Class FallbackAuthContext

  • All Implemented Interfaces:
    AsyncServerAuthContext, AuthContextWithState

    public final class FallbackAuthContext
    extends Object
    implements AsyncServerAuthContext, AuthContextWithState

    An AsyncServerAuthContext which manages a List of AsyncServerAuthModules that are in a desired order of preference for authenticating incoming request messages.

    Order matters as one and only one auth module can successfully authenticate the request message. Each AsyncServerAuthModule is called in order to authenticate the request message and processing stops after the first auth module that successfully authenticates the request message, or returns a failed promise with an AuthenticationException.

    Order does not matter when securing the as only the auth module that successfully authenticated the incoming request message will get the opportunity to secure the response message.

    Since:
    2.0.0
    • Constructor Detail

      • FallbackAuthContext

        public FallbackAuthContext​(org.slf4j.Logger logger,
                                   List<AsyncServerAuthModule> authModules)
        Creates a new FallbackAuthContext managing the provided AsyncServerAuthModules.
        Parameters:
        logger - The Logger instance.
        authModules - The List of AsyncServerAuthModules.
    • Method Detail

      • validateRequest

        public Promise<javax.security.auth.message.AuthStatus,​AuthenticationException> validateRequest​(MessageContext context,
                                                                                                             Subject clientSubject,
                                                                                                             Subject serviceSubject)

        Authenticates the incoming request message by calling each AsyncServerAuthModule in order until an auth module returns an AuthStatus value other than SEND_FAILURE, or returns an AuthenticationException or the end of the module list is reached.

        If the end of the module list is reached then an AuthStatus value of SEND_FAILURE is returned.

        Specified by:
        validateRequest in interface AsyncServerAuthContext
        Parameters:
        context - The message context for this request.
        clientSubject - A Subject that represents the subject of this request.
        serviceSubject - A Subject that represents the subject for the server or null. It may be used to secure the message response.
        Returns:

        A Promise that will be completed, as some point in the future, with either a successful value or a failure value.

        A successfully completed Promise will contain an AuthStatus representing the completion status of the message processing. See ServerAuth.validateRequest( javax.security.auth.message.MessageInfo, Subject, Subject) for the allowed AuthStatus values.

        A failed completed Promise will contain an AuthenticationException when the message processing failed without establishing a failure response message in the MessageContext.

        See Also:
        AuthStatus, ServerAuth.validateRequest( javax.security.auth.message.MessageInfo, Subject, Subject)
      • secureResponse

        public Promise<javax.security.auth.message.AuthStatus,​AuthenticationException> secureResponse​(MessageContext context,
                                                                                                            Subject serviceSubject)

        Secures the response message using the same AsyncServerAuthModule that authenticated the incoming request message.

        If no AsyncServerAuthModule authenticated the incoming request message, then this method should not have been called and a failed promise will be return with an AuthenticationException.

        Specified by:
        secureResponse in interface AsyncServerAuthContext
        Parameters:
        context - The message context for this request.
        serviceSubject - A Subject that represents the subject for the server or null. It may be used to secure the message response.
        Returns:

        A Promise that will be completed, as some point in the future, with either a successful value or a failure value.

        A successfully completed Promise will contain an AuthStatus representing the completion status of the processing. See ServerAuth.secureResponse( javax.security.auth.message.MessageInfo, Subject) for the allowed AuthStatus values. Note AuthStatus.SEND_CONTINUE is not supported by this interface

        A failed completed Promise will contain an AuthenticationException when the message processing failed without establishing a failure response message in the MessageContext.

        See Also:
        AuthStatus, ServerAuth.secureResponse( javax.security.auth.message.MessageInfo, Subject)
      • cleanSubject

        public Promise<Void,​AuthenticationException> cleanSubject​(MessageContext context,
                                                                        Subject clientSubject)
        Calls each AsyncServerAuthContext in parallel to clean the client subject and only return a successful promise if all complete successfully otherwise returns the first exception in a failed promise.
        Specified by:
        cleanSubject in interface AsyncServerAuthContext
        Parameters:
        context - The message context for this request.
        clientSubject - A Subject that represents the subject of this request.
        Returns:
        A Promise that will be completed, as some point in the future, with either a successful value or a failure value. A successfully completed Promise will contain no value and a failed completed Promise will contain an AuthenticationException if an error occurs during the Subject processing.
        See Also:
        ServerAuth.cleanSubject( javax.security.auth.message.MessageInfo, Subject)
      • createAuthenticationState

        public org.forgerock.caf.authentication.framework.FallbackAuthContext.FallbackAuthContextState createAuthenticationState()
        Description copied from interface: AuthContextWithState

        Creates an instance of a specific type of AuthenticationState.

        Must return a new AuthenticationState instance for each invocation.

        Specified by:
        createAuthenticationState in interface AuthContextWithState
        Returns:
        A new AuthenticationState instance.