Package org.forgerock.json.resource.http
Class SecurityContextFactory
- java.lang.Object
-
- org.forgerock.json.resource.http.SecurityContextFactory
-
- All Implemented Interfaces:
HttpContextFactory
@Deprecated public final class SecurityContextFactory extends Object implements HttpContextFactory
Deprecated.This class will be removed once CAF has been migrated fully to CHF, at which point components should createSecurityContext
s directly rather than via request attributes.An HTTP context factory which will create aSecurityContext
whose authentication ID and authorization ID are taken from attributes contained in the HTTP request.This class provides integration with the common authentication framework and is intended to work as follows:
- An incoming HTTP request is first intercepted by a HTTP filter responsible for authenticating the request.
- If authentication is successful, the authentication filter determines the set of principals associated with the user which may be required in order to perform authorization. These principals may include the user's unique ID, realm, groups, roles, or LDAP DN, etc.
- The authentication filter constructs a
Map<String, Object>
containing the principals keyed on the principal name. NOTE: various reserved principal names are defined inSecurityContext
. - The authentication filter stores the authentication ID (the name which
the user identified themselves with during authentication) in the HTTP
servlet request's
ATTRIBUTE_AUTHCID
attribute. - The authentication filter stores the
Map
containing the authorization principals in the HTTP servlet request'sATTRIBUTE_AUTHZID
attribute. - The JSON Resource Handler uses the
SecurityContextFactory
to obtain the authentication ID and authorization principals from the HTTP request's attributes.
public Promise<Response, ResponseException> filter(Context context, Request request, Handler next) { // Authenticate the user. String authcid = getUserName(request); String password = getPassword(request); // Add the attributes. if (checkCredentials(authcid, password)) { // Obtain principals for authorization. Map<String, Object> authzid = new HashMap<>(); authzid.put(AUTHZID_ID, id); ... AttributesContext attributesContext = context.asContext(AttributesContext.class); attributesContext.getAttributes().put(ATTRIBUTE_AUTHCID, authcid); attributesContext.getAttributes().put(ATTRIBUTE_AUTHZID, authzid); } }
-
-
Field Summary
Fields Modifier and Type Field Description static String
ATTRIBUTE_AUTHCID
Deprecated.The name of the HTTP Request attribute where this factory expects to find the authenticated user's authentication ID.static String
ATTRIBUTE_AUTHZID
Deprecated.The name of the HTTP Request attribute where this factory expects to find the authenticated user's authorization ID.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description SecurityContext
createContext(Context parent)
Deprecated.Creates a newSecurityContext
using the attributes contained in the provided HTTP request.SecurityContext
createContext(Context context, Request request)
Deprecated.Creates a newSecurityContext
using the attributes contained in the provided HTTP request.static SecurityContextFactory
getHttpServletContextFactory()
Deprecated.Returns the singleton security context factory which can be used for obtaining context information from a HTTP request.
-
-
-
Field Detail
-
ATTRIBUTE_AUTHCID
public static final String ATTRIBUTE_AUTHCID
Deprecated.The name of the HTTP Request attribute where this factory expects to find the authenticated user's authentication ID. The name of this attribute isorg.forgerock.authentication.principal
and it MUST contain aString
if it is present.
-
ATTRIBUTE_AUTHZID
public static final String ATTRIBUTE_AUTHZID
Deprecated.The name of the HTTP Request attribute where this factory expects to find the authenticated user's authorization ID. The name of this attribute isorg.forgerock.authentication.context
and it MUST contain aMap<String, Object>
if it is present.
-
-
Method Detail
-
getHttpServletContextFactory
public static SecurityContextFactory getHttpServletContextFactory()
Deprecated.Returns the singleton security context factory which can be used for obtaining context information from a HTTP request.- Returns:
- The singleton security context factory.
-
createContext
public SecurityContext createContext(Context parent) throws ResourceException
Deprecated.Creates a newSecurityContext
using the attributes contained in the provided HTTP request. The authentication ID will be obtained from theATTRIBUTE_AUTHCID
attribute, and the authorization ID will be obtained from theATTRIBUTE_AUTHCID
attribute.It is not an error if either of the attributes are not present, but a
ResourceException
will be thrown if they are present but have the wrong type.- Parameters:
parent
- The parent context.- Returns:
- A security context initialized using the attributes contained in the provided HTTP request.
- Throws:
ResourceException
- If one of the attributes was present but had the wrong type.
-
createContext
public SecurityContext createContext(Context context, Request request) throws ResourceException
Deprecated.Creates a newSecurityContext
using the attributes contained in the provided HTTP request. The authentication ID will be obtained from theATTRIBUTE_AUTHCID
attribute, and the authorization ID will be obtained from theATTRIBUTE_AUTHCID
attribute.It is not an error if either of the attributes are not present, but a
ResourceException
will be thrown if they are present but have the wrong type.- Specified by:
createContext
in interfaceHttpContextFactory
- Parameters:
context
- The parent context.request
- The HTTP request from which the authentication ID and authorization ID attributes should be obtained.- Returns:
- A security context initialized using the attributes contained in the provided HTTP request.
- Throws:
ResourceException
- If one of the attributes was present but had the wrong type.
-
-