Package com.spotfire.server.security

Interface AuthenticationContext

All Known Subinterfaces:

WebAuthenticationContext

public interface AuthenticationContext

The AuthenticationContext contains information about the client and the network connection used by a client that needs to be authenticated. This information can be used by a CustomAuthenticator or a CustomWebAuthenticator implementation during authentication, or by a PostAuthenticationFilter implementation to perform extra checks (such as validating the client's IP number against a list of allowed hosts) after the user has been authenticated.

When used from a PostAuthenticationFilter implementation these attributes may be available:

• If the user has been authenticated using a X.509 certificate, then the certificate chain is available as a java.security.cert.X509Certificate[] attribute that can be retrieved by calling the getAttribute(java.lang.String) method with the name jakarta.servlet.request.X509Certificate.
• If the user has been authenticated using form based authentication, then a possibly empty java.util.Map<String, java.util.List<String>> attribute is available and can be retrieved by calling the getAttribute(java.lang.String) method with the name com.spotfire.server.security.custom-parameters. This map contains all parameters with the prefix sf_custom_login_ posted by a custom login page. Note that the prefix is stripped from the parameter names before they're added to the map.
• If the user has been authenticated using OpenID Connect, then the following attributes are available:
  • The access token as a String attribute that can be retrieved by calling the getAttribute(java.lang.String) method with the name com.spotfire.server.security.oidc.access-token.
  • The (unparsed) ID token as a String attribute that can be retrieved by calling the getAttribute(java.lang.String) method with the name com.spotfire.server.security.oidc.id-token.

Since:

3.0

Method Summary

Modifier and Type	Method	Description
Object	getAttribute(String name)	See ServletRequest.getAttribute(java.lang.String).
Enumeration<String>	getAttributeNames()	See ServletRequest.getAttributeNames().
Cookie[]	getCookies()	See HttpServletRequest.getCookies().
long	getDateHeader(String name)	See HttpServletRequest.getDateHeader(java.lang.String).
String	getHeader(String name)	See HttpServletRequest.getHeader(java.lang.String).
Enumeration<String>	getHeaderNames()	See HttpServletRequest.getHeaderNames().
Enumeration<String>	getHeaders(String name)	See HttpServletRequest.getHeaders(java.lang.String).
int	getIntHeader(String name)	See HttpServletRequest.getIntHeader(java.lang.String).
String	getLocalAddr()	Delegates to the underlying jakarta.servlet.http.HttpServletRequest.
Locale	getLocale()	Delegates to the underlying jakarta.servlet.http.HttpServletRequest.
Enumeration<Locale>	getLocales()	Delegates to the underlying jakarta.servlet.http.HttpServletRequest.
String	getLocalName()	Delegates to the underlying jakarta.servlet.http.HttpServletRequest.
int	getLocalPort()	Delegates to the underlying jakarta.servlet.http.HttpServletRequest.
String	getQueryString()	Delegates to the underlying jakarta.servlet.http.HttpServletRequest.
String	getRemoteAddr()	See ServletRequest.getRemoteAddr().
String	getRemoteHost()	See ServletRequest.getRemoteHost().
int	getRemotePort()	Delegates to the underlying jakarta.servlet.http.HttpServletRequest.
Map<String,Object>	getRequestContext()	Returns a mutable map, stored as a request attribute, that is only available from this interface.
String	getServerName()	See ServletRequest.getServerName().
int	getServerPort()	See ServletRequest.getServerPort().
String	getSessionId()	Returns the HTTP session ID.
UserDirectory	getUserDirectory()	Returns a reference to the User Directory class, that can be used for reading and writing users and groups.
boolean	isRequestedSessionIdFromCookie()	Returns the HTTP session ID.
boolean	isRequestedSessionIdFromURL()	Returns the HTTP session ID.
boolean	isRequestedSessionIdValid()	Returns the HTTP session ID.
boolean	isSecure()	See ServletRequest.isSecure().

Method Details

getRemoteAddr

String getRemoteAddr()

See ServletRequest.getRemoteAddr().

Returns:

remote address

Since:

3.0

getRemoteHost

String getRemoteHost()

See ServletRequest.getRemoteHost().

Returns:

remote host

Since:

3.0

getServerName

String getServerName()

See ServletRequest.getServerName().

Returns:

server name

Since:

3.0

getServerPort

int getServerPort()

See ServletRequest.getServerPort().

Returns:

server port

Since:

3.0

isSecure

boolean isSecure()

See ServletRequest.isSecure().

Returns:

is secure

Since:

3.0

getCookies

Cookie[] getCookies()

See HttpServletRequest.getCookies().

