Module io.inverno.mod.security.http

Package io.inverno.mod.security.http.session

Class SessionAuthenticator<A extends Authentication>

java.lang.Object

io.inverno.mod.security.http.session.SessionAuthenticator<A>

All Implemented Interfaces:

Authenticator<SessionCredentials<A>,A>

public class SessionAuthenticator<A extends Authentication>
extends Object
implements Authenticator<SessionCredentials<A>,A>

An authenticator that simply returns the authentication resolved from a session.

Since:

1.13

Author:

Jeremy Kuhn

Constructor Summary

Constructors

Constructor	Description
SessionAuthenticator()

Method Summary

Modifier and Type	Method	Description
Mono<A>	authenticate(SessionCredentials<A> credentials)	Authenticates the specified credentials and returns an authentication.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.inverno.mod.security.authentication.Authenticator

failOnDenied, failOnDeniedAndAnonymous, flatMap, map, or

Constructor Details

SessionAuthenticator

public SessionAuthenticator()

Method Details

authenticate

public Mono<A> authenticate(SessionCredentials<A> credentials)
                     throws AuthenticationException

Description copied from interface: Authenticator

Authenticates the specified credentials and returns an authentication.

Implementations can return an empty mono to indicate that they were unable to authenticate the credentials. This does not mean credentials are invalid, this simply mean that a particular authenticator does not manage them and therefore can's possibly determine whether they are valid. For example, when considering login credentials composed of a user and a password, an authenticator which does not manage that particular user can return an empty mono.

Implementations must return denied authentications with AuthenticationException when they were able to authenticate credentials which turned out to be invalid. For example, a login credentials authenticator must return a denied authentication exception when it does manage a particular username but the provided password was invalid.

A denied authentication can also bre reported by throwing an AuthenticationException when returning an actual authentication instance is not practical.

Specified by:

authenticate in interface Authenticator<SessionCredentials<A extends Authentication>,A extends Authentication>

Parameters:

credentials - the credentials to authenticate

Returns:

a mono emitting an authentication, an error mono or an empty mono if the authenticator could not authenticate the credentials

Throws:

AuthenticationException - if credentials were invalid