Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
By using and/or copying this document, or the Eclipse Foundation + document from which this statement is linked, you (the licensee) agree + that you have read, understood, and will comply with the following + terms and conditions:
+ +Permission to copy, and distribute the contents of this document, or + the Eclipse Foundation document from which this statement is linked, in + any medium for any purpose and without fee or royalty is hereby + granted, provided that you include the following on ALL copies of the + document, or portions thereof, that you use:
+ +Inclusion of the full text of this NOTICE must be provided. We + request that authorship attribution be provided in any software, + documents, or other items or products that you create pursuant to the + implementation of the contents of this document, or any portion + thereof.
+ +No right to create modifications or derivatives of Eclipse Foundation + documents is granted pursuant to this license, except anyone may + prepare and distribute derivative works and portions of this document + in software that implements the specification, in supporting materials + accompanying such software, and in documentation of such software, + PROVIDED that all such works include the notice below. HOWEVER, the + publication of derivative works of this document for use as a technical + specification is expressly prohibited.
+ +The notice is:
+ +"Copyright © 2018 Eclipse Foundation. This software or + document includes material copied from or derived from [title and URI + of the Eclipse Foundation specification document]."
+ +THIS DOCUMENT IS PROVIDED "AS IS," AND THE COPYRIGHT + HOLDERS AND THE ECLIPSE FOUNDATION MAKE NO REPRESENTATIONS OR + WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, + WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, + NON-INFRINGEMENT, OR TITLE; THAT THE CONTENTS OF THE DOCUMENT ARE + SUITABLE FOR ANY PURPOSE; NOR THAT THE IMPLEMENTATION OF SUCH CONTENTS + WILL NOT INFRINGE ANY THIRD PARTY PATENTS, COPYRIGHTS, TRADEMARKS OR + OTHER RIGHTS.
+ +THE COPYRIGHT HOLDERS AND THE ECLIPSE FOUNDATION WILL NOT BE LIABLE + FOR ANY DIRECT, INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES ARISING OUT + OF ANY USE OF THE DOCUMENT OR THE PERFORMANCE OR IMPLEMENTATION OF THE + CONTENTS THEREOF.
+ +The name and trademarks of the copyright holders or the Eclipse + Foundation may NOT be used in advertising or publicity pertaining to + this document or its contents without specific, written prior + permission. Title to copyright in this document will at all times + remain with copyright holders.
+ + + \ No newline at end of file diff --git a/security/1.0/apidocs/help-doc.html b/security/1.0/apidocs/help-doc.html new file mode 100644 index 0000000000..7e40e20d89 --- /dev/null +++ b/security/1.0/apidocs/help-doc.html @@ -0,0 +1,233 @@ + + + + + + +The Overview page is the front page of this API document and provides a list of all packages with a summary for each. This page can also contain an overall description of the set of packages.
+Each package has a page that contains a list of its classes and interfaces, with a summary for each. This page can contain six categories:
+Each class, interface, nested class and nested interface has its own separate page. Each of these pages has three sections consisting of a class/interface description, summary tables, and detailed member descriptions:
+Each summary entry contains the first sentence from the detailed description for that item. The summary entries are alphabetical, while the detailed descriptions are in the order they appear in the source code. This preserves the logical groupings established by the programmer.
+Each annotation type has its own separate page with the following sections:
+Each enum has its own separate page with the following sections:
+Each documented package, class and interface has its own Use page. This page describes what packages, classes, methods, constructors and fields use any part of the given class or package. Given a class or interface A, its Use page includes subclasses of A, fields declared as A, methods that return A, and methods and constructors with parameters of type A. You can access this page by first going to the package, class or interface, then clicking on the "Use" link in the navigation bar.
+There is a Class Hierarchy page for all packages, plus a hierarchy for each package. Each hierarchy page contains a list of classes and a list of interfaces. The classes are organized by inheritance structure starting with java.lang.Object. The interfaces do not inherit from java.lang.Object.
The Deprecated API page lists all of the API that have been deprecated. A deprecated API is not recommended for use, generally due to improvements, and a replacement API is usually given. Deprecated APIs may be removed in future implementations.
+The Index contains an alphabetic list of all classes, interfaces, constructors, methods, and fields.
+These links take you to the next or previous class, interface, package, or related page.
+These links show and hide the HTML frames. All pages are available with or without frames.
+The All Classes link shows all classes and interfaces except non-static nested types.
+Each serializable or externalizable class has a description of its serialization fields and methods. This information is of interest to re-implementors, not to developers using the API. While there is no link in the navigation bar, you can get to this information by going to any serialized class and clicking "Serialized Form" in the "See also" section of the class description.
+The Constant Field Values page lists the static final fields and their values.
+Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
AbstractClearableCredential contains behavior common to
+ CredentialAuthenticationException exception with null as its detail message.AuthenticationException exception with the specified detail message.AuthenticationException exception with the specified detail message and cause.AuthenticationException exception with the specified cause.HttpAuthenticationMechanism to indicate the result (status)
+ of the authentication process.javax.servlet.http.registerSession
+ and auto applies this for every request.BasicAuthenticationCredential extends UsernamePasswordCredential
+ to represent credentials used by HTTP Basic Authentication.CallerOnlyCredential represents a credential that only
+ contains a caller name and no secret of any kind.Credential represents the credential the caller will use to authenticate.CredentialValidationResult is the result from an attempt to
+ validate an instance of Credential.IdentityStore that
+ stores caller credentials and identity attributes in a relational database,
+ and make that implementation available as an enabled CDI bean.CallerPrincipal
+ (and potentially other values) found in the validationResult parameter.java.security.Principal that represents
+ the name of authenticated caller, or null if the current caller is not authenticated.HttpMessageContext, and which this context uses to communicate the authentication details to the runtime.HttpAuthenticationMechanism is a mechanism for obtaining a caller's
+ credentials in some way, using the HTTP protocol where necessary.HttpMessageContext contains all of the per-request state information and encapsulates the client request,
+ server response, container handler for authentication callbacks, and the subject representing the caller.IdentityStore is a mechanism for validating a caller's credentials
+ and accessing a caller's identity attributes.IdentityStoreHandler is a mechanism for validating a caller's
+ credentials, and accessing a caller's identity attributes, by consulting
+ a set of one or more IdentityStores.SecurityContext.authenticate(HttpServletRequest, HttpServletResponse, AuthenticationParameters)IdentityStore that stores
+ caller credentials and identity attributes (together caller identities) in an
+ LDAP store, and make that implementation available as an enabled CDI bean.LoginToContinue annotation provides an application the ability to declaratively
+ add login to continue functionality to an authentication mechanism.SecurityContext.isCallerInRole(String) etc.SecurityContext.isCallerInRole(String) etc.CredentialValidationResult result of an
+ identity store directly on to the container.PasswordHash is an interface for objects that can generate and verify password hashes.Pbkdf2PasswordHash implementation.IdentityStores.RememberMeCredential represents a credential presented as a token,
+ for the explicit usage with the Jakarta Security provided remember me function.RememberMeIdentityStore is a mechanism for validating a caller's
+ credentials and accessing a caller's identity attributes that's specifically
+ tailored for the "remember me" feature.Credential and return the identity and attributes
+ of the caller it represents.IdentityStore should be used for.Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
public class AuthenticationException +extends GeneralSecurityException+
AuthException in that whenever a
+ method from the HttpAuthenticationMechanism throws this exception, the Jakarta Authentication
+ bridge has to throw an AuthException back to the Jakarta Authentication runtime wrapping
+ this exception.| Constructor and Description | +
|---|
AuthenticationException()
+Constructs a new
+AuthenticationException exception with null as its detail message. |
+
AuthenticationException(String message)
+Constructs a new
+AuthenticationException exception with the specified detail message. |
+
AuthenticationException(String message,
+ Throwable cause)
+Constructs a new
+AuthenticationException exception with the specified detail message and cause. |
+
AuthenticationException(Throwable cause)
+Constructs a new
+AuthenticationException exception with the specified cause. |
+
addSuppressed, fillInStackTrace, getCause, getLocalizedMessage, getMessage, getStackTrace, getSuppressed, initCause, printStackTrace, printStackTrace, printStackTrace, setStackTrace, toStringpublic AuthenticationException()+
AuthenticationException exception with null as its detail message.public AuthenticationException(String message)+
AuthenticationException exception with the specified detail message.message - the detail message.public AuthenticationException(String message, + Throwable cause)+
AuthenticationException exception with the specified detail message and cause.message - the detail message.cause - the cause.public AuthenticationException(Throwable cause)+
AuthenticationException exception with the specified cause.cause - the cause.Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
public enum AuthenticationStatus +extends Enum<AuthenticationStatus>+
HttpAuthenticationMechanism to indicate the result (status)
+ of the authentication process.
+
+
+ For the result from HttpAuthenticationMechanism.validateRequest(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, javax.security.enterprise.authentication.mechanism.http.HttpMessageContext)
+ an AuthenticationStatus must be transformed by the Jakarta EE server into the corresponding Jakarta Authentication AuthStatus
+ according to the following rules:
+
+
+ After the transformation as outlined above the transformed result has to be processed by the Jakarta EE server as + specified by the Servlet Container Profile of the Jakarta Authentication spec. + +
+ Implementation note: while the Jakarta Authentication Servlet Container Profile is the authoritative
+ source on how to process the AuthStatus.SUCCESS result and this specification puts no constraints
+ of any kind on that, the expectation is that Jakarta EE servers in practice will mainly look at the
+ result being AuthStatus.SUCCESS or not AuthStatus.SUCCESS. Simply said, if the result is
+ AuthStatus.SUCCESS the authenticated identity (if any) must be set (established) for the current HTTP request,
+ otherwise not.
+
+
+ The return value of SecurityContext.authenticate(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, javax.security.enterprise.authentication.mechanism.http.AuthenticationParameters)
+ , which is also of type AuthenticationStatus, strongly relates to the outcome of the HttpAuthenticationMechanism#validateRequest
+ method as described above, but must be transformed by the Jakarta EE server from the corresponding outcome of the
+ HttpServletRequest.authenticate(javax.servlet.http.HttpServletResponse) call as follows:
+
+
true to AuthenticationStatus.SUCCESS false to [last status] (see below) ServletException or IOException to AuthenticationStatus.SEND_FAILURE
+ When an HttpAuthenticationMechanism was used [last status] must be
+ the value returned by HttpAuthenticationMechanism#validateRequest.
+
+
+ When a Jakarta Authentication ServerAuthModule (SAM) was used and an HttpAuthenticationMechanism
+ was not used Jakarta EE servers are encouraged, but not required, to set [last status]
+ to the value returned by ServerAuthModule#validateRequest transformed as follows:
+
+
+ When a Jakarta EE Server proprietary identity store equivalent was used and an
+ HttpAuthenticationMechanism was not used
+ Jakarta EE servers are encouraged, but not required, to set [last status] to a value
+ that logically corresponds to the description of each enum constant of AuthenticationStatus. This outcome
+ should never be depended on by application code as being portable.
+
+
+ Application code calling SecurityContext#authenticate is expected to act on all possible
+ values of AuthenticationStatus.
| Enum Constant and Description | +
|---|
NOT_DONE
+The authentication mechanism was called, but decided not to authenticate.
+ |
+
SEND_CONTINUE
+The authentication mechanism was called and a multi-step authentication dialog with the caller
+ has been started (for instance, the caller has been redirected to a login page).
+ |
+
SEND_FAILURE
+The authentication mechanism was called but the caller was not successfully authenticated and
+ therefore the caller principal will not be made available.
+ |
+
SUCCESS
+The authentication mechanism was called and the caller was successfully authenticated.
+ |
+
| Modifier and Type | +Method and Description | +
|---|---|
static AuthenticationStatus |
+valueOf(String name)
+Returns the enum constant of this type with the specified name.
+ |
+
static AuthenticationStatus[] |
+values()
+Returns an array containing the constants of this enum type, in
+the order they are declared.
+ |
+
public static final AuthenticationStatus NOT_DONE+
public static final AuthenticationStatus SEND_CONTINUE+
public static final AuthenticationStatus SUCCESS+
public static final AuthenticationStatus SEND_FAILURE+
+ Note that this status should be used to indicate a logical problem (such as a credential not matching or a caller + ID that can not be found). Exceptions should be used for system level problems (such as a database connection timing out).
public static AuthenticationStatus[] values()+
+for (AuthenticationStatus c : AuthenticationStatus.values()) + System.out.println(c); +
public static AuthenticationStatus valueOf(String name)+
name - the name of the enum constant to be returned.IllegalArgumentException - if this enum type has no constant with the specified nameNullPointerException - if the argument is nullComments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
| Constructor and Description | +
|---|
CallerPrincipal(String name) |
+
| Modifier and Type | +Method and Description | +
|---|---|
String |
+getName()
+The name of the caller
+ |
+
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
public interface SecurityContext
++ Unless otherwise indicated, this type must be usable in all Jakarta EE containers, specifically the Jakarta Servlet + and Jakarta Enterprise Beans containers.
| Modifier and Type | +Method and Description | +
|---|---|
AuthenticationStatus |
+authenticate(javax.servlet.http.HttpServletRequest request,
+ javax.servlet.http.HttpServletResponse response,
+ AuthenticationParameters parameters)
+Signal to the container (programmatically trigger) that it should start or continue a web/HTTP based authentication dialog with
+ the caller.
+ |
+
Principal |
+getCallerPrincipal()
+Retrieve the platform-specific
+java.security.Principal that represents
+ the name of authenticated caller, or null if the current caller is not authenticated. |
+
<T extends Principal> |
+getPrincipalsByType(Class<T> pType)
+Retrieve all Principals of the given type from the authenticated caller's Subject,
+ or an empty set if the current caller is not authenticated, or if the specified type
+ isn't found in the Subject.
+ |
+
boolean |
+hasAccessToWebResource(String resource,
+ String... methods)
+Checks whether the caller has access to the provided "web resource" using the given methods,
+ as specified by section 13.8 of the Servlet specification.
+ |
+
boolean |
+isCallerInRole(String role)
+Checks whether the authenticated caller is included in the specified logical application "role".
+ |
+
Principal getCallerPrincipal()+
java.security.Principal that represents
+ the name of authenticated caller, or null if the current caller is not authenticated.<T extends Principal> Set<T> getPrincipalsByType(Class<T> pType)+
+ This can be used to retrieve application-specific + Principals when the platform's representation of the caller uses a different principal type. +
+ The returned Set is not backed by the Subject's internal Principal Set. + A new Set is created and returned for each method invocation. + Modifications to the returned Set will not affect the internal Principal Set.
