Package com.spotfire.server.security
Interface AuthenticationContext
- All Known Subinterfaces:
WebAuthenticationContext
public interface AuthenticationContext
The
AuthenticationContext
contains information about the client and the network connection used by a
client that needs to be authenticated. This information can be used by a CustomAuthenticator
or a
CustomWebAuthenticator
implementation during authentication, or by a PostAuthenticationFilter
implementation to perform extra checks (such as validating the client's IP number against a list of allowed hosts)
after the user has been authenticated.
When used from a PostAuthenticationFilter
implementation these attributes may be available:
- If the user has been authenticated using a X.509 certificate, then the certificate chain is available as a
java.security.cert.X509Certificate[]
attribute that can be retrieved by calling thegetAttribute(java.lang.String)
method with the namejakarta.servlet.request.X509Certificate
. - If the user has been authenticated using form based authentication, then a possibly empty
java.util.Map<String, java.util.List<String>>
attribute is available and can be retrieved by calling thegetAttribute(java.lang.String)
method with the namecom.spotfire.server.security.custom-parameters
. This map contains all parameters with the prefixsf_custom_login_
posted by a custom login page. Note that the prefix is stripped from the parameter names before they're added to the map. - If the user has been authenticated using
OpenID Connect
, then the following attributes are available:- The access token as a
String
attribute that can be retrieved by calling thegetAttribute(java.lang.String)
method with the namecom.spotfire.server.security.oidc.access-token
. - The (unparsed) ID token as a
String
attribute that can be retrieved by calling thegetAttribute(java.lang.String)
method with the namecom.spotfire.server.security.oidc.id-token
.
- The access token as a
- Since:
- 3.0
-
Method Summary
Modifier and TypeMethodDescriptiongetAttribute
(String name) SeeServletRequest.getAttribute(java.lang.String)
.SeeServletRequest.getAttributeNames()
.jakarta.servlet.http.Cookie[]
SeeHttpServletRequest.getCookies()
.long
getDateHeader
(String name) SeeHttpServletRequest.getDateHeader(java.lang.String)
.SeeHttpServletRequest.getHeader(java.lang.String)
.SeeHttpServletRequest.getHeaderNames()
.getHeaders
(String name) SeeHttpServletRequest.getHeaders(java.lang.String)
.int
getIntHeader
(String name) SeeHttpServletRequest.getIntHeader(java.lang.String)
.Delegates to the underlyingjakarta.servlet.http.HttpServletRequest
.Delegates to the underlyingjakarta.servlet.http.HttpServletRequest
.Delegates to the underlyingjakarta.servlet.http.HttpServletRequest
.Delegates to the underlyingjakarta.servlet.http.HttpServletRequest
.int
Delegates to the underlyingjakarta.servlet.http.HttpServletRequest
.Delegates to the underlyingjakarta.servlet.http.HttpServletRequest
.SeeServletRequest.getRemoteAddr()
.SeeServletRequest.getRemoteHost()
.int
Delegates to the underlyingjakarta.servlet.http.HttpServletRequest
.Returns a mutable map, stored as a request attribute, that is only available from this interface.SeeServletRequest.getServerName()
.int
SeeServletRequest.getServerPort()
.Returns the HTTP session ID.Returns a reference to the User Directory class, that can be used for reading and writing users and groups.boolean
Returns the HTTP session ID.boolean
Returns the HTTP session ID.boolean
Returns the HTTP session ID.boolean
isSecure()
SeeServletRequest.isSecure()
.
