Thoughts about going from HttpServletRequest objcets to something we can feed to an AuthenticationHandler:
HttpServletRequest
An HttpServletRequest addressed to the Logon Controller representing a request for authentication.
enters the
Logon Controller
Controller which examines the request and applies some logic.
Logon controller applies an
AuthenticationRequestBinder
Translates from an HttpServletRequest to an AuthenticationRequest.
/**
* Interface for components that know how to extract from HttpServletRequest
* whatever it is that constitutes actual arguments of the request for authentication.
*/
public interface AuthenticationRequestBinder {
/**
* Parse an HttpServletRequest and extract from it whatever it is that is necessary as input to the AuthenticationHandler
* which will examine the request for authentication represented by the HttpServletRequest. Return an Object
* encapsulating that extracted information. Specific implementations will return specific objects which in turn specific
* AuthenticationHandler implementations will expect and consume.
* @returns an object representing the relevant information for the authentication request
* @throws RuntimeException - indicates failure
*/
Object authenticationRequestFromHttpServletRequest(HttpServletRequest httpServletRequest);
}
Implementation notes
:
AuthenticationRequest, marker interfaces, and POJOs
I use the term AuthenticationRequest here in the interest of ubiquitous language and calling things what they are. I continue to prefer at an implementation level that we let these be just plain old Objects and not require that they implement a marker interface because doing so will allow a particular AuthenticationRequestBinder and AuthenticationHandler pair to agree to use any arbitrary Object one has lying around that meets the need and not have to wrap it with a CAS-specific AuthenticationHandler interface that adds no methods. My own preference. -~awp9
Multiple AuthenticationRequestBinders
In fact one might have several different kinds of AuthenticationRequest for which there are mapped AuthenticationHandlers. I would want to implement this as a special AuthenticationRequestBinder implementation which knows how to delegate to other AuthenticationRequestBinders, rather than introduce an AuthenticationRequestBinderManager. Again, my own preference. -~awp9