Interface IdentityStore
-
public interface IdentityStore
IdentityStore
is a mechanism for validating a caller's credentials and accessing a caller's identity attributes. It can be used by an authentication mechanism, such as a Jakarta SecurityHttpAuthenticationMechanism
or a Jakarta AuthenticationServerAuthModule
.Stores which do only validation or only group lookup are allowed.
An
IdentityStore
obtains identity data from a persistent store, such as a database, LDAP server, or file.
-
-
Nested Class Summary
Nested Classes Modifier and Type Interface Description static class
IdentityStore.ValidationType
Determines the type of validation (operations) that should be done by this store.
-
Field Summary
Fields Modifier and Type Field Description static Set<IdentityStore.ValidationType>
DEFAULT_VALIDATION_TYPES
Default set of validation types.
-
Method Summary
All Methods Instance Methods Default Methods Modifier and Type Method Description default Set<String>
getCallerGroups(CredentialValidationResult validationResult)
Returns groups for the caller, who is identified by theCallerPrincipal
(and potentially other values) found in thevalidationResult
parameter.default int
priority()
Determines the order of invocation for multipleIdentityStore
s.default CredentialValidationResult
validate(Credential credential)
Validates the given credential.default Set<IdentityStore.ValidationType>
validationTypes()
Determines the type of validation theIdentityStore
should be used for.
-
-
-
Field Detail
-
DEFAULT_VALIDATION_TYPES
static final Set<IdentityStore.ValidationType> DEFAULT_VALIDATION_TYPES
Default set of validation types. ContainsVALIDATE
andPROVIDE_GROUPS
.
-
-
Method Detail
-
validate
default CredentialValidationResult validate(Credential credential)
Validates the given credential.As a convenience, a default implementation is provided that looks up an overload of this method that has, as its one and only parameter, a subclass of
Credential
. Here is an example of what an implementation of this interface looks like with such an overloaded method:public class ExampleIdentityStore implements IdentityStore { public CredentialValidationResult validate(UsernamePasswordCredential usernamePasswordCredential) { // Implementation ... return INVALID_RESULT; } }
Note that the overloaded method is only called when the actual type passed into this method will exactly match the parameter type of the overloaded method. There's no attempt being done to find the most specific overloaded method such as specified in JLS 15.2.
This method returns a
CredentialValidationResult
representing the result of the validation attempt: whether it succeeded or failed, and, for a successful validation, theCallerPrincipal
, and possibly groups or other attributes, of the caller.- Parameters:
credential
- The credential to validate.- Returns:
- The validation result.
-
getCallerGroups
default Set<String> getCallerGroups(CredentialValidationResult validationResult)
Returns groups for the caller, who is identified by theCallerPrincipal
(and potentially other values) found in thevalidationResult
parameter.Callers (i.e.,
IdentityStoreHandler
s) should haveIdentityStorePermission
permission to invoke this method. Implementations should check for this permission before doing any work:SecurityManager security = System.getSecurityManager(); if (security != null) { security.checkPermission(new IdentityStorePermission("getGroups"); }
- Parameters:
validationResult
- TheCredentialValidationResult
returned by a previous call tovalidate(Credential)
.- Returns:
- The
Set
of groups found for the caller, if any, or an emptySet
otherwise. - Throws:
SecurityException
- May be thrown if the calling code does not haveIdentityStorePermission
.
-
priority
default int priority()
Determines the order of invocation for multipleIdentityStore
s. Stores with a lower priority value are consulted first.- Returns:
- The priority value. Lower values indicate higher priorities.
-
validationTypes
default Set<IdentityStore.ValidationType> validationTypes()
Determines the type of validation theIdentityStore
should be used for. By default, its used for credential validation AND providing groups.Implementations of this API should not return a direct reference to a
Set
used internally to represent anIdentityStore
's validation types, unless it is an immutableSet
. Callers of the API should be aware that the returnedSet
may be immutable, or a copy, and that, in any case, it should not be modified by the caller.- Returns:
Set
containing the validation types enabled for theIdentityStore
.
-
-