JCoServerSecurityHandler (SAP BTP SDK for the Neo environment)

```
public interface JCoServerSecurityHandler
```
The security handler will be called for authenticating user credentials and for checking the permissions of the user, who initiated a remote function call. Each application should provide its own implementation of the security handler. The security handler is registered at the JCoServer instance.

See Also:

SecurityHandler

Method Summary

All Methods Instance Methods Default Methods Deprecated Methods
Modifier and Type	Method and Description
`default JCoServerUserContext`	`authenticate(JCoServerContextInfo serverCtxInfo, JCoServerAuthenticationData... authenticationData)` This method will be invoked by the JCo runtime for each new session which is established.
`default void`	`checkAuthentication(JCoServerContextInfo serverCtxInfo, JCoServerAuthenticationData... authenticationData)` Deprecated. Will be removed in a future release without further notice. This method has been replaced by method `authenticate(JCoServerContextInfo serverCtxInfo, JCoServerAuthenticationData... authenticationData)` whose implementation will be mandatory in a future release.
`default void`	`checkAuthorization(JCoServerContextInfo serverCtxInfo, JCoServerUserContext userContext, String functionName)` This method will be invoked by the JCo runtime on each remote function call.
`default void`	`checkAuthorization(JCoServerContext serverCtx, String functionName, JCoServerAuthorizationData authorizationData)` Deprecated. Will be removed in a future release without further notice. This method has been replaced by method `checkAuthorization(JCoServerContextInfo, JCoServerUserContext, String)` whose implementation will be mandatory in a future release.

- Method Detail
  - authenticate
```
@MandatoryInFuture
default JCoServerUserContext authenticate(JCoServerContextInfo serverCtxInfo,
                                                             JCoServerAuthenticationData... authenticationData)
                                                      throws JCoServerAuthenticationException
```
    This method will be invoked by the JCo runtime for each new session which is established. In case the connection state is stateless, it will be invoked on each incoming remote function call.
    Note: WebSocket RFC server connections are stateful by default, and CPIC-based registered RFC server connections are stateless by default.
    
    Parameters:
    
    serverCtxInfo - remote function call related server context information
    
    authenticationData - authentication data sent from the remote system or null, if no data is provided
    
    Returns:
    
    the user context of the successfully authenticated user, or null if the security handler does not have a user management
    
    Throws:
    
    JCoServerAuthenticationException - if the user does not have access to the associated server instance
    
    Since:
    
    JCo 3.1.11
  - checkAuthentication
```
@Deprecated
default void checkAuthentication(JCoServerContextInfo serverCtxInfo,
                                             JCoServerAuthenticationData... authenticationData)
                                      throws JCoApplicationAuthenticationException
```
    Deprecated. Will be removed in a future release without further notice. This method has been replaced by method authenticate(JCoServerContextInfo serverCtxInfo, JCoServerAuthenticationData... authenticationData) whose implementation will be mandatory in a future release.
    
    This method will be invoked by the JCo runtime for each new session which is established. In case the connection state is stateless, it will be invoked on each incoming remote function call.
    Note: This method is obsolete and won't be invoked anymore, if the replacement method authenticate(JCoServerContextInfo serverCtxInfo, JCoServerAuthenticationData... authenticationData) has been implemented.
    
    Parameters:
    
    serverCtxInfo - remote function call related server context information
    
    authenticationData - authentication data sent from the remote system or null, if no data is provided
    
    Throws:
    
    JCoApplicationAuthenticationException - if the user does not have access to the associated server instance
    
    Since:
    
    JCo 3.1.0
  - checkAuthorization
```
@MandatoryInFuture
default void checkAuthorization(JCoServerContextInfo serverCtxInfo,
                                                   JCoServerUserContext userContext,
                                                   String functionName)
                                            throws JCoServerAuthorizationException
```
    This method will be invoked by the JCo runtime on each remote function call. The passed JCoServerUserContext is the object, which was previously returned by method authenticate(JCoServerContextInfo, JCoServerAuthenticationData...) for the current session.
    
    Parameters:
    
    serverCtxInfo - remote function call related server context information
    
    userContext - the user context of the successfully authenticated user in the current session, or null if the security handler does not have a user management
    
    functionName - name of the function module which is about to be invoked
    
    Throws:
    
    JCoServerAuthorizationException - if the user does not have the authorization to execute the function
    
    Since:
    
    JCo 3.1.11
  - checkAuthorization
```
@Deprecated
default void checkAuthorization(JCoServerContext serverCtx,
                                            String functionName,
                                            JCoServerAuthorizationData authorizationData)
                                     throws JCoApplicationAuthorizationException
```
    Deprecated. Will be removed in a future release without further notice. This method has been replaced by method checkAuthorization(JCoServerContextInfo, JCoServerUserContext, String) whose implementation will be mandatory in a future release.
    
    This method will be invoked by the JCo runtime on each remote function call.
    Note: This method is obsolete and won't be invoked anymore, if the replacement method checkAuthorization(JCoServerContextInfo, JCoServerUserContext, String) has been implemented.
    
    Parameters:
    
    serverCtx - remote function call related server context
    
    functionName - name of the function module which is about to be invoked
    
    authorizationData - authorization data sent from the remote system
    
    Throws:
    
    JCoApplicationAuthorizationException - if the user does not have the authorization to execute the function

Interface JCoServerSecurityHandler

Method Summary

Method Detail

authenticate

checkAuthentication

checkAuthorization

checkAuthorization