T - The actual type represented by the pType argumentpType - Class object representing the type of Principal to return.boolean isCallerInRole(String role)+
false.
+
+
+ This method can not be used to test for roles that are mapped to specific named Jakarta Servlets or
+ named Jakarta Enterprise Beans. For a Servlet an example of this would be the role-name nested in a
+ security-role-ref element nested in a servlet element in web.xml.
+
+
+ Should code in either such Jakarta Servlet or Jakarta Enterprise Bean wish to take such mapped (aka referenced, linked)
+ roles into account, the facilities for that specific container should be used instead. For instance for Servlet that
+ would be HttpServletRequest.isUserInRole(String) and for Jakarta Enterprise Beans that would be
+ EJBContext.isCallerInRole(String).
role - a String specifying the name of the logical application roletrue if the authenticated caller is in the given role, false if the caller is not authentication or
+ is not in the given role.boolean hasAccessToWebResource(String resource, + String... methods)+
+ A caller has access if the web resource is either not protected (constrained), or when it is protected by a role + and the caller is in that role.
resource - the name of the web resource to test access for. This is a URLPatternSpec that
+ identifies the application specific web resources to which the permission pertains. For a full specification of this
+ pattern see javax.security.jacc.WebResourcePermission#WebResourcePermission(String, String).methods - one or more methods to check for whether the caller has access to the web resource using one of those methods.true if the caller has access to the web resource using one of the given methods, false otherwise.AuthenticationStatus authenticate(javax.servlet.http.HttpServletRequest request, + javax.servlet.http.HttpServletResponse response, + AuthenticationParameters parameters)+
+ Programmatically triggering means that the container responds as if the caller had attempted to access a constrained resource
+ and acts by invoking a configured authentication mechanism (such as the HttpAuthenticationMechanism).
+
+
+ Whether the authentication dialog is to be started or continued depends on the (logical) state of the authentication dialog. If
+ such dialog is currently in progress, a call to this method will continue it. If such dialog is not in progress a new one will be
+ started. A new dialog can be forced to be started regardless of one being in progress or not by providing a value of
+ true for the AuthenticationParameters.newAuthentication parameter with this call.
+
+
+ This method requires an HttpServletRequest and HttpServletResponse argument to be passed in, and
+ can therefore only be used in a valid Servlet context.
request - The HttpServletRequest associated with the current web resource invocation.response - The HttpServletResponse associated with the given HttpServletRequest.parameters - The parameters that are provided along with a programmatic authentication request, for instance the credentials.
+ collected by the application for continuing an authentication dialog.Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
public class AuthenticationParameters +extends Object+
| Constructor and Description | +
|---|
AuthenticationParameters() |
+
| Modifier and Type | +Method and Description | +
|---|---|
AuthenticationParameters |
+credential(Credential credential)
+Sets the credential to be used by the authentication mechanism responding
+ to the authenticate call in which these AuthenticationParameters are passed.
+ |
+
Credential |
+getCredential()
+The credential set as parameter in this instance.
+ |
+
boolean |
+isNewAuthentication()
+Whether a new authentication dialog is required.
+ |
+
boolean |
+isRememberMe()
+Whether "remember me" should be used.
+ |
+
AuthenticationParameters |
+newAuthentication(boolean newAuthentication)
+Signal to the authentication mechanism responding to the authenticate call in which these
+ AuthenticationParameters are passed, that an explicit new authentication dialog is required, as opposed to
+ continuing a potentially existing one.
+ |
+
AuthenticationParameters |
+rememberMe(boolean rememberMe)
+Signals that for this call to the authentication mechanism "remember me" should be applied, IFF the
+ "remember me" feature is configured for the authentication mechanism responding to the authenticate call.
+ |
+
void |
+setCredential(Credential credential)
+Sets the credential as parameter in this instance.
+ |
+
void |
+setNewAuthentication(boolean newAuthentication)
+Sets whether a new authentication dialog is required.
+ |
+
void |
+setRememberMe(boolean rememberMe)
+Sets whether "remember me" should be used.
+ |
+
static AuthenticationParameters |
+withParams()
+Creates a new instance of AuthenticationParameters, useful for a fluent/builder
+ style creation of parameters.
+ |
+
public AuthenticationParameters()+
public static AuthenticationParameters withParams()+
public AuthenticationParameters credential(Credential credential)+
credential - the credential to be used by the authentication mechanismpublic AuthenticationParameters newAuthentication(boolean newAuthentication)+
newAuthentication - whether a new authentication dialog is required to be started.public AuthenticationParameters rememberMe(boolean rememberMe)+
+ If "remember me" is not configured, this parameter is silently ignored.
rememberMe - if true the "remember me" feature will be used if authentication succeeds and if so configured.RememberMe,
+RememberMeIdentityStorepublic Credential getCredential()+
credential(Credential)public void setCredential(Credential credential)+
credential - the credential to be set as parameter in this instance.credential(Credential)public boolean isNewAuthentication()+
newAuthentication(boolean)public void setNewAuthentication(boolean newAuthentication)+
newAuthentication - whether a new authentication dialog is requirednewAuthentication(boolean)public boolean isRememberMe()+
rememberMe(boolean)public void setRememberMe(boolean rememberMe)+
rememberMe - whether "remember me" should be used.rememberMe(boolean)Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
@Inherited + @InterceptorBinding + @Retention(value=RUNTIME) + @Target(value=TYPE) +public @interface AutoApplySession+
javax.servlet.http.registerSession
+ and auto applies this for every request.
+
+
+ See the Jakarta Authentication spec for further details on javax.servlet.http.registerSession.
+
+
+ This support is provided via an implementation of a Jakarta Interceptors interceptor that conducts the + necessary logic. + +
+ Example: + +
+
+ @RequestScoped
+ @AutoApplySession
+ public class CustomAuthenticationMechanism implements HttpAuthenticationMechanism {
+ // ...
+ }
+
+ Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
@Retention(value=RUNTIME) + @Target(value=TYPE) +public @interface BasicAuthenticationMechanismDefinition+
public abstract String realmName+
WWW-Authenticate header.
+ + Note that this realm name does not couple a named identity store + configuration to the authentication mechanism.
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
@Retention(value=RUNTIME) + @Target(value=TYPE) +public @interface CustomFormAuthenticationMechanismDefinition+
+ Instead of posting back to a predefined action to continue the authentication dialog
+ (Servlet spec 13.6.3 step 3), this variant depends on the application calling
+ SecurityContext.authenticate(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, javax.security.enterprise.authentication.mechanism.http.AuthenticationParameters)
| Modifier and Type | +Required Element and Description | +
|---|---|
LoginToContinue |
+loginToContinue |
+
public abstract LoginToContinue loginToContinue+
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
@Retention(value=RUNTIME) + @Target(value=TYPE) +public @interface FormAuthenticationMechanismDefinition+
| Modifier and Type | +Required Element and Description | +
|---|---|
LoginToContinue |
+loginToContinue |
+
public abstract LoginToContinue loginToContinue+
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
public interface HttpAuthenticationMechanism
+HttpAuthenticationMechanism is a mechanism for obtaining a caller's
+ credentials in some way, using the HTTP protocol where necessary.
+
+ + This is used to help in securing Jakarta Servlet endpoints, including + endpoints that may be build on top of Jakarta Servlets like Jakarta RESTful Web Services endpoints and + Jakarta Faces views. It specifically is not used for endpoints such as remote Jakarta Enterprise Beans + or (Jakarta Messaging) message driven beans. + +
+ A HttpAuthenticationMechanism is essentially a Jakarta Servlet specific and CDI enabled version of
+ the ServerAuthModule that adheres to the Servlet Container Profile. See the Jakarta Authentication spec for
+ further details on this.
+
+
+ Implementations of this class can notify the Jakarta Servlet container about a successful authentication by using the
+ HttpMessageContext.notifyContainerAboutLogin(java.security.Principal, java.util.Set) method.
+
+
+ Implementations are expected and encouraged to delegate the actual credential validation and/or retrieval of the
+ caller name with optional groups to an IdentityStore. This is however not required and implementations
+ can either do the validation checks for authentication completely autonomously, or delegate only certain aspects of
+ the process to the store (e.g. use the store only for retrieving the groups an authenticated user is in).
| Modifier and Type | +Method and Description | +
|---|---|
default void |
+cleanSubject(javax.servlet.http.HttpServletRequest request,
+ javax.servlet.http.HttpServletResponse response,
+ HttpMessageContext httpMessageContext)
+Remove mechanism specific principals and credentials from the subject and any other state the mechanism
+ might have used.
+ |
+
default AuthenticationStatus |
+secureResponse(javax.servlet.http.HttpServletRequest request,
+ javax.servlet.http.HttpServletResponse response,
+ HttpMessageContext httpMessageContext)
+Secure the response, optionally.
+ |
+
AuthenticationStatus |
+validateRequest(javax.servlet.http.HttpServletRequest request,
+ javax.servlet.http.HttpServletResponse response,
+ HttpMessageContext httpMessageContext)
+Authenticate an HTTP request.
+ |
+
AuthenticationStatus validateRequest(javax.servlet.http.HttpServletRequest request, + javax.servlet.http.HttpServletResponse response, + HttpMessageContext httpMessageContext) + throws AuthenticationException+
+ This method is called in response to an HTTP client request for a resource, and is always invoked
+ before any Filter or HttpServlet. Additionally this method is called
+ in response to HttpServletRequest.authenticate(HttpServletResponse)
+
+
+ Note that by default this method is always called for every request, independent of whether + the request is to a protected or non-protected resource, or whether a caller was successfully authenticated + before within the same HTTP session or not. + +
+ A CDI/Interceptor spec interceptor can be used to prevent calls to this method if needed.
+ See AutoApplySession and RememberMe for two examples.
request - contains the request the client has maderesponse - contains the response that will be send to the clienthttpMessageContext - context for interacting with the containerAuthenticationException - when the processing faileddefault AuthenticationStatus secureResponse(javax.servlet.http.HttpServletRequest request, + javax.servlet.http.HttpServletResponse response, + HttpMessageContext httpMessageContext) + throws AuthenticationException+
+ This method is called to allow for any post processing to be done on the request, and is always invoked
+ after any Filter or HttpServlet.
+
+
+ Note that this method is only called when a (Servlet) resource has indeed been invoked, i.e. if a previous call
+ to validateRequest that was invoked before any Filter or HttpServlet returned SUCCESS.
request - contains the request the client has maderesponse - contains the response that will be send to the clienthttpMessageContext - context for interacting with the containerAuthenticationException - when the processing faileddefault void cleanSubject(javax.servlet.http.HttpServletRequest request, + javax.servlet.http.HttpServletResponse response, + HttpMessageContext httpMessageContext)+
+ This method is called in response to HttpServletRequest.logout() and gives the authentication mechanism
+ the option to remove any state associated with an earlier established authenticated identity. For example, an
+ authentication mechanism that stores state within a cookie can send remove that cookie here.
request - contains the request the client has maderesponse - contains the response that will be send to the clienthttpMessageContext - context for interacting with the containerComments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
public interface HttpMessageContext
+HttpMessageContext contains all of the per-request state information and encapsulates the client request,
+ server response, container handler for authentication callbacks, and the subject representing the caller.| Modifier and Type | +Method and Description | +
|---|---|
void |
+cleanClientSubject()
+Convenience method to clean the subject associated with this context.
+ |
+
AuthenticationStatus |
+doNothing()
+Instructs the container to "do nothing".
+ |
+
AuthenticationStatus |
+forward(String path)
+Forwards to another resource (Jakarta Servlet, Jakarta Server Pages file, or HTML file) on the server.
+ |
+
AuthenticationParameters |
+getAuthParameters()
+Returns the parameters that were provided with the SecurityContext#authenticate(AuthParameters) call.
+ |
+
Principal |
+getCallerPrincipal()
+Gets the Principal set by a call to notifyContainerAboutLogin().
+ |
+
Subject |
+getClientSubject()
+Returns the subject for which authentication is to take place.
+ |
+
Set<String> |
+getGroups()
+Gets the groups set by a call to notifyContainerAboutLogin().
+ |
+
CallbackHandler |
+getHandler()
+Returns the low level Jakarta Authentication handler that the runtime provided when creating this
+
+HttpMessageContext, and which this context uses to communicate the authentication details to the runtime. |
+
javax.security.auth.message.MessageInfo |
+getMessageInfo()
+Returns the the low level Jakarta Authentication message info instance for the current request.
+ |
+
javax.servlet.http.HttpServletRequest |
+getRequest()
+Returns the request object associated with the current request.
+ |
+
javax.servlet.http.HttpServletResponse |
+getResponse()
+Returns the response object associated with the current request.
+ |
+
boolean |
+isAuthenticationRequest()
+Checks if the current call to an authentication mechanism is the result from the
+ application calling
+SecurityContext.authenticate(HttpServletRequest, HttpServletResponse, AuthenticationParameters) |
+
boolean |
+isProtected()
+Checks if the currently requested resource is protected or not.
+ |
+
boolean |
+isRegisterSession()
+Check if the runtime has been asked to register an authentication session duing the current request.
+ |
+
AuthenticationStatus |
+notifyContainerAboutLogin(CredentialValidationResult result)
+Convenience method intended to pass the
+CredentialValidationResult result of an
+ identity store directly on to the container. |
+
AuthenticationStatus |
+notifyContainerAboutLogin(Principal principal,
+ Set<String> groups)
+Asks the container to register the given caller principal and groups in order to make
+ them available to the application for use with
+SecurityContext.isCallerInRole(String) etc. |
+
AuthenticationStatus |
+notifyContainerAboutLogin(String callername,
+ Set<String> groups)
+Asks the container to register the given caller name and groups in order to make
+ them available to the application for use with
+SecurityContext.isCallerInRole(String) etc. |
+
AuthenticationStatus |
+redirect(String location)
+Sets the response status to SC_FOUND 302 (Found)
+ |
+
AuthenticationStatus |
+responseNotFound()
+Sets the response status to 404 (not found).
+ |
+
AuthenticationStatus |
+responseUnauthorized()
+Sets the response status to 401 (unauthorized).
+ |
+
void |
+setRegisterSession(String callerName,
+ Set<String> groups)
+Asks the runtime to register an authentication session.
