io.undertow.security.impl

Class SecurityContextImpl

java.lang.Object

io.undertow.security.impl.SecurityContextImpl

All Implemented Interfaces:

SecurityContext

public class SecurityContextImpl
extends Object
implements SecurityContext

The internal SecurityContext used to hold the state of security for the current exchange.

Author:

Darran Lofthouse, Stuart Douglas

Nested Class Summary

Nested classes/interfaces inherited from interface io.undertow.security.api.SecurityContext

SecurityContext.AuthenticationResult

Field Summary

Fields inherited from interface io.undertow.security.api.SecurityContext

ATTACHMENT_KEY

Constructor Summary

Constructors

Constructor and Description
SecurityContextImpl(HttpServerExchange exchange, AuthenticationMode authenticationMode, IdentityManager identityManager)
SecurityContextImpl(HttpServerExchange exchange, IdentityManager identityManager)

Method Summary

Methods

Modifier and Type	Method and Description
void	addAuthenticationMechanism(AuthenticationMechanism handler) Adds an authentication mechanism to this context.
boolean	authenticate() Performs authentication on the request.
void	authenticationComplete(Account account, String mechanism) Called by the AuthenticationMechanism to indicate that an account has been successfully authenticated.
protected void	authenticationComplete(Account account, String mechanism, boolean programatic)
void	authenticationFailed(String message, String mechanism) Called by the AuthenticationMechanism to indicate that an authentication attempt has failed.
Account	getAuthenticatedAccount() Obtain the Account for the currently authenticated identity.
List<AuthenticationMechanism>	getAuthenticationMechanisms()
IdentityManager	getIdentityManager() Obtain the associated IdentityManager to use to make account verification decisions.
String	getMechanismName()
boolean	isAuthenticated()
boolean	login(String username, String password) Attempts to log the user in using the provided credentials.
void	logout() de-authenticates the current exchange.
void	registerNotificationReceiver(NotificationReceiver receiver) Register a NotificationReceiver interested in receiving notifications for security events that happen on this SecurityContext.
void	removeNotificationReceiver(NotificationReceiver receiver) Remove a previously registered NotificationReceiver from this SecurityContext.
void	setAuthenticationRequired() Marks this request as requiring authentication.
void	setProgramaticMechName(String programaticMechName) Set the name of the mechanism used for authentication to be reported if authentication was handled programatically.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SecurityContextImpl

public SecurityContextImpl(HttpServerExchange exchange,
                   IdentityManager identityManager)

SecurityContextImpl

public SecurityContextImpl(HttpServerExchange exchange,
                   AuthenticationMode authenticationMode,
                   IdentityManager identityManager)

Method Detail

authenticate

public boolean authenticate()

Description copied from interface: SecurityContext

Performs authentication on the request. If authentication is REQUIRED then setAuthenticationRequired() should be called before calling this method. If the result indicates that a response has been sent to the client then no further attempts should be made to modify the response. The caller of this method is responsible for ending the exchange. If this method returns true it can still have committedd the response (e.g. form auth redirects back to the original page). Callers should check that the exchange has not been ended before proceeding.

Specified by:

authenticate in interface SecurityContext

Returns:

true if either the request is successfully authenticated or if there is no failure validating the current request so that the request should continue to be processed, false if authentication was not completed and challenge has been prepared for the client.

setAuthenticationRequired

public void setAuthenticationRequired()

Description copied from interface: SecurityContext

Marks this request as requiring authentication. Authentication challenge headers will only be sent if this method has been called. If #authenticate(io.undertow.server.HttpCompletionHandler, io.undertow.server.HttpHandler) is called without first calling this method then the request will continue as normal even if the authentication was not successful.

Specified by:

setAuthenticationRequired in interface SecurityContext

isAuthenticated

public boolean isAuthenticated()

Specified by:

isAuthenticated in interface SecurityContext

Returns:

true if a user has been authenticated for this request, false otherwise.

setProgramaticMechName

public void setProgramaticMechName(String programaticMechName)

Set the name of the mechanism used for authentication to be reported if authentication was handled programatically.

