public interface IdentityStoreHandler
IdentityStoreHandleris a mechanism for validating a caller's credentials, and accessing a caller's identity attributes, by consulting a set of one or more
It is intended for use by an authentication mechanism, such as an
HttpAuthenticationMechanism (JSR 375) or a
Beans should inject only this handler, and not
directly, as multiple stores may exist.
Implementations of JSR 375 must supply a default implementation of
that behaves as described in the JSR 375 specification document.
Applications do not need to supply an
unless application-specific behavior is desired.
CredentialValidationResult validate(Credential credential)
Credentialand return the identity and attributes of the caller it represents.
Implementations of this method will typically invoke the
getCallerGroups() methods of one or more
and return an aggregated result.
Note that the
IdentityStore may check for
getCallerGroups() is called and a
SecurityManager is configured.
(The default built-in stores do perform this check; application-supplied stores
may or may not.) An implementation of this method should therefore invoke
getCallerGroups() in the context of a
and arrange to be granted the appropriate
credential- The credential to validate.