+ |
+
void |
+setRequest(javax.servlet.http.HttpServletRequest request)
+Sets the request object.
+ |
+
void |
+setResponse(javax.servlet.http.HttpServletResponse response)
+Set the response object.
+ |
+
HttpMessageContext |
+withRequest(javax.servlet.http.HttpServletRequest request)
+Sets the request object.
+ |
+
boolean isProtected()+
web.xml.boolean isAuthenticationRequest()+
SecurityContext.authenticate(HttpServletRequest, HttpServletResponse, AuthenticationParameters)
+ + If SecurityContext#authenticate was not called, the authentication mechanism may have been invoked by the + container at the start of a request.
boolean isRegisterSession()+
void setRegisterSession(String callerName, + Set<String> groups)+
HttpAuthenticationMechanism
+ has to manually re-authenticate with the runtime at the start of each request.callerName - the caller name for which authentication should be be rememberedgroups - the groups for which authentication should be remembered.void cleanClientSubject()+
+ Cleaning this subject is done as defined by the Servlet Container Profile of Jakarta Authentication
+ for the ServerAuthModule#cleanSubject method and the
+ HttpAuthenticationMechanism.cleanSubject(HttpServletRequest, HttpServletResponse, HttpMessageContext)
+ method defined by this specification.
AuthenticationParameters getAuthParameters()+
CallbackHandler getHandler()+
HttpMessageContext, and which this context uses to communicate the authentication details to the runtime.
+
+ + Note: This is a low level object that most higher level code would not need to use directly.
javax.security.auth.message.MessageInfo getMessageInfo()+
+ Note: This is a low level object that most higher level code would not need to use directly.
Subject getClientSubject()+
+ Note: This is a low level object that most higher level code would not need to use directly.
javax.servlet.http.HttpServletRequest getRequest()+
void setRequest(javax.servlet.http.HttpServletRequest request)+
request - the request object to be setHttpMessageContext withRequest(javax.servlet.http.HttpServletRequest request)+
request - the request object to be set.javax.servlet.http.HttpServletResponse getResponse()+
void setResponse(javax.servlet.http.HttpServletResponse response)+
response - the response object to be set.AuthenticationStatus redirect(String location)+
+ As a convenience this method returns SEND_CONTINUE, so this method can be used in
+ one fluent return statement from an HttpAuthenticationMechanism
location - the location to redirect toAuthenticationStatus.SEND_CONTINUEHttpServletResponse.sendRedirect(String)AuthenticationStatus forward(String path)+
+ As a convenience this method returns SEND_CONTINUE, so this method can be used in
+ one fluent return statement from an HttpAuthenticationMechanism
path - a String specifying the pathname to the resource.AuthenticationStatus.SEND_CONTINUERequestDispatcher.forward(javax.servlet.ServletRequest, javax.servlet.ServletResponse)AuthenticationStatus responseUnauthorized()+
+ As a convenience this method returns SEND_FAILURE, so this method can be used in
+ one fluent return statement from an HttpAuthenticationMechanism
AuthenticationStatus.SEND_FAILUREAuthenticationStatus responseNotFound()+
+ As a convenience this method returns SEND_FAILURE, so this method can be used in
+ one fluent return statement from an HttpAuthenticationMechanism
AuthenticationStatus.SEND_FAILUREAuthenticationStatus notifyContainerAboutLogin(String callername, + Set<String> groups)+
SecurityContext.isCallerInRole(String) etc.
+
+ + Note that after this call returned, the authenticated identity will not be immediately active. This + will only take place (should no errors occur) after the authentication mechanism + in which this call takes place returns control back to the container (runtime). + +
+ As a convenience this method returns SUCCESS, so this method can be used in
+ one fluent return statement from an HttpAuthenticationMechanism
callername - the caller name that will become the caller principalgroups - the groups associated with the caller principalAuthenticationStatus.SUCCESSAuthenticationStatus notifyContainerAboutLogin(Principal principal, + Set<String> groups)+
SecurityContext.isCallerInRole(String) etc.
+
+ + Note that this call may result in the container establishing two caller principals to + represent the caller's identity -- the Principal provided here as the principal parameter, + and a second principal used as the container's representation of the caller identity. + A second principal is added only if the container uses a different Principal type to + represent the caller. If the types are the same, only one Principal is added. + +
+ If a second principal is added, the value returned by Principal.getName()
+ will be the same for both principals.
+
+
+ When two principals are added, the container's caller principal is returned from
+ SecurityContext.getCallerPrincipal(), and the principal supplied here
+ as a parameter can be retrieved using SecurityContext.getPrincipalsByType(Class).
+ When only one is added, it is returned by SecurityContext.getCallerPrincipal().
+
+
+ Note that after this call returned, the authenticated identity will not be immediately active. This + will only take place (should no errors occur) after the authentication mechanism + in which this call takes place returns control back to the container (runtime). + +
+ As a convenience this method returns SUCCESS, so this method can be used in
+ one fluent return statement from an HttpAuthenticationMechanism
principal - the Principal that will become the caller principalgroups - the groups associated with the caller principalAuthenticationStatus.SUCCESSAuthenticationStatus notifyContainerAboutLogin(CredentialValidationResult result)+
CredentialValidationResult result of an
+ identity store directly on to the container.
+
+
+ If the outcome from the given CredentialValidationResult.getStatus() equals
+ CredentialValidationResult.Status.VALID, the CallerPrincipal and groups are obtained from the
+ CredentialValidationResult and passed into
+ notifyContainerAboutLogin(Principal, Set).
+
+
+ If the outcome from the given CredentialValidationResult.getStatus() is not
+ equal to CredentialValidationResult.Status.VALID a failure result is returned.
result - a CredentialValidationResult which is inspected for its status and from which the principal and groups
+ are taken.AuthenticationStatus.SUCCESS if CredentialValidationResult.getStatus()
+ equals CredentialValidationResult.Status.VALID otherwise AuthenticationStatus.SEND_FAILUREAuthenticationStatus doNothing()+
+ When intending to do nothing, a Jakarta Security authentication mechanism has to indicate this + explicitly via its return value. + +
+ As a convenience this method returns NOT_DONE, so this method can be used in
+ one fluent return statement from an HttpAuthenticationMechanism
AuthenticationStatus.NOT_DONEPrincipal getCallerPrincipal()+
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
public class HttpMessageContextWrapper +extends Object +implements HttpMessageContext+
+ All methods default to calling the wrapped object.
| Constructor and Description | +
|---|
HttpMessageContextWrapper(HttpMessageContext httpMessageContext) |
+
| Modifier and Type | +Method and Description | +
|---|---|
void |
+cleanClientSubject()
+Convenience method to clean the subject associated with this context.
+ |
+
AuthenticationStatus |
+doNothing()
+Instructs the container to "do nothing".
+ |
+
AuthenticationStatus |
+forward(String path)
+Forwards to another resource (Jakarta Servlet, Jakarta Server Pages file, or HTML file) on the server.
+ |
+
AuthenticationParameters |
+getAuthParameters()
+Returns the parameters that were provided with the SecurityContext#authenticate(AuthParameters) call.
+ |
+
Principal |
+getCallerPrincipal()
+Gets the Principal set by a call to notifyContainerAboutLogin().
+ |
+
Subject |
+getClientSubject()
+Returns the subject for which authentication is to take place.
+ |
+
Set<String> |
+getGroups()
+Gets the groups set by a call to notifyContainerAboutLogin().
+ |
+
CallbackHandler |
+getHandler()
+Returns the low level Jakarta Authentication handler that the runtime provided when creating this
+
+HttpMessageContext, and which this context uses to communicate the authentication details to the runtime. |
+
javax.security.auth.message.MessageInfo |
+getMessageInfo()
+Returns the the low level Jakarta Authentication message info instance for the current request.
+ |
+
javax.servlet.http.HttpServletRequest |
+getRequest()
+Returns the request object associated with the current request.
+ |
+
javax.servlet.http.HttpServletResponse |
+getResponse()
+Returns the response object associated with the current request.
+ |
+
HttpMessageContext |
+getWrapped() |
+
boolean |
+isAuthenticationRequest()
+Checks if the current call to an authentication mechanism is the result from the
+ application calling
+SecurityContext.authenticate(HttpServletRequest, HttpServletResponse, AuthenticationParameters) |
+
boolean |
+isProtected()
+Checks if the currently requested resource is protected or not.
+ |
+
boolean |
+isRegisterSession()
+Check if the runtime has been asked to register an authentication session duing the current request.
+ |
+
AuthenticationStatus |
+notifyContainerAboutLogin(CredentialValidationResult result)
+Convenience method intended to pass the
+CredentialValidationResult result of an
+ identity store directly on to the container. |
+
AuthenticationStatus |
+notifyContainerAboutLogin(Principal principal,
+ Set<String> roles)
+Asks the container to register the given caller principal and groups in order to make
+ them available to the application for use with
+SecurityContext.isCallerInRole(String) etc. |
+
AuthenticationStatus |
+notifyContainerAboutLogin(String username,
+ Set<String> roles)
+Asks the container to register the given caller name and groups in order to make
+ them available to the application for use with
+SecurityContext.isCallerInRole(String) etc. |
+
AuthenticationStatus |
+redirect(String location)
+Sets the response status to SC_FOUND 302 (Found)
+ |
+
AuthenticationStatus |
+responseNotFound()
+Sets the response status to 404 (not found).
+ |
+
AuthenticationStatus |
+responseUnauthorized()
+Sets the response status to 401 (unauthorized).
+ |
+
void |
+setRegisterSession(String callerName,
+ Set<String> groups)
+Asks the runtime to register an authentication session.
+ |
+
void |
+setRequest(javax.servlet.http.HttpServletRequest request)
+Sets the request object.
+ |
+
void |
+setResponse(javax.servlet.http.HttpServletResponse response)
+Set the response object.
+ |
+
HttpMessageContext |
+withRequest(javax.servlet.http.HttpServletRequest request)
+Sets the request object.
+ |
+
public HttpMessageContextWrapper(HttpMessageContext httpMessageContext)+
public HttpMessageContext getWrapped()+
public boolean isProtected()+
HttpMessageContextweb.xml.isProtected in interface HttpMessageContextpublic boolean isAuthenticationRequest()+
HttpMessageContextSecurityContext.authenticate(HttpServletRequest, HttpServletResponse, AuthenticationParameters)
+ + If SecurityContext#authenticate was not called, the authentication mechanism may have been invoked by the + container at the start of a request.
isAuthenticationRequest in interface HttpMessageContextpublic boolean isRegisterSession()+
HttpMessageContextisRegisterSession in interface HttpMessageContextpublic void setRegisterSession(String callerName, + Set<String> groups)+
HttpMessageContextHttpAuthenticationMechanism
+ has to manually re-authenticate with the runtime at the start of each request.setRegisterSession in interface HttpMessageContextcallerName - the caller name for which authentication should be be rememberedgroups - the groups for which authentication should be remembered.public void cleanClientSubject()+
HttpMessageContext
+ Cleaning this subject is done as defined by the Servlet Container Profile of Jakarta Authentication
+ for the ServerAuthModule#cleanSubject method and the
+ HttpAuthenticationMechanism.cleanSubject(HttpServletRequest, HttpServletResponse, HttpMessageContext)
+ method defined by this specification.
cleanClientSubject in interface HttpMessageContextpublic AuthenticationParameters getAuthParameters()+
HttpMessageContextgetAuthParameters in interface HttpMessageContextpublic CallbackHandler getHandler()+
HttpMessageContextHttpMessageContext, and which this context uses to communicate the authentication details to the runtime.
+
+ + Note: This is a low level object that most higher level code would not need to use directly.
getHandler in interface HttpMessageContextpublic javax.security.auth.message.MessageInfo getMessageInfo()+
HttpMessageContext+ Note: This is a low level object that most higher level code would not need to use directly.
getMessageInfo in interface HttpMessageContextpublic Subject getClientSubject()+
HttpMessageContext+ Note: This is a low level object that most higher level code would not need to use directly.
getClientSubject in interface HttpMessageContextpublic javax.servlet.http.HttpServletRequest getRequest()+
HttpMessageContextgetRequest in interface HttpMessageContextpublic void setRequest(javax.servlet.http.HttpServletRequest request)+
HttpMessageContextsetRequest in interface HttpMessageContextrequest - the request object to be setpublic HttpMessageContext withRequest(javax.servlet.http.HttpServletRequest request)+
HttpMessageContextwithRequest in interface HttpMessageContextrequest - the request object to be set.public javax.servlet.http.HttpServletResponse getResponse()+
HttpMessageContextgetResponse in interface HttpMessageContextpublic void setResponse(javax.servlet.http.HttpServletResponse response)+
HttpMessageContextsetResponse in interface HttpMessageContextresponse - the response object to be set.public AuthenticationStatus redirect(String location)+
HttpMessageContext
+ As a convenience this method returns SEND_CONTINUE, so this method can be used in
+ one fluent return statement from an HttpAuthenticationMechanism
redirect in interface HttpMessageContextlocation - the location to redirect toAuthenticationStatus.SEND_CONTINUEHttpServletResponse.sendRedirect(String)public AuthenticationStatus forward(String path)+
HttpMessageContext
+ As a convenience this method returns SEND_CONTINUE, so this method can be used in
+ one fluent return statement from an HttpAuthenticationMechanism
forward in interface HttpMessageContextpath - a String specifying the pathname to the resource.AuthenticationStatus.SEND_CONTINUERequestDispatcher.forward(javax.servlet.ServletRequest, javax.servlet.ServletResponse)public AuthenticationStatus responseUnauthorized()+
HttpMessageContext
+ As a convenience this method returns SEND_FAILURE, so this method can be used in
+ one fluent return statement from an HttpAuthenticationMechanism
responseUnauthorized in interface HttpMessageContextAuthenticationStatus.SEND_FAILUREpublic AuthenticationStatus responseNotFound()+
HttpMessageContext
+ As a convenience this method returns SEND_FAILURE, so this method can be used in
+ one fluent return statement from an HttpAuthenticationMechanism
responseNotFound in interface HttpMessageContextAuthenticationStatus.SEND_FAILUREpublic AuthenticationStatus notifyContainerAboutLogin(String username, + Set<String> roles)+
HttpMessageContextSecurityContext.isCallerInRole(String) etc.
