Module io.helidon.security.providers.httpauth

Package io.helidon.security.providers.httpauth

Interface SecureUserStore

All Known Implementing Classes:

ConfigUserStore

Functional Interface:

This is a functional interface and can therefore be used as the assignment target for a lambda expression or method reference.

@FunctionalInterface
public interface SecureUserStore

Store of users for resolving httpauth and digest authentication. This implementation does not require to provide passwords. This is a more secure approach. Keep in mind that HTTP Basic authentication is an unsafe protection, and even when combined with SSL, it still has some severe issues.

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static interface	SecureUserStore.User	Representation of a single user.

Method Summary

Modifier and Type	Method	Description
Optional<SecureUserStore.User>	user(String login)	Get user based on login.

Method Details

user

Optional<SecureUserStore.User> user(String login)

Get user based on login. The returned user may not be populated - SecureUserStore.User.roles() is never called before SecureUserStore.User.isPasswordValid(char[]). Also the missing user and user with wrong password are treated the same - so if your implementation cannot decide whether a user exists until the password is checked, you can delay that decision and just return false from SecureUserStore.User.isPasswordValid(char[]) for both cases (e.g. invalid user and invalid password).

Parameters:

login - login of the user (as obtained from request)

Returns:

User information (empty if user is not found)