javax.security.auth.message.config

Interface ServerAuthContext

All Superinterfaces:

ServerAuth

public interface ServerAuthContext
extends ServerAuth

This ServerAuthContext class encapsulates ServerAuthModules that are used to secure requests made as a client. A caller typically uses this class in the following manner:

1. Retrieve an instance of this class via AuthContextFactory.getAuthContext.
2. Invoke validateRequest.

   ServerAuthContext implementation invokes encapsulated ServerAuthModule(s). Module(s) verify or decrypt response as necessary.

3. Authentication complete.

   Perform authorization check on authenticated identity and, if successful, dispatch to requested service application.

4. Service Application Finished.
5. Invoke secureResponse.

   ServerAuthContext implementation invokes encapsulated ServerAuthModule(s). Module(s) secure response (sign and encrypt response, for example).

6. Send final response to client.
7. Invoke disposeSubject method (as necessary) to clean up any authentication state in Subject.

   A ServerAuthContext instance may be used concurrently by multiple callers.

A ServerAuthContext instance may be used concurrently by multiple callers.

Implementations of this interface are responsible for constructing and initializing the encapsulated modules. The initialization step includes passing the relevant request and response MessagePolicy objects to the encapsulated modules. The MessagePolicy objects are obtained from the ServerAuthConfig instance that was provided when this ServerAuthContext instance was created.

Since:

May 12, 2006

Version:

$Revision$

Author:

Anil Saldhana, Charlie Lai, Ron Monzillo (Javadoc for JSR-196)

Method Summary

Methods inherited from interface javax.security.auth.message.ServerAuth

cleanSubject, secureResponse, validateRequest