+
+ + Note that after this call returned, the authenticated identity will not be immediately active. This + will only take place (should no errors occur) after the authentication mechanism + in which this call takes place returns control back to the container (runtime). + +
+ As a convenience this method returns SUCCESS, so this method can be used in
+ one fluent return statement from an HttpAuthenticationMechanism
notifyContainerAboutLogin in interface HttpMessageContextusername - the caller name that will become the caller principalroles - the groups associated with the caller principalAuthenticationStatus.SUCCESSpublic AuthenticationStatus notifyContainerAboutLogin(Principal principal, + Set<String> roles)+
HttpMessageContextSecurityContext.isCallerInRole(String) etc.
+
+ + Note that this call may result in the container establishing two caller principals to + represent the caller's identity -- the Principal provided here as the principal parameter, + and a second principal used as the container's representation of the caller identity. + A second principal is added only if the container uses a different Principal type to + represent the caller. If the types are the same, only one Principal is added. + +
+ If a second principal is added, the value returned by Principal.getName()
+ will be the same for both principals.
+
+
+ When two principals are added, the container's caller principal is returned from
+ SecurityContext.getCallerPrincipal(), and the principal supplied here
+ as a parameter can be retrieved using SecurityContext.getPrincipalsByType(Class).
+ When only one is added, it is returned by SecurityContext.getCallerPrincipal().
+
+
+ Note that after this call returned, the authenticated identity will not be immediately active. This + will only take place (should no errors occur) after the authentication mechanism + in which this call takes place returns control back to the container (runtime). + +
+ As a convenience this method returns SUCCESS, so this method can be used in
+ one fluent return statement from an HttpAuthenticationMechanism
notifyContainerAboutLogin in interface HttpMessageContextprincipal - the Principal that will become the caller principalroles - the groups associated with the caller principalAuthenticationStatus.SUCCESSpublic AuthenticationStatus notifyContainerAboutLogin(CredentialValidationResult result)+
HttpMessageContextCredentialValidationResult result of an
+ identity store directly on to the container.
+
+
+ If the outcome from the given CredentialValidationResult.getStatus() equals
+ CredentialValidationResult.Status.VALID, the CallerPrincipal and groups are obtained from the
+ CredentialValidationResult and passed into
+ HttpMessageContext.notifyContainerAboutLogin(Principal, Set).
+
+
+ If the outcome from the given CredentialValidationResult.getStatus() is not
+ equal to CredentialValidationResult.Status.VALID a failure result is returned.
notifyContainerAboutLogin in interface HttpMessageContextresult - a CredentialValidationResult which is inspected for its status and from which the principal and groups
+ are taken.AuthenticationStatus.SUCCESS if CredentialValidationResult.getStatus()
+ equals CredentialValidationResult.Status.VALID otherwise AuthenticationStatus.SEND_FAILUREpublic AuthenticationStatus doNothing()+
HttpMessageContext+ When intending to do nothing, a Jakarta Security authentication mechanism has to indicate this + explicitly via its return value. + +
+ As a convenience this method returns NOT_DONE, so this method can be used in
+ one fluent return statement from an HttpAuthenticationMechanism
doNothing in interface HttpMessageContextAuthenticationStatus.NOT_DONEpublic Principal getCallerPrincipal()+
HttpMessageContextgetCallerPrincipal in interface HttpMessageContextpublic Set<String> getGroups()+
HttpMessageContextgetGroups in interface HttpMessageContextComments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
@Inherited + @InterceptorBinding + @Retention(value=RUNTIME) + @Target(value=TYPE) +public @interface LoginToContinue+
LoginToContinue annotation provides an application the ability to declaratively
+ add login to continue functionality to an authentication mechanism.
+
+
+ When the LoginToContinue annotation is used on a custom authentication mechanism, EL
+ expressions in attributes of type String are evaluated for every request requiring
+ authentication. Both immediate and deferred syntax is supported, but effectively the semantics
+ are always deferred.
+
+
+ When the LoginToContinue annotation is used as attribute in either the
+ FormAuthenticationMechanismDefinition or CustomFormAuthenticationMechanismDefinition,
+ expressions using immediate syntax are evaluated only once when the HttpAuthenticationMechanism
+ bean is created. Since these beans are application scoped, this means only once per application.
+ Expressions using deferred syntax are evaluated as described above when the LoginToContinue annotation
+ is used on a custom authentication mechanism.
| Modifier and Type | +Optional Element and Description | +
|---|---|
String |
+errorPage
+The resource (page) a caller should get to see in case an error, such as providing invalid
+ credentials, occurs on the page set by
+loginPage(). |
+
String |
+loginPage
+The resource (page) a caller should get to see in case the originally requested
+ resource requires authentication, and the caller is currently not authenticated.
+ |
+
boolean |
+useForwardToLogin
+Use a forward to reach the page set by the
+loginPage()
+ if true, otherwise use a redirect. |
+
String |
+useForwardToLoginExpression
+Jakarta Expression Language expression variant of
+useForwardToLogin(). |
+
public abstract String loginPage+
public abstract boolean useForwardToLogin+
loginPage()
+ if true, otherwise use a redirect.public abstract String useForwardToLoginExpression+
useForwardToLogin().
+ The expression needs to evaluate to a boolean outcome. All named CDI beans are available
+ to the expression. If both this attribute and useForwardToLogin() are specified, this
+ attribute take precedence.public abstract String errorPage+
loginPage().Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
@Inherited + @InterceptorBinding + @Retention(value=RUNTIME) + @Target(value=TYPE) +public @interface RememberMe+
+ For the remember me function the credentials provided by the caller are exchanged for a (long-lived) token + which is send to the user as the value of a cookie, in a similar way to how the HTTP session ID is send. + It should be realized that this token effectively becomes the credential to establish the caller's + identity within the application and care should be taken to handle and store the token securely. E.g. + by using this feature with a secure transport (SSL/HTTPS), storing a strong hash instead of the actual + token, and implementing an expiration policy. + +
+ The token is vended by a special purpose IdentityStore-like artifact; an implementation of the
+ RememberMeIdentityStore.
+
+
+ This support is provided via an implementation of an interceptor spec interceptor that conducts the + necessary logic. + +
+ Example: + +
+
+ @RequestScoped
+ @RememberMe
+ public class CustomAuthenticationMechanism implements HttpAuthenticationMechanism {
+ // ...
+ }
+
+
+
+
+ Jakarta Expression Language expressions in attributes of type String are evaluated for every request requiring
+ authentication. Both immediate and deferred syntax is supported, but effectively the semantics
+ are always deferred.
+
+
+ Note: this facility DOES NOT constitute any kind of "session management" system, but instead
+ represents a special purpose authentication mechanism using a long-lived token, that is vended and validated by the
+ RememberMeIdentityStore.
| Modifier and Type | +Optional Element and Description | +
|---|---|
boolean |
+cookieHttpOnly
+Flag to indicate that the remember me cookie should not be exposed to
+ client-side scripting code, and should only be sent with HTTP requests.
+ |
+
String |
+cookieHttpOnlyExpression
+Jakarta Expression Language expression variant of
+cookieHttpOnly(). |
+
int |
+cookieMaxAgeSeconds
+Max age in seconds for the remember me cookie.
+ |
+
String |
+cookieMaxAgeSecondsExpression
+Jakarta Expression Language expression variant of
+cookieMaxAgeSeconds(). |
+
String |
+cookieName
+Name of the remember me cookie.
+ |
+
boolean |
+cookieSecureOnly
+Flag to indicate that the remember me cookie should only be
+ sent using a secure protocol (e.g.
+ |
+
String |
+cookieSecureOnlyExpression
+Jakarta Expression Language expression variant of
+cookieSecureOnly(). |
+
boolean |
+isRememberMe
+Flag to determine if remember me should be used.
+ |
+
String |
+isRememberMeExpression
+Jakarta Expression Language expression to determine if remember me should be used.
+ |
+
public abstract int cookieMaxAgeSeconds+
Cookie.setMaxAge(int)public abstract String cookieMaxAgeSecondsExpression+
cookieMaxAgeSeconds(). The expression needs to
+ evaluate to an integer outcome. All named CDI beans are available to the expression as well as default classes as
+ specified by Jakarta Expression Language 3.0 for the ELProcessor and the implicit objects "self" which refers
+ to the interceptor target and "httpMessageContext" which refers to the current HttpMessageContext. If both
+ this attribute and cookieMaxAgeSeconds() are specified, this attribute takes precedence.public abstract boolean cookieSecureOnly+
Cookie.setSecure(boolean)public abstract String cookieSecureOnlyExpression+
cookieSecureOnly(). The expression needs to evaluate
+ to a boolean outcome. All named CDI beans are available to the expression as well as default classes as specified by
+ Jakarta Expression Language 3.0 for the ELProcessor and the implicit objects "self" which refers to the
+ interceptor target and "httpMessageContext" which refers to the current HttpMessageContext. If both this
+ attribute and cookieSecureOnly() are specified, this attribute takes precedence.public abstract boolean cookieHttpOnly+
Cookie.setHttpOnly(boolean)public abstract String cookieHttpOnlyExpression+
cookieHttpOnly(). The expression needs to evaluate to
+ a boolean outcome. All named CDI beans are available to the expression as well as default classes as specified by
+ Jakarta Expression Language 3.0 for the ELProcessor and the implicit objects "self" which refers to the
+ interceptor target and "httpMessageContext" which refers to the current HttpMessageContext. If both this
+ attribute and cookieHttpOnly() are specified, this attribute takes precedence.public abstract String cookieName+
Cookie.getName()public abstract boolean isRememberMe+
public abstract String isRememberMeExpression+
ELProcessor and the implicit objects "self" which refers to the interceptor target and "httpMessageContext"
+ which refers to the current HttpMessageContext.Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
| Package | +Description | +
|---|---|
| javax.security.enterprise | +
+ The main Jakarta Security package.
+ |
+
| javax.security.enterprise.authentication.mechanism.http | +
+ The HTTP authentication mechanism API package.
+ |
+
| Modifier and Type | +Method and Description | +
|---|---|
AuthenticationStatus |
+SecurityContext.authenticate(javax.servlet.http.HttpServletRequest request,
+ javax.servlet.http.HttpServletResponse response,
+ AuthenticationParameters parameters)
+Signal to the container (programmatically trigger) that it should start or continue a web/HTTP based authentication dialog with
+ the caller.
+ |
+
| Modifier and Type | +Method and Description | +
|---|---|
AuthenticationParameters |
+AuthenticationParameters.credential(Credential credential)
+Sets the credential to be used by the authentication mechanism responding
+ to the authenticate call in which these AuthenticationParameters are passed.
+ |
+
AuthenticationParameters |
+HttpMessageContextWrapper.getAuthParameters() |
+
AuthenticationParameters |
+HttpMessageContext.getAuthParameters()
+Returns the parameters that were provided with the SecurityContext#authenticate(AuthParameters) call.
+ |
+
AuthenticationParameters |
+AuthenticationParameters.newAuthentication(boolean newAuthentication)
+Signal to the authentication mechanism responding to the authenticate call in which these
+ AuthenticationParameters are passed, that an explicit new authentication dialog is required, as opposed to
+ continuing a potentially existing one.
+ |
+
AuthenticationParameters |
+AuthenticationParameters.rememberMe(boolean rememberMe)
+Signals that for this call to the authentication mechanism "remember me" should be applied, IFF the
+ "remember me" feature is configured for the authentication mechanism responding to the authenticate call.
+ |
+
static AuthenticationParameters |
+AuthenticationParameters.withParams()
+Creates a new instance of AuthenticationParameters, useful for a fluent/builder
+ style creation of parameters.
+ |
+
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
| Package | +Description | +
|---|---|
| javax.security.enterprise.authentication.mechanism.http | +
+ The HTTP authentication mechanism API package.
+ |
+
| Modifier and Type | +Class and Description | +
|---|---|
class |
+HttpMessageContextWrapper
+This class is an implementation of the HttpMessageContext interface that
+ can be subclassed by developers wishing to provide extra or different
+ functionality.
+ |
+
| Modifier and Type | +Method and Description | +
|---|---|
HttpMessageContext |
+HttpMessageContextWrapper.getWrapped() |
+
HttpMessageContext |
+HttpMessageContextWrapper.withRequest(javax.servlet.http.HttpServletRequest request) |
+
HttpMessageContext |
+HttpMessageContext.withRequest(javax.servlet.http.HttpServletRequest request)
+Sets the request object.
+ |
+
| Modifier and Type | +Method and Description | +
|---|---|
default void |
+HttpAuthenticationMechanism.cleanSubject(javax.servlet.http.HttpServletRequest request,
+ javax.servlet.http.HttpServletResponse response,
+ HttpMessageContext httpMessageContext)
+Remove mechanism specific principals and credentials from the subject and any other state the mechanism
+ might have used.
+ |
+
default AuthenticationStatus |
+HttpAuthenticationMechanism.secureResponse(javax.servlet.http.HttpServletRequest request,
+ javax.servlet.http.HttpServletResponse response,
+ HttpMessageContext httpMessageContext)
+Secure the response, optionally.
+ |
+
AuthenticationStatus |
+HttpAuthenticationMechanism.validateRequest(javax.servlet.http.HttpServletRequest request,
+ javax.servlet.http.HttpServletResponse response,
+ HttpMessageContext httpMessageContext)
+Authenticate an HTTP request.
+ |
+
| Constructor and Description | +
|---|
HttpMessageContextWrapper(HttpMessageContext httpMessageContext) |
+
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
See: Description
+| Interface | +Description | +
|---|---|
| HttpAuthenticationMechanism | +
+HttpAuthenticationMechanism is a mechanism for obtaining a caller's
+ credentials in some way, using the HTTP protocol where necessary. |
+
| HttpMessageContext | +
+HttpMessageContext contains all of the per-request state information and encapsulates the client request,
+ server response, container handler for authentication callbacks, and the subject representing the caller. |
+
| Class | +Description | +
|---|---|
| AuthenticationParameters | +
+ Parameters that are provided along with an authentication request.
+ |
+
| HttpMessageContextWrapper | +
+ This class is an implementation of the HttpMessageContext interface that
+ can be subclassed by developers wishing to provide extra or different
+ functionality.
+ |
+
| Annotation Type | +Description | +
|---|---|
| AutoApplySession | +
+ The AutoApplySession annotation provides an application the ability to declaratively designate
+ that an authentication mechanism uses the
+javax.servlet.http.registerSession
+ and auto applies this for every request. |
+
| BasicAuthenticationMechanismDefinition | +
+ Annotation used to define a container authentication mechanism that implements
+ the HTTP basic access authentication protocol as defined by the Servlet spec (13.6.1)
+ and make that implementation available as an enabled CDI bean.
