com.ibm.mfp.server.security.external.resource
Interface AdapterSecurityContext
-
public interface AdapterSecurityContext
Security context of an adapter REST call. Provides access to the security context of the client, and the client registration data. Using this interface an adapter can:- Get the information of the authenticated user
- Get introspection data of the access token
- Get the registration data of the current client, or any registered client, including the details of the mobile device, users associated with the application instance and custom client attributes
- Modify client registration data
- Find registered clients using various search criteria
- Validate credentials with a security check
To get access to the security context in an adapter, use the@Context
annotation to inject it. For example:@Context AdapterSecurityContext securityContext; @OAuthSecurity(scope = "userLogin") @GET @Produces(MediaType.TEXT_PLAIN) public String sayHello() { AuthenticatedUser user = securityContext.getAuthenticatedUser(); return "Hello " + user.getDisplayName(); }
-
-
Method Summary
Methods Modifier and Type Method and Description java.util.List
findClientRegistrationData(ClientSearchCriteria criteria)
Finds the registration data of mobile clients by the given search criteria.TokenIntrospectionData
getAccessTokenInfo()
Gets introspection data of the current access token provided in the request.AuthenticatedUser
getAuthenticatedUser()
Gets the latest authenticated user.ClientData
getClientRegistrationData()
Gets registration data for the caller mobile client.ClientData
getClientRegistrationData(java.lang.String clientId)
Gets registration data for the given client ID.void
storeClientRegistrationData(ClientData clientData)
Updates the registration data of a client.boolean
validateCredentials(java.lang.String securityCheckName, java.util.Map credentials, HttpServletRequest request)
Validates the given credentials with the given security check.
-
-
-
Method Detail
-
getAuthenticatedUser
AuthenticatedUser getAuthenticatedUser()
Gets the latest authenticated user.- Returns:
- authenticated user, null if there's no authenticated user at the moment
-
getAccessTokenInfo
TokenIntrospectionData getAccessTokenInfo()
Gets introspection data of the current access token provided in the request.
If the resource is unprotected and there's no access token, this method returns null.
If the token has expired or has been revoked, this method throws a runtime exception which is automatically translated into an error response according to OAuth 2.0.- Returns:
- introspection data of the current access token, or null if this is an unprotected resource
-
getClientRegistrationData
ClientData getClientRegistrationData()
Gets registration data for the caller mobile client.
If the caller is not a mobile client, or the resource is unprotected and the caller is unknown, this method returns null.- Returns:
- the registration data of the caller mobile client, or null if the caller is not a mobile client or the caller is unknown
-
getClientRegistrationData
ClientData getClientRegistrationData(java.lang.String clientId)
Gets registration data for the given client ID. Returns null if the client does not exist.- Parameters:
clientId
- the client ID- Returns:
- the client registration data, or null if the client does not exist.
-
findClientRegistrationData
java.util.List findClientRegistrationData(ClientSearchCriteria criteria)
Finds the registration data of mobile clients by the given search criteria.- Parameters:
criteria
- the search criteria- Returns:
- list of clients satisfying the given criteria
-
storeClientRegistrationData
void storeClientRegistrationData(ClientData clientData)
Updates the registration data of a client.
TheClientData
isnstance must be obtained viaAdapterSecurityContext.getClientRegistrationData()
,AdapterSecurityContext.getClientRegistrationData(String)
, orAdapterSecurityContext.findClientRegistrationData(ClientSearchCriteria)
.
If the registration data has been modified by a concurrent request after it was obtained by this request, this method throws a runtime exception which is automatically reported to the client as HTTP status 409 (Conflict).- Parameters:
clientData
- the modified data to be stored.
-
validateCredentials
boolean validateCredentials(java.lang.String securityCheckName, java.util.Map credentials, HttpServletRequest request)
Validates the given credentials with the given security check.
The security check may also use information provided in the HTTP request (e.g., request headers) to authorize the request.
The security check is created and initialized with its default configuration. The state of the security check is not preserved after this method returns.
If the security check cannot be found or created, this method throws a RuntimeException.- Parameters:
securityCheckName
- check namecredentials
- credentials (name-value pairs) to be validated by the security checkrequest
- the client request- Returns:
- true if the credentials have been validated successfully, false otherwise
- Throws:
java.lang.RuntimeException
- if the check does not exist or cannot be instantiated
-
-