public interface IdentityStoreHandler
IdentityStoreHandler
is a mechanism for validating a caller's
credentials, and accessing a caller's identity attributes, by consulting
a set of one or more IdentityStore
s.
It is intended for use by an authentication mechanism, such as an
HttpAuthenticationMechanism
(JSR 375) or a ServerAuthModule
(JSR 196/JASPIC).
Beans should inject only this handler, and not IdentityStore
directly, as multiple stores may exist.
Implementations of JSR 375 must supply a default implementation of IdentityStoreHandler
that behaves as described in the JSR 375 specification document.
Applications do not need to supply an IdentityStoreHandler
unless application-specific behavior is desired.
Modifier and Type | Method and Description |
---|---|
CredentialValidationResult |
validate(Credential credential)
Validate the given
Credential and return the identity and attributes
of the caller it represents. |
CredentialValidationResult validate(Credential credential)
Credential
and return the identity and attributes
of the caller it represents.
Implementations of this method will typically invoke the validate()
and getCallerGroups()
methods of one or more IdentityStore
s
and return an aggregated result.
Note that the IdentityStore
may check for IdentityStorePermission
if getCallerGroups()
is called and a SecurityManager
is configured.
(The default built-in stores do perform this check; application-supplied stores
may or may not.) An implementation of this method should therefore invoke
getCallerGroups()
in the context of a PrivilegedAction
,
and arrange to be granted the appropriate IdentityStorePermission
permission.
credential
- The credential to validate.Copyright © 2015–2017. All rights reserved.