Module jakarta.security
Package jakarta.security.enterprise.authentication.mechanism.http

Class HttpAuthenticationMechanismWrapper

java.lang.Object
jakarta.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanismWrapper
All Implemented Interfaces:
HttpAuthenticationMechanism
public class HttpAuthenticationMechanismWrapper extends Object implements HttpAuthenticationMechanism
This class is an implementation of the HttpAuthenticationMechanism interface that can be subclassed by developers wishing to provide extra or different functionality.

All methods default to calling the wrapped object.

Since:
3.0

  • Constructor Details

    • HttpAuthenticationMechanismWrapper

      public HttpAuthenticationMechanismWrapper()
      This constructor is intended for proxy usuage only.

    • HttpAuthenticationMechanismWrapper

      public HttpAuthenticationMechanismWrapper(HttpAuthenticationMechanism httpAuthenticationMechanism)
      Constructs the wrapper with the object being delegated to.
      Parameters:
      httpAuthenticationMechanism - The wrapped object which all methods call.

  • Method Details

    • getWrapped

      public HttpAuthenticationMechanism getWrapped()
      Returns the object that's being wrapped.
      Returns:
      the object that's being wrapped.

    • validateRequest

      public AuthenticationStatus validateRequest(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException
      Description copied from interface: HttpAuthenticationMechanism
      Authenticate an HTTP request.

      This method is called in response to an HTTP client request for a resource, and is always invoked before any Filter or HttpServlet. Additionally this method is called in response to HttpServletRequest.authenticate(HttpServletResponse)

      Note that by default this method is always called for every request, independent of whether the request is to a protected or non-protected resource, or whether a caller was successfully authenticated before within the same HTTP session or not.

      A CDI/Interceptor spec interceptor can be used to prevent calls to this method if needed. See AutoApplySession and RememberMe for two examples.

      Specified by:
      validateRequest in interface HttpAuthenticationMechanism
      Parameters:
      request - contains the request the client has made
      response - contains the response that will be send to the client
      httpMessageContext - context for interacting with the container
      Returns:
      the completion status of the processing performed by this method
      Throws:
      AuthenticationException - when the processing failed

    • secureResponse

      public AuthenticationStatus secureResponse(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException
      Description copied from interface: HttpAuthenticationMechanism
      Secure the response, optionally.

      This method is called to allow for any post processing to be done on the request, and is always invoked after any Filter or HttpServlet.

      Note that this method is only called when a (Servlet) resource has indeed been invoked, i.e. if a previous call to validateRequest that was invoked before any Filter or HttpServlet returned SUCCESS.

      Specified by:
      secureResponse in interface HttpAuthenticationMechanism
      Parameters:
      request - contains the request the client has made
      response - contains the response that will be send to the client
      httpMessageContext - context for interacting with the container
      Returns:
      the completion status of the processing performed by this method
      Throws:
      AuthenticationException - when the processing failed

    • cleanSubject

      public void cleanSubject(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, HttpMessageContext httpMessageContext)
      Description copied from interface: HttpAuthenticationMechanism
      Remove mechanism specific principals and credentials from the subject and any other state the mechanism might have used.

      This method is called in response to HttpServletRequest.logout() and gives the authentication mechanism the option to remove any state associated with an earlier established authenticated identity. For example, an authentication mechanism that stores state within a cookie can send remove that cookie here.

      Specified by:
      cleanSubject in interface HttpAuthenticationMechanism
      Parameters:
      request - contains the request the client has made
      response - contains the response that will be send to the client
      httpMessageContext - context for interacting with the container