| ID | Return | Method/Field | Description | Required | Deprecated | Testable |
| Security:JAVADOC:161 | AuthenticationException | jakarta.security.enterprise.AuthenticationException.AuthenticationException
|
Constructs a new AuthenticationException exception with null as its detail message.
| true |
| true |
| Security:JAVADOC:162 | AuthenticationException | jakarta.security.enterprise.AuthenticationException.AuthenticationException
(
String
)
|
Constructs a new AuthenticationException exception with the specified detail message.
| true |
| true |
| Security:JAVADOC:163 | AuthenticationException | jakarta.security.enterprise.AuthenticationException.AuthenticationException
(
String
,
Throwable
)
|
Constructs a new AuthenticationException exception with the specified detail message and cause.
| true |
| true |
| Security:JAVADOC:164 | AuthenticationException | jakarta.security.enterprise.AuthenticationException.AuthenticationException
(
Throwable
)
|
Constructs a new AuthenticationException exception with the specified cause.
| true |
| true |
| Security:JAVADOC:1 | AuthenticationStatus | jakarta.security.enterprise.AuthenticationStatus.valueOf
(
String
)
|
| true |
| true |
| Security:JAVADOC:2 | AuthenticationStatus[] | jakarta.security.enterprise.AuthenticationStatus.values
|
| true |
| true |
| Security:JAVADOC:3 | CallerPrincipal | jakarta.security.enterprise.CallerPrincipal.CallerPrincipal
(
String
)
|
| true |
| true |
| Security:JAVADOC:4 | String | jakarta.security.enterprise.CallerPrincipal.getName
|
The name of the caller
| true |
| true |
| Security:JAVADOC:5 | AuthenticationStatus | jakarta.security.enterprise.SecurityContext.authenticate
(
HttpServletRequest
,
HttpServletResponse
,
AuthenticationParameters
)
|
Signal to the container (programmatically trigger) that it should start or continue a web/HTTP based authentication dialog with the caller.
Programmatically triggering means that the container responds as if the caller had attempted to access a constrained resource and acts by invoking a configured authentication mechanism (such as the HttpAuthenticationMechanism). Whether the authentication dialog is to be started or continued depends on the (logical) state of the authentication dialog. If such dialog is currently in progress, a call to this method will continue it. If such dialog is not in progress a new one will be started. A new dialog can be forced to be started regardless of one being in progress or not by providing a value of true for the AuthenticationParameters#newAuthentication parameter with this call. This method requires an HttpServletRequest and HttpServletResponse argument to be passed in, and can therefore only be used in a valid Servlet context.
| true |
| true |
| Security:JAVADOC:6 | Principal | jakarta.security.enterprise.SecurityContext.getCallerPrincipal
|
Retrieve the platform-specific java.security.Principal that represents the name of authenticated caller, or null if the current caller is not authenticated.
| true |
| true |
| Security:JAVADOC:7 | Set | jakarta.security.enterprise.SecurityContext.getPrincipalsByType
(
Class
)
|
Retrieve all Principals of the given type from the authenticated caller's Subject, or an empty set if the current caller is not authenticated, or if the specified type isn't found in the Subject.
This can be used to retrieve application-specific Principals when the platform's representation of the caller uses a different principal type. The returned Set is not backed by the Subject's internal Principal Set. A new Set is created and returned for each method invocation. Modifications to the returned Set will not affect the internal Principal Set.
| true |
| true |
| Security:JAVADOC:8 | boolean | jakarta.security.enterprise.SecurityContext.hasAccessToWebResource
(
String
,
String[]
)
|
Checks whether the caller has access to the provided "web resource" using the given methods, as specified by section 13.8 of the Servlet specification.
A caller has access if the web resource is either not protected (constrained), or when it is protected by a role and the caller is in that role.
| true |
| true |
| Security:JAVADOC:9 | boolean | jakarta.security.enterprise.SecurityContext.isCallerInRole
(
String
)
|
Checks whether the authenticated caller is included in the specified logical application "role".
If the caller is not authenticated, this always returns false. This method can not be used to test for roles that are mapped to specific named Servlets or named EJB beans. For a Servlet an example of this would be the role-name nested in a security-role-ref element nested in a servlet element in web.xml. Should code in either such Servlet or EJB bean wish to take such mapped (aka referenced, linked) roles into account, the facilities for that specific container should be used instead. For instance for Servlet that would be HttpServletRequest#isUserInRole(String) and for EJB beans that would be SessionContext#isCallerInRole(String).
| true |
| true |
| Security:JAVADOC:10 | AuthenticationParameters | jakarta.security.enterprise.authentication.mechanism.http.AuthenticationParameters.AuthenticationParameters
|
| true |
| true |
| Security:JAVADOC:11 | AuthenticationParameters | jakarta.security.enterprise.authentication.mechanism.http.AuthenticationParameters.credential
(
Credential
)
|
Sets the credential to be used by the authentication mechanism responding to the authenticate call in which these AuthenticationParameters are passed.
| true |
| true |
| Security:JAVADOC:12 | Credential | jakarta.security.enterprise.authentication.mechanism.http.AuthenticationParameters.getCredential
|
The credential set as parameter in this instance.
| true |
| true |
| Security:JAVADOC:13 | boolean | jakarta.security.enterprise.authentication.mechanism.http.AuthenticationParameters.isNewAuthentication
|
Whether a new authentication dialog is required.
| true |
| true |
| Security:JAVADOC:14 | boolean | jakarta.security.enterprise.authentication.mechanism.http.AuthenticationParameters.isRememberMe
|
Whether "remember me" should be used.
| true |
| true |
| Security:JAVADOC:15 | AuthenticationParameters | jakarta.security.enterprise.authentication.mechanism.http.AuthenticationParameters.newAuthentication
(
boolean
)
|
Signal to the authentication mechanism responding to the authenticate call in which these AuthenticationParameters are passed, that an explicit new authentication dialog is required, as opposed to continuing a potentially existing one.
| true |
| true |
| Security:JAVADOC:16 | AuthenticationParameters | jakarta.security.enterprise.authentication.mechanism.http.AuthenticationParameters.rememberMe
(
boolean
)
|
Signals that for this call to the authentication mechanism "remember me" should be applied, IFF the "remember me" feature is configured for the authentication mechanism responding to the authenticate call.
