Package org.forgerock.json.resource.http
Class SecurityContextFactory
java.lang.Object
org.forgerock.json.resource.http.SecurityContextFactory
- All Implemented Interfaces:
HttpContextFactory
Deprecated.
An HTTP context factory which will create a
SecurityContext
whose
authentication ID and authorization ID are taken from attributes contained
in the HTTP request.
This class provides integration with the common authentication framework and is intended to work as follows:
- An incoming HTTP request is first intercepted by a HTTP filter responsible for authenticating the request.
- If authentication is successful, the authentication filter determines the set of principals associated with the user which may be required in order to perform authorization. These principals may include the user's unique ID, realm, groups, roles, or LDAP DN, etc.
- The authentication filter constructs a
Map<String, Object>
containing the principals keyed on the principal name. NOTE: various reserved principal names are defined inSecurityContext
. - The authentication filter stores the authentication ID (the name which
the user identified themselves with during authentication) in the HTTP
servlet request's
ATTRIBUTE_AUTHCID
attribute. - The authentication filter stores the
Map
containing the authorization principals in the HTTP servlet request'sATTRIBUTE_AUTHZID
attribute. - The JSON Resource Handler uses the
SecurityContextFactory
to obtain the authentication ID and authorization principals from the HTTP request's attributes.
public Promise<Response, ResponseException> filter(Context context, Request request, Handler next) {
// Authenticate the user.
String authcid = getUserName(request);
String password = getPassword(request);
// Add the attributes.
if (checkCredentials(authcid, password)) {
// Obtain principals for authorization.
Map<String, Object> authzid = new HashMap<>();
authzid.put(AUTHZID_ID, id);
...
AttributesContext attributesContext = context.asContext(AttributesContext.class);
attributesContext.getAttributes().put(ATTRIBUTE_AUTHCID, authcid);
attributesContext.getAttributes().put(ATTRIBUTE_AUTHZID, authzid);
}
}
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
Deprecated.The name of the HTTP Request attribute where this factory expects to find the authenticated user's authentication ID.static final String
Deprecated.The name of the HTTP Request attribute where this factory expects to find the authenticated user's authorization ID. -
Method Summary
Modifier and TypeMethodDescriptioncreateContext
(Context parent) Deprecated.Creates a newSecurityContext
using the attributes contained in the provided HTTP request.createContext
(Context context, Request request) Deprecated.Creates a newSecurityContext
using the attributes contained in the provided HTTP request.static SecurityContextFactory
Deprecated.Returns the singleton security context factory which can be used for obtaining context information from a HTTP request.
-
Field Details
-
ATTRIBUTE_AUTHCID
Deprecated.The name of the HTTP Request attribute where this factory expects to find the authenticated user's authentication ID. The name of this attribute isorg.forgerock.authentication.principal
and it MUST contain aString
if it is present. -
ATTRIBUTE_AUTHZID
Deprecated.The name of the HTTP Request attribute where this factory expects to find the authenticated user's authorization ID. The name of this attribute isorg.forgerock.authentication.context
and it MUST contain aMap<String, Object>
if it is present.
-
-
Method Details
-
getHttpServletContextFactory
Deprecated.Returns the singleton security context factory which can be used for obtaining context information from a HTTP request.- Returns:
- The singleton security context factory.
-
createContext
Deprecated.Creates a newSecurityContext
using the attributes contained in the provided HTTP request. The authentication ID will be obtained from theATTRIBUTE_AUTHCID
attribute, and the authorization ID will be obtained from theATTRIBUTE_AUTHCID
attribute.It is not an error if either of the attributes are not present, but a
ResourceException
will be thrown if they are present but have the wrong type.- Parameters:
parent
- The parent context.- Returns:
- A security context initialized using the attributes contained in the provided HTTP request.
- Throws:
ResourceException
- If one of the attributes was present but had the wrong type.
-
createContext
Deprecated.Creates a newSecurityContext
using the attributes contained in the provided HTTP request. The authentication ID will be obtained from theATTRIBUTE_AUTHCID
attribute, and the authorization ID will be obtained from theATTRIBUTE_AUTHCID
attribute.It is not an error if either of the attributes are not present, but a
ResourceException
will be thrown if they are present but have the wrong type.- Specified by:
createContext
in interfaceHttpContextFactory
- Parameters:
context
- The parent context.request
- The HTTP request from which the authentication ID and authorization ID attributes should be obtained.- Returns:
- A security context initialized using the attributes contained in the provided HTTP request.
- Throws:
ResourceException
- If one of the attributes was present but had the wrong type.
-
SecurityContext
s directly rather than via request attributes.