java.lang.Object

jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContextWrapper

All Implemented Interfaces:: HttpMessageContext

public class HttpMessageContextWrapper
extends java.lang.Object
implements HttpMessageContext

This class is an implementation of the HttpMessageContext interface that can be subclassed by developers wishing to provide extra or different functionality.

All methods default to calling the wrapped object.

Constructor Summary

Constructors

Constructor Description

HttpMessageContextWrapper(HttpMessageContext httpMessageContext)

Method Summary

Modifier and Type	Method	Description
`void`	`cleanClientSubject()`	Convenience method to clean the subject associated with this context.
`AuthenticationStatus`	`doNothing()`	Instructs the container to "do nothing".
`AuthenticationStatus`	`forward(java.lang.String path)`	Forwards to another resource (Jakarta Servlet, Jakarta Server Pages file, or HTML file) on the server.
`AuthenticationParameters`	`getAuthParameters()`	Returns the parameters that were provided with the SecurityContext#authenticate(AuthParameters) call.
`java.security.Principal`	`getCallerPrincipal()`	Gets the Principal set by a call to notifyContainerAboutLogin().
`javax.security.auth.Subject`	`getClientSubject()`	Returns the subject for which authentication is to take place.
`java.util.Set<java.lang.String>`	`getGroups()`	Gets the groups set by a call to notifyContainerAboutLogin().
`javax.security.auth.callback.CallbackHandler`	`getHandler()`	Returns the low level Jakarta Authentication handler that the runtime provided when creating this `HttpMessageContext`, and which this context uses to communicate the authentication details to the runtime.
`jakarta.security.auth.message.MessageInfo`	`getMessageInfo()`	Returns the the low level Jakarta Authentication message info instance for the current request.
`jakarta.servlet.http.HttpServletRequest`	`getRequest()`	Returns the request object associated with the current request.
`jakarta.servlet.http.HttpServletResponse`	`getResponse()`	Returns the response object associated with the current request.
`HttpMessageContext`	`getWrapped()`
`boolean`	`isAuthenticationRequest()`	Checks if the current call to an authentication mechanism is the result from the application calling `SecurityContext.authenticate(HttpServletRequest, HttpServletResponse, AuthenticationParameters)`
`boolean`	`isProtected()`	Checks if the currently requested resource is protected or not.
`boolean`	`isRegisterSession()`	Check if the runtime has been asked to register an authentication session duing the current request.
`AuthenticationStatus`	`notifyContainerAboutLogin(CredentialValidationResult result)`	Convenience method intended to pass the `CredentialValidationResult` result of an identity store directly on to the container.
`AuthenticationStatus`	`notifyContainerAboutLogin(java.lang.String username, java.util.Set<java.lang.String> roles)`	Asks the container to register the given caller name and groups in order to make them available to the application for use with `SecurityContext.isCallerInRole(String)` etc.
`AuthenticationStatus`	`notifyContainerAboutLogin(java.security.Principal principal, java.util.Set<java.lang.String> roles)`	Asks the container to register the given caller principal and groups in order to make them available to the application for use with `SecurityContext.isCallerInRole(String)` etc.
`AuthenticationStatus`	`redirect(java.lang.String location)`	Sets the response status to SC_FOUND 302 (Found)
`AuthenticationStatus`	`responseNotFound()`	Sets the response status to 404 (not found).
`AuthenticationStatus`	`responseUnauthorized()`	Sets the response status to 401 (unauthorized).
`void`	`setRegisterSession(java.lang.String callerName, java.util.Set<java.lang.String> groups)`	Asks the runtime to register an authentication session.
`void`	`setRequest(jakarta.servlet.http.HttpServletRequest request)`	Sets the request object.
`void`	`setResponse(jakarta.servlet.http.HttpServletResponse response)`	Set the response object.
`HttpMessageContext`	`withRequest(jakarta.servlet.http.HttpServletRequest request)`	Sets the request object.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- HttpMessageContextWrapper
  
  public HttpMessageContextWrapper(HttpMessageContext httpMessageContext)
Method Details
- getWrapped
  
  public HttpMessageContext getWrapped()
- isProtected
  
  public boolean isProtected()
  
  Description copied from interface: HttpMessageContext
  
  Checks if the currently requested resource is protected or not. A protected resource is a resource (e.g. a Jakarta Servlet, Jakarta Faces page, Jakarta Server Pages page etc) for which a constraint has been defined in e.g. web.xml.
  
