Class FallbackAuthContext
- java.lang.Object
-
- org.forgerock.caf.authentication.framework.FallbackAuthContext
-
- All Implemented Interfaces:
AsyncServerAuthContext
,AuthContextWithState
public final class FallbackAuthContext extends Object implements AsyncServerAuthContext, AuthContextWithState
An
AsyncServerAuthContext
which manages aList
ofAsyncServerAuthModule
s that are in a desired order of preference for authenticating incoming request messages.Order matters as one and only one auth module can successfully authenticate the request message. Each
AsyncServerAuthModule
is called in order to authenticate the request message and processing stops after the first auth module that successfully authenticates the request message, or returns a failed promise with anAuthenticationException
.Order does not matter when securing the as only the auth module that successfully authenticated the incoming request message will get the opportunity to secure the response message.
- Since:
- 2.0.0
-
-
Constructor Summary
Constructors Constructor Description FallbackAuthContext(org.slf4j.Logger logger, List<AsyncServerAuthModule> authModules)
Creates a newFallbackAuthContext
managing the providedAsyncServerAuthModule
s.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Promise<Void,AuthenticationException>
cleanSubject(MessageContext context, Subject clientSubject)
Calls eachAsyncServerAuthContext
in parallel to clean the client subject and only return a successful promise if all complete successfully otherwise returns the first exception in a failed promise.org.forgerock.caf.authentication.framework.FallbackAuthContext.FallbackAuthContextState
createAuthenticationState()
Creates an instance of a specific type ofAuthenticationState
.Promise<javax.security.auth.message.AuthStatus,AuthenticationException>
secureResponse(MessageContext context, Subject serviceSubject)
Secures the response message using the sameAsyncServerAuthModule
that authenticated the incoming request message.String
toString()
A short but useful description of this authentication context.Promise<javax.security.auth.message.AuthStatus,AuthenticationException>
validateRequest(MessageContext context, Subject clientSubject, Subject serviceSubject)
Authenticates the incoming request message by calling eachAsyncServerAuthModule
in order until an auth module returns anAuthStatus
value other thanSEND_FAILURE
, or returns anAuthenticationException
or the end of the module list is reached.
-
-
-
Constructor Detail
-
FallbackAuthContext
public FallbackAuthContext(org.slf4j.Logger logger, List<AsyncServerAuthModule> authModules)
Creates a newFallbackAuthContext
managing the providedAsyncServerAuthModule
s.- Parameters:
logger
- TheLogger
instance.authModules
- TheList
ofAsyncServerAuthModule
s.
-
-
Method Detail
-
validateRequest
public Promise<javax.security.auth.message.AuthStatus,AuthenticationException> validateRequest(MessageContext context, Subject clientSubject, Subject serviceSubject)
Authenticates the incoming request message by calling each
AsyncServerAuthModule
in order until an auth module returns anAuthStatus
value other thanSEND_FAILURE
, or returns anAuthenticationException
or the end of the module list is reached.If the end of the module list is reached then an
AuthStatus
value ofSEND_FAILURE
is returned.- Specified by:
validateRequest
in interfaceAsyncServerAuthContext
- Parameters:
context
- The message context for this request.clientSubject
- ASubject
that represents the subject of this request.serviceSubject
- ASubject
that represents the subject for the server ornull
. It may be used to secure the message response.- Returns:
A
Promise
that will be completed, as some point in the future, with either a successful value or a failure value.A successfully completed
Promise
will contain anAuthStatus
representing the completion status of the message processing. SeeServerAuth.validateRequest( javax.security.auth.message.MessageInfo, Subject, Subject)
for the allowedAuthStatus
values.A failed completed
Promise
will contain anAuthenticationException
when the message processing failed without establishing a failure response message in theMessageContext
.- See Also:
AuthStatus
,ServerAuth.validateRequest( javax.security.auth.message.MessageInfo, Subject, Subject)
-
secureResponse
public Promise<javax.security.auth.message.AuthStatus,AuthenticationException> secureResponse(MessageContext context, Subject serviceSubject)
Secures the response message using the same
AsyncServerAuthModule
that authenticated the incoming request message.If no
AsyncServerAuthModule
authenticated the incoming request message, then this method should not have been called and a failed promise will be return with anAuthenticationException
.- Specified by:
secureResponse
in interfaceAsyncServerAuthContext
- Parameters:
context
- The message context for this request.serviceSubject
- ASubject
that represents the subject for the server ornull
. It may be used to secure the message response.- Returns:
A
Promise
that will be completed, as some point in the future, with either a successful value or a failure value.A successfully completed
Promise
will contain anAuthStatus
representing the completion status of the processing. SeeServerAuth.secureResponse( javax.security.auth.message.MessageInfo, Subject)
for the allowedAuthStatus
values. NoteAuthStatus.SEND_CONTINUE
is not supported by this interfaceA failed completed
Promise
will contain anAuthenticationException
when the message processing failed without establishing a failure response message in theMessageContext
.- See Also:
AuthStatus
,ServerAuth.secureResponse( javax.security.auth.message.MessageInfo, Subject)
-
cleanSubject
public Promise<Void,AuthenticationException> cleanSubject(MessageContext context, Subject clientSubject)
Calls eachAsyncServerAuthContext
in parallel to clean the client subject and only return a successful promise if all complete successfully otherwise returns the first exception in a failed promise.- Specified by:
cleanSubject
in interfaceAsyncServerAuthContext
- Parameters:
context
- The message context for this request.clientSubject
- ASubject
that represents the subject of this request.- Returns:
- A
Promise
that will be completed, as some point in the future, with either a successful value or a failure value. A successfully completedPromise
will contain no value and a failed completedPromise
will contain anAuthenticationException
if an error occurs during theSubject
processing. - See Also:
ServerAuth.cleanSubject( javax.security.auth.message.MessageInfo, Subject)
-
createAuthenticationState
public org.forgerock.caf.authentication.framework.FallbackAuthContext.FallbackAuthContextState createAuthenticationState()
Description copied from interface:AuthContextWithState
Creates an instance of a specific type of
AuthenticationState
.Must return a new
AuthenticationState
instance for each invocation.- Specified by:
createAuthenticationState
in interfaceAuthContextWithState
- Returns:
- A new
AuthenticationState
instance.
-
toString
public String toString()
Description copied from interface:AsyncServerAuthContext
A short but useful description of this authentication context. Description should include at least the IDs of the module this context manages.- Specified by:
toString
in interfaceAsyncServerAuthContext
- Overrides:
toString
in classObject
-
-