Package io.undertow.security.impl
Class SecurityContextImpl
java.lang.Object
io.undertow.security.impl.AbstractSecurityContext
io.undertow.security.impl.SecurityContextImpl
- All Implemented Interfaces:
AuthenticationMechanismContext
,SecurityContext
public class SecurityContextImpl
extends AbstractSecurityContext
implements AuthenticationMechanismContext
The internal SecurityContext used to hold the state of security for the current exchange.
- Author:
- Darran Lofthouse, Stuart Douglas
-
Field Summary
Fields inherited from class io.undertow.security.impl.AbstractSecurityContext
exchange
-
Constructor Summary
ConstructorsConstructorDescriptionSecurityContextImpl
(HttpServerExchange exchange, AuthenticationMode authenticationMode, IdentityManager identityManager) SecurityContextImpl
(HttpServerExchange exchange, IdentityManager identityManager) -
Method Summary
Modifier and TypeMethodDescriptionvoid
Adds an authentication mechanism to this context.boolean
Performs authentication on the request.Deprecated.Deprecated.boolean
Attempts to log the user in using the provided credentials.void
logout()
de-authenticates the current exchange.void
setProgramaticMechName
(String programaticMechName) Set the name of the mechanism used for authentication to be reported if authentication was handled programatically.Methods inherited from class io.undertow.security.impl.AbstractSecurityContext
authenticationComplete, authenticationComplete, authenticationFailed, getAuthenticatedAccount, getMechanismName, isAuthenticated, isAuthenticationRequired, registerNotificationReceiver, removeNotificationReceiver, setAuthenticationRequired
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface io.undertow.security.api.SecurityContext
authenticationComplete, authenticationFailed, getAuthenticatedAccount, getMechanismName, isAuthenticated, isAuthenticationRequired, registerNotificationReceiver, removeNotificationReceiver, setAuthenticationRequired
-
Constructor Details
-
SecurityContextImpl
-
SecurityContextImpl
public SecurityContextImpl(HttpServerExchange exchange, AuthenticationMode authenticationMode, IdentityManager identityManager)
-
-
Method Details
-
authenticate
public boolean authenticate()Description copied from interface:SecurityContext
Performs authentication on the request. If authentication is REQUIRED then setAuthenticationRequired() should be called before calling this method. If the result indicates that a response has been sent to the client then no further attempts should be made to modify the response. The caller of this method is responsible for ending the exchange. If this method returnstrue
it can still have committed the response (e.g. form auth redirects back to the original page). Callers should check that the exchange has not been ended before proceeding.- Specified by:
authenticate
in interfaceSecurityContext
- Returns:
true
if either the request is successfully authenticated or if there is no failure validating the current request so that the request should continue to be processed,false
if authentication was not completed and challenge has been prepared for the client.
-
setProgramaticMechName
Set the name of the mechanism used for authentication to be reported if authentication was handled programatically.- Parameters:
programaticMechName
-
-
addAuthenticationMechanism
Description copied from interface:AuthenticationMechanismContext
Adds an authentication mechanism to this context. WhenSecurityContext.authenticate()
is called mechanisms will be iterated over in the order they are added, and given a chance to authenticate the user.- Specified by:
addAuthenticationMechanism
in interfaceAuthenticationMechanismContext
- Specified by:
addAuthenticationMechanism
in interfaceSecurityContext
- Parameters:
handler
- The mechanism to add
-
getAuthenticationMechanisms
Deprecated.- Specified by:
getAuthenticationMechanisms
in interfaceSecurityContext
- Returns:
- A list of all authentication mechanisms in this context
-
getIdentityManager
Deprecated.Description copied from interface:SecurityContext
Obtain the associatedIdentityManager
to use to make account verification decisions.- Specified by:
getIdentityManager
in interfaceSecurityContext
- Returns:
- The associated
IdentityManager
-
login
Description copied from interface:SecurityContext
Attempts to log the user in using the provided credentials. This result will be stored in the currentAuthenticatedSessionManager
(if any), so subsequent requests will automatically be authenticated as this user.This operation may block
- Specified by:
login
in interfaceSecurityContext
- Parameters:
username
- The usernamepassword
- The password- Returns:
true
if the login succeeded, false otherwise
-
logout
public void logout()Description copied from interface:SecurityContext
de-authenticates the current exchange.- Specified by:
logout
in interfaceSecurityContext
- Overrides:
logout
in classAbstractSecurityContext
-