+ |
+
| CustomFormAuthenticationMechanismDefinition | +
+ Annotation used to define a container authentication mechanism that implements
+ authentication resembling Servlet FORM authentication (Servlet spec 13.6.3).
+ |
+
| FormAuthenticationMechanismDefinition | +
+ Annotation used to define a container authentication mechanism that implements
+ FORM authentication as defined by the Servlet spec (13.6.3) and make that
+ implementation available as an enabled CDI bean.
+ |
+
| LoginToContinue | +
+ The
+LoginToContinue annotation provides an application the ability to declaratively
+ add login to continue functionality to an authentication mechanism. |
+
| RememberMe | +
+ The RememberMe annotation provides an application the ability to declaratively designate
+ that an authentication mechanism effectively "remembers" the authentication and auto
+ applies this with every request.
+ |
+
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
| Package | +Description | +
|---|---|
| javax.security.enterprise | +
+ The main Jakarta Security package.
+ |
+
| javax.security.enterprise.authentication.mechanism.http | +
+ The HTTP authentication mechanism API package.
+ |
+
| Class and Description | +
|---|
| AuthenticationParameters
+ Parameters that are provided along with an authentication request.
+ |
+
| Class and Description | +
|---|
| AuthenticationParameters
+ Parameters that are provided along with an authentication request.
+ |
+
HttpMessageContext
+HttpMessageContext contains all of the per-request state information and encapsulates the client request,
+ server response, container handler for authentication callbacks, and the subject representing the caller. |
+
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
| Package | +Description | +
|---|---|
| javax.security.enterprise.authentication.mechanism.http | +
+ The HTTP authentication mechanism API package.
+ |
+
| Modifier and Type | +Method and Description | +
|---|---|
default AuthenticationStatus |
+HttpAuthenticationMechanism.secureResponse(javax.servlet.http.HttpServletRequest request,
+ javax.servlet.http.HttpServletResponse response,
+ HttpMessageContext httpMessageContext)
+Secure the response, optionally.
+ |
+
AuthenticationStatus |
+HttpAuthenticationMechanism.validateRequest(javax.servlet.http.HttpServletRequest request,
+ javax.servlet.http.HttpServletResponse response,
+ HttpMessageContext httpMessageContext)
+Authenticate an HTTP request.
+ |
+
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
| Package | +Description | +
|---|---|
| javax.security.enterprise | +
+ The main Jakarta Security package.
+ |
+
| javax.security.enterprise.authentication.mechanism.http | +
+ The HTTP authentication mechanism API package.
+ |
+
| Modifier and Type | +Method and Description | +
|---|---|
AuthenticationStatus |
+SecurityContext.authenticate(javax.servlet.http.HttpServletRequest request,
+ javax.servlet.http.HttpServletResponse response,
+ AuthenticationParameters parameters)
+Signal to the container (programmatically trigger) that it should start or continue a web/HTTP based authentication dialog with
+ the caller.
+ |
+
static AuthenticationStatus |
+AuthenticationStatus.valueOf(String name)
+Returns the enum constant of this type with the specified name.
+ |
+
static AuthenticationStatus[] |
+AuthenticationStatus.values()
+Returns an array containing the constants of this enum type, in
+the order they are declared.
+ |
+
| Modifier and Type | +Method and Description | +
|---|---|
AuthenticationStatus |
+HttpMessageContextWrapper.doNothing() |
+
AuthenticationStatus |
+HttpMessageContext.doNothing()
+Instructs the container to "do nothing".
+ |
+
AuthenticationStatus |
+HttpMessageContextWrapper.forward(String path) |
+
AuthenticationStatus |
+HttpMessageContext.forward(String path)
+Forwards to another resource (Jakarta Servlet, Jakarta Server Pages file, or HTML file) on the server.
+ |
+
AuthenticationStatus |
+HttpMessageContextWrapper.notifyContainerAboutLogin(CredentialValidationResult result) |
+
AuthenticationStatus |
+HttpMessageContext.notifyContainerAboutLogin(CredentialValidationResult result)
+Convenience method intended to pass the
+CredentialValidationResult result of an
+ identity store directly on to the container. |
+
AuthenticationStatus |
+HttpMessageContextWrapper.notifyContainerAboutLogin(Principal principal,
+ Set<String> roles) |
+
AuthenticationStatus |
+HttpMessageContext.notifyContainerAboutLogin(Principal principal,
+ Set<String> groups)
+Asks the container to register the given caller principal and groups in order to make
+ them available to the application for use with
+SecurityContext.isCallerInRole(String) etc. |
+
AuthenticationStatus |
+HttpMessageContextWrapper.notifyContainerAboutLogin(String username,
+ Set<String> roles) |
+
AuthenticationStatus |
+HttpMessageContext.notifyContainerAboutLogin(String callername,
+ Set<String> groups)
+Asks the container to register the given caller name and groups in order to make
+ them available to the application for use with
+SecurityContext.isCallerInRole(String) etc. |
+
AuthenticationStatus |
+HttpMessageContextWrapper.redirect(String location) |
+
AuthenticationStatus |
+HttpMessageContext.redirect(String location)
+Sets the response status to SC_FOUND 302 (Found)
+ |
+
AuthenticationStatus |
+HttpMessageContextWrapper.responseNotFound() |
+
AuthenticationStatus |
+HttpMessageContext.responseNotFound()
+Sets the response status to 404 (not found).
+ |
+
AuthenticationStatus |
+HttpMessageContextWrapper.responseUnauthorized() |
+
AuthenticationStatus |
+HttpMessageContext.responseUnauthorized()
+Sets the response status to 401 (unauthorized).
+ |
+
default AuthenticationStatus |
+HttpAuthenticationMechanism.secureResponse(javax.servlet.http.HttpServletRequest request,
+ javax.servlet.http.HttpServletResponse response,
+ HttpMessageContext httpMessageContext)
+Secure the response, optionally.
+ |
+
AuthenticationStatus |
+HttpAuthenticationMechanism.validateRequest(javax.servlet.http.HttpServletRequest request,
+ javax.servlet.http.HttpServletResponse response,
+ HttpMessageContext httpMessageContext)
+Authenticate an HTTP request.
+ |
+
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
| Package | +Description | +
|---|---|
| javax.security.enterprise.identitystore | +
+ The identity store API package.
+ |
+
| Modifier and Type | +Method and Description | +
|---|---|
CallerPrincipal |
+CredentialValidationResult.getCallerPrincipal()
+Return the CallerPrincipal for the validated credential.
+ |
+
| Modifier and Type | +Method and Description | +
|---|---|
String |
+RememberMeIdentityStore.generateLoginToken(CallerPrincipal callerPrincipal,
+ Set<String> groups)
+Associates the given principal and groups with a token.
+ |
+
| Constructor and Description | +
|---|
CredentialValidationResult(CallerPrincipal callerPrincipal)
+Constructor for a VALID result.
+ |
+
CredentialValidationResult(CallerPrincipal callerPrincipal,
+ Set<String> groups)
+Constructor for a VALID result.
+ |
+
CredentialValidationResult(String storeId,
+ CallerPrincipal callerPrincipal,
+ String callerDn,
+ String callerUniqueId,
+ Set<String> groups)
+Constructor for a VALID result.
+ |
+
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
public abstract class AbstractClearableCredential +extends Object +implements Credential+
AbstractClearableCredential contains behavior common to
+ Credential| Constructor and Description | +
|---|
AbstractClearableCredential() |
+
| Modifier and Type | +Method and Description | +
|---|---|
void |
+clear()
+Clears the credential.
+ |
+
protected abstract void |
+clearCredential()
+Invokes the specific subclass to securely clear the credential value.
+ |
+
boolean |
+isCleared()
+Determines whether the credential value has been securely cleared.
+ |
+
protected void |
+setCleared()
+Specifies that the credential value has been securely cleared.
+ |
+
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitisValidpublic AbstractClearableCredential()+
public final boolean isCleared()+
CredentialisCleared in interface Credentialtrue if the credential has been cleared, otherwise false.protected final void setCleared()+
public final void clear()+
Credentialclear in interface Credentialprotected abstract void clearCredential()+
Credential+ For example, if the credential includes a password, + this method would overwrite the password value.
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
public class BasicAuthenticationCredential +extends UsernamePasswordCredential+
BasicAuthenticationCredential extends UsernamePasswordCredential
+ to represent credentials used by HTTP Basic Authentication.| Constructor and Description | +
|---|
BasicAuthenticationCredential(String authorizationHeader)
+Constructor
+ |
+
clearCredential, compareTo, getCaller, getPassword, getPasswordAsStringclear, isCleared, setClearedclone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitisValidComments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
public class CallerOnlyCredential +extends Object +implements Credential+
CallerOnlyCredential represents a credential that only
+ contains a caller name and no secret of any kind.
+
+ + This kind of credential is for internal usage within an application, e.g. + for "run-as" functionality in a context where the caller is already + sufficiently trusted.
| Constructor and Description | +
|---|
CallerOnlyCredential(String caller) |
+
| Modifier and Type | +Method and Description | +
|---|---|
String |
+getCaller() |
+
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitclear, isCleared, isValidComments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
public interface Credential
+Credential represents the credential the caller will use to authenticate.| Modifier and Type | +Method and Description | +
|---|---|
default void |
+clear()
+Clears the credential.
+ |
+
default boolean |
+isCleared()
+Determines whether the credential value has been securely cleared.
+ |
+
default boolean |
+isValid()
+Determines whether the credential is valid.
+ |
+
default boolean isCleared()+
true if the credential has been cleared, otherwise false.default void clear()+
default boolean isValid()+
true if credential has integrity.Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
public class Password +extends Object+
| Constructor and Description | +
|---|
Password(char[] value)
+Constructor
+ |
+
Password(String value)
+Constructor
+ |
+
| Modifier and Type | +Method and Description | +
|---|---|
void |
+clear()
+Securely clears the password value.
+ |
+
boolean |
+compareTo(String password) |
+
char[] |
+getValue()
+Determines the password value.
+ |
+
public Password(char[] value)+
value - The password valueNullPointerException - Value is nullpublic Password(String value)+
value - The password valueNullPointerException - Value is nullpublic char[] getValue()+
public void clear()+
public boolean compareTo(String password)+
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
public class RememberMeCredential +extends Object +implements Credential+
RememberMeCredential represents a credential presented as a token,
+ for the explicit usage with the Jakarta Security provided remember me function.| Constructor and Description | +
|---|
RememberMeCredential(String token)
+Constructor
+ |
+
| Modifier and Type | +Method and Description | +
|---|---|
String |
+getToken()
+Determines the token value to compare for authentication.
+ |
+
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitclear, isCleared, isValidComments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
public class UsernamePasswordCredential +extends AbstractClearableCredential+
| Constructor and Description | +
|---|
UsernamePasswordCredential(String callerName,
+ Password password)
+Constructor.
+ |
+
UsernamePasswordCredential(String callerName,
+ String password)
+Constructor.
+ |
+
| Modifier and Type | +Method and Description | +
|---|---|
void |
+clearCredential()
+Invokes the specific subclass to securely clear the credential value.
+ |
+
boolean |
+compareTo(String callerName,
+ String password) |
+
String |
+getCaller() |
+
Password |
+getPassword()
+Determines the password.
+ |
+
String |
+getPasswordAsString()
+Determines the password.
+ |
+
clear, isCleared, setClearedclone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitisValidpublic UsernamePasswordCredential(String callerName, + String password)+
callerName - The caller namepassword - The password, as a Stringpublic Password getPassword()+
public String getPasswordAsString()+
public void clearCredential()+
AbstractClearableCredentialCredential+ For example, if the credential includes a password, + this method would overwrite the password value.
clearCredential in class AbstractClearableCredentialpublic String getCaller()+
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
| Package | +Description | +
|---|---|
| javax.security.enterprise.credential | +
+ The Identity Store Credential API package.
+ |
+
| Modifier and Type | +Class and Description | +
|---|---|
class |
+BasicAuthenticationCredential
+BasicAuthenticationCredential extends UsernamePasswordCredential
+ to represent credentials used by HTTP Basic Authentication. |
+
class |
+UsernamePasswordCredential
+Represents the credentials typically used by standard caller name/password authentication.
+ |
+
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
| Package | +Description | +
|---|---|
| javax.security.enterprise.authentication.mechanism.http | +
+ The HTTP authentication mechanism API package.
+ |
+
| javax.security.enterprise.credential | +
+ The Identity Store Credential API package.
+ |
+
| javax.security.enterprise.identitystore | +
+ The identity store API package.
+ |
+
| Modifier and Type | +Method and Description | +
|---|---|
Credential |
+AuthenticationParameters.getCredential()
+The credential set as parameter in this instance.
+ |
+
| Modifier and Type | +Method and Description | +
|---|---|
AuthenticationParameters |
+AuthenticationParameters.credential(Credential credential)
+Sets the credential to be used by the authentication mechanism responding
+ to the authenticate call in which these AuthenticationParameters are passed.
+ |
+
void |
+AuthenticationParameters.setCredential(Credential credential)
+Sets the credential as parameter in this instance.
+ |
+
| Modifier and Type | +Class and Description | +
|---|---|
class |
+AbstractClearableCredential
+AbstractClearableCredential contains behavior common to
+ |
+
class |
+BasicAuthenticationCredential
+BasicAuthenticationCredential extends UsernamePasswordCredential
+ to represent credentials used by HTTP Basic Authentication. |
+
class |
+CallerOnlyCredential
+CallerOnlyCredential represents a credential that only
+ contains a caller name and no secret of any kind. |
+
class |
+RememberMeCredential
+RememberMeCredential represents a credential presented as a token,
+ for the explicit usage with the Jakarta Security provided remember me function. |
+
class |
+UsernamePasswordCredential
+Represents the credentials typically used by standard caller name/password authentication.
+ |
+
| Modifier and Type | +Method and Description | +
|---|---|
CredentialValidationResult |
+IdentityStoreHandler.validate(Credential credential)
+Validate the given
+Credential and return the identity and attributes
+ of the caller it represents. |
+
default CredentialValidationResult |
+IdentityStore.validate(Credential credential)
+Validates the given credential.
+ |
+
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
| Package | +Description | +
|---|---|
| javax.security.enterprise.credential | +
+ The Identity Store Credential API package.