If "remember me" is not configured, this parameter is silently ignored.
| true |
| true |
| Security:JAVADOC:17 | void | jakarta.security.enterprise.authentication.mechanism.http.AuthenticationParameters.setCredential
(
Credential
)
|
Sets the credential as parameter in this instance.
| true |
| true |
| Security:JAVADOC:18 | void | jakarta.security.enterprise.authentication.mechanism.http.AuthenticationParameters.setNewAuthentication
(
boolean
)
|
Sets whether a new authentication dialog is required.
| true |
| true |
| Security:JAVADOC:19 | void | jakarta.security.enterprise.authentication.mechanism.http.AuthenticationParameters.setRememberMe
(
boolean
)
|
Sets whether "remember me" should be used.
| true |
| true |
| Security:JAVADOC:20 | AuthenticationParameters | jakarta.security.enterprise.authentication.mechanism.http.AuthenticationParameters.withParams
|
Creates a new instance of AuthenticationParameters, useful for a fluent/builder style creation of parameters.
| true |
| true |
| Security:JAVADOC:78 | String | jakarta.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition.realmName
|
Name of realm that will be sent via the WWW-Authenticate header.
Note that this realm name does not couple a named identity store configuration to the authentication mechanism.
| true |
| true |
| Security:JAVADOC:79 | LoginToContinue | jakarta.security.enterprise.authentication.mechanism.http.CustomFormAuthenticationMechanismDefinition.loginToContinue
|
| true |
| true |
| Security:JAVADOC:80 | LoginToContinue | jakarta.security.enterprise.authentication.mechanism.http.FormAuthenticationMechanismDefinition.loginToContinue
|
| true |
| true |
| Security:JAVADOC:21 | void | jakarta.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism.cleanSubject
(
HttpServletRequest
,
HttpServletResponse
,
HttpMessageContext
)
|
Remove mechanism specific principals and credentials from the subject and any other state the mechanism might have used.
This method is called in response to HttpServletRequest#logout() and gives the authentication mechanism the option to remove any state associated with an earlier established authenticated identity. For example, an authentication mechanism that stores state within a cookie can send remove that cookie here.
| true |
| true |
| Security:JAVADOC:22 | AuthenticationStatus | jakarta.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism.secureResponse
(
HttpServletRequest
,
HttpServletResponse
,
HttpMessageContext
)
|
Secure the response, optionally.
This method is called to allow for any post processing to be done on the request, and is always invoked after any Filter or HttpServlet. Note that this method is only called when a (Servlet) resource has indeed been invoked, i.e. if a previous call to validateRequest that was invoked before any Filter or HttpServlet returned SUCCESS.
| true |
| true |
| Security:JAVADOC:23 | AuthenticationStatus | jakarta.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism.secureResponse
(
HttpServletRequest
,
HttpServletResponse
,
HttpMessageContext
)
throws
AuthenticationException
| when the processing failed | true |
| true |
| Security:JAVADOC:24 | AuthenticationStatus | jakarta.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism.validateRequest
(
HttpServletRequest
,
HttpServletResponse
,
HttpMessageContext
)
|
Authenticate an HTTP request.
This method is called in response to an HTTP client request for a resource, and is always invoked before any Filter or HttpServlet. Additionally this method is called in response to HttpServletRequest#authenticate(HttpServletResponse) Note that by default this method is always called for every request, independent of whether the request is to a protected or non-protected resource, or whether a caller was successfully authenticated before within the same HTTP session or not. A CDI/Interceptor spec interceptor can be used to prevent calls to this method if needed. See AutoApplySession and RememberMe for two examples.
| true |
| true |
| Security:JAVADOC:25 | AuthenticationStatus | jakarta.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism.validateRequest
(
HttpServletRequest
,
HttpServletResponse
,
HttpMessageContext
)
throws
AuthenticationException
| when the processing failed | true |
| true |
| Security:JAVADOC:26 | void | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext.cleanClientSubject
|
Convenience method to clean the subject associated with this context.
Cleaning this subject is done as defined by the Servlet Container Profile of JASPIC (JSR 196) for the ServerAuthModule#cleanSubject method and the HttpAuthenticationMechanism#cleanSubject(HttpServletRequest, HttpServletResponse, HttpMessageContext) method defined by this specification.
| true |
| true |
| Security:JAVADOC:27 | AuthenticationStatus | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext.doNothing
|
Instructs the container to "do nothing".
When intending to do nothing, a JSR 375 authentication mechanism has to indicate this explicitly via its return value. As a convenience this method returns NOT_DONE, so this method can be used in one fluent return statement from an HttpAuthenticationMechanism
| true |
| true |
| Security:JAVADOC:28 | AuthenticationStatus | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext.forward
(
String
)
|
Forwards to another resource (servlet, JSP file, or HTML file) on the server.
As a convenience this method returns SEND_CONTINUE, so this method can be used in one fluent return statement from an HttpAuthenticationMechanism
| true |
| true |
| Security:JAVADOC:29 | AuthenticationParameters | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext.getAuthParameters
|
Returns the parameters that were provided with the SecurityContext#authenticate(AuthParameters) call.
| true |
| true |
| Security:JAVADOC:30 | Principal | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext.getCallerPrincipal
|
Gets the Principal set by a call to notifyContainerAboutLogin().
| true |
| true |
| Security:JAVADOC:31 | Subject | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext.getClientSubject
|
Returns the subject for which authentication is to take place.
Note: This is a low level object that most higher level code would not need to use directly.
| true |
| true |
| Security:JAVADOC:32 | Set | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext.getGroups
|
Gets the groups set by a call to notifyContainerAboutLogin().
| true |
| true |
| Security:JAVADOC:33 | CallbackHandler | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext.getHandler
|
Returns the low level JSR 196 handler that the runtime provided when creating this HttpMessageContext, and which this context uses to communicate the authentication details to the runtime.
Note: This is a low level object that most higher level code would not need to use directly.
| true |
| true |
| Security:JAVADOC:34 | MessageInfo | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext.getMessageInfo
|
Returns the the low level JSR 196 message info instance for the current request.
Note: This is a low level object that most higher level code would not need to use directly.
| true |
| true |
| Security:JAVADOC:35 | HttpServletRequest | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext.getRequest
|
Returns the request object associated with the current request.
| true |
| true |
| Security:JAVADOC:36 | HttpServletResponse | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext.getResponse
|
Returns the response object associated with the current request.
| true |
| true |
| Security:JAVADOC:37 | boolean | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext.isAuthenticationRequest
|
Checks if the current call to an authentication mechanism is the result from the application calling SecurityContext#authenticate(HttpServletRequest, HttpServletResponse, AuthenticationParameters)
If SecurityContext#authenticate was not called, the authentication mechanism may have been invoked by the container at the start of a request.
| true |
| true |
| Security:JAVADOC:38 | boolean | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext.isProtected
|
Checks if the currently requested resource is protected or not.
