Java Reference
In-Depth Information
• A call to the logout method must call the cleanSubject method. This is
true if the logout method is not called in the context of a call it made to the
cleanSubject method.
Standardizing access to the application context
The application context identifier is an ID used to identify or select AuthCon-
figProvider and ServerAuthConfig objects for a given application (it is con-
tained in the appContext parameter). Prior to JASPIC 1.1, there was no standard
way to get it. As usual, each server vendor proposed a method that was vendor-spe-
cific. Now it is possible in standard with the following code:
ServletContext context = ...
String appContextID =
context.getVirtualServerName() + " " +
Support for forward and include mechanisms
The JASPIC 1.1 Specification has insisted on the fact that authentication modules
must be able to forward and include during the processing of the valid-
ateRequest method. Concretely, this is possible by using request and response
within the MessageInfo parameter type. The following code gives an overview of a
redirection to an error page based on the results of a condition:
public AuthStatus validateRequest(MessageInfo
messageInfo, Subject clientSubject, Subject
serviceSubject) throws AuthException {
HttpServletRequest request =
HttpServletResponse response =
Search WWH ::

Custom Search