public interface AuthenticationRule
AuthenticationRule
can authorize any request against our RESTful service.
The rule is called if a client does not transmit a JSESSIONID (cookie).
If there is more than one rule of this type, they are called in order of javax.annotation.Priority
.
A thrown exception cancels the request directly. If the result of the rule is null
or the username and userId are null
,
the next one is called.
By default, the session is dropped after the request. If a client supports login (store and transmit the JSESSIONID cookie),
you should enable the Nuclos login for the user by adding .withLoginRequired(true)
to the result.
A login always requires a logout from the client after the work is done.
Are many requests expected and the authentication is a complex process (SSO token check, for example),
a login is recommended, or at least caching some relevant information within the rule.
AuthenticationContext
,
AuthenticationResult
Modifier and Type | Method and Description |
---|---|
AuthenticationResult |
authenticate(AuthenticationContext context) |
default boolean |
refreshAuthentication(RefreshAuthenticationContext context)
A session with login whose lifetime has expired will call this method next time a request starts.
|
AuthenticationResult authenticate(AuthenticationContext context) throws BusinessException
context
- AuthenticationContext
is the context providing all authorization-relevant attributes,
such as all header information and the called URL. return AuthenticationResult
.builder()
.withUsername("nuclos")
.build();
BusinessException
default boolean refreshAuthentication(RefreshAuthenticationContext context) throws BusinessException
The lifetime can be set in the result. The default is null
, which means that the system is handling the session only
and a refresh is never called.
context
- RefreshAuthenticationContext
is the context providing all refresh-relevant attributes,
similar to the AuthenticationContext
but with the
AuthenticationResult
for the current session.
You can save important values from the authentication as
attribute in the result .withAttribute("myAttr", "myValue")
true
when refresh was successful, false
otherwise.
A false
automatically results in a logout.BusinessException
Copyright © 2024. All rights reserved.