A protected resource is a resource (e.g. a Servlet, JSF page, JSP page etc) for which a constraint has been defined in e.g. web.xml.
| true |
| true |
| Security:JAVADOC:39 | boolean | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext.isRegisterSession
|
Check if the runtime has been asked to register an authentication session duing the current request.
| true |
| true |
| Security:JAVADOC:40 | AuthenticationStatus | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext.notifyContainerAboutLogin
(
String
,
Set
)
|
Asks the container to register the given caller name and groups in order to make them available to the application for use with SecurityContext#isCallerInRole(String) etc.
Note that after this call returned, the authenticated identity will not be immediately active. This will only take place (should no errors occur) after the authentication mechanism in which this call takes place returns control back to the container (runtime). As a convenience this method returns SUCCESS, so this method can be used in one fluent return statement from an HttpAuthenticationMechanism
| true |
| true |
| Security:JAVADOC:41 | AuthenticationStatus | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext.notifyContainerAboutLogin
(
Principal
,
Set
)
|
Asks the container to register the given caller principal and groups in order to make them available to the application for use with SecurityContext#isCallerInRole(String) etc.
Note that this call may result in the container establishing two caller principals to represent the caller's identity -- the Principal provided here as the principal parameter, and a second principal used as the container's representation of the caller identity. A second principal is added only if the container uses a different Principal type to represent the caller. If the types are the same, only one Principal is added. If a second principal is added, the value returned by Principal#getName() will be the same for both principals. When two principals are added, the container's caller principal is returned from SecurityContext#getCallerPrincipal(), and the principal supplied here as a parameter can be retrieved using SecurityContext#getPrincipalsByType(Class). When only one is added, it is returned by SecurityContext#getCallerPrincipal(). Note that after this call returned, the authenticated identity will not be immediately active. This will only take place (should no errors occur) after the authentication mechanism in which this call takes place returns control back to the container (runtime). As a convenience this method returns SUCCESS, so this method can be used in one fluent return statement from an HttpAuthenticationMechanism
| true |
| true |
| Security:JAVADOC:42 | AuthenticationStatus | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext.notifyContainerAboutLogin
(
CredentialValidationResult
)
|
Convenience method intended to pass the CredentialValidationResult result of an identity store directly on to the container.
If the outcome from the given CredentialValidationResult#getStatus() equals Status#VALID, the CallerPrincipal and groups are obtained from the CredentialValidationResult and passed into HttpMessageContext#notifyContainerAboutLogin(Principal, Set). If the outcome from the given CredentialValidationResult#getStatus() is not equal to Status#VALID a failure result is returned.
| true |
| true |
| Security:JAVADOC:44 | AuthenticationStatus | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext.redirect
(
String
)
|
Sets the response status to SC_FOUND 302 (Found)
As a convenience this method returns SEND_CONTINUE, so this method can be used in one fluent return statement from an HttpAuthenticationMechanism
| true |
| true |
| Security:JAVADOC:45 | AuthenticationStatus | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext.responseNotFound
|
Sets the response status to 404 (not found).
As a convenience this method returns SEND_FAILURE, so this method can be used in one fluent return statement from an HttpAuthenticationMechanism
| true |
| true |
| Security:JAVADOC:46 | AuthenticationStatus | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext.responseUnauthorized
|
Sets the response status to 401 (unauthorized).
As a convenience this method returns SEND_FAILURE, so this method can be used in one fluent return statement from an HttpAuthenticationMechanism
| true |
| true |
| Security:JAVADOC:47 | void | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext.setRegisterSession
(
String
,
Set
)
|
Asks the runtime to register an authentication session.
This will automatically remember the logged-in status as long as the current HTTP session remains valid. Without this being asked, a HttpAuthenticationMechanism has to manually re-authenticate with the runtime at the start of each request.
| true |
| true |
| Security:JAVADOC:48 | void | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext.setRequest
(
HttpServletRequest
)
|
Sets the request object.
| true |
| true |
| Security:JAVADOC:49 | void | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext.setResponse
(
HttpServletResponse
)
|
Set the response object.
| true |
| true |
| Security:JAVADOC:50 | HttpMessageContext | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext.withRequest
(
HttpServletRequest
)
|
Sets the request object.
| true |
| true |
| Security:JAVADOC:51 | void | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContextWrapper.cleanClientSubject
|
Convenience method to clean the subject associated with this context.
Cleaning this subject is done as defined by the Servlet Container Profile of JASPIC (JSR 196) for the ServerAuthModule#cleanSubject method and the HttpAuthenticationMechanism#cleanSubject(HttpServletRequest, HttpServletResponse, HttpMessageContext) method defined by this specification.
| true |
| true |
| Security:JAVADOC:52 | AuthenticationStatus | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContextWrapper.doNothing
|
Instructs the container to "do nothing".
When intending to do nothing, a JSR 375 authentication mechanism has to indicate this explicitly via its return value. As a convenience this method returns NOT_DONE, so this method can be used in one fluent return statement from an HttpAuthenticationMechanism
| true |
| true |
| Security:JAVADOC:53 | AuthenticationStatus | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContextWrapper.forward
(
String
)
|
Forwards to another resource (servlet, JSP file, or HTML file) on the server.
As a convenience this method returns SEND_CONTINUE, so this method can be used in one fluent return statement from an HttpAuthenticationMechanism
| true |
| true |
| Security:JAVADOC:54 | AuthenticationParameters | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContextWrapper.getAuthParameters
|
Returns the parameters that were provided with the SecurityContext#authenticate(AuthParameters) call.
| true |
| true |
| Security:JAVADOC:55 | Principal | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContextWrapper.getCallerPrincipal
|
Gets the Principal set by a call to notifyContainerAboutLogin().
| true |
| true |
| Security:JAVADOC:56 | Subject | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContextWrapper.getClientSubject
|
Returns the subject for which authentication is to take place.
Note: This is a low level object that most higher level code would not need to use directly.
| true |
| true |
| Security:JAVADOC:57 | Set | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContextWrapper.getGroups
|
Gets the groups set by a call to notifyContainerAboutLogin().
| true |
| true |
| Security:JAVADOC:58 | CallbackHandler | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContextWrapper.getHandler
|
Returns the low level JSR 196 handler that the runtime provided when creating this HttpMessageContext, and which this context uses to communicate the authentication details to the runtime.
Note: This is a low level object that most higher level code would not need to use directly.
| true |
| true |
| Security:JAVADOC:59 | MessageInfo | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContextWrapper.getMessageInfo
|
Returns the the low level JSR 196 message info instance for the current request.
