1 package org.apache.archiva.security; 2 3 /* 4 * Licensed to the Apache Software Foundation (ASF) under one 5 * or more contributor license agreements. See the NOTICE file 6 * distributed with this work for additional information 7 * regarding copyright ownership. The ASF licenses this file 8 * to you under the Apache License, Version 2.0 (the 9 * "License"); you may not use this file except in compliance 10 * with the License. You may obtain a copy of the License at 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, 15 * software distributed under the License is distributed on an 16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 17 * KIND, either express or implied. See the License for the 18 * specific language governing permissions and limitations 19 * under the License. 20 */ 21 22 import org.apache.archiva.redback.authentication.AuthenticationException; 23 import org.apache.archiva.redback.authentication.AuthenticationResult; 24 import org.apache.archiva.redback.authorization.AuthorizationException; 25 import org.apache.archiva.redback.authorization.UnauthorizedException; 26 import org.apache.archiva.redback.policy.AccountLockedException; 27 import org.apache.archiva.redback.policy.MustChangePasswordException; 28 import org.apache.archiva.redback.system.SecuritySession; 29 30 import javax.servlet.http.HttpServletRequest; 31 32 /** 33 * @version 34 */ 35 public interface ServletAuthenticator 36 { 37 /** 38 * Authentication check for users. 39 * 40 * @param request 41 * @param result 42 * @return 43 * @throws AuthenticationException 44 * @throws AccountLockedException 45 * @throws MustChangePasswordException 46 */ 47 boolean isAuthenticated( HttpServletRequest request, AuthenticationResult result ) 48 throws AuthenticationException, AccountLockedException, MustChangePasswordException; 49 50 /** 51 * Authorization check for valid users. 52 * 53 * @param request 54 * @param securitySession 55 * @param repositoryId 56 * @param permission 57 * @return 58 * @throws AuthorizationException 59 * @throws UnauthorizedException 60 */ 61 boolean isAuthorized( HttpServletRequest request, SecuritySession securitySession, String repositoryId, 62 String permission ) throws AuthorizationException, UnauthorizedException; 63 64 /** 65 * Authorization check specific for user guest, which doesn't go through 66 * HttpBasicAuthentication#getAuthenticationResult( HttpServletRequest request, HttpServletResponse response ) 67 * since no credentials are attached to the request. 68 * 69 * See also MRM-911 70 * 71 * @param principal 72 * @param repoId 73 * @param permission 74 * @return 75 * @throws UnauthorizedException 76 */ 77 boolean isAuthorized( String principal, String repoId, String permission ) 78 throws UnauthorizedException; 79 }