Interface SecureUserStore
-
- All Known Subinterfaces:
UserStore
- All Known Implementing Classes:
ConfigUserStore
- Functional Interface:
- This is a functional interface and can therefore be used as the assignment target for a lambda expression or method reference.
@FunctionalInterface public interface SecureUserStore
Store of users for resolving httpauth and digest authentication. This implementation does not require to provide passwords. This is a more secure approach. Keep in mind that HTTP Basic authentication is an unsafe protection, and even when combined with SSL, it still has some severe issues.
-
-
Nested Class Summary
Nested Classes Modifier and Type Interface Description static interface
SecureUserStore.User
Representation of a single user.
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description Optional<SecureUserStore.User>
user(String login)
Get user based on login.
-
-
-
Method Detail
-
user
Optional<SecureUserStore.User> user(String login)
Get user based on login. The returned user may not be populated -SecureUserStore.User.roles()
is never called beforeSecureUserStore.User.isPasswordValid(char[])
. Also the missing user and user with wrong password are treated the same - so if your implementation cannot decide whether a user exists until the password is checked, you can delay that decision and just returnfalse
fromSecureUserStore.User.isPasswordValid(char[])
for both cases (e.g. invalid user and invalid password).- Parameters:
login
- login of the user (as obtained from request)- Returns:
- User information (empty if user is not found)
-
-