This project has retired. For details please refer to its Attic page.
Source code
001package org.apache.archiva.security;
002
003/*
004 * Licensed to the Apache Software Foundation (ASF) under one
005 * or more contributor license agreements.  See the NOTICE file
006 * distributed with this work for additional information
007 * regarding copyright ownership.  The ASF licenses this file
008 * to you under the Apache License, Version 2.0 (the
009 * "License"); you may not use this file except in compliance
010 * with the License.  You may obtain a copy of the License at
011 *
012 *  http://www.apache.org/licenses/LICENSE-2.0
013 *
014 * Unless required by applicable law or agreed to in writing,
015 * software distributed under the License is distributed on an
016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
017 * KIND, either express or implied.  See the License for the
018 * specific language governing permissions and limitations
019 * under the License.
020 */
021
022import javax.servlet.http.HttpServletRequest;
023
024import org.apache.archiva.redback.authentication.AuthenticationException;
025import org.apache.archiva.redback.authentication.AuthenticationResult;
026import org.apache.archiva.redback.authorization.AuthorizationException;
027import org.apache.archiva.redback.authorization.UnauthorizedException;
028import org.apache.archiva.redback.policy.AccountLockedException;
029import org.apache.archiva.redback.policy.MustChangePasswordException;
030import org.apache.archiva.redback.system.SecuritySession;
031
032/**
033 * @version
034 */
035public interface ServletAuthenticator
036{
037    /**
038     * Authentication check for users.
039     * 
040     * @param request
041     * @param result
042     * @return
043     * @throws AuthenticationException
044     * @throws AccountLockedException
045     * @throws MustChangePasswordException
046     */
047    boolean isAuthenticated( HttpServletRequest request, AuthenticationResult result )
048        throws AuthenticationException, AccountLockedException, MustChangePasswordException;
049
050    /**
051     * Authorization check for valid users.
052     * 
053     * @param request
054     * @param securitySession
055     * @param repositoryId
056     * @param permission
057     * @return
058     * @throws AuthorizationException
059     * @throws UnauthorizedException
060     */
061    boolean isAuthorized( HttpServletRequest request, SecuritySession securitySession, String repositoryId,
062        String permission ) throws AuthorizationException, UnauthorizedException;
063    
064    /**
065     * Authorization check specific for user guest, which doesn't go through 
066     * HttpBasicAuthentication#getAuthenticationResult( HttpServletRequest request, HttpServletResponse response )
067     * since no credentials are attached to the request. 
068     * 
069     * See also MRM-911
070     * 
071     * @param principal
072     * @param repoId
073     * @param permission
074     * @return
075     * @throws UnauthorizedException
076     */
077    boolean isAuthorized( String principal, String repoId, String permission )
078        throws UnauthorizedException;
079}