Interface SecurityContext


public interface SecurityContext
An injectable interface that provides access to security related information.
Since:
1.0
Author:
Paul Sandoz, Marc Hadley
See Also:
  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    String identifier for Basic authentication.
    static final String
    String identifier for Client Certificate authentication.
    static final String
    String identifier for Digest authentication.
    static final String
    String identifier for Form authentication.
  • Method Summary

    Modifier and Type
    Method
    Description
    Returns the string value of the authentication scheme used to protect the resource.
    Returns a java.security.Principal object containing the name of the current authenticated user.
    boolean
    Returns a boolean indicating whether this request was made using a secure channel, such as HTTPS.
    boolean
    Returns a boolean indicating whether the authenticated user is included in the specified logical "role".
  • Field Details

    • BASIC_AUTH

      static final String BASIC_AUTH
      String identifier for Basic authentication. Value "BASIC"
      See Also:
    • CLIENT_CERT_AUTH

      static final String CLIENT_CERT_AUTH
      String identifier for Client Certificate authentication. Value "CLIENT_CERT"
      See Also:
    • DIGEST_AUTH

      static final String DIGEST_AUTH
      String identifier for Digest authentication. Value "DIGEST"
      See Also:
    • FORM_AUTH

      static final String FORM_AUTH
      String identifier for Form authentication. Value "FORM"
      See Also:
  • Method Details

    • getUserPrincipal

      Principal getUserPrincipal()
      Returns a java.security.Principal object containing the name of the current authenticated user. If the user has not been authenticated, the method returns null.
      Returns:
      a java.security.Principal containing the name of the user making this request; null if the user has not been authenticated
      Throws:
      IllegalStateException - if called outside the scope of a request
    • isUserInRole

      boolean isUserInRole(String role)
      Returns a boolean indicating whether the authenticated user is included in the specified logical "role". If the user has not been authenticated, the method returns false.
      Parameters:
      role - a String specifying the name of the role
      Returns:
      a boolean indicating whether the user making the request belongs to a given role; false if the user has not been authenticated
      Throws:
      IllegalStateException - if called outside the scope of a request
    • isSecure

      boolean isSecure()
      Returns a boolean indicating whether this request was made using a secure channel, such as HTTPS.
      Returns:
      true if the request was made using a secure channel, false otherwise
      Throws:
      IllegalStateException - if called outside the scope of a request
    • getAuthenticationScheme

      String getAuthenticationScheme()
      Returns the string value of the authentication scheme used to protect the resource. If the resource is not authenticated, null is returned. Values are the same as the CGI variable AUTH_TYPE
      Returns:
      one of the static members BASIC_AUTH, FORM_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH (suitable for == comparison) or the container-specific string indicating the authentication scheme, or null if the request was not authenticated.
      Throws:
      IllegalStateException - if called outside the scope of a request