public class Authentications extends Object implements Serializable
Wrapper around current authentications.
In Camunda Platform rest and web applications, authentications are managed per process engine: at a given point in time, there might be multiple authentications active for different users and process engines in a single session. The situation is that a "physical" user may possess credentials for different process engines, each of these representing a different process engine user. For each process engine, there can be at most one authentication active in a given session.
In addition, the AuthenticationFilter
binds an instance of this
class to a thread local and may be obtained by getCurrent()
Modifier and Type | Field and Description |
---|---|
protected Map<String,Authentication> |
authentications
holds an entry for each processEngine->userId pair currently authenticated
|
Constructor and Description |
---|
Authentications() |
Modifier and Type | Method and Description |
---|---|
void |
addAuthentication(Authentication authentication)
Adds an authentication to the list of current authentications.
|
static void |
clearCurrent()
clears the
Authentications for the current thread. |
Authentication |
getAuthenticationForProcessEngine(String engineName)
Returns an
Authentication for a provided process engine name or "null". |
List<Authentication> |
getAuthentications() |
static Authentications |
getCurrent()
Returns the authentications for the current thread.
|
static Authentications |
getFromSession(javax.servlet.http.HttpSession session)
Allows obtaining an
Authentications object from the
HttpSession . |
boolean |
hasAuthenticationForProcessEngine(String engineName)
Allows checking whether a user is currently authenticated for a given process engine name.
|
void |
removeAuthenticationForProcessEngine(String engineName)
Removes the authentication for the provided process engine name.
|
static void |
revalidateSession(javax.servlet.http.HttpServletRequest request,
Authentication authentication)
Invalidates the old
HttpSession of the current request and creates
a new one. |
static void |
setCurrent(Authentications auth)
sets the
Authentications for the current thread in a thread local. |
static void |
updateSession(javax.servlet.http.HttpSession session,
Authentications authentications) |
protected Map<String,Authentication> authentications
public Authentication getAuthenticationForProcessEngine(String engineName)
Authentication
for a provided process engine name or "null".engineName
- the name of the process engine for which the userId should be
retrieved.Authentication
for the provided process engine or
"null" if no user is authenticated for this process engine.public void addAuthentication(Authentication authentication)
authentication
- the authentication to addpublic void removeAuthenticationForProcessEngine(String engineName)
engineName
- the name of the process engine for which the authentication should
be removed.public List<Authentication> getAuthentications()
Authentications
.public boolean hasAuthenticationForProcessEngine(String engineName)
engineName
- the name of the process engine for which we want to check for authentication.public static void setCurrent(Authentications auth)
Authentications
for the current thread in a thread local.auth
- the Authentications
to set.public static void clearCurrent()
Authentications
for the current thread.public static Authentications getCurrent()
public static Authentications getFromSession(javax.servlet.http.HttpSession session)
Authentications
object from the
HttpSession
. If no such object exists in the session, a new
instance is created and returned.session
- the HttpSession
instance from which to retrieve the
Authentications
.public static void revalidateSession(javax.servlet.http.HttpServletRequest request, Authentication authentication)
HttpSession
of the current request and creates
a new one. Additionally transfers the existing authentications to the new
session and adds a new one.request
- the HttpServletRequest
instance from which the session
is obtained and a new HttpSession
created.authentication
- the new Authentication
instance that is created
through user login. It is added to the existing authentications.public static void updateSession(javax.servlet.http.HttpSession session, Authentications authentications)
Copyright © 2021. All rights reserved.