public interface AuthenticationControl extends Feature
Sessions are authenticated by a chain of authentication handlers. A client session can participate in the authentication process by creating an authentication handler and registering it with the server.
Each authentication handler is registered under a particular handler name.
For registration to succeed, the server's security configuration must include
a matching control-authentication-handler entry for the name,
otherwise registration will fail and the authentication handler will be
closed immediately.
Each client session can register a single authentication handler for a given handler name.
For each authentication event, the server will use its configuration to determine the handler priority order. The server may call authentication handlers in serial or parallel. The server may stop the authentication process as soon as it has an allow or deny response from an authentication handler and all higher priority authentication handlers have abstained.
For a configured control authentication handler, the server will select a single handler from those registered for the handler name. If no authenticators are currently registered, the server will consult the next configured authentication handler in priority order.
In order to register an authentication handler a session needs both
REGISTER_HANDLER and
AUTHENTICATE permissions.
session as follows:
AuthenticationControl authenticationControl = session.feature(AuthenticationControl.class);
| Modifier and Type | Interface and Description |
|---|---|
static interface |
AuthenticationControl.ControlAuthenticationHandler
Deprecated.
since 6.2
ControlAuthenticationHandler has been replaced by the
|
static interface |
AuthenticationControl.ControlAuthenticator
A control authenticator.
|
| Modifier and Type | Method and Description |
|---|---|
CompletableFuture<Registration> |
setAuthenticationHandler(String handlerName,
AuthenticationControl.ControlAuthenticator authenticator)
Register an authentication handler for client authentication events.
|
void |
setAuthenticationHandler(String handlerName,
Set<SessionDetails.DetailType> requestedDetail,
AuthenticationControl.ControlAuthenticationHandler handler)
Deprecated.
since 6.2
|
getSessionCompletableFuture<Registration> setAuthenticationHandler(String handlerName, AuthenticationControl.ControlAuthenticator authenticator)
handlerName - the handler name which must match an entry in the
server's security configurationauthenticator - specifies the authentication handlerRegistration
which can be used to unregister the authentication handler.
Otherwise, the CompletableFuture will complete exceptionally with
a CompletionException. Common reasons for failure, listed
by the exception reported as the
cause, include:
SessionClosedException – if the session is
closed;
SessionSecurityException – if the session does
not have REGISTER_HANDLER or AUTHENTICATE
permission;
SessionException – will occur if the server
configuration does not contain a
control-authentication-handler element with the given
name.
@Deprecated void setAuthenticationHandler(String handlerName, Set<SessionDetails.DetailType> requestedDetail, AuthenticationControl.ControlAuthenticationHandler handler)
AuthenticationControl.ControlAuthenticationHandler has been replaced by the
AuthenticationControl.ControlAuthenticator interface. New authentication
handlers should implement ControlAuthenticator. This method
will be removed in a future release.
Registration will fail if the server configuration does not have a
matching control-authentication-handler>} entry for the handler
name, the handler will be closed immediately, and an error will be
reported to the session error handler.
handlerName - the handler name which must match an entry in the
server's security configurationrequestedDetail - the session details that the server should supply,
if availablehandler - the authentication handler to setCopyright © 2020 Push Technology Ltd. All Rights Reserved.