Package org.nuclos.api.rule

Interface AuthenticationRule

@RuleType(name="nuclos.ruletype.authenticationrule.name", description="nuclos.ruletype.authenticationrule.description") public interface AuthenticationRule
An AuthenticationRule can authorize any request against our RESTful service.

The rule is called if a client does not transmit a JSESSIONID (cookie).

If there is more than one rule of this type, they are called in order of javax.annotation.Priority. A thrown exception cancels the request directly. If the result of the rule is null or the username and userId are null, the next one is called.

By default, the session is dropped after the request. If a client supports login (store and transmit the JSESSIONID cookie), you should enable the Nuclos login for the user by adding .withLoginRequired(true) to the result. A login always requires a logout from the client after the work is done. Are many requests expected and the authentication is a complex process (SSO token check, for example), a login is recommended, or at least caching some relevant information within the rule.

See Also:

  • Method Details

    • authenticate

      AuthenticationResult authenticate(AuthenticationContext context) throws BusinessException
      Parameters:
      context - AuthenticationContext is the context providing all authorization-relevant attributes, such as all header information and the called URL.
      Returns:
      A successful authentication must identify a user. A minimum return should look like this: 
      return AuthenticationResult
 	.builder()
 	.withUsername("nuclos")
 	.build();

      Throws:
      BusinessException

    • refreshAuthentication

      default boolean refreshAuthentication(RefreshAuthenticationContext context) throws BusinessException
      A session with login whose lifetime has expired will call this method next time a request starts.

      The lifetime can be set in the result. The default is null, which means that the system is handling the session only and a refresh is never called.

      Parameters:
      context - RefreshAuthenticationContext is the context providing all refresh-relevant attributes, similar to the AuthenticationContext but with the AuthenticationResult for the current session. You can save important values from the authentication as attribute in the result .withAttribute("myAttr", "myValue")
      Returns:
      true when refresh was successful, false otherwise. A false automatically results in a logout.
      Throws:
      BusinessException

    • validateUserInfo

      default boolean validateUserInfo(ValidateUserInfoContext context) throws BusinessException
      Directly with the Sso authentication, the Sso server returns information about the user.

      By the method this information can be validated. If it returns false, the user cannot log in.

      Parameters:
      context - ValidateUserInfoContext is the context providing the user information and the nuclos userId if it has been successfully mapped.
      Returns:
      true when validation was successful, false otherwise. A false automatically results in a logout.
      Throws:
      BusinessException