Package org.forgerock.openam.auth.node.api

Interface Node

All Known Implementing Classes:
AbstractDecisionNode, IotAuthenticationNode, IotRegistrationNode, SingleOutcomeNode
@SupportedAll public interface Node
A node is the core abstraction within an authentication tree. Trees are made up of nodes, which may modify the shared state and/or request input from the user via callbacks.

A node *must* not store any state in memory and should instead use the shared state mechanism for this.

Nodes are instantiated using dependency injection and can therefore use an @Inject-annotated constructor.

All concrete implementations of this class should be annotated with Node.Metadata.

  • Nested Class Summary

    Nested Classes
    Modifier and Type
    Interface
    Description
    static @interface 
    Node.Metadata
    Annotation that describes the metadata of the node.

  • Method Summary

    Modifier and Type
    Method
    Description
    default JsonValue
    getAuditEntryDetail()
    Supply the additional detail to be logged with this node's completion event.
    default org.forgerock.openam.auth.node.api.InputState[]
    getInputs()
    Provide a list of shared state data a node consumes.
    default org.forgerock.openam.auth.node.api.OutputState[]
    getOutputs()
    Provide a list of shared state data a node provides.
    Action
    process(TreeContext context)
    Performs processing on the given shared state, which holds all the data gathered by nodes that have already executed as part of this authentication session in the tree.

  • Method Details

    • process

      Action process(TreeContext context) throws NodeProcessException
      Performs processing on the given shared state, which holds all the data gathered by nodes that have already executed as part of this authentication session in the tree.

      This method is invoked when the node is reached in the tree.

      Parameters:
      context - The context of the tree authentication.
      Returns:
      The next action to perform. Must not be null.
      Throws:
      NodeProcessException - If there was a problem processing that could not be resolved to a single outcome.

    • getAuditEntryDetail

      default JsonValue getAuditEntryDetail()
      Supply the additional detail to be logged with this node's completion event. Subclasses can override this method to add more specific detail.
      Returns:
      The audit entry detail.

    • getInputs

      default org.forgerock.openam.auth.node.api.InputState[] getInputs()
      Provide a list of shared state data a node consumes. An InputState consists of a property name and an "isRequired" flag. The IsRequired flag indicates whether the input is required in order for the node to function. If the flag is false this indicates that the node will consume this data if it is present but it is not required for the node to function. Example: public InputState[] getInputs() { return new InputState[] { new InputState(IDENTITY), new InputState("foo", false) }; } In this example the node declares that it requires state to contain a property named IDENTITY and that it will consume a property named "foo" if it is present. If "foo" is not present then the node will still function but may be skipping some functionality. This list is used to ensure that state data, both shared and transient, from upstream nodes is left intact for this node to access. If inputs are not declared there is no guarantee that the data needed by the node will still be present in state when the node executes. This list is also used for tree validation to report errors in tree construction.
      Returns:
      The list of shared state data.

    • getOutputs

      default org.forgerock.openam.auth.node.api.OutputState[] getOutputs()
      Provide a list of shared state data a node provides. An OutputState consists of a property name and a map of node outcomes to a flag indicating whether that outcome is guaranteed to produce that property in state. Any given output may be provided for all outcomes or any subset of outcomes and perhaps only optionally for some of them. Example: public OutputState[] getOutputs() { return new OutputState[] { new OutputState(PASSWORD), new OutputState(config.mode(), singletonMap("*", false) }; } In this example we declare that the node will produce an output named PASSWORD. The lack of an outcome map indicates that this output is provided for all outcomes. The node also outputs a property named via config.mode() that is optional for all of the node's outcomes, i.e. it may or may not be present for downstream nodes to consume. This type of output is best consumed by other nodes by declaring an InputState such as new InputState(config.mode(), false). This list is used by tree validation to report errors in tree construction.
      Returns:
      The list of shared state data.