SecurityContextService (force-sdk 22.0.1-BETA API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.force.sdk.oauth.context
Interface SecurityContextService

All Known Implementing Classes:: SecurityContextServiceImpl

public interface SecurityContextService

The security context service provides the basic functionality for managing a security context in the session of the authenticated user.

Author:: John Simone

Method Summary
`void`	`clearSecurityContext(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)` Clears the security context from the context store.
`SecretKeySpec`	`getSecretKey()` Return the secret key if one is being used.
`SecurityContext`	`getSecurityContextFromSession(javax.servlet.http.HttpServletRequest request)` This method retrieves the security context.
`void`	`setSecurityContextToSession(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, SecurityContext sc)` Sets the security context to the session.
`SecurityContext`	`verifyAndRefreshSecurityContext(SecurityContext sc, javax.servlet.http.HttpServletRequest request)` Verify the passed in security context against the browser cookies.

Method Detail

setSecurityContextToSession

void setSecurityContextToSession(javax.servlet.http.HttpServletRequest request,
                                 javax.servlet.http.HttpServletResponse response,
                                 SecurityContext sc)

Sets the security context to the session.

Parameters:: request - HttpServletRequest; response - HttpServletResponse; sc - SecurityContext

getSecurityContextFromSession

SecurityContext getSecurityContextFromSession(javax.servlet.http.HttpServletRequest request)

This method retrieves the security context. The security context will either come out of the session or will be built from a call to the partner api. The partner api will be called if: - There is no security context in the session, but there is a session id available in a cookie - There is a security context in the session, but the session id that it contains doesn't match the one available in the cookie

Parameters:: request - HttpServletRequest
Returns:: SecurityContext

verifyAndRefreshSecurityContext

SecurityContext verifyAndRefreshSecurityContext(SecurityContext sc,
                                                javax.servlet.http.HttpServletRequest request)

Verify the passed in security context against the browser cookies. This will make sure that the necessary cookies exist and that the values match those in the security context. It will create a fresh security context with data from the partner API if necessary.

Parameters:: sc - SecurityContext; request - HttpServletRequest
Returns:: SecurityContext

clearSecurityContext

void clearSecurityContext(javax.servlet.http.HttpServletRequest request,
                          javax.servlet.http.HttpServletResponse response)

Clears the security context from the context store.

Parameters:: request - HttpServletRequest; response - HttpServletResponse

getSecretKey

SecretKeySpec getSecretKey()
                           throws ForceEncryptionException

Return the secret key if one is being used.

Returns:: SecretKeySpec
Throws:: ForceEncryptionException - ForceEncryptionException