Package org.forgerock.caf.authentication.api

Interface AsyncServerAuthContext

All Known Implementing Classes:
FallbackAuthContext
public interface AsyncServerAuthContext

An asynchronous interface counterpart for the ServerAuthContext. Responsible for passing request and response messages to its configured modules based on the logic this authentication context defines.

Module instance MUST be constructed and initialized before being passed to the authentication context instance.

Implementations of this interface must be thread-safe as instances may be used concurrently by multiple requests. If the authentication context needs to store any state for a single request it should store the state in the MessageContext so that it can be retrieved later for the in the secureResponse(MessageContext, javax.security.auth.Subject) method.

Since:
2.0.0
See Also:

  • Method Details

    • validateRequest

      Promise<javax.security.auth.message.AuthStatus,AuthenticationException> validateRequest(MessageContext context, Subject clientSubject, Subject serviceSubject)
      Validates the incoming request message.
      Parameters:
      context - The message context for this request.
      clientSubject - A Subject that represents the subject of this request.
      serviceSubject - A Subject that represents the subject for the server or null. It may be used to secure the message response.
      Returns:

      A Promise that will be completed, as some point in the future, with either a successful value or a failure value.

      A successfully completed Promise will contain an AuthStatus representing the completion status of the message processing. See ServerAuth.validateRequest(javax.security.auth.message.MessageInfo, Subject, Subject) for the allowed AuthStatus values.

      A failed completed Promise will contain an AuthenticationException when the message processing failed without establishing a failure response message in the MessageContext.

      See Also:
      • AuthStatus
      • ServerAuth.validateRequest(javax.security.auth.message.MessageInfo, Subject, Subject)

    • secureResponse

      Promise<javax.security.auth.message.AuthStatus,AuthenticationException> secureResponse(MessageContext context, Subject serviceSubject)
      Secures the outgoing response message.
      Parameters:
      context - The message context for this request.
      serviceSubject - A Subject that represents the subject for the server or null. It may be used to secure the message response.
      Returns:

      A Promise that will be completed, as some point in the future, with either a successful value or a failure value.

      A successfully completed Promise will contain an AuthStatus representing the completion status of the processing. See ServerAuth.secureResponse(javax.security.auth.message.MessageInfo, Subject) for the allowed AuthStatus values. Note AuthStatus.SEND_CONTINUE is not supported by this interface

      A failed completed Promise will contain an AuthenticationException when the message processing failed without establishing a failure response message in the MessageContext.

      See Also:
      • AuthStatus
      • ServerAuth.secureResponse(javax.security.auth.message.MessageInfo, Subject)

    • cleanSubject

      Promise<Void,AuthenticationException> cleanSubject(MessageContext context, Subject clientSubject)
      Removes any method specific principals and credentials from the client subject.
      Parameters:
      context - The message context for this request.
      clientSubject - A Subject that represents the subject of this request.
      Returns:
      A Promise that will be completed, as some point in the future, with either a successful value or a failure value. A successfully completed Promise will contain no value and a failed completed Promise will contain an AuthenticationException if an error occurs during the Subject processing.
      See Also:
      • ServerAuth.cleanSubject(javax.security.auth.message.MessageInfo, Subject)

    • toString

      String toString()
      A short but useful description of this authentication context. Description should include at least the IDs of the module this context manages.
      Overrides:
      toString in class Object