• Home
• com.adobe.aem
• uber-jar
• 6.4.4
• source code
• WebConsoleSecurityProvider2.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.apache.felix.webconsole.WebConsoleSecurityProvider2 Maven / Gradle / Ivy

/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.apache.felix.webconsole;


import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;


/**
 * The WebConsoleSecurityProvider2 extends the
 * {@link WebConsoleSecurityProvider} interface allowing for full control of
 * the authentication process to access the Web Console.
 * 

 * If a registered {@link WebConsoleSecurityProvider} service implements this
 * interface the {@link #authenticate(HttpServletRequest, HttpServletResponse)}
 * method is called instead of the
 * {@link WebConsoleSecurityProvider#authenticate(String, String)} method.
 *
 * @since 3.1.2; Web Console Bundle 3.1.4
 */
public interface WebConsoleSecurityProvider2 extends WebConsoleSecurityProvider
{

    /**
     * The name of the request attribute providing the object representing the
     * authenticated user. This object is used to call the
     * {@link WebConsoleSecurityProvider#authorize(Object, String)} to
     * authorize access for certain roles.
     */
    String USER_ATTRIBUTE = "org.apache.felix.webconsole.user"; //$NON-NLS-1$


    /**
     * Authenticates the given request or asks the client for credentials.
     * 

     * Implementations of this method are expected to respect and implement
     * the semantics of the HttpContext.handleSecurity method
     * as specified in the OSGi HTTP Service specification.
     * 

     * If this method returns true it is assumed the request
     * provided valid credentials identifying the user as accepted to access
     * the web console. In addition, the {@link #USER_ATTRIBUTE} request
     * attribute must be set to a non-null object reference
     * identifying the authenticated user.
     * 

     * If this method returns false the request to the web console
     * is terminated without any more response sent back to the client. That is
     * the implementation is expected to have informed the client in case of
     * non-granted access.
     *
     * @param request The request object
     * @param response The response object
     * @return true If the request provided valid credentials.
     */
    public boolean authenticate( HttpServletRequest request, HttpServletResponse response );

}