+ |
+
| Modifier and Type | +Method and Description | +
|---|---|
Password |
+UsernamePasswordCredential.getPassword()
+Determines the password.
+ |
+
| Constructor and Description | +
|---|
UsernamePasswordCredential(String callerName,
+ Password password)
+Constructor.
+ |
+
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
| Package | +Description | +
|---|---|
| javax.security.enterprise.identitystore | +
+ The identity store API package.
+ |
+
| Modifier and Type | +Method and Description | +
|---|---|
CredentialValidationResult |
+RememberMeIdentityStore.validate(RememberMeCredential credential)
+Validates the given credential.
+ |
+
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
| Package | +Description | +
|---|---|
| javax.security.enterprise.credential | +
+ The Identity Store Credential API package.
+ |
+
| Modifier and Type | +Class and Description | +
|---|---|
class |
+BasicAuthenticationCredential
+BasicAuthenticationCredential extends UsernamePasswordCredential
+ to represent credentials used by HTTP Basic Authentication. |
+
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
See: Description
+| Interface | +Description | +
|---|---|
| Credential | +
+Credential represents the credential the caller will use to authenticate. |
+
| Class | +Description | +
|---|---|
| AbstractClearableCredential | +
+AbstractClearableCredential contains behavior common to
+ |
+
| BasicAuthenticationCredential | +
+BasicAuthenticationCredential extends UsernamePasswordCredential
+ to represent credentials used by HTTP Basic Authentication. |
+
| CallerOnlyCredential | +
+CallerOnlyCredential represents a credential that only
+ contains a caller name and no secret of any kind. |
+
| Password | +
+ Represents a text-based password, and includes a built-in mechanism for securely
+ clearing the value.
+ |
+
| RememberMeCredential | +
+RememberMeCredential represents a credential presented as a token,
+ for the explicit usage with the Jakarta Security provided remember me function. |
+
| UsernamePasswordCredential | +
+ Represents the credentials typically used by standard caller name/password authentication.
+ |
+
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
| Package | +Description | +
|---|---|
| javax.security.enterprise.authentication.mechanism.http | +
+ The HTTP authentication mechanism API package.
+ |
+
| javax.security.enterprise.credential | +
+ The Identity Store Credential API package.
+ |
+
| javax.security.enterprise.identitystore | +
+ The identity store API package.
+ |
+
| Class and Description | +
|---|
Credential
+Credential represents the credential the caller will use to authenticate. |
+
| Class and Description | +
|---|
AbstractClearableCredential
+AbstractClearableCredential contains behavior common to
+ |
+
Credential
+Credential represents the credential the caller will use to authenticate. |
+
| Password
+ Represents a text-based password, and includes a built-in mechanism for securely
+ clearing the value.
+ |
+
| UsernamePasswordCredential
+ Represents the credentials typically used by standard caller name/password authentication.
+ |
+
| Class and Description | +
|---|
Credential
+Credential represents the credential the caller will use to authenticate. |
+
RememberMeCredential
+RememberMeCredential represents a credential presented as a token,
+ for the explicit usage with the Jakarta Security provided remember me function. |
+
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
public static enum CredentialValidationResult.Status +extends Enum<CredentialValidationResult.Status>+
| Enum Constant and Description | +
|---|
INVALID
+Indicates that the credential is not valid after a validation
+ attempt.
+ |
+
NOT_VALIDATED
+Indicates that the credential could not be validated
+ |
+
VALID
+Indicates that the credential is valid after a validation attempt.
+ |
+
| Modifier and Type | +Method and Description | +
|---|---|
static CredentialValidationResult.Status |
+valueOf(String name)
+Returns the enum constant of this type with the specified name.
+ |
+
static CredentialValidationResult.Status[] |
+values()
+Returns an array containing the constants of this enum type, in
+the order they are declared.
+ |
+
public static final CredentialValidationResult.Status NOT_VALIDATED+
public static final CredentialValidationResult.Status INVALID+
public static final CredentialValidationResult.Status VALID+
public static CredentialValidationResult.Status[] values()+
+for (CredentialValidationResult.Status c : CredentialValidationResult.Status.values()) + System.out.println(c); +
public static CredentialValidationResult.Status valueOf(String name)+
name - the name of the enum constant to be returned.IllegalArgumentException - if this enum type has no constant with the specified nameNullPointerException - if the argument is nullComments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
public class CredentialValidationResult +extends Object+
CredentialValidationResult is the result from an attempt to
+ validate an instance of Credential.| Modifier and Type | +Class and Description | +
|---|---|
static class |
+CredentialValidationResult.Status |
+
| Modifier and Type | +Field and Description | +
|---|---|
static CredentialValidationResult |
+INVALID_RESULT |
+
static CredentialValidationResult |
+NOT_VALIDATED_RESULT |
+
| Constructor and Description | +
|---|
CredentialValidationResult(CallerPrincipal callerPrincipal)
+Constructor for a VALID result.
+ |
+
CredentialValidationResult(CallerPrincipal callerPrincipal,
+ Set<String> groups)
+Constructor for a VALID result.
+ |
+
CredentialValidationResult(String callerName)
+Constructor for a VALID result.
+ |
+
CredentialValidationResult(String storeId,
+ CallerPrincipal callerPrincipal,
+ String callerDn,
+ String callerUniqueId,
+ Set<String> groups)
+Constructor for a VALID result.
+ |
+
CredentialValidationResult(String callerName,
+ Set<String> groups)
+Constructor for a VALID result.
+ |
+
CredentialValidationResult(String storeId,
+ String callerName,
+ String callerDn,
+ String callerUniqueId,
+ Set<String> groups)
+Constructor for a VALID result.
+ |
+
| Modifier and Type | +Method and Description | +
|---|---|
String |
+getCallerDn()
+Return the CallerPrincipal for the validated credential.
+ |
+
Set<String> |
+getCallerGroups()
+Determines the set of groups that the specified Caller is in, based on
+ the associated identity store.
+ |
+
CallerPrincipal |
+getCallerPrincipal()
+Return the CallerPrincipal for the validated credential.
+ |
+
String |
+getCallerUniqueId()
+Return a string that uniquely identifies this caller within the identity store
+ (since the Principal name used may not be unique).
+ |
+
String |
+getIdentityStoreId()
+Return the unique ID of the identity store used to validate the credentials.
+ |
+
CredentialValidationResult.Status |
+getStatus()
+Determines the validation status.
+ |
+
public static final CredentialValidationResult INVALID_RESULT+
public static final CredentialValidationResult NOT_VALIDATED_RESULT+
public CredentialValidationResult(String callerName)+
callerName - Name of the validated callerpublic CredentialValidationResult(CallerPrincipal callerPrincipal)+
callerPrincipal - CallerPrincipal of validated callerpublic CredentialValidationResult(String callerName, + Set<String> groups)+
callerName - Name of the validated callergroups - Groups associated with the caller from the identity storepublic CredentialValidationResult(CallerPrincipal callerPrincipal, + Set<String> groups)+
callerPrincipal - CallerPrincipal of validated callergroups - Groups associated with the caller from the identity storepublic CredentialValidationResult(String storeId, + String callerName, + String callerDn, + String callerUniqueId, + Set<String> groups)+
storeId - Identity store unique IDcallerName - Name of the validated callercallerDn - Caller's LDAP DN (distinguished name)callerUniqueId - Caller's unique identifier from the identity storegroups - Groups associated with the caller from the identity storepublic CredentialValidationResult(String storeId, + CallerPrincipal callerPrincipal, + String callerDn, + String callerUniqueId, + Set<String> groups)+
storeId - Identity store unique IDcallerPrincipal - CallerPrincipal of validated callercallerDn - Caller's LDAP DN (distinguished name)callerUniqueId - Caller's unique identifier from the identity storegroups - Groups associated with the caller from the identity storepublic CredentialValidationResult.Status getStatus()+
public String getIdentityStoreId()+
public CallerPrincipal getCallerPrincipal()+
public String getCallerUniqueId()+
public String getCallerDn()+
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
@Retention(value=RUNTIME) + @Target(value=TYPE) +public @interface DatabaseIdentityStoreDefinition+
IdentityStore that
+ stores caller credentials and identity attributes in a relational database,
+ and make that implementation available as an enabled CDI bean.
+
+ The container-provided IdentityStore must support validating UsernamePasswordCredential,
+ and may support validating other credential types.
| Modifier and Type | +Optional Element and Description | +
|---|---|
String |
+callerQuery
+SQL query to validate the {caller, password} pair.
+ |
+
String |
+dataSourceLookup
+Full JNDI name of the data source that provides access to the data base
+ where the caller identities are stored.
+ |
+
String |
+groupsQuery
+SQL query to retrieve the groups associated with the caller when
+ authentication succeeds.
+ |
+
Class<? extends PasswordHash> |
+hashAlgorithm
+A
+PasswordHash implementation used to verify plaintext passwords
+ by generating a hash of the password and comparing it against the hashed
+ value returned from the database via the callerQuery(). |
+
String[] |
+hashAlgorithmParameters
+Used to specify algorithm-specific parameters.
+ |
+
int |
+priority
+Determines the order in case multiple IdentityStores are found.
+ |
+
String |
+priorityExpression
+Allow
+priority to be specified as a Jakarta Expression Language expression. |
+
IdentityStore.ValidationType[] |
+useFor
+Determines what the identity store is used for
+ |
+
String |
+useForExpression
+Allow
+useFor to be specified as an Jakarta Expression Language expression. |
+
public abstract String dataSourceLookup+
public abstract String callerQuery+
useFor() contains
+ IdentityStore.ValidationType.VALIDATE.
+
+ + The name of the caller that is to be authenticated has to be set as the + one and only placeholder. The (hashed) password should be in the first + column of the result. + +
+ Example query: +
+
+ select password from callers where name = ?
+
+ public abstract String groupsQuery+
useFor() contains
+ IdentityStore.ValidationType.PROVIDE_GROUPS.
+
+ + The name of the caller that has been authenticated has to be set as the + one and only placeholder. The group name should be in the first column of + the result. + +
+ Example query: +
+
+ select group_name from caller_groups where caller_name = ?
+
+ public abstract Class<? extends PasswordHash> hashAlgorithm+
PasswordHash implementation used to verify plaintext passwords
+ by generating a hash of the password and comparing it against the hashed
+ value returned from the database via the callerQuery().public abstract String[] hashAlgorithmParameters+
+ Parameters are specified as a list of name/value pairs, using the format below: +
++parameterName=parameterValue +
+ For example: +
++ Algorithm.param1="value" + Algorithm.param2=32 +
+ This attribute supports immediate Jakarta Expression Language expressions (${} syntax) for both the
+ parameterValue as well as for a full array element. If an EL
+ expression is used for a full array element, the expression must evaluate
+ to either a single string, a string array or a string Stream where
+ in each case every string must adhere to the above specified format.
public abstract int priority+
public abstract String priorityExpression+
priority to be specified as a Jakarta Expression Language expression.
+ If set, overrides any value set with priority.priority Jakarta Expression Language expressionpublic abstract IdentityStore.ValidationType[] useFor+
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
public static enum IdentityStore.ValidationType +extends Enum<IdentityStore.ValidationType>+
IdentityStore is capable of,
+ but only what the store is configured to be used for.| Enum Constant and Description | +
|---|
PROVIDE_GROUPS
+Only groups for a principal, possibly established by another IdentityStore, are taken from this store.
+ |
+
VALIDATE
+Only validation is performed, so no groups, are taken from this store.
+ |
+
| Modifier and Type | +Method and Description | +
|---|---|
static IdentityStore.ValidationType |
+valueOf(String name)
+Returns the enum constant of this type with the specified name.
+ |
+
static IdentityStore.ValidationType[] |
+values()
+Returns an array containing the constants of this enum type, in
+the order they are declared.
+ |
+
public static final IdentityStore.ValidationType VALIDATE+
public static final IdentityStore.ValidationType PROVIDE_GROUPS+
public static IdentityStore.ValidationType[] values()+
+for (IdentityStore.ValidationType c : IdentityStore.ValidationType.values()) + System.out.println(c); +
public static IdentityStore.ValidationType valueOf(String name)+
name - the name of the enum constant to be returned.IllegalArgumentException - if this enum type has no constant with the specified nameNullPointerException - if the argument is nullComments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
public interface IdentityStore
+IdentityStore is a mechanism for validating a caller's credentials
+ and accessing a caller's identity attributes. It can be used by an
+ authentication mechanism, such as a Jakarta Security HttpAuthenticationMechanism
+ or a Jakarta Authentication ServerAuthModule.
+ + Stores which do only validation or only group lookup are allowed. +
+ An IdentityStore obtains identity data from a persistent store,
+ such as a database, LDAP server, or file.
| Modifier and Type | +Interface and Description | +
|---|---|
static class |
+IdentityStore.ValidationType
+Determines the type of validation (operations) that should be done by this store.
+ |
+
| Modifier and Type | +Field and Description | +
|---|---|
static Set<IdentityStore.ValidationType> |
+DEFAULT_VALIDATION_TYPES
+Default set of validation types.
+ |
+
| Modifier and Type | +Method and Description | +
|---|---|
default Set<String> |
+getCallerGroups(CredentialValidationResult validationResult)
+Returns groups for the caller, who is identified by the
+CallerPrincipal
+ (and potentially other values) found in the validationResult parameter. |
+
default int |
+priority()
+Determines the order of invocation for multiple
+IdentityStores. |
+
default CredentialValidationResult |
+validate(Credential credential)
+Validates the given credential.
+ |
+
default Set<IdentityStore.ValidationType> |
+validationTypes()
+Determines the type of validation the
+IdentityStore should be used for. |
+
static final Set<IdentityStore.ValidationType> DEFAULT_VALIDATION_TYPES+
VALIDATE and PROVIDE_GROUPS.default CredentialValidationResult validate(Credential credential)+
+ As a convenience, a default implementation is provided that looks up an overload of this method
+ that has, as its one and only parameter, a subclass of Credential. Here is an example of what
+ an implementation of this interface looks like with such an overloaded method:
+
++public class ExampleIdentityStore implements IdentityStore { + + public CredentialValidationResult validate(UsernamePasswordCredential usernamePasswordCredential) { + // Implementation ... + return INVALID_RESULT; + } + +} +
+ Note that the overloaded method is only called when the actual type passed into this method will exactly match + the parameter type of the overloaded method. There's no attempt being done to find the most specific overloaded method + such as specified in JLS 15.2. +
+ This method returns a CredentialValidationResult representing the result of the validation attempt:
+ whether it succeeded or failed, and, for a successful validation, the CallerPrincipal, and possibly
+ groups or other attributes, of the caller.
credential - The credential to validate.default Set<String> getCallerGroups(CredentialValidationResult validationResult)+
CallerPrincipal
+ (and potentially other values) found in the validationResult parameter.
