public interface SecurityContext
Unless otherwise indicated, this type must be usable in all Java EE containers, specifically the Servlet and EJB containers.
| Modifier and Type | Method and Description |
|---|---|
AuthenticationStatus |
authenticate(HttpServletRequest request,
HttpServletResponse response,
AuthenticationParameters parameters)
Signal to the container (programmatically trigger) that it should start or continue a web/HTTP based authentication dialog with
the caller.
|
Principal |
getCallerPrincipal()
Retrieve the
java.security.Principal that represents the name of authenticated caller name, or null
if the current caller is not authenticated. |
boolean |
hasAccessToWebResource(String resource)
Checks whether the caller has access to the provided "web resource" using the GET HTTP method,
such as specified by section 13.8 of the Servlet specification, and the JACC specification,
specifically the
WebResourcePermission type. |
boolean |
hasAccessToWebResource(String resource,
String... methods)
Checks whether the caller has access to the provided "web resource" using the given methods,
such as specified by section 13.8 of the Servlet specification, and the JACC specification,
specifically the
WebResourcePermission type. |
boolean |
isCallerInRole(String role)
Checks whether the authenticated caller is included in the specified logical application "role".
|
Principal getCallerPrincipal()
java.security.Principal that represents the name of authenticated caller name, or null
if the current caller is not authenticated.
The Principal can be downcasted to the exact Principal type that was set by the HttpAuthenticationMechanism
(possibly via an IdentityStore) or a JASPIC ServerAuthModule.
boolean isCallerInRole(String role)
false.
This method can not be used to test for roles that are mapped to specific named Servlets or
named EJB beans. For a Servlet an example of this would be the role-name nested in a
security-role-ref element nested in a servlet element in web.xml.
Should code in either such Servlet or EJB bean wish to take such mapped (aka referenced, linked) roles into
account, the facilities for that specific container should be used instead. For instance for Servlet that would
be HttpServletRequest.isUserInRole(String) and for EJB beans that would be
EJBContext.isCallerInRole(String).
role - a String specifying the name of the logical application roletrue if the authenticated caller is in the given role, false if the caller is not authentication or
is not in the given role.boolean hasAccessToWebResource(String resource)
WebResourcePermission type.
A caller has access if the web resource is either not protected (constrained), or when it is protected by a role and the caller is in that role.
resource - the name of the web resource to test access for. This is a URLPatternSpec that
identifies the application specific web resources to which the permission pertains. For a full specification of this
pattern see WebResourcePermission.WebResourcePermission(String, String).true if the caller has access to the web resource, false otherwise.boolean hasAccessToWebResource(String resource, String... methods)
WebResourcePermission type.
A caller has access if the web resource is either not protected (constrained), or when it is protected by a role and the caller is in that role.
resource - the name of the web resource to test access for. This is a URLPatternSpec that
identifies the application specific web resources to which the permission pertains. For a full specification of this
pattern see WebResourcePermission.WebResourcePermission(String, String).methods - one or more methods to check for whether the caller has access to the web resource using one of those methods.true if the caller has access to the web resource using one of the given methods, false otherwise.AuthenticationStatus authenticate(HttpServletRequest request, HttpServletResponse response, AuthenticationParameters parameters)
Programmatically triggering means that the container responds as if the caller had attempted to access a constrained resource
and acts by invoking a configured authentication mechanism (such as the HttpAuthenticationMechanism).
Whether the authentication dialog is to be started or continued depends on the (logical) state of the authentication dialog. If
such dialog is currently in progress, a call to this method will continue it. If such dialog is not in progress a new one will be
started. A new dialog can be forced to be started regardless of one being in progress or not by providing a value of
true for the AuthenticationParameters.newAuthentication parameter with this call.
This method requires an HttpServletRequest and HttpServletResponse argument to be passed in, and
can therefore only be used in a valid Servlet context.
request - The HttpServletRequest associated with the current web resource invocation.response - The HttpServletResponse associated with the given HttpServletRequest.parameters - The parameters that are provided along with a programmatic authentication request, for instance the credentials.
collected by the application for continuing an authentication dialog.Copyright © 2015–2017. All rights reserved.