authentication
An AuthenticationStrategy is responsible for retriving a Principal for the current request.
An AuthorizationStrategy that uses HTTP Basic Auth.
An AuthorizationStrategy that uses HTTP Basic Auth. Override and implement authorize to determine if the presented user/token are valid.
A principal contains an authenticated user.
A principal contains an authenticated user.
a unique value identifying this principal in the underlying system. It could be a database id, or a username, email, etc.
An AuthenticationStrategy that uses a session to check for the presence of a Principal.
An AuthenticationStrategy that uses a session to check for the presence of a Principal. The Principal must have been placed into the session during the authentication step handled outside the strategy. For example a login page.
This AuthenticatedUser is then added to the request for downstream processing.
There must have been an appropriately configured SessionManager in the endpoint before authentication is attempted.
An AuthenticationStrategy is responsible for retriving a Principal for the current request. This Principal is then added as a property for the duration of the request.
How this Principal is retrieved is dependent on the type of strategy. For example, the BasicAuthenticationStrategy, named after HTTP Basic Auth, creates a Principal based on the credentials provided in the Authorization header. If no credentials are supplied an appropriate 401 is returned.
A SessionAuthenticationStrategy looks up a Principal from the current session. The session would have been populated previously by some authenticating mechanism (login page for example).
Another type of AuthenticationStrategy might be to use an API header key to lookup details from a key database.