Java Reference
In-Depth Information
• A call to the
logout
method must call the
cleanSubject
method. This is
true if the
logout
method is not called in the context of a call it made to the
cleanSubject
method.
Standardizing access to the application context
identifier
The application context identifier is an ID used to identify or select
AuthCon-
figProvider
and
ServerAuthConfig
objects for a given application (it is con-
tained in the
appContext
parameter). Prior to JASPIC 1.1, there was no standard
way to get it. As usual, each server vendor proposed a method that was vendor-spe-
cific. Now it is possible in standard with the following code:
ServletContext context = ...
//...
String appContextID =
context.getVirtualServerName() + " " +
context.getContextPath();
Support for forward and include mechanisms
The JASPIC 1.1 Specification has insisted on the fact that authentication modules
must be able to forward and include during the processing of the
valid-
ateRequest
method. Concretely, this is possible by using
request
and
response
within the
MessageInfo
parameter type. The following code gives an overview of a
redirection to an error page based on the results of a condition:
public AuthStatus validateRequest(MessageInfo
messageInfo, Subject clientSubject, Subject
serviceSubject) throws AuthException {
HttpServletRequest request =
(HttpServletRequest)
messageInfo.getRequestMessage();
HttpServletResponse response =
(HttpServletResponse)