  Specified by:
  
  isProtected in interface HttpMessageContext
  
  Returns:
  
  true if a protected resource was requested, false if a public resource was requested.
- isAuthenticationRequest
  
  public boolean isAuthenticationRequest()
  
  Description copied from interface: HttpMessageContext
  
  Checks if the current call to an authentication mechanism is the result from the application calling SecurityContext.authenticate(HttpServletRequest, HttpServletResponse, AuthenticationParameters)
  If SecurityContext#authenticate was not called, the authentication mechanism may have been invoked by the container at the start of a request.
  
  Specified by:
  
  isAuthenticationRequest in interface HttpMessageContext
  
  Returns:
  
  true if SecurityContext#authenticate was called, false if not.
- isRegisterSession
  
  public boolean isRegisterSession()
  
  Description copied from interface: HttpMessageContext
  
  Check if the runtime has been asked to register an authentication session duing the current request.
  
  Specified by:
  
  isRegisterSession in interface HttpMessageContext
  
  Returns:
  
  true if code has asked to register an authentication session, false otherwise.
- setRegisterSession
  
  public void setRegisterSession(java.lang.String callerName, java.util.Set<java.lang.String> groups)
  
  Description copied from interface: HttpMessageContext
  
  Asks the runtime to register an authentication session. This will automatically remember the logged-in status as long as the current HTTP session remains valid. Without this being asked, a HttpAuthenticationMechanism has to manually re-authenticate with the runtime at the start of each request.
  
  Specified by:
  
  setRegisterSession in interface HttpMessageContext
  
  Parameters:
  
  callerName - the caller name for which authentication should be be remembered
  
  groups - the groups for which authentication should be remembered.
- cleanClientSubject
  
  public void cleanClientSubject()
  
  Description copied from interface: HttpMessageContext
  
  Convenience method to clean the subject associated with this context.
  Cleaning this subject is done as defined by the Servlet Container Profile of Jakarta Authentication for the ServerAuthModule#cleanSubject method and the HttpAuthenticationMechanism.cleanSubject(HttpServletRequest, HttpServletResponse, HttpMessageContext) method defined by this specification.
  
  Specified by:
  
  cleanClientSubject in interface HttpMessageContext
- getAuthParameters
  
  public AuthenticationParameters getAuthParameters()
  
  Description copied from interface: HttpMessageContext
  
  Returns the parameters that were provided with the SecurityContext#authenticate(AuthParameters) call.
  
  Specified by:
  
  getAuthParameters in interface HttpMessageContext
  
  Returns:
  
  the parameters that were provided with the SecurityContext#authenticate(AuthParameters) call, or a default instance. Never null.
- getHandler
  
  public javax.security.auth.callback.CallbackHandler getHandler()
  
  Description copied from interface: HttpMessageContext
  
  Returns the low level Jakarta Authentication handler that the runtime provided when creating this HttpMessageContext, and which this context uses to communicate the authentication details to the runtime.
  Note: This is a low level object that most higher level code would not need to use directly.
  
  Specified by:
  
  getHandler in interface HttpMessageContext
  
  Returns:
  
  the handler that the runtime provided to this context
- getMessageInfo
  
  public jakarta.security.auth.message.MessageInfo getMessageInfo()
  
  Description copied from interface: HttpMessageContext
  
  Returns the the low level Jakarta Authentication message info instance for the current request.
  Note: This is a low level object that most higher level code would not need to use directly.
  
  Specified by:
  
  getMessageInfo in interface HttpMessageContext
  
  Returns:
  
  the message info instance for the current request.
- getClientSubject
  
  public javax.security.auth.Subject getClientSubject()
  
  Description copied from interface: HttpMessageContext
  
  Returns the subject for which authentication is to take place.
  Note: This is a low level object that most higher level code would not need to use directly.
  
  Specified by:
  
  getClientSubject in interface HttpMessageContext
  
  Returns:
  
  the subject for which authentication is to take place.
- getRequest
  
  public jakarta.servlet.http.HttpServletRequest getRequest()
  
  Description copied from interface: HttpMessageContext
  
  Returns the request object associated with the current request.
  
