Package org.cibseven.bpm.engine.rest.security.auth.impl

Class CompositeAuthenticationProvider

java.lang.Object

org.cibseven.bpm.engine.rest.security.auth.impl.CompositeAuthenticationProvider

All Implemented Interfaces:

AuthenticationProvider

public class CompositeAuthenticationProvider
extends Object
implements AuthenticationProvider

CompositeAuthenticationProvider tries to authenticate using the first provider. If the first provider fails, it falls back to the second provider.

Constructor Summary

Constructors

Constructor	Description
CompositeAuthenticationProvider()	Default constructor using JwtTokenAuthenticationProvider as primary and HttpBasicAuthenticationProvider as fallback.
CompositeAuthenticationProvider(AuthenticationProvider primaryProvider, AuthenticationProvider fallbackProvider)

Method Summary

Modifier and Type	Method	Description
void	augmentResponseByAuthenticationChallenge(jakarta.servlet.http.HttpServletResponse response, ProcessEngine engine)	Callback to add an authentication challenge to the response to the client.
AuthenticationResult	extractAuthenticatedUser(jakarta.servlet.http.HttpServletRequest request, ProcessEngine engine)	Checks the request for authentication.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

CompositeAuthenticationProvider

public CompositeAuthenticationProvider()

Default constructor using JwtTokenAuthenticationProvider as primary and HttpBasicAuthenticationProvider as fallback.

CompositeAuthenticationProvider

public CompositeAuthenticationProvider(AuthenticationProvider primaryProvider,
 AuthenticationProvider fallbackProvider)

Method Details

extractAuthenticatedUser

public AuthenticationResult extractAuthenticatedUser(jakarta.servlet.http.HttpServletRequest request,
 ProcessEngine engine)

Description copied from interface: AuthenticationProvider

Checks the request for authentication. May not return null, but always an AuthenticationResult that indicates, whether authentication was successful, and, if true, always provides the authenticated user. The result can only be successful if a valid user id was provided in the request. It is not required to provide the group or tenant id, as they will be resolved via the IdentityService (e.g. ProcessEngineAuthenticationFilter.setAuthenticatedUser(org.cibseven.bpm.engine.ProcessEngine, java.lang.String, java.util.List<java.lang.String>, java.util.List<java.lang.String>)).

Specified by:

extractAuthenticatedUser in interface AuthenticationProvider

Parameters:

request - the request to authenticate

engine - the process engine the request addresses. May be used to authenticate against the engine's identity service.

augmentResponseByAuthenticationChallenge

public void augmentResponseByAuthenticationChallenge(jakarta.servlet.http.HttpServletResponse response,
 ProcessEngine engine)

Description copied from interface: AuthenticationProvider

Callback to add an authentication challenge to the response to the client. Called in case of unsuccessful authentication.

For example, a Http Basic auth implementation may set the WWW-Authenticate header to Basic realm="engine name".

Specified by:

augmentResponseByAuthenticationChallenge in interface AuthenticationProvider

Parameters:

response - the response to augment

engine - the process engine the request addressed. May be considered as an authentication realm to create a specific authentication challenge