Class RequestAuthenticator


  • public class RequestAuthenticator
    extends java.lang.Object
    Top-level authentication/authorization class; calls authentication mechanisms as needed.
    • Method Detail

      • authorize

        public java.util.Optional<AuthResult> authorize​(RequestAuthenticator.AuthSettings auth,
                                                        javax.servlet.http.HttpServletRequest req)
        Attempts to authenticate and authorize the user, according to the settings of the action.
        Parameters:
        auth - the auth settings of the action, which determine what authentication and authorization are allowed
        req - the HttpServletRequest; some authentication mechanisms use HTTP headers
        Returns:
        an authentication result if authentication/authorization was successful, or absent() if not; authentication can be "successful" even without any authentication if the action's auth settings are set to NONE -- in this case, NOT_AUTHENTICATED is returned