Interface HttpAuthenticationMechanismHandler


public interface HttpAuthenticationMechanismHandler
HttpAuthenticationMechanismHandler is a mechanism for obtaining a caller's credentials in some way, using the HTTP protocol where necessary, by consulting a set of one or more HttpAuthenticationMechanisms.

This is a special variant of an HttpAuthenticationMechanism intended for coordination between multiple HttpAuthenticationMechanisms. Implementations are therefore expected and encouraged to delegate actually obtaining the caller's credential to an actual HttpAuthenticationMechanism. This is however not required and implementations can do as they choose.

Implementations of Jakarta Security must supply a default implementation of the HttpAuthenticationMechanismHandler. This implementation must be ApplicationScoped and this implementation must behave as described below:

  1. Before servicing any calls as defined by this interface, the implementation must (implicitly) check if there is more than one enabled bean of type HttpAuthenticationMechanism available, irrespective of any qualifiers.
  2. If there is more than one enabled bean of type HttpAuthenticationMechanism available, the implementation must apply the ambiguous dependency resolution rules to this set of beans. For instance by using BeanContainer.resolve(java.util.Set).
  3. If the ambiguous dependency resolution rules fail, an AmbiguousResolutionException must be thrown (or the one thrown by BeanContainer.resolve(java.util.Set) propagated).
  4. If the ambiguous dependency resolution rules succeed, the implementation must remember the one resulting bean.
  5. When servicing any calls as defined by this interface, the implementation must call the method on the remembered HttpAuthenticationMechanism bean with the same name and arguments, and where applicable return the result from that call.

Applications do not need to supply an HttpAuthenticationMechanismHandler unless application-specific behavior is desired.