public interface AuthenticationRule
AuthenticationRulecan authorize any request against our RESTful service.
The rule is called if a client does not transmit a JSESSIONID (cookie).
If there is more than one rule of this type, they are called in order of
A thrown exception cancels the request directly. If the result of the rule is
null or the username and userId are
the next one is called.
By default, the session is dropped after the request. If a client supports login (store and transmit the JSESSIONID cookie),
you should enable the Nuclos login for the user by adding
.withLoginRequired(true) to the result.
A login always requires a logout from the client after the work is done.
Are many requests expected and the authentication is a complex process (SSO token check, for example),
a login is recommended, or at least caching some relevant information within the rule.
|Modifier and Type||Method and Description|
A session with login whose lifetime has expired will call this method next time a request starts.
AuthenticationResult authenticate(AuthenticationContext context) throws BusinessException
AuthenticationContextis the context providing all authorization-relevant attributes, such as all header information and the called URL.
return AuthenticationResult .builder() .withUsername("nuclos") .build();
default boolean refreshAuthentication(RefreshAuthenticationContext context) throws BusinessException
The lifetime can be set in the result. The default is
null, which means that the system is handling the session only
and a refresh is never called.
RefreshAuthenticationContextis the context providing all refresh-relevant attributes, similar to the
AuthenticationContextbut with the
AuthenticationResultfor the current session. You can save important values from the authentication as attribute in the result
truewhen refresh was successful,
falseautomatically results in a logout.
Copyright © 2021. All rights reserved.