might have used.
HttpAuthenticationMechanism	getWrapped()	Returns the object that's being wrapped.
AuthenticationStatus	secureResponse(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext)	Secure the response, optionally.
AuthenticationStatus	validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext)	Authenticate an HTTP request.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

HttpAuthenticationMechanismWrapper

public HttpAuthenticationMechanismWrapper()

This constructor is intended for proxy usuage only.

HttpAuthenticationMechanismWrapper

public HttpAuthenticationMechanismWrapper(HttpAuthenticationMechanism httpAuthenticationMechanism)

Constructs the wrapper with the object being delegated to.

Parameters:

httpAuthenticationMechanism - The wrapped object which all methods call.

Method Detail

getWrapped

public HttpAuthenticationMechanism getWrapped()

Returns the object that's being wrapped.

Returns:

the object that's being wrapped.

validateRequest

public AuthenticationStatus validateRequest(HttpServletRequest request,
                                            HttpServletResponse response,
                                            HttpMessageContext httpMessageContext)
                                     throws AuthenticationException

Description copied from interface: HttpAuthenticationMechanism

Authenticate an HTTP request.

This method is called in response to an HTTP client request for a resource, and is always invoked before any Filter or HttpServlet. Additionally this method is called in response to HttpServletRequest.authenticate(HttpServletResponse)

Note that by default this method is always called for every request, independent of whether the request is to a protected or non-protected resource, or whether a caller was successfully authenticated before within the same HTTP session or not.

A CDI/Interceptor spec interceptor can be used to prevent calls to this method if needed. See AutoApplySession and RememberMe for two examples.

Specified by:

validateRequest in interface HttpAuthenticationMechanism

Parameters:

request - contains the request the client has made

response - contains the response that will be send to the client

httpMessageContext - context for interacting with the container

Returns:

the completion status of the processing performed by this method

Throws:

AuthenticationException - when the processing failed

secureResponse

public AuthenticationStatus secureResponse(HttpServletRequest request,
                                           HttpServletResponse response,
                                           HttpMessageContext httpMessageContext)
                                    throws AuthenticationException

Description copied from interface: HttpAuthenticationMechanism

Secure the response, optionally.

This method is called to allow for any post processing to be done on the request, and is always invoked after any Filter or HttpServlet.

Note that this method is only called when a (Servlet) resource has indeed been invoked, i.e. if a previous call to validateRequest that was invoked before any Filter or HttpServlet returned SUCCESS.

Specified by:

secureResponse in interface HttpAuthenticationMechanism

Parameters:

request - contains the request the client has made

response - contains the response that will be send to the client

httpMessageContext - context for interacting with the container

Returns:

the completion status of the processing performed by this method

Throws:

AuthenticationException - when the processing failed

cleanSubject

public void cleanSubject(HttpServletRequest request,
                         HttpServletResponse response,
                         HttpMessageContext httpMessageContext)

Description copied from interface: HttpAuthenticationMechanism

Remove mechanism specific principals and credentials from the subject and any other state the mechanism might have used.

This method is called in response to HttpServletRequest.logout() and gives the authentication mechanism the option to remove any state associated with an earlier established authenticated identity. For example, an authentication mechanism that stores state within a cookie can send remove that cookie here.

Specified by:

cleanSubject in interface HttpAuthenticationMechanism

Parameters:

request - contains the request the client has made

response - contains the response that will be send to the client

httpMessageContext - context for interacting with the container