Class RequestAuthenticator


public class RequestAuthenticator extends Object
Top-level authentication/authorization class; calls authentication mechanisms as needed.
  • Constructor Details

    • RequestAuthenticator

      @Inject public RequestAuthenticator(<AuthenticationMechanism> apiAuthenticationMechanisms)
  • Method Details

    • authorize

      public Optional<AuthResult> authorize(AuthSettings auth, jakarta.servlet.http.HttpServletRequest req)
      Attempts to authenticate and authorize the user, according to the settings of the action.
      auth - the auth settings of the action, which determine what authentication and authorization are allowed
      req - the HttpServletRequest; some authentication mechanisms use HTTP headers
      an authentication result if authentication/authorization was successful, or absent() if not; authentication can be "successful" even without any authentication if the action's auth settings are set to NONE -- in this case, NOT_AUTHENTICATED is returned