Note: This is a low level object that most higher level code would not need to use directly.
| true |
| true |
| Security:JAVADOC:60 | HttpServletRequest | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContextWrapper.getRequest
|
Returns the request object associated with the current request.
| true |
| true |
| Security:JAVADOC:61 | HttpServletResponse | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContextWrapper.getResponse
|
Returns the response object associated with the current request.
| true |
| true |
| Security:JAVADOC:62 | HttpMessageContext | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContextWrapper.getWrapped
|
| true |
| true |
| Security:JAVADOC:63 | HttpMessageContextWrapper | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContextWrapper.HttpMessageContextWrapper
(
HttpMessageContext
)
|
| true |
| true |
| Security:JAVADOC:64 | boolean | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContextWrapper.isAuthenticationRequest
|
Checks if the current call to an authentication mechanism is the result from the application calling SecurityContext#authenticate(HttpServletRequest, HttpServletResponse, AuthenticationParameters)
If SecurityContext#authenticate was not called, the authentication mechanism may have been invoked by the container at the start of a request.
| true |
| true |
| Security:JAVADOC:65 | boolean | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContextWrapper.isProtected
|
Checks if the currently requested resource is protected or not.
A protected resource is a resource (e.g. a Servlet, JSF page, JSP page etc) for which a constraint has been defined in e.g. web.xml.
| true |
| true |
| Security:JAVADOC:66 | boolean | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContextWrapper.isRegisterSession
|
Check if the runtime has been asked to register an authentication session duing the current request.
| true |
| true |
| Security:JAVADOC:67 | AuthenticationStatus | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContextWrapper.notifyContainerAboutLogin
(
String
,
Set
)
|
Asks the container to register the given caller name and groups in order to make them available to the application for use with SecurityContext#isCallerInRole(String) etc.
Note that after this call returned, the authenticated identity will not be immediately active. This will only take place (should no errors occur) after the authentication mechanism in which this call takes place returns control back to the container (runtime). As a convenience this method returns SUCCESS, so this method can be used in one fluent return statement from an HttpAuthenticationMechanism
| true |
| true |
| Security:JAVADOC:68 | AuthenticationStatus | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContextWrapper.notifyContainerAboutLogin
(
Principal
,
Set
)
|
Asks the container to register the given caller principal and groups in order to make them available to the application for use with SecurityContext#isCallerInRole(String) etc.
Note that this call may result in the container establishing two caller principals to represent the caller's identity -- the Principal provided here as the principal parameter, and a second principal used as the container's representation of the caller identity. A second principal is added only if the container uses a different Principal type to represent the caller. If the types are the same, only one Principal is added. If a second principal is added, the value returned by Principal#getName() will be the same for both principals. When two principals are added, the container's caller principal is returned from SecurityContext#getCallerPrincipal(), and the principal supplied here as a parameter can be retrieved using SecurityContext#getPrincipalsByType(Class). When only one is added, it is returned by SecurityContext#getCallerPrincipal(). Note that after this call returned, the authenticated identity will not be immediately active. This will only take place (should no errors occur) after the authentication mechanism in which this call takes place returns control back to the container (runtime). As a convenience this method returns SUCCESS, so this method can be used in one fluent return statement from an HttpAuthenticationMechanism
| true |
| true |
| Security:JAVADOC:69 | AuthenticationStatus | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContextWrapper.notifyContainerAboutLogin
(
CredentialValidationResult
)
|
Convenience method intended to pass the CredentialValidationResult result of an identity store directly on to the container.
If the outcome from the given CredentialValidationResult#getStatus() equals Status#VALID, the CallerPrincipal and groups are obtained from the CredentialValidationResult and passed into HttpMessageContext#notifyContainerAboutLogin(Principal, Set). If the outcome from the given CredentialValidationResult#getStatus() is not equal to Status#VALID a failure result is returned.
| true |
| true |
| Security:JAVADOC:71 | AuthenticationStatus | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContextWrapper.redirect
(
String
)
|
Sets the response status to SC_FOUND 302 (Found)
As a convenience this method returns SEND_CONTINUE, so this method can be used in one fluent return statement from an HttpAuthenticationMechanism
| true |
| true |
| Security:JAVADOC:72 | AuthenticationStatus | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContextWrapper.responseNotFound
|
Sets the response status to 404 (not found).
As a convenience this method returns SEND_FAILURE, so this method can be used in one fluent return statement from an HttpAuthenticationMechanism
| true |
| true |
| Security:JAVADOC:73 | AuthenticationStatus | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContextWrapper.responseUnauthorized
|
Sets the response status to 401 (unauthorized).
As a convenience this method returns SEND_FAILURE, so this method can be used in one fluent return statement from an HttpAuthenticationMechanism
| true |
| true |
| Security:JAVADOC:74 | void | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContextWrapper.setRegisterSession
(
String
,
Set
)
|
Asks the runtime to register an authentication session.
This will automatically remember the logged-in status as long as the current HTTP session remains valid. Without this being asked, a HttpAuthenticationMechanism has to manually re-authenticate with the runtime at the start of each request.
| true |
| true |
| Security:JAVADOC:75 | void | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContextWrapper.setRequest
(
HttpServletRequest
)
|
Sets the request object.
| true |
| true |
| Security:JAVADOC:76 | void | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContextWrapper.setResponse
(
HttpServletResponse
)
|
Set the response object.
| true |
| true |
| Security:JAVADOC:77 | HttpMessageContext | jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContextWrapper.withRequest
(
HttpServletRequest
)
|
Sets the request object.
| true |
| true |
| Security:JAVADOC:78 | String | jakarta.security.enterprise.authentication.mechanism.http.LoginToContinue.errorPage
|
The resource (page) a caller should get to see in case an error, such as providing invalid credentials, occurs on the page set by LoginToContinue#loginPage().
| true |
| true |
| Security:JAVADOC:79 | String | jakarta.security.enterprise.authentication.mechanism.http.LoginToContinue.loginPage
|
The resource (page) a caller should get to see in case the originally requested resource requires authentication, and the caller is currently not authenticated.
| true |
| true |
| Security:JAVADOC:80 | boolean | jakarta.security.enterprise.authentication.mechanism.http.LoginToContinue.useForwardToLogin
|
Use a forward to reach the page set by the LoginToContinue#loginPage() if true, otherwise use a redirect.
| true |
| true |
| Security:JAVADOC:165 | String | jakarta.security.enterprise.authentication.mechanism.http.LoginToContinue.useForwardToLoginExpression
|
EL expression variant of useForwardToLogin().
The expression needs to evaluate to a boolean outcome. All named CDI beans are available to the expression. If both this attribute and useForwardToLogin() are specified, this attribute take precedence.
| true |
| true |
| Security:JAVADOC:81 | boolean | jakarta.security.enterprise.authentication.mechanism.http.RememberMe.cookieHttpOnly
|
Flag to indicate that the remember me cookie should not be exposed to client-side scripting code, and should only be sent with HTTP requests.
| true |
| true |
| Security:JAVADOC:166 | String | jakarta.security.enterprise.authentication.mechanism.http.RememberMe.cookieHttpOnlyExpression
|
EL expression variant of cookieHttpOnly().
