About the Java EE Security API (original) (raw)
Java EE includes support for JSR 375, which defines portable, plug-in interfaces for authentication and identity stores, and a new injectable-type SecurityContext interface that provides an access point for programmatic security. You can use the built-in implementations of these APIs, or define custom implementations.
The Java EE Security API contains the following packages:
- The
javax.security.enterprisepackage is the main Java EE security API package and contains classes and interfaces that span authentication, authorization, and identity concerns. Table 51-1 lists the main class and interfaces in this package. - The
javax.security.enterprise.authentication.mechanism.httppackage contains classes and interfaces associated with HTTP-based authentication mechanisms that can interact with a caller or third-parties as part of an authentication protocol.Table 51-2 lists the main classes and interfaces in this package. - The
javax.javax.security.enterprise.credentialpackage contains classes and interfaces for representing user credentials. Table 51-3lists the main classes and interfaces in this package. - The
javax.security.enterprise.identitystorepackage contains classes and interfaces associated with identity stores that validate a caller’s credentials and lookup caller groups. Table 51-4lists the main classes and interfaces in this package.
Table 51-1 Main Classes and Interfaces in javax.security.enterprise
| Class or Interface | Description |
|---|---|
| SecurityContext | Injectable-type interface that provides an access point for programmatic security intended to be used by application code to query and interact with the Java EE Security API. |
| CallerPrincipal | Principal type that can represent the identity of the application caller. |
| AuthenticationStatus | Enum used to indicate the return value from an authentication mechanism. |
| AuthenticationException | Indicates that a problem occurred during the authentication process. |
Table 51-2 Main Classes and Interfaces in javax.security.enterprise.authentication.mechanism.http
| Class or Interface | Description |
|---|---|
| HttpAuthenticationMechanism | Interface representing an HTTP authentication mechanism. Developers can provide their own implementation of this interface, or use one of several built-in HTTP authentication mechanisms. |
| HttpMessageContext | Interface representing the parameters passed to/from methods of an HttpAuthenticationMechanism at runtime. |
| AuthenticationParameters | Class that carries parameters passed to theSecurityContext.authenticate() method. |
| HttpMessageContextWrapper | Abstract class developers can extend to customize HttpMessageContext behavior. |
| **Note:**The javax.security.enterprise.authentication.mechanism.http package also includes a number of annotation classes that are used to configure/enable the built-in authentication mechanisms or to modify the behavior of an authentication mechanism. |
|---|
Table 51-3 Main Classes and Interfaces in javax.security.enterprise.credential
| Class or Interface | Description |
|---|---|
| Credential | Interface that represents a generic credential and defines several methods to operate on credentials. All other classes in this package are implementations of the Credential interface. |
| AbstractClearableCredential | Abstract class implementing behavior common to Credentials that can be meaningfully cleared. |
| BasicAuthenticationCredential | Class that extends UsernamePasswordCredentialto represent credentials used by HTTP Basic Authentication. |
| CallerOnlyCredential | Credential that contains a caller name only; can be used to assert an identity, but not to authenticate a user, due to the lack of any secret or other credential that can be validated. |
| Password | Class that represents a text-based password. |
| RememberMeCredential | Class that represents a credential presented as a token, for the explicit usage with the JSR 375 remember me function. |
| UsernamePasswordCredential | Class that represents the credentials typically used by standard caller name/password authentication. |
Table 51-4 Main Classes and Interfaces in javax.security.enterprise.identitystore
| Class or Interface | Description |
|---|---|
| IdentityStore | Interface representing an Identity Store. Developers can provide their own implementation of this interface, or use one of the built-in Identity Stores. |
| IdentityStoreHandler | Interface that defines the method applications use to interact with Identity Stores. Applications can use the built-in IdentityStoreHandler, or supply their own implementation if custom behavior is desired. |
| PasswordHash | Interface defining methods for generating and validating password hashes, needed to securely validate passwords when using the built-in Database Identity Store. Developers can implement this interface to generate/validate password hashes using any desired algorithm. |
| Pbkdf2PasswordHash | Marker interface implemented by the built-in PBKDF2 PasswordHash implementation. Developers can use this interface to select the built-in PBKDF2 algorithm when configuring the Database Identity Store. |
| RememberMeIdentityStore | Interface defining a special type of Identity Store, used in conjunction with the RememberMe annotation to provide RememberMe behavior for an application. |
| CredentialValidationResult | Class that represents the result from an attempt to validate a Credential. |
| IdentityStorePermission | Permission required to invoke the getGroups method of an IdentityStore, when a SecurityManager is configured. |