Interface AuthenticationHandler

  • All Known Implementing Classes:
    AbstractAuthenticationHandler

    @ConsumerType
    public interface AuthenticationHandler
    The AuthenticationHandler interface defines the service API used by the authentication implementation to support plugin various ways of extracting credentials from the request.
    • Method Detail

      • extractCredentials

        AuthenticationInfo extractCredentials​(HttpServletRequest request,
                                              HttpServletResponse response)
        Extracts credential data from the request if at all contained.

        The method returns any of the following values :

        Extracted Information
        value description
        null no user details were contained in the request or the handler is not capable or willing to extract credentials from the request
        AuthenticationInfo.DOING_AUTH the handler is in an ongoing authentication transaction with the client. Request processing should be aborted at this stage.
        AuthenticationInfo.FAIL_AUTH the handler failed extracting the credentials from the request for any reason. An example of this result is that credentials are present in the request but they could not be validated and thus not be used for request processing. When returning this value, the authentication handler may also set the FAILURE_REASON request attribute to inform interested parties (including its own requestCredentials(HttpServletRequest, HttpServletResponse) method for the reasons of failure to extract the credentials.
        AuthenticationInfo object The user sent credentials. The returned object contains the credentials as well as the type of authentication transmission employed.

        The method must not request credential information from the client, if they are not found in the request.

        The value of PATH_PROPERTY service registration property value triggering this call is available as the path request attribute. If the service is registered with multiple path values, the value of the path request attribute may be used to implement specific handling.

        Parameters:
        request - The request object containing the information for the authentication.
        response - The response object which may be used to send the information on the request failure to the user.
        Returns:
        A valid AuthenticationInfo instance identifying the request user, AuthenticationInfo.DOING_AUTH if the handler is in an authentication transaction with the client or null if the request does not contain authentication information. In case of AuthenticationInfo.DOING_AUTH, the method must have sent a response indicating that fact to the client.
      • requestCredentials

        boolean requestCredentials​(HttpServletRequest request,
                                   HttpServletResponse response)
                            throws java.io.IOException
        Requests authentication information from the client. Returns true if the information has been requested and request processing can be terminated normally. Otherwise the authorization information could not be requested.

        The HttpServletResponse.sendError methods should not be used by the implementation because these responses might be post-processed by the servlet container's error handling infrastructure thus preventing the correct operation of the authentication handler. To convey a HTTP response status the HttpServletResponse.setStatus method should be used.

        The value of PATH_PROPERTY service registration property value triggering this call is available as the path request attribute. If the service is registered with multiple path values, the value of the path request attribute may be used to implement specific handling.

        If the REQUEST_LOGIN_PARAMETER request parameter is set only those authentication handlers registered with an authentication type matching the parameter will be considered for requesting credentials through this method.

        A handler not registered with an authentication type will, for backwards compatibility reasons, always be called ignoring the actual value of the REQUEST_LOGIN_PARAMETER parameter.

        Parameters:
        request - The request object.
        response - The response object to which to send the request.
        Returns:
        true if the handler is able to send an authentication inquiry for the given request. false otherwise.
        Throws:
        java.io.IOException - If an error occurs sending the authentication inquiry to the client.
      • dropCredentials

        void dropCredentials​(HttpServletRequest request,
                             HttpServletResponse response)
                      throws java.io.IOException
        Drops any credential and authentication details from the request and asks the client to do the same.
        Parameters:
        request - The request object.
        response - The response object to which to send the request.
        Throws:
        java.io.IOException - If an error occurs asking the client to drop any authentication traces.