The expression needs to evaluate to a boolean outcome. All named CDI beans are available to the expression as well as default classes as specified by EL 3.0 for the ELProcessor and the implicit objects "self" which refers to the interceptor target and "httpMessageContext" which refers to the current HttpMessageContext. If both this attribute and cookieHttpOnly() are specified, this attribute takes precedence.
| true |
| true |
| Security:JAVADOC:82 | int | jakarta.security.enterprise.authentication.mechanism.http.RememberMe.cookieMaxAgeSeconds
|
Max age in seconds for the remember me cookie.
Defaults to one day.
| true |
| true |
| Security:JAVADOC:167 | String | jakarta.security.enterprise.authentication.mechanism.http.RememberMe.cookieMaxAgeSecondsExpression
|
EL expression variant of cookieMaxAgeSeconds().
The expression needs to evaluate to an integer outcome. All named CDI beans are available to the expression as well as default classes as specified by EL 3.0 for the ELProcessor and the implicit objects "self" which refers to the interceptor target and "httpMessageContext" which refers to the current HttpMessageContext. If both this attribute and cookieMaxAgeSeconds() are specified, this attribute takes precedence.
| true |
| true |
| Security:JAVADOC:83 | String | jakarta.security.enterprise.authentication.mechanism.http.RememberMe.cookieName
|
Name of the remember me cookie.
| true |
| true |
| Security:JAVADOC:84 | boolean | jakarta.security.enterprise.authentication.mechanism.http.RememberMe.cookieSecureOnly
|
Flag to indicate that the remember me cookie should only be sent using a secure protocol (e.g.
HTTPS or SSL).
| true |
| true |
| Security:JAVADOC:168 | String | jakarta.security.enterprise.authentication.mechanism.http.RememberMe.cookieSecureOnlyExpression
|
EL expression variant of cookieSecureOnly().
The expression needs to evaluate to a boolean outcome. All named CDI beans are available to the expression as well as default classes as specified by EL 3.0 for the ELProcessor and the implicit objects "self" which refers to the interceptor target and "httpMessageContext" which refers to the current HttpMessageContext. If both this attribute and cookieSecureOnly() are specified, this attribute takes precedence.
| true |
| true |
| Security:JAVADOC:169 | boolean | jakarta.security.enterprise.authentication.mechanism.http.RememberMe.isRememberMe
|
Flag to determine if remember me should be used.
| true |
| true |
| Security:JAVADOC:88 | String | jakarta.security.enterprise.authentication.mechanism.http.RememberMe.isRememberMeExpression
|
EL expression to determine if remember me should be used.
This is evaluated for every request requiring authentication. The expression needs to evaluate to a boolean outcome. All named CDI beans are available to the expression as well as default classes as specified by EL 3.0 for the ELProcessor and the implicit objects "self" which refers to the interceptor target and "httpMessageContext" which refers to the current HttpMessageContext.
| true |
| true |
| Security:JAVADOC:131 | AbstractClearableCredential | jakarta.security.enterprise.credential.AbstractClearableCredential.AbstractClearableCredential
|
| true |
| true |
| Security:JAVADOC:132 | void | jakarta.security.enterprise.credential.AbstractClearableCredential.clear
|
Clears the credential.
For example, if the credential includes a password, this method would overwrite the password value.
| true |
| true |
| Security:JAVADOC:133 | boolean | jakarta.security.enterprise.credential.AbstractClearableCredential.isCleared
|
Determines whether the credential value has been securely cleared.
| true |
| true |
| Security:JAVADOC:134 | BasicAuthenticationCredential | jakarta.security.enterprise.credential.BasicAuthenticationCredential.BasicAuthenticationCredential
(
String
)
|
Constructor
| true |
| true |
| Security:JAVADOC:135 | CallerOnlyCredential | jakarta.security.enterprise.credential.CallerOnlyCredential.CallerOnlyCredential
(
String
)
|
| true |
| true |
| Security:JAVADOC:136 | String | jakarta.security.enterprise.credential.CallerOnlyCredential.getCaller
|
| true |
| true |
| Security:JAVADOC:137 | void | jakarta.security.enterprise.credential.Credential.clear
|
Clears the credential.
For example, if the credential includes a password, this method would overwrite the password value.
| true |
| true |
| Security:JAVADOC:138 | boolean | jakarta.security.enterprise.credential.Credential.isCleared
|
Determines whether the credential value has been securely cleared.
| true |
| true |
| Security:JAVADOC:139 | boolean | jakarta.security.enterprise.credential.Credential.isValid
|
Determines whether the credential is valid.
This would be called as part of the credential validation process to check the integrity of the credential, such as a signature check. This check would be self-contained, not requiring identity store access.
| true |
| true |
| Security:JAVADOC:140 | void | jakarta.security.enterprise.credential.Password.clear
|
Securely clears the password value.
| true |
| true |
| Security:JAVADOC:141 | boolean | jakarta.security.enterprise.credential.Password.compareTo
(
String
)
|
| true |
| true |
| Security:JAVADOC:142 | char[] | jakarta.security.enterprise.credential.Password.getValue
|
Determines the password value.
| true |
| true |
| Security:JAVADOC:143 | Password | jakarta.security.enterprise.credential.Password.Password
(
char[]
)
|
Constructor
| true |
| true |
| Security:JAVADOC:144 | Password | jakarta.security.enterprise.credential.Password.Password
(
String
)
|
Constructor
| true |
| true |
| Security:JAVADOC:145 | String | jakarta.security.enterprise.credential.RememberMeCredential.getToken
|
Determines the token value to compare for authentication.
| true |
| true |
| Security:JAVADOC:146 | RememberMeCredential | jakarta.security.enterprise.credential.RememberMeCredential.RememberMeCredential
(
String
)
|
Constructor
| true |
| true |
| Security:JAVADOC:147 | void | jakarta.security.enterprise.credential.UsernamePasswordCredential.clearCredential
|
Invokes the specific subclass to securely clear the credential value.
