Package org.nuclos.api.rule

Interface AuthenticationRule

public interface AuthenticationRule
An AuthenticationRule can authorize any request against our RESTful service.

The rule is called if a client does not transmit a JSESSIONID (cookie).

If there is more than one rule of this type, they are called in order of javax.annotation.Priority. A thrown exception cancels the request directly. If the result of the rule is null or the username and userId are null, the next one is called.

By default, the session is dropped after the request. If a client supports login (store and transmit the JSESSIONID cookie), you should enable the Nuclos login for the user by adding .withLoginRequired(true) to the result. A login always requires a logout from the client after the work is done. Are many requests expected and the authentication is a complex process (SSO token check, for example), a login is recommended, or at least caching some relevant information within the rule.

See Also:

  • Method Details

    • authenticate

      AuthenticationResult authenticate(AuthenticationContext context) throws BusinessException
      Parameters:
      context - AuthenticationContext is the context providing all authorization-relevant attributes, such as all header information and the called URL.
      Returns:
      A successful authentication must identify a user. A minimum return should look like this: 
      return AuthenticationResult
 	.builder()
 	.withUsername("nuclos")
 	.build();

      Throws:
      BusinessException

    • refreshAuthentication

      default boolean refreshAuthentication(RefreshAuthenticationContext context) throws BusinessException
      A session with login whose lifetime has expired will call this method next time a request starts.

      The lifetime can be set in the result. The default is null, which means that the system is handling the session only and a refresh is never called.

      Parameters:
      context - RefreshAuthenticationContext is the context providing all refresh-relevant attributes, similar to the AuthenticationContext but with the AuthenticationResult for the current session. You can save important values from the authentication as attribute in the result .withAttribute("myAttr", "myValue")
      Returns:
      true when refresh was successful, false otherwise. A false automatically results in a logout.
      Throws:
      BusinessException