Package wt.auth

Class AuthenticationServer

java.lang.Object
wt.auth.AuthenticationServer
public abstract class AuthenticationServer extends Object
Authentication service. This class works in conjunction with a set of AuthenticationHandler objects, an Authenticator object and MethodAuthenticator objects to securely establish the identity of a client. The AuthenticationHandler objects are responsible for authentication schemes and initially identifying the user. The Authenticator and MethodAuthenticator objects are responsible for securely associating that identity with subsequent calls.

A typical scenario involves this class throwing an AuthenticationException that includes a bootstraping MethodAuthenticator object. This MethodAuthenticator object executes on the client to perform a secure login. This activity results in the creation of a second MethodAuthenticator object that can endorse client method calls in a way that be securely verified by the Authenticator class.

Supported API: true

  • Method Details

    • getBootstrapAuthenticator

      public static MethodAuthenticator getBootstrapAuthenticator()
      Get a bootstrap MethodAuthenticator capable of identifying the user.

      Supported API: true
      Returns:
      MethodAuthenticator object

    • getBootstrapAuthenticator

      public static MethodAuthenticator getBootstrapAuthenticator(String session_id)
      Get a bootstrap MethodAuthenticator capable of identifying the user for a given session.

      Supported API: true
      Parameters:
      session_id - a string identifying the session to be authenticated
      Returns:
      MethodAuthenticator object

    • getUserName

      public static String getUserName()
      Get authenticated user name for the current thread. If the client has not yet been authenticated, this may result in a MethodAuthenticator object being thrown back to the client to perform a secure login.

      Supported API: true
      Returns:
      the authenticated user name

    • setUserName

      public static void setUserName(String user)
      Set authenticated user name for the current thread. This will override any current authentication context with one for the given user.

      Supported API: true

    • init

      public static MethodAuthenticator init(MethodAuthenticator authenticator)
      Initialization method called from bootstrapping authenticator's init method. It can be used to convert bootstrapping authenticator into a real one or to send back another bootstrapping authenticator if the current one failed and there are other login mechanisms available.

      Supported API: true
      Parameters:
      authenticator - the MethodAuthenticator being initialized
      Returns:
      replacement MethodAuthenticator

    • newMethodAuthenticator

      public static MethodAuthenticator newMethodAuthenticator(String user)
      Create a new MethodAuthenticator object that will associate the given user name to endorsed method calls.

      Supported API: true
      Parameters:
      user - the authenticated user name
      Returns:
      MethodAuthenticator object

    • newMethodAuthenticator

      public static MethodAuthenticator newMethodAuthenticator(String user, String session_id)
      Create a new MethodAuthenticator object that will associate the given user name to endorsed method calls.

      Supported API: true
      Parameters:
      user - the authenticated user name
      obj - object that is used to identify an instance of the authenticator.
      Returns:
      MethodAuthenticator object

    • enabled

      public static boolean enabled(Class handler)
      Check if given authentication handler is enabled.

      Supported API: true
      Parameters:
      handler - the AuthenticationHandler class
      Returns:
      true if the given handler class is currently enabled

    • reauthenticateUser

      public static void reauthenticateUser()
      Re-authenticate the user name for the current thread. This will result in a MethodAuthenticator object being thrown back to the client to perform a secure login.

      Supported API: true