An AuthenticationStrategy is responsible for retriving a Principal for the current request.
This Principal is then added as a property for the duration of the request.
How this Principal is retrieved is dependent on the type of strategy.
For example, the BasicAuthenticationStrategy, named after HTTP Basic Auth, creates a Principal
based on the credentials provided in the Authorization header. If no credentials are supplied an
appropriate 401 is returned.
A SessionAuthenticationStrategy looks up a Principal from the current session. The session
would have been populated previously by some authenticating mechanism (login page for example).
Another type of AuthenticationStrategy might be to use an API header key to lookup details
from a key database.
To implement a custom strategy, extend from AuthenticationStrategy populating the supplied
request with a Principal, or returning an error response if appropriate.
An AuthenticationStrategy is responsible for retriving a Principal for the current request. This Principal is then added as a property for the duration of the request.
How this Principal is retrieved is dependent on the type of strategy.
For example, the BasicAuthenticationStrategy, named after HTTP Basic Auth, creates a Principal based on the credentials provided in the Authorization header. If no credentials are supplied an appropriate 401 is returned.
A SessionAuthenticationStrategy looks up a Principal from the current session. The session would have been populated previously by some authenticating mechanism (login page for example).
Another type of AuthenticationStrategy might be to use an API header key to lookup details from a key database.
To implement a custom strategy, extend from AuthenticationStrategy populating the supplied request with a Principal, or returning an error response if appropriate.