Interface IdentityStoreHandler


public interface IdentityStoreHandler
IdentityStoreHandler is a mechanism for validating a caller's credentials, and accessing a caller's identity attributes, by consulting a set of one or more IdentityStores.

It is intended for use by an authentication mechanism, such as an HttpAuthenticationMechanism (JSR 375) or a ServerAuthModule (JSR 196/JASPIC).

Beans should inject only this handler, and not IdentityStore directly, as multiple stores may exist.

Implementations of JSR 375 must supply a default implementation of IdentityStoreHandler that behaves as described in the JSR 375 specification document. Applications do not need to supply an IdentityStoreHandler unless application-specific behavior is desired.

  • Method Details

    • validate

      CredentialValidationResult validate(Credential credential)
      Validate the given Credential and return the identity and attributes of the caller it represents.

      Implementations of this method will typically invoke the validate() and getCallerGroups() methods of one or more IdentityStores and return an aggregated result.

      Note that the IdentityStore may check for IdentityStorePermission if getCallerGroups() is called and a SecurityManager is configured. (The default built-in stores do perform this check; application-supplied stores may or may not.) An implementation of this method should therefore invoke getCallerGroups() in the context of a PrivilegedAction, and arrange to be granted the appropriate IdentityStorePermission permission.

      Parameters:
      credential - The credential to validate.
      Returns:
      The validation result.