Interface IdentityStoreHandler
IdentityStoreHandler
is a mechanism for validating a caller's
credentials, and accessing a caller's identity attributes, by consulting
a set of one or more IdentityStore
s.
It is intended for use by an authentication mechanism, such as an
HttpAuthenticationMechanism
(JSR 375) or a ServerAuthModule
(JSR 196/JASPIC).
Beans should inject only this handler, and not IdentityStore
directly, as multiple stores may exist.
Implementations of JSR 375 must supply a default implementation of IdentityStoreHandler
that behaves as described in the JSR 375 specification document.
Applications do not need to supply an IdentityStoreHandler
unless application-specific behavior is desired.
-
Method Summary
Modifier and TypeMethodDescriptionvalidate
(Credential credential) Validate the givenCredential
and return the identity and attributes of the caller it represents.
-
Method Details
-
validate
Validate the givenCredential
and return the identity and attributes of the caller it represents.Implementations of this method will typically invoke the
validate()
andgetCallerGroups()
methods of one or moreIdentityStore
s and return an aggregated result.Note that the
IdentityStore
may check forIdentityStorePermission
ifgetCallerGroups()
is called and aSecurityManager
is configured. (The default built-in stores do perform this check; application-supplied stores may or may not.) An implementation of this method should therefore invokegetCallerGroups()
in the context of aPrivilegedAction
, and arrange to be granted the appropriateIdentityStorePermission
permission.- Parameters:
credential
- The credential to validate.- Returns:
- The validation result.
-