  Specified by:
  
  getRequest in interface HttpMessageContext
  
  Returns:
  
  the request object associated with the current request.
- setRequest
  
  public void setRequest(jakarta.servlet.http.HttpServletRequest request)
  
  Description copied from interface: HttpMessageContext
  
  Sets the request object.
  
  Specified by:
  
  setRequest in interface HttpMessageContext
  
  Parameters:
  
  request - the request object to be set
- withRequest
  
  public HttpMessageContext withRequest(jakarta.servlet.http.HttpServletRequest request)
  
  Description copied from interface: HttpMessageContext
  
  Sets the request object.
  
  Specified by:
  
  withRequest in interface HttpMessageContext
  
  Parameters:
  
  request - the request object to be set.
  
  Returns:
  
  the HttpMessageContext instance on which this method was called, useful for fluent style call call chains.
- getResponse
  
  public jakarta.servlet.http.HttpServletResponse getResponse()
  
  Description copied from interface: HttpMessageContext
  
  Returns the response object associated with the current request.
  
  Specified by:
  
  getResponse in interface HttpMessageContext
  
  Returns:
  
  the response object associated with the current request.
- setResponse
  
  public void setResponse(jakarta.servlet.http.HttpServletResponse response)
  
  Description copied from interface: HttpMessageContext
  
  Set the response object.
  
  Specified by:
  
  setResponse in interface HttpMessageContext
  
  Parameters:
  
  response - the response object to be set.
- redirect
  
  public AuthenticationStatus redirect(java.lang.String location)
  
  Description copied from interface: HttpMessageContext
  
  Sets the response status to SC_FOUND 302 (Found)
  As a convenience this method returns SEND_CONTINUE, so this method can be used in one fluent return statement from an HttpAuthenticationMechanism
  
  Specified by:
  
  redirect in interface HttpMessageContext
  
  Parameters:
  
  location - the location to redirect to
  
  Returns:
  
  AuthenticationStatus.SEND_CONTINUE
  
  See Also:
  
  HttpServletResponse.sendRedirect(String)
- forward
  
  public AuthenticationStatus forward(java.lang.String path)
  
  Description copied from interface: HttpMessageContext
  
  Forwards to another resource (Jakarta Servlet, Jakarta Server Pages file, or HTML file) on the server.
  As a convenience this method returns SEND_CONTINUE, so this method can be used in one fluent return statement from an HttpAuthenticationMechanism
  
  Specified by:
  
  forward in interface HttpMessageContext
  
  Parameters:
  
  path - a String specifying the pathname to the resource.
  
  Returns:
  
  AuthenticationStatus.SEND_CONTINUE
  
  See Also:
  
  RequestDispatcher.forward(jakarta.servlet.ServletRequest, jakarta.servlet.ServletResponse)
- responseUnauthorized
  
  public AuthenticationStatus responseUnauthorized()
  
  Description copied from interface: HttpMessageContext
  
  Sets the response status to 401 (unauthorized).
  As a convenience this method returns SEND_FAILURE, so this method can be used in one fluent return statement from an HttpAuthenticationMechanism
  
  Specified by:
  
  responseUnauthorized in interface HttpMessageContext
  
  Returns:
  
  AuthenticationStatus.SEND_FAILURE
- responseNotFound
  
  public AuthenticationStatus responseNotFound()
  
  Description copied from interface: HttpMessageContext
  
  Sets the response status to 404 (not found).
  As a convenience this method returns SEND_FAILURE, so this method can be used in one fluent return statement from an HttpAuthenticationMechanism
  
  Specified by:
  
  responseNotFound in interface HttpMessageContext
  
  Returns:
  
  AuthenticationStatus.SEND_FAILURE
- notifyContainerAboutLogin
  
  public AuthenticationStatus notifyContainerAboutLogin(java.lang.String username, java.util.Set<java.lang.String> roles)
  
  Description copied from interface: HttpMessageContext
  
  Asks the container to register the given caller name and groups in order to make them available to the application for use with SecurityContext.isCallerInRole(String) etc.
  Note that after this call returned, the authenticated identity will not be immediately active. This will only take place (should no errors occur) after the authentication mechanism in which this call takes place returns control back to the container (runtime).
  As a convenience this method returns SUCCESS, so this method can be used in one fluent return statement from an HttpAuthenticationMechanism
  
