Interface AuthenticationContext

  • All Known Subinterfaces:
    WebAuthenticationContext

    public interface AuthenticationContext
    The AuthenticationContext contains information about the client and the network connection used by a client that needs to be authenticated. This information can be used by a CustomAuthenticator or a CustomWebAuthenticator implementation during authentication, or by a PostAuthenticationFilter implementation to perform extra checks (such as validating the client's IP number against a list of allowed hosts) after the user has been authenticated.

    When used from a PostAuthenticationFilter implementation these attributes may be available:

    • If the user has been authenticated using a X.509 certificate, then the certificate chain is available as a java.security.cert.X509Certificate[] attribute that can be retrieved by calling the getAttribute(java.lang.String) method with the name javax.servlet.request.X509Certificate.
    • If the user has been authenticated using form based authentication, then a possibly empty java.util.Map<String, java.util.List<String>> attribute is available and can be retrieved by calling the getAttribute(java.lang.String) method with the name com.spotfire.server.security.custom-parameters. This map contains all parameters with the prefix sf_custom_login_ posted by a custom login page. Note that the prefix is stripped from the parameter names before they're added to the map.
    • If the user has been authenticated using OpenID Connect, then the following attributes are available:
      • The access token as a String attribute that can be retrieved by calling the getAttribute(java.lang.String) method with the name com.spotfire.server.security.oidc.access-token.
      • The (unparsed) ID token as a String attribute that can be retrieved by calling the getAttribute(java.lang.String) method with the name com.spotfire.server.security.oidc.id-token.
    Since:
    3.0
    Author:
    Michael Krammer