Some Credential subclasses contain credential values which are inherently secure, such as tokens, for which clearing the credential may not be necessary. For example, if the credential includes a password, this method would overwrite the password value.
| true |
| true |
| Security:JAVADOC:148 | boolean | jakarta.security.enterprise.credential.UsernamePasswordCredential.compareTo
(
String
,
String
)
|
| true |
| true |
| Security:JAVADOC:149 | String | jakarta.security.enterprise.credential.UsernamePasswordCredential.getCaller
|
| true |
| true |
| Security:JAVADOC:150 | Password | jakarta.security.enterprise.credential.UsernamePasswordCredential.getPassword
|
Determines the password.
| true |
| true |
| Security:JAVADOC:151 | String | jakarta.security.enterprise.credential.UsernamePasswordCredential.getPasswordAsString
|
Determines the password.
| true |
| true |
| Security:JAVADOC:152 | UsernamePasswordCredential | jakarta.security.enterprise.credential.UsernamePasswordCredential.UsernamePasswordCredential
(
String
,
String
)
|
Constructor.
| true |
| true |
| Security:JAVADOC:153 | UsernamePasswordCredential | jakarta.security.enterprise.credential.UsernamePasswordCredential.UsernamePasswordCredential
(
String
,
Password
)
|
Constructor.
| true |
| true |
| Security:JAVADOC:89 | CredentialValidationResult | jakarta.security.enterprise.identitystore.CredentialValidationResult.CredentialValidationResult
(
String
)
|
Constructor for a VALID result.
| true |
| true |
| Security:JAVADOC:90 | CredentialValidationResult | jakarta.security.enterprise.identitystore.CredentialValidationResult.CredentialValidationResult
(
CallerPrincipal
)
|
Constructor for a VALID result.
| true |
| true |
| Security:JAVADOC:91 | CredentialValidationResult | jakarta.security.enterprise.identitystore.CredentialValidationResult.CredentialValidationResult
(
String
,
Set
)
|
Constructor for a VALID result.
| true |
| true |
| Security:JAVADOC:92 | CredentialValidationResult | jakarta.security.enterprise.identitystore.CredentialValidationResult.CredentialValidationResult
(
CallerPrincipal
,
Set
)
|
Constructor for a VALID result.
| true |
| true |
| Security:JAVADOC:93 | CredentialValidationResult | jakarta.security.enterprise.identitystore.CredentialValidationResult.CredentialValidationResult
(
String
,
String
,
String
,
String
,
Set
)
|
Constructor for a VALID result.
| true |
| true |
| Security:JAVADOC:94 | CredentialValidationResult | jakarta.security.enterprise.identitystore.CredentialValidationResult.CredentialValidationResult
(
String
,
CallerPrincipal
,
String
,
String
,
Set
)
|
Constructor for a VALID result.
| true |
| true |
| Security:JAVADOC:170 | String | jakarta.security.enterprise.identitystore.CredentialValidationResult.getCallerDn
|
Return the CallerPrincipal for the validated credential.
| true |
| true |
| Security:JAVADOC:90 | Set | jakarta.security.enterprise.identitystore.CredentialValidationResult.getCallerGroups
|
Determines the set of groups that the specified Caller is in, based on the associated identity store.
| true |
| true |
| Security:JAVADOC:96 | CallerPrincipal | jakarta.security.enterprise.identitystore.CredentialValidationResult.getCallerPrincipal
|
Return the CallerPrincipal for the validated credential.
| true |
| true |
| Security:JAVADOC:97 | String | jakarta.security.enterprise.identitystore.CredentialValidationResult.getCallerUniqueId
|
Return a string that uniquely identifies this caller within the identity store (since the Principal name used may not be unique).
| true |
| true |
| Security:JAVADOC:98 | String | jakarta.security.enterprise.identitystore.CredentialValidationResult.getIdentityStoreId
|
Return the unique ID of the identity store used to validate the credentials.
| true |
| true |
| Security:JAVADOC:99 | Status | jakarta.security.enterprise.identitystore.CredentialValidationResult.getStatus
|
Determines the validation status.
| true |
| true |
| Security:JAVADOC:100 | Status | jakarta.security.enterprise.identitystore.CredentialValidationResult.Status.valueOf
(
String
)
|
| true |
| true |
| Security:JAVADOC:101 | Status[] | jakarta.security.enterprise.identitystore.CredentialValidationResult.Status.values
|
| true |
| true |
| Security:JAVADOC:112 | String | jakarta.security.enterprise.identitystore.DatabaseIdentityStoreDefinition.callerQuery
|
SQL query to validate the {caller, password} pair.
Only needed when #useFor() contains ValidationType#VALIDATE. The name of the caller that is to be authenticated has to be set as the one and only placeholder. The (hashed) password should be in the first column of the result. Example query: select password from callers where name = ?
| true |
| true |
| Security:JAVADOC:113 | String | jakarta.security.enterprise.identitystore.DatabaseIdentityStoreDefinition.dataSourceLookup
|
Full JNDI name of the data source that provides access to the data base where the caller identities are stored.
| true |
| true |
| Security:JAVADOC:114 | String | jakarta.security.enterprise.identitystore.DatabaseIdentityStoreDefinition.groupsQuery
|
SQL query to retrieve the groups associated with the caller when authentication succeeds.
Only needed when #useFor() contains ValidationType#PROVIDE_GROUPS. The name of the caller that has been authenticated has to be set as the one and only placeholder. The group name should be in the first column of the result. Example query: select group_name from caller_groups where caller_name = ?
| true |
| true |
| Security:JAVADOC:115 | Class | jakarta.security.enterprise.identitystore.DatabaseIdentityStoreDefinition.hashAlgorithm
|
Hash algorithm applied to plain text password for comparison with password returned from #callerQuery().
| true |
| true |
| Security:JAVADOC:171 | String[] | jakarta.security.enterprise.identitystore.DatabaseIdentityStoreDefinition.hashAlgorithmParameters
|
Used to specify algorithm specific parameters, such as:
PBKDF2.iterations PBKDF2.salt Parameters are specified using the format: parameterName=parameterValue with one parameter per array element.
| true |
| true |
| Security:JAVADOC:117 | int | jakarta.security.enterprise.identitystore.DatabaseIdentityStoreDefinition.priority
|
Determines the order in case multiple IdentityStores are found.
| true |
| true |
| Security:JAVADOC:172 | String | jakarta.security.enterprise.identitystore.DatabaseIdentityStoreDefinition.priorityExpression
|
Allow priority to be specified as an EL expression.
If set, overrides any value set with priority.
| true |
| true |
| Security:JAVADOC:118 | ValidationType[] | jakarta.security.enterprise.identitystore.DatabaseIdentityStoreDefinition.useFor
|
Determines what the identity store is used for
| true |
| true |
| Security:JAVADOC:173 | String | jakarta.security.enterprise.identitystore.DatabaseIdentityStoreDefinition.useForExpression
|
Allow useFor to be specified as an EL expression.
