public interface SecurityContext
Unless otherwise indicated, this type must be usable in all Jakarta EE containers, specifically the Jakarta Servlet and Jakarta Enterprise Beans containers.
|Modifier and Type||Method and Description|
Signal to the container (programmatically trigger) that it should start or continue a web/HTTP based authentication dialog with the caller.
Retrieve the platform-specific
Retrieve all Principals of the given type from the authenticated caller's Subject, or an empty set if the current caller is not authenticated, or if the specified type isn't found in the Subject.
Checks whether the caller has access to the provided "web resource" using the given methods, as specified by section 13.8 of the Servlet specification.
Checks whether the authenticated caller is included in the specified logical application "role".
java.security.Principalthat represents the name of authenticated caller, or null if the current caller is not authenticated.
This can be used to retrieve application-specific Principals when the platform's representation of the caller uses a different principal type.
The returned Set is not backed by the Subject's internal Principal Set. A new Set is created and returned for each method invocation. Modifications to the returned Set will not affect the internal Principal Set.
T- The actual type represented by the
pType- Class object representing the type of Principal to return.
boolean isCallerInRole(String role)
This method can not be used to test for roles that are mapped to specific named Jakarta Servlets or
named Jakarta Enterprise Beans. For a Servlet an example of this would be the
role-name nested in a
security-role-ref element nested in a
servlet element in
Should code in either such Jakarta Servlet or Jakarta Enterprise Bean wish to take such mapped (aka referenced, linked)
roles into account, the facilities for that specific container should be used instead. For instance for Servlet that
HttpServletRequest.isUserInRole(String) and for Jakarta Enterprise Beans that would be
Stringspecifying the name of the logical application role
trueif the authenticated caller is in the given role, false if the caller is not authentication or is not in the given role.
A caller has access if the web resource is either not protected (constrained), or when it is protected by a role and the caller is in that role.
resource- the name of the web resource to test access for. This is a
URLPatternSpecthat identifies the application specific web resources to which the permission pertains. For a full specification of this pattern see
methods- one or more methods to check for whether the caller has access to the web resource using one of those methods.
trueif the caller has access to the web resource using one of the given methods,
AuthenticationStatus authenticate(HttpServletRequest request, HttpServletResponse response, AuthenticationParameters parameters)
Programmatically triggering means that the container responds as if the caller had attempted to access a constrained resource
and acts by invoking a configured authentication mechanism (such as the
Whether the authentication dialog is to be started or continued depends on the (logical) state of the authentication dialog. If
such dialog is currently in progress, a call to this method will continue it. If such dialog is not in progress a new one will be
started. A new dialog can be forced to be started regardless of one being in progress or not by providing a value of
true for the
AuthenticationParameters.newAuthentication parameter with this call.
HttpServletRequestassociated with the current web resource invocation.
HttpServletResponseassociated with the given
parameters- The parameters that are provided along with a programmatic authentication request, for instance the credentials. collected by the application for continuing an authentication dialog.
Copyright © 2018,2020 Eclipse Foundation.
Use is subject to license terms.