public interface IdentityStoreHandler
IdentityStoreHandleris a mechanism for validating a caller's credentials, and accessing a caller's identity attributes, by consulting a set of one or more
Beans should inject only this handler, and not
IdentityStoredirectly, as multiple stores may exist.
Implementations of JSR 375 must supply a default implementation of
IdentityStoreHandlerthat behaves as described in the JSR 375 specification document. Applications do not need to supply an
IdentityStoreHandlerunless application-specific behavior is desired.
CredentialValidationResult validate(Credential credential)Validate the given
Credentialand return the identity and attributes of the caller it represents.
Implementations of this method will typically invoke the
getCallerGroups()methods of one or more
IdentityStores and return an aggregated result.
Note that the
IdentityStoremay check for
getCallerGroups()is called and a
SecurityManageris configured. (The default built-in stores do perform this check; application-supplied stores may or may not.) An implementation of this method should therefore invoke
getCallerGroups()in the context of a
PrivilegedAction, and arrange to be granted the appropriate
credential- The credential to validate.
- The validation result.