All Implemented Interfaces:
ServerAuth
This ServerAuthContext class encapsulates ServerAuthModules that are used to secure requests made as a client. A caller typically uses this class in the following manner:
ServerAuthContext implementation invokes encapsulated ServerAuthModule(s). Module(s) verify or decrypt response as necessary.
Authentication complete.
Perform authorization check on authenticated identity and, if successful, dispatch to requested service application.
ServerAuthContext implementation invokes encapsulated ServerAuthModule(s). Module(s) secure response (sign and encrypt response, for example).
A ServerAuthContext instance may be used concurrently by multiple callers.
A ServerAuthContext instance may be used concurrently by multiple callers.
Implementations of this interface are responsible for constructing and initializing the encapsulated modules. The initialization step includes passing the relevant request and response MessagePolicy objects to the encapsulated modules. The MessagePolicy objects are obtained from the ServerAuthConfig instance that was provided when this ServerAuthContext instance was created.
AuthContextFactory - #getAuthContext for more information.
Implementations also have custom logic to determine what modules to invoke, and in what order. In addition, this custom logic may control whether subsequent modules are invoked based on the success or failure of previously invoked modules.
The caller is responsible for passing in a state Map that can be used by underlying modules to save and communicate state across a sequence of calls from secureRequest to validateResponse to disposeSubject. The same Map instance must be passed to all methods in the call sequence. Furthermore, each call sequence should be passed its own unique shared state Map instance.
- href="mailto:Anil.Saldhana@jboss.org">Anil Saldhana
Charlie - Lai, Ron Monzillo (Javadoc for JSR-196)May - 12, 2006$ - Revision: 45179 $