If set, overrides any value set with useFor.
| true |
| true |
| Security:JAVADOC:102 | Set | jakarta.security.enterprise.identitystore.IdentityStore.getCallerGroups
(
CredentialValidationResult
)
|
| true |
| true |
| Security:JAVADOC:103 | int | jakarta.security.enterprise.identitystore.IdentityStore.priority
|
Determines the order of multiple IdentityStores.
Stores are consulted lower number first.
| true |
| true |
| Security:JAVADOC:104 | CredentialValidationResult | jakarta.security.enterprise.identitystore.IdentityStore.validate
(
Credential
)
|
Validates the given credential.
As a convenience a default implementation is provided that looks up an overload of this method with as the one and only parameter a subclass of Credential. Here is an example of what an implementation of this interface looks like with such overloaded method: public class ExampleIdentityStore implements IdentityStore { public CredentialValidationResult validate(UsernamePasswordCredential usernamePasswordCredential) { // Implementation ... return INVALID_RESULT; } } Note that the overloaded method is only called when the actual type passed into this method will exactly match the parameter type of the overloaded method. There's no attempt being done to find the most specific overloaded method such as specified in JLS 15.2.
| true |
| true |
| Security:JAVADOC:105 | Set | jakarta.security.enterprise.identitystore.IdentityStore.validationTypes
|
Determines the type of validation the IdentityStore should be used for.
By default, its used for credential validation AND providing groups. Note that implementers of this API should not return a direct reference to a Set used internally to represent an IdentityStore's validation types, unless it is an immutable Set. Callers of the API should be aware that the returned Set may be immutable, or a copy, and that, in any case, it should not be modified by the caller.
| true |
| true |
| Security:JAVADOC:106 | ValidationType | jakarta.security.enterprise.identitystore.IdentityStore.ValidationType.valueOf
(
String
)
|
| true |
| true |
| Security:JAVADOC:107 | ValidationType[] | jakarta.security.enterprise.identitystore.IdentityStore.ValidationType.values
|
| true |
| true |
| Security:JAVADOC:108 | CredentialValidationResult | jakarta.security.enterprise.identitystore.IdentityStoreHandler.validate
(
Credential
)
|
Validates the given credential.
| true |
| true |
| Security:JAVADOC:119 | String | jakarta.security.enterprise.identitystore.LdapIdentityStoreDefinition.bindDn
|
Distinguished name for the application or administrative user that will be used to make the initial connection to the LDAP and to perform searches and lookups.
This value is needed if caller or group lookup will be done. It is not needed if the store will be used only to authenticate callers using direct binding (see callerBaseDn). This user needs search permission in the LDAP for persons and/or groups. E.g.: uid=ldap,ou=apps,dc=jsr375,dc=net
| true |
| true |
| Security:JAVADOC:125 | String | jakarta.security.enterprise.identitystore.LdapIdentityStoreDefinition.bindDnPassword
|
Password for the application/admin user defined by the bindDn member.
Only used when the member bindDn is filled in.
| true |
| true |
| Security:JAVADOC:120 | String | jakarta.security.enterprise.identitystore.LdapIdentityStoreDefinition.callerBaseDn
|
Base distinguished name for callers in the LDAP store (e.g., "ou=caller,dc=jsr375,dc=net").
When this member value is specified, and callerSearchBase is not, direct binding is attempted. The callerNameAttribute must be specified along with this attribute so that the runtime can create the "leaf" RDN needed to concatenate with the base DN to create the full DN of the caller.
| true |
| true |
| Security:JAVADOC:121 | String | jakarta.security.enterprise.identitystore.LdapIdentityStoreDefinition.callerNameAttribute
|
Name of the attribute that contains the callers name in the person object (e.g., "uid").
This attribute will be used, with callerBaseDn, to construct caller DNs for direct binding. It is also used to retrieve the caller's name when the caller object is instead looked up using search. The value of this attribute is returned as the caller principal name for a successful credential validation. The following gives an example in ldif format: dn: uid=peter,ou=caller,dc=jsr375,dc=net objectclass: top objectclass: uidObject objectclass: person uid: peter cn: Peter Smith sn: Peter userPassword: secret1
| true |
| true |
| Security:JAVADOC:127 | String | jakarta.security.enterprise.identitystore.LdapIdentityStoreDefinition.callerSearchBase
|
Search base for looking up callers (e.g., "ou=caller,dc=jsr375,dc=net").
Overrides callerBaseDn, if configured, causing caller search to be used instead of direct binding. Requires that the bindDn member be filled in.
| true |
| true |
| Security:JAVADOC:128 | String | jakarta.security.enterprise.identitystore.LdapIdentityStoreDefinition.callerSearchFilter
|
Search filter to find callers when callerSearchBase is set.
The search is performed starting from the callerSearchBase DN with the scope specified by callerSearchScope.
| true |
| true |
| Security:JAVADOC:174 | LdapSearchScope | jakarta.security.enterprise.identitystore.LdapIdentityStoreDefinition.callerSearchScope
|
Search scope for caller searches: determines depth of the search in the LDAP tree.
| true |
| true |
| Security:JAVADOC:175 | String | jakarta.security.enterprise.identitystore.LdapIdentityStoreDefinition.callerSearchScopeExpression
|
Allow callerSearchScope to be specified as an EL expression.
If set, overrides any value set with callerSearchScope.
| true |
| true |
| Security:JAVADOC:123 | String | jakarta.security.enterprise.identitystore.LdapIdentityStoreDefinition.groupMemberAttribute
|
Name of the attribute in a group object that identifies the members of the group (e.g., "member").
The value of this attribute must be the full DN of the caller. The following gives an example entry in ldif format: dn: cn=foo,ou=group,dc=jsr375,dc=net objectclass: top objectclass: groupOfNames cn: foo member: uid=pete,ou=caller,dc=jsr375,dc=net member: uid=john,ou=caller,dc=jsr375,dc=net
| true |
| true |
| Security:JAVADOC:176 | String | jakarta.security.enterprise.identitystore.LdapIdentityStoreDefinition.groupMemberOfAttribute
|
Name of the attribute in a person object that identifies the groups the caller belongs to (e.g., "memberOf").
This attribute is used only if: a) group search is not configured (i.e., no groupSearchBase and groupSearchFilter configured); and, b) the caller's DN is available, either because groups are being returned during the credential validation phase by an identity store that performs both validation and group lookup, or because the DN is available in the CredentialValidationResult passed to the IdentityStore#getCallerGroups(CredentialValidationResult) method. The value of this attribute must be the full DN of the group. The following gives an example entry in ldif format: dn: uid=peter,ou=caller,dc=jsr375,dc=net objectclass: top objectclass: uidObject objectclass: person uid: peter cn: Peter Smith memberOf: cn=foo,ou=group,dc=jsr375,dc=net memberOf: cn=bar,ou=group,dc=jsr375,dc=net
| true |
| true |
| Security:JAVADOC:124 | String | jakarta.security.enterprise.identitystore.LdapIdentityStoreDefinition.groupNameAttribute
|
Name of the attribute of a group object that represents the group name (e.g., "cn")
| true |
| true |
| Security:JAVADOC:122 | String | jakarta.security.enterprise.identitystore.LdapIdentityStoreDefinition.groupSearchBase
|
Search base for looking up groups (e.g., "ou=group,dc=jsr375,dc=net").
