public interface IdentityStoreHandler
IdentityStoreHandler is a mechanism for validating a caller's
credentials, and accessing a caller's identity attributes, by consulting
a set of one or more IdentityStores.
It is intended for use by an authentication mechanism, such as an
HttpAuthenticationMechanism (Jakarta Security) or a ServerAuthModule
(Jakarta Authentication).
Beans should inject only this handler, and not IdentityStore
directly, as multiple stores may exist.
Implementations of Jakarta Security must supply a default implementation of
IdentityStoreHandler that behaves as described in the Jakarta Security
specification document.
Applications do not need to supply an IdentityStoreHandler
unless application-specific behavior is desired.
| Modifier and Type | Method and Description |
|---|---|
CredentialValidationResult |
validate(Credential credential)
Validate the given
Credential and return the identity and attributes
of the caller it represents. |
CredentialValidationResult validate(Credential credential)
Credential and return the identity and attributes
of the caller it represents.
Implementations of this method will typically invoke the validate()
and getCallerGroups() methods of one or more IdentityStores
and return an aggregated result.
Note that the IdentityStore may check for IdentityStorePermission
if getCallerGroups() is called and a SecurityManager is configured.
(The default built-in stores do perform this check; application-supplied stores
may or may not.) An implementation of this method should therefore invoke
getCallerGroups() in the context of a PrivilegedAction,
and arrange to be granted the appropriate IdentityStorePermission permission.
credential - The credential to validate.