Parameters:

programaticMechName -

getMechanismName

public String getMechanismName()

Specified by:

getMechanismName in interface SecurityContext

Returns:

The name of the mechanism used to authenticate the request.

addAuthenticationMechanism

public void addAuthenticationMechanism(AuthenticationMechanism handler)

Description copied from interface: SecurityContext

Adds an authentication mechanism to this context. When SecurityContext.authenticate() is called mechanisms will be iterated over in the order they are added, and given a chance to authenticate the user.

Specified by:

addAuthenticationMechanism in interface SecurityContext

Parameters:

handler - The mechanism to add

getAuthenticationMechanisms

public List<AuthenticationMechanism> getAuthenticationMechanisms()

Specified by:

getAuthenticationMechanisms in interface SecurityContext

Returns:

A list of all authentication mechanisms in this context

getAuthenticatedAccount

public Account getAuthenticatedAccount()

Description copied from interface: SecurityContext

Obtain the Account for the currently authenticated identity.

Specified by:

getAuthenticatedAccount in interface SecurityContext

Returns:

The Account for the currently authenticated identity or null if no account is currently authenticated.

getIdentityManager

public IdentityManager getIdentityManager()

Description copied from interface: SecurityContext

Obtain the associated IdentityManager to use to make account verification decisions.

Specified by:

getIdentityManager in interface SecurityContext

Returns:

The associated IdentityManager

login

public boolean login(String username,
            String password)

Description copied from interface: SecurityContext

Attempts to log the user in using the provided credentials. This result will be stored in the current AuthenticatedSessionManager (if any), so subsequent requests will automatically be authenticated as this user.

This operation may block

Specified by:

login in interface SecurityContext

Parameters:

username - The username

password - The password

Returns:

true if the login succeeded, false otherwise

logout

public void logout()

Description copied from interface: SecurityContext

de-authenticates the current exchange.

Specified by:

logout in interface SecurityContext

authenticationComplete

public void authenticationComplete(Account account,
                          String mechanism)

Description copied from interface: SecurityContext

Called by the AuthenticationMechanism to indicate that an account has been successfully authenticated. Note: A successful verification of an account using the IdentityManager is not the same as a successful authentication decision, other factors could be taken into account to make the final decision.

Specified by:

authenticationComplete in interface SecurityContext

Parameters:

account - - The authenticated Account

mechanism - - The name of the mechanism used to authenticate the account.

authenticationComplete

protected void authenticationComplete(Account account,
                          String mechanism,
                          boolean programatic)

authenticationFailed

public void authenticationFailed(String message,
                        String mechanism)

Description copied from interface: SecurityContext

Called by the AuthenticationMechanism to indicate that an authentication attempt has failed. This should only be called where an authentication attempt has truly failed, for authentication mechanisms where an additional round trip with the client is expected this should not be called. Where possible the failure message should contain the name of the identity that authentication was being attempted for, however as this is not always possible to identify in advance a generic message may be all that can be reported.

Specified by:

authenticationFailed in interface SecurityContext

Parameters:

message - - The message describing the failure.

mechanism - - The name of the mechanism reporting the failure.

registerNotificationReceiver

public void registerNotificationReceiver(NotificationReceiver receiver)

Description copied from interface: SecurityContext

Register a NotificationReceiver interested in receiving notifications for security events that happen on this SecurityContext.

Specified by:

registerNotificationReceiver in interface SecurityContext

Parameters:

receiver - - The NotificationReceiver to register.

removeNotificationReceiver

public void removeNotificationReceiver(NotificationReceiver receiver)

Description copied from interface: SecurityContext

Remove a previously registered NotificationReceiver from this SecurityContext. If the supplied receiver has not been previously registered this method will fail silently.

Specified by:

removeNotificationReceiver in interface SecurityContext

Parameters:

receiver - - The NotificationReceiver to remove.