+
+ Callers (i.e., IdentityStoreHandlers) should have
+ IdentityStorePermission permission to invoke this method.
+ Implementations should check for this permission before doing any work:
+
+SecurityManager security = System.getSecurityManager(); +if (security != null) { + security.checkPermission(new IdentityStorePermission("getGroups"); +} +
validationResult - The CredentialValidationResult returned
+ by a previous call to validate(Credential).Set of groups found for the caller, if any, or an empty Set otherwise.SecurityException - May be thrown if the calling code does not have IdentityStorePermission.default int priority()+
IdentityStores.
+ Stores with a lower priority value are consulted first.default Set<IdentityStore.ValidationType> validationTypes()+
IdentityStore should be used for.
+ By default, its used for credential validation AND providing groups.
+
+ Implementations of this API should not return a direct reference
+ to a Set used internally to represent an IdentityStore's validation types,
+ unless it is an immutable Set. Callers of the API should be aware that
+ the returned Set may be immutable, or a copy, and that, in any case,
+ it should not be modified by the caller.
Set containing the validation types enabled for the IdentityStore.Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
public interface IdentityStoreHandler
+IdentityStoreHandler is a mechanism for validating a caller's
+ credentials, and accessing a caller's identity attributes, by consulting
+ a set of one or more IdentityStores.
+
+ It is intended for use by an authentication mechanism, such as an
+ HttpAuthenticationMechanism (Jakarta Security) or a ServerAuthModule
+ (Jakarta Authentication).
+
+ Beans should inject only this handler, and not IdentityStore
+ directly, as multiple stores may exist.
+
+ Implementations of Jakarta Security must supply a default implementation of
+ IdentityStoreHandler that behaves as described in the Jakarta Security
+ specification document.
+ Applications do not need to supply an IdentityStoreHandler
+ unless application-specific behavior is desired.
| Modifier and Type | +Method and Description | +
|---|---|
CredentialValidationResult |
+validate(Credential credential)
+Validate the given
+Credential and return the identity and attributes
+ of the caller it represents. |
+
CredentialValidationResult validate(Credential credential)+
Credential and return the identity and attributes
+ of the caller it represents.
+
+ Implementations of this method will typically invoke the validate()
+ and getCallerGroups() methods of one or more IdentityStores
+ and return an aggregated result.
+
+ Note that the IdentityStore may check for IdentityStorePermission
+ if getCallerGroups() is called and a SecurityManager is configured.
+ (The default built-in stores do perform this check; application-supplied stores
+ may or may not.) An implementation of this method should therefore invoke
+ getCallerGroups() in the context of a PrivilegedAction,
+ and arrange to be granted the appropriate IdentityStorePermission permission.
credential - The credential to validate.Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
public class IdentityStorePermission +extends BasicPermission+
+ Currently defined permission names are: +
+ No actions are defined.
| Constructor and Description | +
|---|
IdentityStorePermission(String name)
+Create an IdentityStorePermission with the specified name.
+ |
+
IdentityStorePermission(String name,
+ String action)
+Create an IdentityStorePermission with the specified name.
+ |
+
equals, getActions, hashCode, implies, newPermissionCollectioncheckGuard, getName, toStringpublic IdentityStorePermission(String name)+
name - Name of the permission.NullPointerException - If name is null.IllegalArgumentException - If name is empty.public IdentityStorePermission(String name, + String action)+
name - Name of the permission.action - Action for the permission; always null.NullPointerException - If name is null.IllegalArgumentException - If name is empty.Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
public static enum LdapIdentityStoreDefinition.LdapSearchScope +extends Enum<LdapIdentityStoreDefinition.LdapSearchScope>+
| Enum Constant and Description | +
|---|
ONE_LEVEL |
+
SUBTREE |
+
| Modifier and Type | +Method and Description | +
|---|---|
static LdapIdentityStoreDefinition.LdapSearchScope |
+valueOf(String name)
+Returns the enum constant of this type with the specified name.
+ |
+
static LdapIdentityStoreDefinition.LdapSearchScope[] |
+values()
+Returns an array containing the constants of this enum type, in
+the order they are declared.
+ |
+
public static final LdapIdentityStoreDefinition.LdapSearchScope ONE_LEVEL+
public static final LdapIdentityStoreDefinition.LdapSearchScope SUBTREE+
public static LdapIdentityStoreDefinition.LdapSearchScope[] values()+
+for (LdapIdentityStoreDefinition.LdapSearchScope c : LdapIdentityStoreDefinition.LdapSearchScope.values()) + System.out.println(c); +
public static LdapIdentityStoreDefinition.LdapSearchScope valueOf(String name)+
name - the name of the enum constant to be returned.IllegalArgumentException - if this enum type has no constant with the specified nameNullPointerException - if the argument is nullComments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
@Retention(value=RUNTIME) + @Target(value=TYPE) +public @interface LdapIdentityStoreDefinition+
IdentityStore that stores
+ caller credentials and identity attributes (together caller identities) in an
+ LDAP store, and make that implementation available as an enabled CDI bean.
+
+ The container-provided IdentityStore must support validating UsernamePasswordCredential,
+ and may support validating other credential types.
| Modifier and Type | +Optional Element and Description | +
|---|---|
String |
+bindDn
+Distinguished name for the application or administrative user that will be used to
+ make the initial connection to the LDAP and to perform searches and lookups.
+ |
+
String |
+bindDnPassword
+Password for the application/admin user defined by the bindDn member.
+ |
+
String |
+callerBaseDn
+Base distinguished name for callers in the LDAP store
+ (e.g., "
+ou=caller,dc=eclipse,dc=net"). |
+
String |
+callerNameAttribute
+Name of the attribute that contains the callers name in the person object
+ (e.g., "
+uid"). |
+
String |
+callerSearchBase
+Search base for looking up callers
+ (e.g., "
+ou=caller,dc=eclipse,dc=net"). |
+
String |
+callerSearchFilter
+Search filter to find callers when callerSearchBase is set.
+ |
+
LdapIdentityStoreDefinition.LdapSearchScope |
+callerSearchScope
+Search scope for caller searches: determines depth
+ of the search in the LDAP tree.
+ |
+
String |
+callerSearchScopeExpression
+Allow callerSearchScope to be specified as a Jakarta Expression Language expression.
+ |
+
String |
+groupMemberAttribute
+Name of the attribute in a group object that identifies the
+ members of the group
+ (e.g., "
+member"). |
+
String |
+groupMemberOfAttribute
+Name of the attribute in a person object that identifies the groups
+ the caller belongs to
+ (e.g., "
+memberOf"). |
+
String |
+groupNameAttribute
+Name of the attribute of a group object that represents the group name
+ (e.g., "
+cn") |
+
String |
+groupSearchBase
+Search base for looking up groups
+ (e.g., "
+ou=group,dc=eclipse,dc=net"). |
+
String |
+groupSearchFilter
+Search filter to find groups when groupSearchBase is set.
+ |
+
LdapIdentityStoreDefinition.LdapSearchScope |
+groupSearchScope
+Search scope for group searches, determines depth
+ of the search in the LDAP tree.
+ |
+
String |
+groupSearchScopeExpression
+Allow groupSearchScope to be specified as a Jakarta Expression Language expression.
+ |
+
int |
+maxResults
+Set the maximum number of results (objects) the server should
+ return in response to a search.
+ |
+
String |
+maxResultsExpression
+Allow maxResults to be specified as Jakarta Expression Language expression.
+ |
+
int |
+priority
+Determines the order in case multiple IdentityStores are found.
+ |
+
String |
+priorityExpression
+Allow priority to be specified as a Jakarta Expression Language expression.
+ |
+
int |
+readTimeout
+Set the timeout value that should be used when waiting for
+ the LDAP server to return results.
+ |
+
String |
+readTimeoutExpression
+Allow readTimeout to be specified as an Jakarta Expression Language expression.
+ |
+
String |
+url
+URL where the LDAP server can be reached.
+ |
+
IdentityStore.ValidationType[] |
+useFor
+Determines what the identity store is used for
+ |
+
String |
+useForExpression
+Allow useFor to be specified as a Jakarta Expression Language expression.
+ |
+
public abstract String url+
+ E.g.: ldap://localhost:33389
public abstract String bindDn+
+ This value is needed if caller or group lookup will be done. It is not needed if the + store will be used only to authenticate callers using direct binding (see callerBaseDn). +
+ This user needs search permission in the LDAP for persons and/or groups. +
+ E.g.: uid=ldap,ou=apps,dc=eclipse,dc=net
public abstract String bindDnPassword+
public abstract String callerBaseDn+
ou=caller,dc=eclipse,dc=net").
+ + When this member value is specified, and callerSearchBase is not, direct binding is attempted. +
+ The callerNameAttribute must be specified along with this attribute so that the + runtime can create the "leaf" RDN needed to concatenate with the base DN to create the + full DN of the caller.
public abstract String callerNameAttribute+
uid").
+ + This attribute will be used, with callerBaseDn, to construct caller DNs for direct binding. + It is also used to retrieve the caller's name when the caller object is instead looked up + using search. +
+ The value of this attribute is returned as the caller principal name + for a successful credential validation. +
+ The following gives an example in ldif format: +
+
+ dn: uid=peter,ou=caller,dc=eclipse,dc=net
+ objectclass: top
+ objectclass: uidObject
+ objectclass: person
+ uid: peter
+ cn: Peter Smith
+ sn: Peter
+ userPassword: secret1
+
+ public abstract String callerSearchBase+
ou=caller,dc=eclipse,dc=net").
+ + Overrides callerBaseDn, if configured, causing caller search + to be used instead of direct binding. + Requires that the bindDn member be filled in.
public abstract String callerSearchFilter+
public abstract LdapIdentityStoreDefinition.LdapSearchScope callerSearchScope+
public abstract String callerSearchScopeExpression+
public abstract String groupSearchBase+
ou=group,dc=eclipse,dc=net").
+ + Needed only for a store that performs group lookup. + Requires that the bindDn member be filled in.
public abstract String groupSearchFilter+
public abstract LdapIdentityStoreDefinition.LdapSearchScope groupSearchScope+
public abstract String groupSearchScopeExpression+
public abstract String groupNameAttribute+
cn")public abstract String groupMemberAttribute+
member").
+ + The value of this attribute must be the full DN of the caller. The following gives an example + entry in ldif format: +
+
+ dn: cn=foo,ou=group,dc=eclipse,dc=net
+ objectclass: top
+ objectclass: groupOfNames
+ cn: foo
+ member: uid=pete,ou=caller,dc=eclipse,dc=net
+ member: uid=john,ou=caller,dc=eclipse,dc=net
+
+ public abstract String groupMemberOfAttribute+
memberOf").
+
+ This attribute is used only if: a) group search is not configured
+ (i.e., no groupSearchBase and groupSearchFilter configured); and,
+ b) the caller's DN is available, either because groups are being returned
+ during the credential validation phase by an identity store that performs
+ both validation and group lookup, or because the DN is available in the
+ CredentialValidationResult passed to the
+ IdentityStore.getCallerGroups(CredentialValidationResult) method.
+
+ The value of this attribute must be the full DN of the group. The following gives an example + entry in ldif format: +
+
+ dn: uid=peter,ou=caller,dc=eclipse,dc=net
+ objectclass: top
+ objectclass: uidObject
+ objectclass: person
+ uid: peter
+ cn: Peter Smith
+ memberOf: cn=foo,ou=group,dc=eclipse,dc=net
+ memberOf: cn=bar,ou=group,dc=eclipse,dc=net
+
+ public abstract int readTimeout+
+ The default value of 0 means wait forever (assuming the connection + itself does not time out).
public abstract String readTimeoutExpression+
public abstract int maxResults+
+ The default value is set to 1000, which corresponds to the + maximum number of results most LDAP servers will return for + in a single response. Most LDAP servers support paging through + result sets larger than 1000, but doing so should rarely be + necessary for normal validation and group lookup use cases. + Implementations of the built-in LDAP IdentityStore MAY support + paging through larger result sets, but are NOT REQUIRED to.
public abstract String maxResultsExpression+
public abstract int priority+
public abstract String priorityExpression+
public abstract IdentityStore.ValidationType[] useFor+
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
public interface PasswordHash
+PasswordHash is an interface for objects that can generate and verify password hashes.
+
+ Implementations of PasswordHash are configured for the built-in Database IdentityStore
+ by configuring the type on the DatabaseIdentityStoreDefinition annotation.
+ Parameters for the PasswordHash can also be configured on the annotation,
+ and will be passed to the initialize(Map) method when the IdentityStore is initialized.
| Modifier and Type | +Method and Description | +
|---|---|
String |
+generate(char[] password)
+Generate an encoded password hash value for storage in a user's account.
+ |
+
default void |
+initialize(Map<String,String> parameters)
+Initialize the instance with the parameters it should use to
+ generate and verify password hashes.
+ |
+
boolean |
+verify(char[] password,
+ String hashedPassword)
+Verify a password against the hashed password value retrieved from a user's account.
+ |
+
default void initialize(Map<String,String> parameters)+
DatabaseIdentityStoreDefinition.hashAlgorithmParameters()
+ attribute.
+ + An implementation is not required to support parameters, and may + ignore parameters passed to it. It is also possible that an implementation + will use the specified parameters when generating a new password hash, + but ignore them in favor of parameters stored with an existing password + hash when verifying. +
+ If no parameters were supplied, the argument is an empty Map.
parameters - A Map of the provided parameters, empty if no parameters were supplied.String generate(char[] password)+
+ This method should not be used to generate a password hash for verification purposes;
+ use verify(char[], String) for that purpose. Use this method only to generate
+ password hashes for new or changed passwords.
+
+ The returned hash value should be fully encoded, such that it can be directly stored, as is, + with no additional formatting or encoding applied.
password - The password to generate a hash for.boolean verify(char[] password, + String hashedPassword)+
+ The hashedPassword parameter should be provided exactly as retrieved from the database,
+ with no decoding or formatting applied. The password parameter should be hashed and
+ compared to the hashed password.
password - The password to verify.hashedPassword - The hashed password to compare against.Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
public interface Pbkdf2PasswordHash +extends PasswordHash+
Pbkdf2PasswordHash implementation.
