Package org.forgerock.caf.authentication.framework

Class FallbackAuthContext

java.lang.Object

org.forgerock.caf.authentication.framework.FallbackAuthContext

All Implemented Interfaces:

AsyncServerAuthContext, AuthContextWithState

public final class FallbackAuthContext
extends Object
implements AsyncServerAuthContext, AuthContextWithState

An AsyncServerAuthContext which manages a List of AsyncServerAuthModules that are in a desired order of preference for authenticating incoming request messages.

Order matters as one and only one auth module can successfully authenticate the request message. Each AsyncServerAuthModule is called in order to authenticate the request message and processing stops after the first auth module that successfully authenticates the request message, or returns a failed promise with an AuthenticationException.

Order does not matter when securing the as only the auth module that successfully authenticated the incoming request message will get the opportunity to secure the response message.

Since:

2.0.0

Constructor Summary

Constructors

Constructor	Description
FallbackAuthContext(org.slf4j.Logger logger, List<AsyncServerAuthModule> authModules)	Creates a new FallbackAuthContext managing the provided AsyncServerAuthModules.

Method Summary

Modifier and Type	Method	Description
Promise<Void,AuthenticationException>	cleanSubject(MessageContext context, Subject clientSubject)	Calls each AsyncServerAuthContext in parallel to clean the client subject and only return a successful promise if all complete successfully otherwise returns the first exception in a failed promise.
org.forgerock.caf.authentication.framework.FallbackAuthContext.FallbackAuthContextState	createAuthenticationState()	Creates an instance of a specific type of AuthenticationState.
Promise<javax.security.auth.message.AuthStatus,AuthenticationException>	secureResponse(MessageContext context, Subject serviceSubject)	Secures the response message using the same AsyncServerAuthModule that authenticated the incoming request message.
String	toString()	A short but useful description of this authentication context.
Promise<javax.security.auth.message.AuthStatus,AuthenticationException>	validateRequest(MessageContext context, Subject clientSubject, Subject serviceSubject)	Authenticates the incoming request message by calling each AsyncServerAuthModule in order until an auth module returns an AuthStatus value other than SEND_FAILURE, or returns an AuthenticationException or the end of the module list is reached.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Details

FallbackAuthContext

public FallbackAuthContext(org.slf4j.Logger logger,
 List<AsyncServerAuthModule> authModules)

Creates a new FallbackAuthContext managing the provided AsyncServerAuthModules.

Parameters:

logger - The Logger instance.

authModules - The List of AsyncServerAuthModules.

Method Details

validateRequest

public Promise<javax.security.auth.message.AuthStatus,AuthenticationException> validateRequest(MessageContext context,
 Subject clientSubject,
 Subject serviceSubject)

Authenticates the incoming request message by calling each AsyncServerAuthModule in order until an auth module returns an AuthStatus value other than SEND_FAILURE, or returns an AuthenticationException or the end of the module list is reached.

If the end of the module list is reached then an AuthStatus value of SEND_FAILURE is returned.

Specified by:

validateRequest in interface AsyncServerAuthContext

Parameters:

context - The message context for this request.

clientSubject - A Subject that represents the subject of this request.

serviceSubject - A Subject that represents the subject for the server or null. It may be used to secure the message response.

Returns:

A Promise that will be completed, as some point in the future, with either a successful value or a failure value.

A successfully completed Promise will contain an AuthStatus representing the completion status of the message processing. See ServerAuth.validateRequest(javax.security.auth.message.MessageInfo, Subject, Subject) for the allowed AuthStatus values.

A failed completed Promise will contain an AuthenticationException when the message processing failed without establishing a failure response message in the MessageContext.

See Also:

• AuthStatus
• ServerAuth.validateRequest(javax.security.auth.message.MessageInfo, Subject, Subject)

secureResponse

public Promise<javax.security.auth.message.AuthStatus,AuthenticationException> secureResponse(MessageContext context,
 Subject serviceSubject)

Secures the response message using the same AsyncServerAuthModule that authenticated the incoming request message.

If no AsyncServerAuthModule authenticated the incoming request message, then this method should not have been called and a failed promise will be return with an AuthenticationException.

Specified by:

secureResponse in interface AsyncServerAuthContext

Parameters:

context - The message context for this request.

serviceSubject - A Subject that represents the subject for the server or null. It may be used to secure the message response.

Returns:

A Promise that will be completed, as some point in the future, with either a successful value or a failure value.

A successfully completed Promise will contain an AuthStatus representing the completion status of the processing. See ServerAuth.secureResponse(javax.security.auth.message.MessageInfo, Subject) for the allowed AuthStatus values. Note AuthStatus.SEND_CONTINUE is not supported by this interface

A failed completed Promise will contain an AuthenticationException when the message processing failed without establishing a failure response message in the MessageContext.

See Also:

• AuthStatus
• ServerAuth.secureResponse(javax.security.auth.message.MessageInfo, Subject)

cleanSubject

public Promise<Void,AuthenticationException> cleanSubject(MessageContext context,
 Subject clientSubject)

Calls each AsyncServerAuthContext in parallel to clean the client subject and only return a successful promise if all complete successfully otherwise returns the first exception in a failed promise.

Specified by:

cleanSubject in interface AsyncServerAuthContext

Parameters:

context - The message context for this request.

clientSubject - A Subject that represents the subject of this request.

Returns:

A Promise that will be completed, as some point in the future, with either a successful value or a failure value. A successfully completed Promise will contain no value and a failed completed Promise will contain an AuthenticationException if an error occurs during the Subject processing.

See Also:

• ServerAuth.cleanSubject(javax.security.auth.message.MessageInfo, Subject)

createAuthenticationState

public org.forgerock.caf.authentication.framework.FallbackAuthContext.FallbackAuthContextState createAuthenticationState()

Description copied from interface: AuthContextWithState

Creates an instance of a specific type of AuthenticationState.

Must return a new AuthenticationState instance for each invocation.

Specified by:

createAuthenticationState in interface AuthContextWithState

Returns:

A new AuthenticationState instance.

toString

public String toString()

Description copied from interface: AsyncServerAuthContext

A short but useful description of this authentication context. Description should include at least the IDs of the module this context manages.

Specified by:

toString in interface AsyncServerAuthContext

Overrides:

toString in class Object