Module io.inverno.mod.security
Package io.inverno.mod.security.context

Interface SecurityContext<A extends Identity,B extends AccessController>

Type Parameters:
A - the identity type
B - the access controller type
All Known Subinterfaces:
io.inverno.mod.security.http.context.DelegatingSecurityContext<A,B>, InterceptingSecurityContext<A,B>, SecurityContext<A,B>
public interface SecurityContext<A extends Identity,B extends AccessController>

The security context represents the central security component in an application.

It provides information and services to properly secure an application. It is basically composed of three components:

Authentication
It proves that an entity has been authenticated, in other words that the credentials of that entity has been authenticated.
Identity
When specified it provides the identity of the authenticated entity.
AccessController
It provides services to control the access to protected services or resources.

This makes it explicit that application security comes down to a process which starts by authenticating a request, or more specifically the entity that issued the request (and not a user). From there, access control can be achieved using various approaches such as role-based access control or permission-based access control. However, although access control is related to the resulting authentication, it is decorrelated from the authentication process: an entity can be authenticated without being able to apply access control afterwards.

Finally, the identity which is also related to the authentication provides information about the identity of the authenticated entity. As for the access control, this is decorrelated from the authentication process: an entity can be authenticated, and yet its identity might remain unknown. A typical example would be OAuth2 where authorizations (scopes) are granted to an authenticated entity but no identity is ever provided.

Since:
1.5
Author:
Jeremy Kuhn

  • Method Details

    • of

      static <A extends Identity, B extends AccessController> SecurityContext<A,B> of(Authentication authentication)

      Creates a security context with the specified authentication.

      The resulting context has no identity and no access controller.

      Type Parameters:
      A - the identity type
      B - the access controller type
      Parameters:
      authentication - an authentication
      Returns:
      a new security context

    • of

      static <A extends Identity, B extends AccessController> SecurityContext<A,B> of(Authentication authentication, A identity)

      Creates a security context with the specified authentication and identity.

      The resulting context has no access controller.

      Type Parameters:
      A - the identity type
      B - the access controller type
      Parameters:
      authentication - an authentication
      identity - an identity
      Returns:
      a new security context

    • of

      static <A extends Identity, B extends AccessController> SecurityContext<A,B> of(Authentication authentication, B accessController)

      Creates a security context with the specified authentication and access controller.

      The resulting context has no identity.

      Type Parameters:
      A - the identity type
      B - the access controller type
      Parameters:
      authentication - an authentication
      accessController - an access controller
      Returns:
      a new security context

    • of

      static <A extends Identity, B extends AccessController> SecurityContext<A,B> of(Authentication authentication, A identity, B accessController)

      Creates a security context with the specified authentication, identity and access controller.

      Type Parameters:
      A - the identity type
      B - the access controller type
      Parameters:
      authentication - an authentication
      identity - an optional identity
      accessController - an optional access controller
      Returns:
      a new security context

    • builder

      static <A extends Identity, B extends AccessController> SecurityContext.Builder<A,B> builder(Authentication authentication)

      Creates a security context builder with the specified authentication.

      Type Parameters:
      A - the identity type
      B - the access controller type
      Parameters:
      authentication - an authentication
      Returns:
      a security context builder

    • isAuthenticated

      default boolean isAuthenticated()

      Determines whether an entity has been authenticated.

      This method basically delegates to Authentication.isAuthenticated().

      Returns:
      true if an entity has been authenticated, false otherwise

    • isAnonymous

      default boolean isAnonymous()

      Determines whether this context is anonymous.

      This method basically delegates to Authentication.isAnonymous().

      Returns:
      true if the context represents an anonymous access, false otherwise

    • getAuthentication

      default Authentication getAuthentication()

      Returns the authentication.

      A security context always returns an authentication which can be authenticated or unauthenticated following a failed authentication or for anonymous access.

      Returns:
      an authentication
      See Also:

    • getIdentity

      default Optional<A> getIdentity()

      Returns the identity of the authenticated entity.

      The identity is always empty for an unauthenticated context and may be empty for an authenticated context when the identity of the authenticated entity is unknown.

      Returns:
      an optional returning the identity or an empty optional

    • getAccessController

      default Optional<B> getAccessController()

      Returns the access controller that control access to protected services and resources for the authenticated entity.

      The access controller is always empty for an unauthenticated context and may be empty for an authenticated context when access control is unsupported or unavailable for the authenticated entity.

      Returns:
      an optional returning the access controller or an empty optional