+
+ To use Pbkdf2PasswordHash with the built-in Database IdentityStore,
+ configure this interface type as the hashAlgorithm value
+ on the DatabaseIdentityStoreDefinition annotation.
+
+ To configure parameters for Pbkdf2PasswordHash, specify them as the
+ hashAlgorithmParameters value on the DatabaseIdentityStoreDefinition annotation.
+
+ The built-in implementation must support the following configurable parameters: +
++Pbkdf2PasswordHash.Algorithm // default "PBKDF2WithHmacSHA256" +Pbkdf2PasswordHash.Iterations // default 2048, minimum 1024 +Pbkdf2PasswordHash.SaltSizeBytes // default 32, minimum 16 +Pbkdf2PasswordHash.KeySizeBytes // default 32, minimum 16 +
+ And the following PBKDF2 algorithms: +
+ Algorithm names are the string literal names documented for the corresponding algorithms by the + +Java Cryptography Architecture Standard Algorithm Name Documentation. ++PBKDF2WithHmacSHA224 +PBKDF2WithHmacSHA256 +PBKDF2WithHmacSHA384 +PBKDF2WithHmacSHA512 +
+ The encoded format produced by PasswordHash.generate(char[]), and consumed by PasswordHash.verify(char[], String),
+ is as follows:
+
+ Where: ++<algorithm>:<iterations>:<base64(salt)>:<base64(hash)>+
+ Because the algorithm and the parameters used to generate the hash are stored with the hash,
+ the built-in Pbkdf2PasswordHash implementation can verify hashes generated using algorithm
+ and parameter values that differ from the currently configured values. This means the configuration
+ parameters can be changed without impacting the ability to verify existing password hashes.
+
+ (Password hashes generated using algorithms/parameters outside the range supported by
+ Pbkdf2PasswordHash cannot be verified.)
generate, initialize, verifyComments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
public interface RememberMeIdentityStore
+RememberMeIdentityStore is a mechanism for validating a caller's
+ credentials and accessing a caller's identity attributes that's specifically
+ tailored for the "remember me" feature.
+
+
+ This is not intended to be directly used by an authentication mechanism such as
+ the Jakarta Security HttpAuthenticationMechanism or the Jakarta Authentication
+ ServerAuthModule. Instead, the interceptor implementation backing the
+ RememberMe annotation is intended to use this.
| Modifier and Type | +Method and Description | +
|---|---|
String |
+generateLoginToken(CallerPrincipal callerPrincipal,
+ Set<String> groups)
+Associates the given principal and groups with a token.
+ |
+
void |
+removeLoginToken(String token)
+Dissociates the principal and groups that were associated with the token before
+ and removes the token itself.
+ |
+
CredentialValidationResult |
+validate(RememberMeCredential credential)
+Validates the given credential.
+ |
+
CredentialValidationResult validate(RememberMeCredential credential)+
credential - The credential to validate.String generateLoginToken(CallerPrincipal callerPrincipal, + Set<String> groups)+
+ The token generated by this method is intended to be used with the
+ RememberMeCredential and passed into the validate(RememberMeCredential)
+ method.
callerPrincipal - The principal to be associated.groups - The groups the principal is in.void removeLoginToken(String token)+
+ If the token did not exist (i.e. no principal and groups were associated with that token) + no exception will be thrown.
token - The token that is to be removed.Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
| Package | +Description | +
|---|---|
| javax.security.enterprise.identitystore | +
+ The identity store API package.
+ |
+
| Modifier and Type | +Method and Description | +
|---|---|
CredentialValidationResult.Status |
+CredentialValidationResult.getStatus()
+Determines the validation status.
+ |
+
static CredentialValidationResult.Status |
+CredentialValidationResult.Status.valueOf(String name)
+Returns the enum constant of this type with the specified name.
+ |
+
static CredentialValidationResult.Status[] |
+CredentialValidationResult.Status.values()
+Returns an array containing the constants of this enum type, in
+the order they are declared.
+ |
+
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
| Package | +Description | +
|---|---|
| javax.security.enterprise.authentication.mechanism.http | +
+ The HTTP authentication mechanism API package.
+ |
+
| javax.security.enterprise.identitystore | +
+ The identity store API package.
+ |
+
| Modifier and Type | +Method and Description | +
|---|---|
AuthenticationStatus |
+HttpMessageContextWrapper.notifyContainerAboutLogin(CredentialValidationResult result) |
+
AuthenticationStatus |
+HttpMessageContext.notifyContainerAboutLogin(CredentialValidationResult result)
+Convenience method intended to pass the
+CredentialValidationResult result of an
+ identity store directly on to the container. |
+
| Modifier and Type | +Field and Description | +
|---|---|
static CredentialValidationResult |
+CredentialValidationResult.INVALID_RESULT |
+
static CredentialValidationResult |
+CredentialValidationResult.NOT_VALIDATED_RESULT |
+
| Modifier and Type | +Method and Description | +
|---|---|
CredentialValidationResult |
+IdentityStoreHandler.validate(Credential credential)
+Validate the given
+Credential and return the identity and attributes
+ of the caller it represents. |
+
default CredentialValidationResult |
+IdentityStore.validate(Credential credential)
+Validates the given credential.
+ |
+
CredentialValidationResult |
+RememberMeIdentityStore.validate(RememberMeCredential credential)
+Validates the given credential.
+ |
+
| Modifier and Type | +Method and Description | +
|---|---|
default Set<String> |
+IdentityStore.getCallerGroups(CredentialValidationResult validationResult)
+Returns groups for the caller, who is identified by the
+CallerPrincipal
+ (and potentially other values) found in the validationResult parameter. |
+
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
| Package | +Description | +
|---|---|
| javax.security.enterprise.identitystore | +
+ The identity store API package.
+ |
+
| Modifier and Type | +Field and Description | +
|---|---|
static Set<IdentityStore.ValidationType> |
+IdentityStore.DEFAULT_VALIDATION_TYPES
+Default set of validation types.
+ |
+
| Modifier and Type | +Method and Description | +
|---|---|
static IdentityStore.ValidationType |
+IdentityStore.ValidationType.valueOf(String name)
+Returns the enum constant of this type with the specified name.
+ |
+
static IdentityStore.ValidationType[] |
+IdentityStore.ValidationType.values()
+Returns an array containing the constants of this enum type, in
+the order they are declared.
+ |
+
| Modifier and Type | +Method and Description | +
|---|---|
default Set<IdentityStore.ValidationType> |
+IdentityStore.validationTypes()
+Determines the type of validation the
+IdentityStore should be used for. |
+
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
| Package | +Description | +
|---|---|
| javax.security.enterprise.identitystore | +
+ The identity store API package.
+ |
+
| Modifier and Type | +Method and Description | +
|---|---|
static LdapIdentityStoreDefinition.LdapSearchScope |
+LdapIdentityStoreDefinition.LdapSearchScope.valueOf(String name)
+Returns the enum constant of this type with the specified name.
+ |
+
static LdapIdentityStoreDefinition.LdapSearchScope[] |
+LdapIdentityStoreDefinition.LdapSearchScope.values()
+Returns an array containing the constants of this enum type, in
+the order they are declared.
+ |
+
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
| Package | +Description | +
|---|---|
| javax.security.enterprise.identitystore | +
+ The identity store API package.
+ |
+
| Modifier and Type | +Interface and Description | +
|---|---|
interface |
+Pbkdf2PasswordHash
+This interface represents the built-in
+Pbkdf2PasswordHash implementation. |
+
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
See: Description
+| Interface | +Description | +
|---|---|
| IdentityStore | +
+IdentityStore is a mechanism for validating a caller's credentials
+ and accessing a caller's identity attributes. |
+
| IdentityStoreHandler | +
+IdentityStoreHandler is a mechanism for validating a caller's
+ credentials, and accessing a caller's identity attributes, by consulting
+ a set of one or more IdentityStores. |
+
| PasswordHash | +
+PasswordHash is an interface for objects that can generate and verify password hashes. |
+
| Pbkdf2PasswordHash | +
+ This interface represents the built-in
+Pbkdf2PasswordHash implementation. |
+
| RememberMeIdentityStore | +
+RememberMeIdentityStore is a mechanism for validating a caller's
+ credentials and accessing a caller's identity attributes that's specifically
+ tailored for the "remember me" feature. |
+
| Class | +Description | +
|---|---|
| CredentialValidationResult | +
+CredentialValidationResult is the result from an attempt to
+ validate an instance of Credential. |
+
| IdentityStorePermission | +
+ Class for IdentityStore permissions.
+ |
+
| Enum | +Description | +
|---|---|
| CredentialValidationResult.Status | ++ |
| IdentityStore.ValidationType | +
+ Determines the type of validation (operations) that should be done by this store.
+ |
+
| LdapIdentityStoreDefinition.LdapSearchScope | +
+ Enum representing LDAP search scope values.
+ |
+
| Annotation Type | +Description | +
|---|---|
| DatabaseIdentityStoreDefinition | +
+ Annotation used to define a container-provided
+IdentityStore that
+ stores caller credentials and identity attributes in a relational database,
+ and make that implementation available as an enabled CDI bean. |
+
| LdapIdentityStoreDefinition | +
+ Annotation used to define a container-provided
+IdentityStore that stores
+ caller credentials and identity attributes (together caller identities) in an
+ LDAP store, and make that implementation available as an enabled CDI bean. |
+
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
| Package | +Description | +
|---|---|
| javax.security.enterprise.authentication.mechanism.http | +
+ The HTTP authentication mechanism API package.
+ |
+
| javax.security.enterprise.identitystore | +
+ The identity store API package.
+ |
+
| Class and Description | +
|---|
CredentialValidationResult
+CredentialValidationResult is the result from an attempt to
+ validate an instance of Credential. |
+
| Class and Description | +
|---|
CredentialValidationResult
+CredentialValidationResult is the result from an attempt to
+ validate an instance of Credential. |
+
| CredentialValidationResult.Status | +
| IdentityStore.ValidationType
+ Determines the type of validation (operations) that should be done by this store.
+ |
+
| LdapIdentityStoreDefinition.LdapSearchScope
+ Enum representing LDAP search scope values.
+ |
+
PasswordHash
+PasswordHash is an interface for objects that can generate and verify password hashes. |
+
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
| Interface | +Description | +
|---|---|
| SecurityContext | +
+ The SecurityContext provides an access point for programmatic security; an injectable type that is intended to be
+ used by application code to query and interact with Jakarta Security.
+ |
+
| Class | +Description | +
|---|---|
| CallerPrincipal | +
+ Principal that represents the caller principal associated with the invocation being
+ processed by the container (e.g.
+ |
+
| Enum | +Description | +
|---|---|
| AuthenticationStatus | +
+ The AuthenticationStatus is used as a return value by primarily
+ the
+HttpAuthenticationMechanism to indicate the result (status)
+ of the authentication process. |
+
| Exception | +Description | +
|---|---|
| AuthenticationException | +
+ A generic authentication exception.
+ |
+
Definition, which, when used,
+ make CDI beans available. For completeness, this concerns the following annotations:
+
+ DatabaseIdentityStoreDefinitionLdapIdentityStoreDefinitionBasicAuthenticationMechanismDefinitionCustomFormAuthenticationMechanismDefinitionFormAuthenticationMechanismDefinitionString on these annotations, Jakarta Expression Language 3.0 expressions can
+ be used. All named CDI beans are available to that expression, as well as the default classes as specified by
+ Expression Language 3.0 for the ELProcessor.
+
+
+ Expressions can be either immediate (${} syntax), or deferred (#{} syntax). Immediate
+ expressions are evaluated once when the bean instance corresponding to the "...Definition" annotation is actually
+ created. Since such beans are application scoped, that means once for the entire application. Deferred expressions
+ are evaluated in each request where the security runtime needs to use the value of these attributes.
+
+
+ Attributes that are documented as being Expression Language alternatives to non-String type attributes
+ (attributes for which the name ends with Expression, hereafter called Expression alternative attribute) MUST
+ evaluate to the same type as the attribute they are an alternative to. If the Expression alternative attribute has a non
+ empty value, it takes precedence over the attribute which it is an alternative to.
+
+
+ The Expression alternative attribute MUST contain a valid Expression Language expression. Attributes of type + string that are not Expression alternative attributes can contain either an expression or a string value + that is not an expression. + +
LoginToContinueRememberMe+ Expression Language is supported for these annotations as well, but in a slightly different way. See the javadoc of + both these annotations for how the expression language support differs.
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
| Package | +Description | +
|---|---|
| javax.security.enterprise | +
+ The main Jakarta Security package.
+ |
+
| javax.security.enterprise.authentication.mechanism.http | +
+ The HTTP authentication mechanism API package.
+ |
+
| javax.security.enterprise.identitystore | +
+ The identity store API package.
+ |
+
| Class and Description | +
|---|
| AuthenticationStatus
+ The AuthenticationStatus is used as a return value by primarily
+ the
+HttpAuthenticationMechanism to indicate the result (status)
+ of the authentication process. |
+
| Class and Description | +
|---|
| AuthenticationException
+ A generic authentication exception.
+ |
+
| AuthenticationStatus
+ The AuthenticationStatus is used as a return value by primarily
+ the
+HttpAuthenticationMechanism to indicate the result (status)
+ of the authentication process. |
+
| Class and Description | +
|---|
| CallerPrincipal
+ Principal that represents the caller principal associated with the invocation being
+ processed by the container (e.g.
+ |
+
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
+ + diff --git a/security/1.0/apidocs/overview-summary.html b/security/1.0/apidocs/overview-summary.html new file mode 100644 index 0000000000..e005704ebc --- /dev/null +++ b/security/1.0/apidocs/overview-summary.html @@ -0,0 +1,173 @@ + + + + + + +
| Package | +Description | +
|---|---|
| javax.security.enterprise.authentication.mechanism.http | +
+ The HTTP authentication mechanism API package.
+ |
+
| javax.security.enterprise.credential | +
+ The Identity Store Credential API package.
+ |
+
| javax.security.enterprise.identitystore | +
+ The identity store API package.
+ |
+
| Package | +Description | +
|---|---|
| javax.security.enterprise | +
+ The main Jakarta Security package.
+ |
+
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.
Comments to: es-dev@eclipse.org.
Copyright © 2019 Eclipse Foundation. All rights reserved.
Use is subject to license terms.