Needed only for a store that performs group lookup. Requires that the bindDn member be filled in.
| true |
| true |
| Security:JAVADOC:178 | String | jakarta.security.enterprise.identitystore.LdapIdentityStoreDefinition.groupSearchFilter
|
Search filter to find groups when groupSearchBase is set.
The search is performed starting from the groupSearchBase DN with the scope specified by groupSearchScope.
| true |
| true |
| Security:JAVADOC:179 | LdapSearchScope | jakarta.security.enterprise.identitystore.LdapIdentityStoreDefinition.groupSearchScope
|
Search scope for group searches, determines depth of the search in the LDAP tree.
| true |
| true |
| Security:JAVADOC:180 | String | jakarta.security.enterprise.identitystore.LdapIdentityStoreDefinition.groupSearchScopeExpression
|
Allow groupSearchScope to be specified as an EL expression.
If set, overrides any value set with groupSearchScope.
| true |
| true |
| Security:JAVADOC:181 | int | jakarta.security.enterprise.identitystore.LdapIdentityStoreDefinition.maxResults
|
Set the maximum number of results (objects) the server should return in response to a search.
The default value is set to 1000, which corresponds to the maximum number of results most LDAP servers will return for in a single response. Most LDAP servers support paging through result sets larger than 1000, but doing so should rarely be necessary for normal validation and group lookup use cases. Implementations of the built-in LDAP IdentityStore MAY support paging through larger result sets, but are NOT REQUIRED to.
| true |
| true |
| Security:JAVADOC:182 | String | jakarta.security.enterprise.identitystore.LdapIdentityStoreDefinition.maxResultsExpression
|
Allow maxResults to be specified as an EL expression.
If set, overrides any value set with maxResults.
| true |
| true |
| Security:JAVADOC:126 | int | jakarta.security.enterprise.identitystore.LdapIdentityStoreDefinition.priority
|
Determines the order in case multiple IdentityStores are found.
| true |
| true |
| Security:JAVADOC:183 | String | jakarta.security.enterprise.identitystore.LdapIdentityStoreDefinition.priorityExpression
|
Allow priority to be specified as an EL expression.
If set, overrides any value set with priority.
| true |
| true |
| Security:JAVADOC:184 | int | jakarta.security.enterprise.identitystore.LdapIdentityStoreDefinition.readTimeout
|
Set the timeout value that should be used when waiting for the LDAP server to return results.
Note that this is different from the connection timeout for the underlying socket connection; The default value of 0 means wait forever (assuming the connection itself does not time out).
| true |
| true |
| Security:JAVADOC:185 | String | jakarta.security.enterprise.identitystore.LdapIdentityStoreDefinition.readTimeoutExpression
|
Allow readTimeout to be specified as an EL expression.
If set, overrides any value set with readTimeout.
| true |
| true |
| Security:JAVADOC:129 | String | jakarta.security.enterprise.identitystore.LdapIdentityStoreDefinition.url
|
URL where the LDAP server can be reached.
E.g.: ldap://localhost:33389
| true |
| true |
| Security:JAVADOC:130 | ValidationType[] | jakarta.security.enterprise.identitystore.LdapIdentityStoreDefinition.useFor
|
Determines what the identity store is used for
| true |
| true |
| Security:JAVADOC:186 | String | jakarta.security.enterprise.identitystore.LdapIdentityStoreDefinition.useForExpression
|
Allow useFor to be specified as an EL expression.
If set, overrides any value set with useFor.
| true |
| true |
| Security:JAVADOC:187 | LdapSearchScope | jakarta.security.enterprise.identitystore.LdapIdentityStoreDefinition.LdapSearchScope.valueOf
(
String
)
|
| true |
| true |
| Security:JAVADOC:188 | LdapSearchScope[] | jakarta.security.enterprise.identitystore.LdapIdentityStoreDefinition.LdapSearchScope.values
|
| true |
| true |
| Security:JAVADOC:189 | String | jakarta.security.enterprise.identitystore.PasswordHash.generate
(
char[]
)
|
Generate an encoded password hash value for storage in a user's account.
This method should not be used to generate a password hash for verification purposes; use #verify(char[], String) for that purpose. Use this method only to generate hash values when processing a new or changed password. The returned hash value should be fully encoded such that it can be directly stored, as is, with no additional format or encoding changes.
| true |
| true |
| Security:JAVADOC:190 | void | jakarta.security.enterprise.identitystore.PasswordHash.initialize
(
Map
)
|
Initialize the instance with the parameters it should use to generate and verify password hashes.
The parameters are the name/value pairs specified with the DatabaseIdentityStoreDefinition#hashAlgorithmParameters() attribute. An implementation is not required to support parameters, and may ignore parameters passed to it. It is also possible that an implementation will use the specified parameters when generating a new password hash, but ignore them in favor of parameters stored with an existing password hash when verifying. If not parameters were provided, the argument is an empty Map.
| true |
| true |
| Security:JAVADOC:191 | boolean | jakarta.security.enterprise.identitystore.PasswordHash.verify
(
char[]
,
String
)
|
Verify a user's password against the corresponding password hash value.
The password hash value should be provided exactly as retrieved from the identity store, with no decoding or formatting applied. The provided password value will be hashed and compared to the decoded hashed password value.
| true |
| true |
| Security:JAVADOC:109 | String | jakarta.security.enterprise.identitystore.RememberMeIdentityStore.generateLoginToken
(
CallerPrincipal
,
Set
)
|
Associates the given principal and groups with a token.
The token generated by this method is intended to be used with the RememberMeCredential and passed into the #validate(RememberMeCredential) method.
| true |
| true |
| Security:JAVADOC:110 | void | jakarta.security.enterprise.identitystore.RememberMeIdentityStore.removeLoginToken
(
String
)
|
Dissociates the principal and groups that were associated with the token before and removes the token itself.
If the token did not exist (i.e. no principal and groups were associated with that token) no exception will be thrown.
| true |
| true |
| Security:JAVADOC:111 | CredentialValidationResult | jakarta.security.enterprise.identitystore.RememberMeIdentityStore.validate
(
RememberMeCredential
)
|
Validates the given credential.
| true |
| true |