Interface ServerAuthContext

All Superinterfaces:
ServerAuth

public interface ServerAuthContext extends ServerAuth
This ServerAuthContext class encapsulates ServerAuthModules that are used to validate service requests received from clients, and to secure any response returned for those requests. A caller typically uses this class in the following manner:
  1. Retrieve an instance of this class via ServerAuthConfig.getAuthContext.
  2. Invoke validateRequest.
    ServerAuthContext implementation invokes validateRequest of one or more encapsulated ServerAuthModules. Modules validate credentials present in request (for example, decrypt and verify a signature).
  3. If credentials valid and sufficient, authentication complete.
    Perform authorization check on authenticated identity and, if successful, dispatch to requested service application.
  4. Service application finished.
  5. Invoke secureResponse.
    ServerAuthContext implementation invokes secureResponse of one or more encapsulated ServerAuthModules. Modules secure response (sign and encrypt response, for example), and prepare response message.
  6. Send secured response to client.
  7. Invoke cleanSubject (as necessary) to clean up any authentication state in Subject(s).

A ServerAuthContext instance may be used concurrently by multiple callers.

Implementations of this interface are responsible for constructing and initializing the encapsulated modules. The initialization step includes passing the relevant request and response MessagePolicy objects to the encapsulated modules. The MessagePolicy objects are obtained by the ServerAuthConfig instance used to ontain the ServerAuthContext object. See ServerAuthConfig.getAuthContext for more information.

Implementations of this interface are instantiated by their associated configuration object such that they know which modules to invoke, in what order, and how results returned by preceding modules are to influence subsequent module invocations.

Calls to the inherited methods of this interface delegate to the corresponding methods of the encapsulated authentication modules.

See Also: