SecurityContextFactory (OpenDJ Public API Javadoc 6.5.6 Documentation)

java.lang.Object
- org.forgerock.json.resource.http.SecurityContextFactory

All Implemented Interfaces:

HttpContextFactory

Deprecated.
This class will be removed once CAF has been migrated fully to CHF, at which point components should create SecurityContexts directly rather than via request attributes.
```
@Deprecated
public final class SecurityContextFactory
extends Object
implements HttpContextFactory
```
An HTTP context factory which will create a SecurityContext whose authentication ID and authorization ID are taken from attributes contained in the HTTP request.
This class provides integration with the common authentication framework and is intended to work as follows:
1. An incoming HTTP request is first intercepted by a HTTP filter responsible for authenticating the request.
2. If authentication is successful, the authentication filter determines the set of principals associated with the user which may be required in order to perform authorization. These principals may include the user's unique ID, realm, groups, roles, or LDAP DN, etc.
3. The authentication filter constructs a Map<String, Object> containing the principals keyed on the principal name. NOTE: various reserved principal names are defined in SecurityContext.
4. The authentication filter stores the authentication ID (the name which the user identified themselves with during authentication) in the HTTP servlet request's ATTRIBUTE_AUTHCID attribute.
5. The authentication filter stores the Map containing the authorization principals in the HTTP servlet request's ATTRIBUTE_AUTHZID attribute.
6. The JSON Resource Handler uses the SecurityContextFactory to obtain the authentication ID and authorization principals from the HTTP request's attributes.
The following code illustrates how an authentication HTTP filter can populate the attributes:
```
 
 public Promise<Response, ResponseException> filter(Context context, Request request, Handler next) {
     // Authenticate the user.
     String authcid = getUserName(request);
     String password = getPassword(request);

     // Add the attributes.
     if (checkCredentials(authcid, password)) {
         // Obtain principals for authorization.
         Map<String, Object> authzid = new HashMap<>();
         authzid.put(AUTHZID_ID, id);
         ...

         AttributesContext attributesContext = context.asContext(AttributesContext.class);
         attributesContext.getAttributes().put(ATTRIBUTE_AUTHCID, authcid);
         attributesContext.getAttributes().put(ATTRIBUTE_AUTHZID, authzid);
     }
 }
 
 
```

Field Summary

Fields
Modifier and Type	Field and Description
`static String`	`ATTRIBUTE_AUTHCID` Deprecated. The name of the HTTP Request attribute where this factory expects to find the authenticated user's authentication ID.
`static String`	`ATTRIBUTE_AUTHZID` Deprecated. The name of the HTTP Request attribute where this factory expects to find the authenticated user's authorization ID.

Method Summary

All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods
Modifier and Type	Method and Description
`org.forgerock.services.context.SecurityContext`	`createContext(org.forgerock.services.context.Context parent)` Deprecated. Creates a new `SecurityContext` using the attributes contained in the provided HTTP request.
`org.forgerock.services.context.SecurityContext`	`createContext(org.forgerock.services.context.Context context, org.forgerock.http.protocol.Request request)` Deprecated. Creates a new `SecurityContext` using the attributes contained in the provided HTTP request.
`static SecurityContextFactory`	`getHttpServletContextFactory()` Deprecated. Returns the singleton security context factory which can be used for obtaining context information from a HTTP request.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - ATTRIBUTE_AUTHCID
```
public static final String ATTRIBUTE_AUTHCID
```
    Deprecated.
    
    The name of the HTTP Request attribute where this factory expects to find the authenticated user's authentication ID. The name of this attribute is org.forgerock.authentication.principal and it MUST contain a String if it is present.
    
    See Also:
    
    SecurityContext.getAuthenticationId(), Constant Field Values
  - ATTRIBUTE_AUTHZID
```
public static final String ATTRIBUTE_AUTHZID
```
    Deprecated.
    
    The name of the HTTP Request attribute where this factory expects to find the authenticated user's authorization ID. The name of this attribute is org.forgerock.authentication.context and it MUST contain a Map<String, Object> if it is present.
    
    See Also:
    
    SecurityContext.getAuthorization(), Constant Field Values
- Method Detail
  - getHttpServletContextFactory
```
public static SecurityContextFactory getHttpServletContextFactory()
```
    Deprecated.
    
    Returns the singleton security context factory which can be used for obtaining context information from a HTTP request.
    
    Returns:
    
    The singleton security context factory.
  - createContext
```
public org.forgerock.services.context.SecurityContext createContext(org.forgerock.services.context.Context parent)
                                                             throws ResourceException
```
    Deprecated.
    
    Creates a new SecurityContext using the attributes contained in the provided HTTP request. The authentication ID will be obtained from the ATTRIBUTE_AUTHCID attribute, and the authorization ID will be obtained from the ATTRIBUTE_AUTHCID attribute.
    It is not an error if either of the attributes are not present, but a ResourceException will be thrown if they are present but have the wrong type.
    
    Parameters:
    
    parent - The parent context.
    
    Returns:
    
    A security context initialized using the attributes contained in the provided HTTP request.
    
    Throws:
    
    ResourceException - If one of the attributes was present but had the wrong type.
  - createContext
```
public org.forgerock.services.context.SecurityContext createContext(org.forgerock.services.context.Context context,
                                                                    org.forgerock.http.protocol.Request request)
                                                             throws ResourceException
```
    Deprecated.
    
    Creates a new SecurityContext using the attributes contained in the provided HTTP request. The authentication ID will be obtained from the ATTRIBUTE_AUTHCID attribute, and the authorization ID will be obtained from the ATTRIBUTE_AUTHCID attribute.
    It is not an error if either of the attributes are not present, but a ResourceException will be thrown if they are present but have the wrong type.
    
    Specified by:
    
    createContext in interface HttpContextFactory
    
    Parameters:
    
    context - The parent context.
    
    request - The HTTP request from which the authentication ID and authorization ID attributes should be obtained.
    
    Returns:
    
    A security context initialized using the attributes contained in the provided HTTP request.
    
    Throws:
    
    ResourceException - If one of the attributes was present but had the wrong type.

Class SecurityContextFactory

Field Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

ATTRIBUTE_AUTHCID

ATTRIBUTE_AUTHZID

Method Detail

getHttpServletContextFactory

createContext

createContext