Returns:

cookies

Since:

3.0

See Also:

• HttpServletRequest.getCookies()
• getHeader(String)

getDateHeader

long getDateHeader(String name)

See HttpServletRequest.getDateHeader(java.lang.String).

Parameters:

name - date header name

Returns:

date header

Since:

3.0

getHeader

String getHeader(String name)

See HttpServletRequest.getHeader(java.lang.String).

Parameters:

name - header name

Returns:

header by name

Since:

3.0

getHeaderNames

Enumeration<String> getHeaderNames()

See HttpServletRequest.getHeaderNames().

Returns:

header names

Since:

3.0

getHeaders

Enumeration<String> getHeaders(String name)

See HttpServletRequest.getHeaders(java.lang.String).

Parameters:

name - header name

Returns:

headers by name

Since:

3.0

getIntHeader

int getIntHeader(String name)

See HttpServletRequest.getIntHeader(java.lang.String).

Parameters:

name - header name

Returns:

int value of the header

Since:

3.0

getAttribute

Object getAttribute(String name)

See ServletRequest.getAttribute(java.lang.String).

Parameters:

name - attribute name

Returns:

request attribute

Since:

3.2

See Also:

• ServletRequest.getAttribute(String)

getAttributeNames

Enumeration<String> getAttributeNames()

See ServletRequest.getAttributeNames().

Returns:

an Enumeration of strings containing the names of the request's attributes

Since:

3.2

See Also:

• ServletRequest.getAttributeNames()

getLocalAddr

String getLocalAddr()

Delegates to the underlying jakarta.servlet.http.HttpServletRequest.

Returns:

the local address

Since:

7.6

See Also:

• ServletRequest.getLocalAddr()

getLocalName

String getLocalName()

Delegates to the underlying jakarta.servlet.http.HttpServletRequest.

Returns:

the local name

Since:

7.6

See Also:

• ServletRequest.getLocalName()

getLocalPort

int getLocalPort()

Delegates to the underlying jakarta.servlet.http.HttpServletRequest.

Returns:

the local port

Since:

7.6

See Also:

• ServletRequest.getLocalPort()

getLocale

Locale getLocale()

Delegates to the underlying jakarta.servlet.http.HttpServletRequest.

Returns:

the preferred locale

Since:

7.6

See Also:

• ServletRequest.getLocale()

getLocales

Enumeration<Locale> getLocales()

Delegates to the underlying jakarta.servlet.http.HttpServletRequest.

Returns:

the preferred locales

Since:

7.6

See Also:

• ServletRequest.getLocales()

getRemotePort

int getRemotePort()

Delegates to the underlying jakarta.servlet.http.HttpServletRequest.

Returns:

the remote port

Since:

7.6

See Also:

• ServletRequest.getRemotePort()

getSessionId

String getSessionId()

Returns the HTTP session ID.

Note: the session ID should never be logged or exposed in any other way.

Returns:

the HTTP session ID

Since:

7.6

See Also:

• HttpSession.getId()

isRequestedSessionIdFromCookie

boolean isRequestedSessionIdFromCookie()

Returns the HTTP session ID.

Note: the session ID should never be logged or exposed in any other way.

Returns:

true if the requested session ID came from a cookie, and false otherwise

Since:

7.6

See Also:

• HttpServletRequest.isRequestedSessionIdFromCookie()

isRequestedSessionIdFromURL

boolean isRequestedSessionIdFromURL()

Returns the HTTP session ID.

Note: the session ID should never be logged or exposed in any other way.

Returns:

true if the requested session ID came from the URL, and false otherwise

Since:

7.6

See Also:

• HttpServletRequest.isRequestedSessionIdFromURL()

isRequestedSessionIdValid

boolean isRequestedSessionIdValid()

Returns the HTTP session ID.

Note: the session ID should never be logged or exposed in any other way.

Returns:

true if the requested session is valid, and false otherwise

Since:

7.6

See Also:

• HttpServletRequest.isRequestedSessionIdValid()

getQueryString

String getQueryString()

Delegates to the underlying jakarta.servlet.http.HttpServletRequest.

Returns:

the query string or null

Since:

7.8

See Also:

• HttpServletRequest.getQueryString()

getRequestContext

Map<String,Object> getRequestContext()

Returns a mutable map, stored as a request attribute, that is only available from this interface.

Typically used to pass context information (that is only applicable during the current request) from for example a CustomAuthenticator implementation to a PostAuthenticationFilter implementation.

Returns:

the request context

Since:

7.11

getUserDirectory

UserDirectory getUserDirectory()

Returns a reference to the User Directory class, that can be used for reading and writing users and groups.

Returns:

a reference to the User Directory class

Since:

10.1