Package org.camunda.bpm.webapp.impl.security.auth

Class Authentications

java.lang.Object

org.camunda.bpm.webapp.impl.security.auth.Authentications

All Implemented Interfaces:

Serializable

public class Authentications
extends Object
implements Serializable

Wrapper around current authentications.

In Camunda Platform rest and web applications, authentications are managed per process engine: at a given point in time, there might be multiple authentications active for different users and process engines in a single session. The situation is that a "physical" user may possess credentials for different process engines, each of these representing a different process engine user. For each process engine, there can be at most one authentication active in a given session.

In addition, the AuthenticationFilter binds an instance of this class to a thread local and may be obtained by getCurrent()

Author:

Daniel Meyer

See Also:

Serialized Form

Field Summary

Fields

Modifier and Type	Field	Description
protected Map<String,Authentication>	authentications	holds an entry for each processEngine->userId pair currently authenticated

Constructor Summary

Constructors

Constructor	Description
Authentications()

Method Summary

Modifier and Type	Method	Description
void	addAuthentication(Authentication authentication)	Adds an authentication to the list of current authentications.
static void	clearCurrent()	clears the Authentications for the current thread.
Authentication	getAuthenticationForProcessEngine(String engineName)	Returns an Authentication for a provided process engine name or "null".
List<Authentication>	getAuthentications()
static Authentications	getCurrent()	Returns the authentications for the current thread.
static Authentications	getFromSession(javax.servlet.http.HttpSession session)	Allows obtaining an Authentications object from the HttpSession.
boolean	hasAuthenticationForProcessEngine(String engineName)	Allows checking whether a user is currently authenticated for a given process engine name.
void	removeAuthenticationForProcessEngine(String engineName)	Removes the authentication for the provided process engine name.
static void	revalidateSession(javax.servlet.http.HttpServletRequest request, Authentication authentication)	Invalidates the old HttpSession of the current request and creates a new one.
static void	setCurrent(Authentications auth)	sets the Authentications for the current thread in a thread local.
static void	updateSession(javax.servlet.http.HttpSession session, Authentications authentications)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

authentications

protected Map<String,Authentication> authentications

holds an entry for each processEngine->userId pair currently authenticated

Constructor Detail

Authentications

public Authentications()

Method Detail

getAuthenticationForProcessEngine

public Authentication getAuthenticationForProcessEngine(String engineName)

Returns an Authentication for a provided process engine name or "null".

Parameters:

engineName - the name of the process engine for which the userId should be retrieved.

Returns:

Authentication for the provided process engine or "null" if no user is authenticated for this process engine.

addAuthentication

public void addAuthentication(Authentication authentication)

Adds an authentication to the list of current authentications. If there already existis an authentication of the same process engine, it is replaced silently.

Parameters:

authentication - the authentication to add

removeAuthenticationForProcessEngine

public void removeAuthenticationForProcessEngine(String engineName)

Removes the authentication for the provided process engine name.

Parameters:

engineName - the name of the process engine for which the authentication should be removed.

getAuthentications

public List<Authentication> getAuthentications()

Returns:

all active Authentications.

hasAuthenticationForProcessEngine

public boolean hasAuthenticationForProcessEngine(String engineName)

Allows checking whether a user is currently authenticated for a given process engine name.

Parameters:

engineName - the name of the process engine for which we want to check for authentication.

Returns:

true if a user is authenticated for the provided process engine name.

setCurrent

public static void setCurrent(Authentications auth)

sets the Authentications for the current thread in a thread local.

Parameters:

auth - the Authentications to set.

clearCurrent

public static void clearCurrent()

clears the Authentications for the current thread.

getCurrent

public static Authentications getCurrent()

Returns the authentications for the current thread.

Returns:

the authentications.

getFromSession

public static Authentications getFromSession(javax.servlet.http.HttpSession session)

Allows obtaining an Authentications object from the HttpSession. If no such object exists in the session, a new instance is created and returned.

Parameters:

session - the HttpSession instance from which to retrieve the Authentications.

Returns:

revalidateSession

public static void revalidateSession(javax.servlet.http.HttpServletRequest request,
                                     Authentication authentication)

Invalidates the old HttpSession of the current request and creates a new one. Additionally transfers the existing authentications to the new session and adds a new one.

Parameters:

request - the HttpServletRequest instance from which the session is obtained and a new HttpSession created.

authentication - the new Authentication instance that is created through user login. It is added to the existing authentications.

updateSession

public static void updateSession(javax.servlet.http.HttpSession session,
                                 Authentications authentications)