This project has retired. For details please refer to its Attic page.
ServletAuthenticator xref
View Javadoc
1   package org.apache.archiva.security;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *  http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import javax.servlet.http.HttpServletRequest;
23  
24  import org.apache.archiva.redback.authentication.AuthenticationException;
25  import org.apache.archiva.redback.authentication.AuthenticationResult;
26  import org.apache.archiva.redback.authorization.AuthorizationException;
27  import org.apache.archiva.redback.authorization.UnauthorizedException;
28  import org.apache.archiva.redback.policy.AccountLockedException;
29  import org.apache.archiva.redback.policy.MustChangePasswordException;
30  import org.apache.archiva.redback.system.SecuritySession;
31  
32  /**
33   * @version
34   */
35  public interface ServletAuthenticator
36  {
37      /**
38       * Authentication check for users.
39       * 
40       * @param request
41       * @param result
42       * @return
43       * @throws AuthenticationException
44       * @throws AccountLockedException
45       * @throws MustChangePasswordException
46       */
47      boolean isAuthenticated( HttpServletRequest request, AuthenticationResult result )
48          throws AuthenticationException, AccountLockedException, MustChangePasswordException;
49  
50      /**
51       * Authorization check for valid users.
52       * 
53       * @param request
54       * @param securitySession
55       * @param repositoryId
56       * @param permission
57       * @return
58       * @throws AuthorizationException
59       * @throws UnauthorizedException
60       */
61      boolean isAuthorized( HttpServletRequest request, SecuritySession securitySession, String repositoryId,
62          String permission ) throws AuthorizationException, UnauthorizedException;
63      
64      /**
65       * Authorization check specific for user guest, which doesn't go through 
66       * HttpBasicAuthentication#getAuthenticationResult( HttpServletRequest request, HttpServletResponse response )
67       * since no credentials are attached to the request. 
68       * 
69       * See also MRM-911
70       * 
71       * @param principal
72       * @param repoId
73       * @param permission
74       * @return
75       * @throws UnauthorizedException
76       */
77      boolean isAuthorized( String principal, String repoId, String permission )
78          throws UnauthorizedException;
79  }