Module io.inverno.mod.security
Package io.inverno.mod.security.authentication

Interface Authentication

All Known Subinterfaces:
GroupAwareAuthentication, LDAPAuthentication, PrincipalAuthentication, TokenAuthentication, UserAuthentication<A>
All Known Implementing Classes:
JWEAuthentication, JWSAuthentication, JWTEAuthentication, JWTSAuthentication
public interface Authentication

An authentication represents a proof that the credentials of an entity have been authenticated.

An authenticated entity must present an authentication to the application in order certify that it has been authenticated and claim access to protected services or resources. The identity of the entity and what services and resources are accessible directly depends on the authentication which is intimately related and results from the authentication of the entity credentials by an Authenticator.

The Identity of the authenticated entity can be resolved from the authentication using an IdentityResolver. Note that the entity identity might not always be available, the authentication certifies that an authentication took place and that protected access might be granted but this is unrelated with identification.

The AccessController used to control the access to protected services and resources for the authenticated entity can be resolved from the authentication using an AccessControllerResolver. There is no guarantee that an access controller can be resolved for an authenticated entity based on the authentication, this bascially depends on the application and more specifically on the chosen access control strategy.

The authentication is one of the components that make up the SecurityContext along with AccessController and Identity.

Since:
1.5
Author:
Jeremy Kuhn
See Also:

  • Method Details

    • anonymous

      static Authentication anonymous()

      Returns an anonymous authentication.

      It is used to indicate that services or resources are accessed by an anonymous entity which has not been authenticated. This allows an application to differentiate between authenticated and non-authenticated access.

      Returns:
      an anonymous authentication

    • granted

      static Authentication granted()

      Returns a generic granted authentication.

      An granted authentication simply indicates that an authentication took place and was successful.

      Note that this is a convenience method, in a properly secured application such authentication should not give access to an identity nor an access controller and all access control other than checking whether an entity has been authenticated should be avoided.

      Returns:
      an granted authentication

    • denied

      static Authentication denied()

      Returns a generic denied authentication which indicates a failed authentication.

      Returns:
      a generic denied authentication

    • denied

      static Authentication denied(SecurityException cause)

      Returns a generic denied authentication which indicates a failed authentication with the specified cause.

      Parameters:
      cause - a cause
      Returns:
      a generic denied authentication

    • isAuthenticated

      boolean isAuthenticated()

      Determine whether the authentication is authenticated.

      A non-authenticated authentication might indicates that no authentication took place (i.e. anonymous access) or that the authentication failed. In case of a failed authentication, the cause is exposed by getCause().

      Returns:
      true if the the authentication is authenticated, false otherwise

    • isAnonymous

      default boolean isAnonymous()

      Determine whether the authentication is anonymous.

      An anonymous authentication indicates an anonymous access with no authentication. This is basically equivalent to !this.isAuthenticated() && !this.getCause().isPresent().

      Returns:
      true if the authentication is anonymous, false otherwise

    • getCause

      Optional<SecurityException> getCause()

      Returns the cause of a failed authentication.

      A non-authenticated authentication with no cause indicates that no authentication took place (i.e. anonymous access).

      A non-authenticated authentication with a cause indicates a failed authentication.

      Returns:
      an optional returning the cause of the failed authentication, or an empty optional if there was no authentication or if the authentication was successful