Package org.restlet.security

Class Authenticator

java.lang.Object
org.restlet.Restlet
org.restlet.routing.Filter
org.restlet.security.Authenticator
All Implemented Interfaces:
Uniform
Direct Known Subclasses:
CertificateAuthenticator, ChallengeAuthenticator
public abstract class Authenticator extends Filter
Filter authenticating the client sending the inbound request. Its main role is to inspect various credentials provided by the client and to add related application roles to the request's ClientInfo property.
Author:
Jerome Louvel

  • Constructor Details

    • Authenticator

      public Authenticator(Context context)
      Constructor setting the mode to "required".
      Parameters:
      context - The context.
      See Also:

    • Authenticator

      public Authenticator(Context context, boolean optional)
      Constructor using the context's default enroler.
      Parameters:
      context - The context.
      optional - Indicates if the authenticator is not required to succeed.
      See Also:

    • Authenticator

      public Authenticator(Context context, boolean multiAuthenticating, boolean optional, Enroler enroler)
      Constructor.
      Parameters:
      context - The context.
      multiAuthenticating - Indicates if the authenticator should attempt to authenticate an already authenticated client.
      optional - Indicates if the authenticator is not required to succeed.
      enroler - The enroler to invoke upon successful authentication.

    • Authenticator

      public Authenticator(Context context, boolean optional, Enroler enroler)
      Constructor.
      Parameters:
      context - The context.
      optional - Indicates if the authenticator is not required to succeed.
      enroler - The enroler to invoke upon successful authentication.

  • Method Details

    • authenticate

      protected abstract boolean authenticate(Request request, Response response)
      Attempts to authenticate the subject sending the request.
      Parameters:
      request - The request sent.
      response - The response to update.
      Returns:
      True if the authentication succeeded.

    • authenticated

      protected int authenticated(Request request, Response response)
      Invoked upon successful authentication. By default, it updates the request's clientInfo and challengeResponse "authenticated" properties, clears the existing challenge requests on the response, calls the enroler and finally returns Filter.CONTINUE.
      Parameters:
      request - The request sent.
      response - The response to update.
      Returns:
      The filter continuation code.

    • beforeHandle

      protected int beforeHandle(Request request, Response response)
      Handles the authentication by first invoking the authenticate(Request, Response) method, only if isMultiAuthenticating() returns true and if ClientInfo.isAuthenticated() returns false. If the method is invoked and returns true, the authenticated(Request, Response) is called. Otherwise, if isOptional() returns true it continues to the next Restlet or if it returns false it calls the unauthenticated(Request, Response) method.
      Overrides:
      beforeHandle in class Filter
      Parameters:
      request - The request to handle.
      response - The response to update.
      Returns:
      The continuation status. Either Filter.CONTINUE or Filter.SKIP or Filter.STOP.

    • getEnroler

      public Enroler getEnroler()
      Returns the enroler invoked upon successful authentication to update the subject with new principals. Typically new Role are added based on the available User instances available.
      Returns:
      The enroler invoked upon successful authentication

    • isMultiAuthenticating

      public boolean isMultiAuthenticating()
      Indicates if the authenticator should attempt to authenticate an already authenticated client. The client is considered authenticated if ClientInfo.isAuthenticated() returns true. By default, it is set to true.
      Returns:
      True if the authenticator should attempt to authenticate an already authenticated client.

    • isOptional

      public boolean isOptional()
      Indicates if the authenticator is not required to succeed. In those cases, the attached Restlet is invoked. Note that authentication will be attempted independently of this property unless the client is already authenticated and the isMultiAuthenticating() prevents multiple authentications.
      Returns:
      True if the authentication success is optional.

    • setEnroler

      public void setEnroler(Enroler enroler)
      Sets the enroler invoked upon successful authentication.
      Parameters:
      enroler - The enroler invoked upon successful authentication.

    • setMultiAuthenticating

      public void setMultiAuthenticating(boolean multiAuthenticating)
      Indicates if the authenticator should attempt to authenticate an already authenticated client. The client is considered authenticated if ClientInfo.isAuthenticated() returns true. By default, it is set to true.
      Parameters:
      multiAuthenticating - True if the authenticator should attempt to authenticate an already authenticated client.

    • setOptional

      public void setOptional(boolean optional)
      Indicates if the authenticator is not required to succeed. In those cases, the attached Restlet is invoked. Note that authentication will be attempted independently of this property unless the client is already authenticated and the isMultiAuthenticating() prevents multiple authentications.
      Parameters:
      optional - True if the authentication success is optional.

    • unauthenticated

      protected int unauthenticated(Request request, Response response)
      Invoked upon failed authentication. By default, it updates the request's clientInfo and challengeResponse "authenticated" properties, and returns Filter.STOP.
      Parameters:
      request - The request sent.
      response - The response to update.
      Returns:
      The filter continuation code.