  Specified by:
  
  notifyContainerAboutLogin in interface HttpMessageContext
  
  Parameters:
  
  username - the caller name that will become the caller principal
  
  roles - the groups associated with the caller principal
  
  Returns:
  
  AuthenticationStatus.SUCCESS
- notifyContainerAboutLogin
  
  public AuthenticationStatus notifyContainerAboutLogin(java.security.Principal principal, java.util.Set<java.lang.String> roles)
  
  Description copied from interface: HttpMessageContext
  
  Asks the container to register the given caller principal and groups in order to make them available to the application for use with SecurityContext.isCallerInRole(String) etc.
  Note that this call may result in the container establishing two caller principals to represent the caller's identity -- the Principal provided here as the principal parameter, and a second principal used as the container's representation of the caller identity. A second principal is added only if the container uses a different Principal type to represent the caller. If the types are the same, only one Principal is added.
  If a second principal is added, the value returned by Principal.getName() will be the same for both principals.
  When two principals are added, the container's caller principal is returned from SecurityContext.getCallerPrincipal(), and the principal supplied here as a parameter can be retrieved using SecurityContext.getPrincipalsByType(Class). When only one is added, it is returned by SecurityContext.getCallerPrincipal().
  Note that after this call returned, the authenticated identity will not be immediately active. This will only take place (should no errors occur) after the authentication mechanism in which this call takes place returns control back to the container (runtime).
  As a convenience this method returns SUCCESS, so this method can be used in one fluent return statement from an HttpAuthenticationMechanism
  
  Specified by:
  
  notifyContainerAboutLogin in interface HttpMessageContext
  
  Parameters:
  
  principal - the Principal that will become the caller principal
  
  roles - the groups associated with the caller principal
  
  Returns:
  
  AuthenticationStatus.SUCCESS
- notifyContainerAboutLogin
  
  public AuthenticationStatus notifyContainerAboutLogin(CredentialValidationResult result)
  
  Description copied from interface: HttpMessageContext
  
  Convenience method intended to pass the CredentialValidationResult result of an identity store directly on to the container.
  If the outcome from the given CredentialValidationResult.getStatus() equals CredentialValidationResult.Status.VALID, the CallerPrincipal and groups are obtained from the CredentialValidationResult and passed into HttpMessageContext.notifyContainerAboutLogin(Principal, Set).
  If the outcome from the given CredentialValidationResult.getStatus() is not equal to CredentialValidationResult.Status.VALID a failure result is returned.
  
  Specified by:
  
  notifyContainerAboutLogin in interface HttpMessageContext
  
  Parameters:
  
  result - a CredentialValidationResult which is inspected for its status and from which the principal and groups are taken.
  
  Returns:
  
  AuthenticationStatus.SUCCESS if CredentialValidationResult.getStatus() equals CredentialValidationResult.Status.VALID otherwise AuthenticationStatus.SEND_FAILURE
- doNothing
  
  public AuthenticationStatus doNothing()
  
  Description copied from interface: HttpMessageContext
  
  Instructs the container to "do nothing".
  When intending to do nothing, a Jakarta Security authentication mechanism has to indicate this explicitly via its return value.
  As a convenience this method returns NOT_DONE, so this method can be used in one fluent return statement from an HttpAuthenticationMechanism
  
  Specified by:
  
  doNothing in interface HttpMessageContext
  
  Returns:
  
  AuthenticationStatus.NOT_DONE
- getCallerPrincipal
  
  public java.security.Principal getCallerPrincipal()
  
  Description copied from interface: HttpMessageContext
  
  Gets the Principal set by a call to notifyContainerAboutLogin().
  
  Specified by:
  
  getCallerPrincipal in interface HttpMessageContext
  
  Returns:
  
  The caller principal
- getGroups
  
  public java.util.Set<java.lang.String> getGroups()
  
  Description copied from interface: HttpMessageContext
  
  Gets the groups set by a call to notifyContainerAboutLogin().
  
  Specified by:
  
  getGroups in interface HttpMessageContext
  
  Returns:
  
  The groups

Class HttpMessageContextWrapper

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Details

Method Details