-
Method Details
-
getRemoteAddr
String getRemoteAddr()SeeServletRequest.getRemoteAddr()
.- Returns:
- remote address
- Since:
- 3.0
-
getRemoteHost
String getRemoteHost()SeeServletRequest.getRemoteHost()
.- Returns:
- remote host
- Since:
- 3.0
-
getServerName
String getServerName()SeeServletRequest.getServerName()
.- Returns:
- server name
- Since:
- 3.0
-
getServerPort
int getServerPort()SeeServletRequest.getServerPort()
.- Returns:
- server port
- Since:
- 3.0
-
isSecure
boolean isSecure()SeeServletRequest.isSecure()
.- Returns:
- is secure
- Since:
- 3.0
-
getCookies
jakarta.servlet.http.Cookie[] getCookies()SeeHttpServletRequest.getCookies()
.- Returns:
- cookies
- Since:
- 3.0
- See Also:
-
HttpServletRequest.getCookies()
getHeader(String)
-
getDateHeader
SeeHttpServletRequest.getDateHeader(java.lang.String)
.- Parameters:
name
- date header name- Returns:
- date header
- Since:
- 3.0
-
getHeader
SeeHttpServletRequest.getHeader(java.lang.String)
.- Parameters:
name
- header name- Returns:
- header by name
- Since:
- 3.0
-
getHeaderNames
Enumeration<String> getHeaderNames()SeeHttpServletRequest.getHeaderNames()
.- Returns:
- header names
- Since:
- 3.0
-
getHeaders
SeeHttpServletRequest.getHeaders(java.lang.String)
.- Parameters:
name
- header name- Returns:
- headers by name
- Since:
- 3.0
-
getIntHeader
SeeHttpServletRequest.getIntHeader(java.lang.String)
.- Parameters:
name
- header name- Returns:
- int value of the header
- Since:
- 3.0
-
getAttribute
SeeServletRequest.getAttribute(java.lang.String)
.- Parameters:
name
- attribute name- Returns:
- request attribute
- Since:
- 3.2
- See Also:
-
ServletRequest.getAttribute(String)
-
getAttributeNames
Enumeration<String> getAttributeNames()SeeServletRequest.getAttributeNames()
.- Returns:
- an
Enumeration
of strings containing the names of the request's attributes - Since:
- 3.2
- See Also:
-
ServletRequest.getAttributeNames()
-
getLocalAddr
String getLocalAddr()Delegates to the underlyingjakarta.servlet.http.HttpServletRequest
.- Returns:
- the local address
- Since:
- 7.6
- See Also:
-
ServletRequest.getLocalAddr()
-
getLocalName
String getLocalName()Delegates to the underlyingjakarta.servlet.http.HttpServletRequest
.- Returns:
- the local name
- Since:
- 7.6
- See Also:
-
ServletRequest.getLocalName()
-
getLocalPort
int getLocalPort()Delegates to the underlyingjakarta.servlet.http.HttpServletRequest
.- Returns:
- the local port
- Since:
- 7.6
- See Also:
-
ServletRequest.getLocalPort()
-
getLocale
Locale getLocale()Delegates to the underlyingjakarta.servlet.http.HttpServletRequest
.- Returns:
- the preferred locale
- Since:
- 7.6
- See Also:
-
ServletRequest.getLocale()
-
getLocales
Enumeration<Locale> getLocales()Delegates to the underlyingjakarta.servlet.http.HttpServletRequest
.- Returns:
- the preferred locales
- Since:
- 7.6
- See Also:
-
ServletRequest.getLocales()
-
getRemotePort
int getRemotePort()Delegates to the underlyingjakarta.servlet.http.HttpServletRequest
.- Returns:
- the remote port
- Since:
- 7.6
- See Also:
-
ServletRequest.getRemotePort()
-
getSessionId
String getSessionId()Returns the HTTP session ID.Note: the session ID should never be logged or exposed in any other way.
- Returns:
- the HTTP session ID
- Since:
- 7.6
- See Also:
-
HttpSession.getId()
-
isRequestedSessionIdFromCookie
boolean isRequestedSessionIdFromCookie()Returns the HTTP session ID.Note: the session ID should never be logged or exposed in any other way.
- Returns:
true
if the requested session ID came from a cookie, andfalse
otherwise- Since:
- 7.6
- See Also:
-
HttpServletRequest.isRequestedSessionIdFromCookie()
-
isRequestedSessionIdFromURL
boolean isRequestedSessionIdFromURL()Returns the HTTP session ID.Note: the session ID should never be logged or exposed in any other way.
- Returns:
true
if the requested session ID came from the URL, andfalse
otherwise- Since:
- 7.6
- See Also:
-
HttpServletRequest.isRequestedSessionIdFromURL()
-
isRequestedSessionIdValid
boolean isRequestedSessionIdValid()Returns the HTTP session ID.Note: the session ID should never be logged or exposed in any other way.
- Returns:
true
if the requested session is valid, andfalse
otherwise- Since:
- 7.6
- See Also:
-
HttpServletRequest.isRequestedSessionIdValid()
-
getQueryString
String getQueryString()Delegates to the underlyingjakarta.servlet.http.HttpServletRequest
.- Returns:
- the query string or
null
- Since:
- 7.8
- See Also:
-
HttpServletRequest.getQueryString()
-
getRequestContext
Returns a mutable map, stored as a request attribute, that is only available from this interface.Typically used to pass context information (that is only applicable during the current request) from for example a
CustomAuthenticator
implementation to aPostAuthenticationFilter
implementation.- Returns:
- the request context
- Since:
- 7.11
-
getUserDirectory
UserDirectory getUserDirectory()Returns a reference to the User Directory class, that can be used for reading and writing users and groups.- Returns:
- a reference to the User Directory class
- Since:
- 10.1
-