Class SecurityContextImpl

java.lang.Object
io.undertow.security.impl.AbstractSecurityContext
io.undertow.security.impl.SecurityContextImpl
All Implemented Interfaces:
AuthenticationMechanismContext, SecurityContext

public class SecurityContextImpl extends AbstractSecurityContext implements AuthenticationMechanismContext
The internal SecurityContext used to hold the state of security for the current exchange.
Author:
Darran Lofthouse, Stuart Douglas
  • Constructor Details

  • Method Details

    • authenticate

      public boolean authenticate()
      Description copied from interface: SecurityContext
      Performs authentication on the request. If authentication is REQUIRED then setAuthenticationRequired() should be called before calling this method. If the result indicates that a response has been sent to the client then no further attempts should be made to modify the response. The caller of this method is responsible for ending the exchange. If this method returns true it can still have committed the response (e.g. form auth redirects back to the original page). Callers should check that the exchange has not been ended before proceeding.
      Specified by:
      authenticate in interface SecurityContext
      Returns:
      true if either the request is successfully authenticated or if there is no failure validating the current request so that the request should continue to be processed, false if authentication was not completed and challenge has been prepared for the client.
    • setProgramaticMechName

      public void setProgramaticMechName(String programaticMechName)
      Set the name of the mechanism used for authentication to be reported if authentication was handled programatically.
      Parameters:
      programaticMechName -
    • addAuthenticationMechanism

      public void addAuthenticationMechanism(AuthenticationMechanism handler)
      Description copied from interface: AuthenticationMechanismContext
      Adds an authentication mechanism to this context. When SecurityContext.authenticate() is called mechanisms will be iterated over in the order they are added, and given a chance to authenticate the user.
      Specified by:
      addAuthenticationMechanism in interface AuthenticationMechanismContext
      Specified by:
      addAuthenticationMechanism in interface SecurityContext
      Parameters:
      handler - The mechanism to add
    • getAuthenticationMechanisms

      @Deprecated public List<AuthenticationMechanism> getAuthenticationMechanisms()
      Deprecated.
      Specified by:
      getAuthenticationMechanisms in interface SecurityContext
      Returns:
      A list of all authentication mechanisms in this context
    • getIdentityManager

      @Deprecated public IdentityManager getIdentityManager()
      Deprecated.
      Description copied from interface: SecurityContext
      Obtain the associated IdentityManager to use to make account verification decisions.
      Specified by:
      getIdentityManager in interface SecurityContext
      Returns:
      The associated IdentityManager
    • login

      public boolean login(String username, String password)
      Description copied from interface: SecurityContext
      Attempts to log the user in using the provided credentials. This result will be stored in the current AuthenticatedSessionManager (if any), so subsequent requests will automatically be authenticated as this user.

      This operation may block

      Specified by:
      login in interface SecurityContext
      Parameters:
      username - The username
      password - The password
      Returns:
      true if the login succeeded, false otherwise
    • logout

      public void logout()
      Description copied from interface: SecurityContext
      de-authenticates the current exchange.
      Specified by:
      logout in interface SecurityContext
      Overrides:
      logout in class AbstractSecurityContext