Module io.inverno.mod.security.http
Package io.inverno.mod.security.http.context

Interface InterceptingSecurityContext<A extends Identity,B extends AccessController>

Type Parameters:
A - the identity type
B - the access controller type
All Superinterfaces:
ExchangeContext, SecurityContext<A,B>, SecurityContext<A,B>
public interface InterceptingSecurityContext<A extends Identity,B extends AccessController>

An intercepting security exchange context used by security interceptors to populate the security context.

It should be only considered when configuring security interceptors and handlers which must be the only one allowed to set the security context, applicative interceptors and handlers should always use the SecurityContext instead.

Since:
1.5
Author:
Jeremy Kuhn

  • Method Details

    • setSecurityContext

      void setSecurityContext(SecurityContext<? extends A,? extends B> securityContext)

      Sets the security context in the security exchange context.

      Parameters:
      securityContext - the security context

    • getAuthentication

      default Authentication getAuthentication()
      Description copied from interface: SecurityContext

      Returns the authentication.

      A security context always returns an authentication which can be authenticated or unauthenticated following a failed authentication or for anonymous access.

      Specified by:
      getAuthentication in interface SecurityContext<A extends Identity,B extends AccessController>
      Returns:
      an authentication
      See Also:

    • getIdentity

      default Optional<A> getIdentity()
      Description copied from interface: SecurityContext

      Returns the identity of the authenticated entity.

      The identity is always empty for an unauthenticated context and may be empty for an authenticated context when the identity of the authenticated entity is unknown.

      Specified by:
      getIdentity in interface SecurityContext<A extends Identity,B extends AccessController>
      Returns:
      an optional returning the identity or an empty optional

    • getAccessController

      default Optional<B> getAccessController()
      Description copied from interface: SecurityContext

      Returns the access controller that control access to protected services and resources for the authenticated entity.

      The access controller is always empty for an unauthenticated context and may be empty for an authenticated context when access control is unsupported or unavailable for the authenticated entity.

      Specified by:
      getAccessController in interface SecurityContext<A extends Identity,B extends AccessController>
      Returns:
      an optional returning the access controller or an empty optional

    • getSecurityContext

      SecurityContext<? extends A,? extends B> getSecurityContext()

      Returns the underlying security context.

      Returns:
      a regular security context