Constructor Detail

• HttpAuthenticationMechanismWrapper

  public HttpAuthenticationMechanismWrapper()

  This constructor is intended for proxy usuage only.

• HttpAuthenticationMechanismWrapper

  public HttpAuthenticationMechanismWrapper(HttpAuthenticationMechanism httpAuthenticationMechanism)

  Constructs the wrapper with the object being delegated to.

  Parameters:

  httpAuthenticationMechanism - The wrapped object which all methods call.

Method Detail

• getWrapped

  public HttpAuthenticationMechanism getWrapped()

  Returns the object that's being wrapped.

  Returns:

  the object that's being wrapped.

• validateRequest

  public AuthenticationStatus validateRequest(HttpServletRequest request,
                                              HttpServletResponse response,
                                              HttpMessageContext httpMessageContext)
                                       throws AuthenticationException

  Description copied from interface: HttpAuthenticationMechanism
  Authenticate an HTTP request.

  This method is called in response to an HTTP client request for a resource, and is always invoked before any Filter or HttpServlet. Additionally this method is called in response to HttpServletRequest.authenticate(HttpServletResponse)

  Note that by default this method is always called for every request, independent of whether the request is to a protected or non-protected resource, or whether a caller was successfully authenticated before within the same HTTP session or not.

  A CDI/Interceptor spec interceptor can be used to prevent calls to this method if needed. See AutoApplySession and RememberMe for two examples.

  Specified by:

  validateRequest in interface HttpAuthenticationMechanism

  Parameters:

  request - contains the request the client has made

  response - contains the response that will be send to the client

  httpMessageContext - context for interacting with the container

  Returns:

  the completion status of the processing performed by this method

  Throws:

  AuthenticationException - when the processing failed

• secureResponse

  public AuthenticationStatus secureResponse(HttpServletRequest request,
                                             HttpServletResponse response,
                                             HttpMessageContext httpMessageContext)
                                      throws AuthenticationException

  Description copied from interface: HttpAuthenticationMechanism
  Secure the response, optionally.

  This method is called to allow for any post processing to be done on the request, and is always invoked after any Filter or HttpServlet.

  Note that this method is only called when a (Servlet) resource has indeed been invoked, i.e. if a previous call to validateRequest that was invoked before any Filter or HttpServlet returned SUCCESS.

  Specified by:

  secureResponse in interface HttpAuthenticationMechanism

  Parameters:

  request - contains the request the client has made

  response - contains the response that will be send to the client

  httpMessageContext - context for interacting with the container

  Returns:

  the completion status of the processing performed by this method

  Throws:

  AuthenticationException - when the processing failed

• cleanSubject

  public void cleanSubject(HttpServletRequest request,
                           HttpServletResponse response,
                           HttpMessageContext httpMessageContext)

  Description copied from interface: HttpAuthenticationMechanism
  Remove mechanism specific principals and credentials from the subject and any other state the mechanism might have used.

  This method is called in response to HttpServletRequest.logout() and gives the authentication mechanism the option to remove any state associated with an earlier established authenticated identity. For example, an authentication mechanism that stores state within a cookie can send remove that cookie here.

  Specified by:

  cleanSubject in interface HttpAuthenticationMechanism

  Parameters:

  request - contains the request the client has made

  response - contains the response that will be send to the client

  httpMessageContext - context for interacting with the container