• Home
• com.scireum
• sirius-web
• 5.3.4
• source code
• UserManager.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

sirius.web.security.UserManager Maven / Gradle / Ivy

/*
 * Made with all the love in the world
 * by scireum in Remshalden, Germany
 *
 * Copyright by scireum GmbH
 * http://www.scireum.de - [email protected]
 */

package sirius.web.security;

import sirius.web.http.WebContext;

import javax.annotation.Nonnull;
import javax.annotation.Nullable;

/**
 * Responsible for authentication and session management.
 * 

 * A user manager extracts the current user from a request (its session) or tries to find appropriate login data
 * in the request to authenticate the user.
 * 

 * Each scope (e.g. frontend, backend) has its own user manager, which is defined in the system configuration
 * (security.scopes.[scope-type].manager). This acutally references the name of the {@link UserManagerFactory}
 * used to create a user manager for the scope.
 */
public interface UserManager {

    /**
     * Tries to find the current user in the current session or by checking the request for valid credentials
     *
     * @param ctx the request to attach to
     * @return the user found in the session. If no user is available {@link UserInfo#NOBODY} can be used.
     */
    @Nonnull
    UserInfo bindToRequest(@Nonnull WebContext ctx);

    /**
     * Tries to find the current user in the current session. In contrast to {@link #bindToRequest(WebContext)} this
     * will not try to log a user in via credentials found in the request.
     *
     * @param ctx the request to attach to
     * @return the user found in the session. If no user is available {@link UserInfo#NOBODY} can be used.
     */
    @Nonnull
    UserInfo findUserForRequest(@Nonnull WebContext ctx);

    /**
     * Tries to find a user with the given username.
     *
     * @param ctx  the current HTTP request if one is present
     * @param user the login name of the user to find
     * @return the user with the given login name or null  if no user is found
     */
    @Nullable
    UserInfo findUserByName(@Nullable WebContext ctx, String user);

    /**
     * Tries to find a user with the given credentials.
     *
     * @param ctx      the current HTTP request if one is present
     * @param user     the login name of the user to find
     * @param password the password of the user to find
     * @return the user with the given credentials or null if no user is found
     */
    @Nullable
    UserInfo findUserByCredentials(@Nullable WebContext ctx, String user, String password);

    /**
     * Makes the currently authenticated user persistent by storing the required information in the session.
     *
     * @param user the user to store
     * @param ctx  the request containing the session
     */
    void attachToSession(@Nonnull UserInfo user, @Nonnull WebContext ctx);

    /**
     * Removes all stored data from the session
     * 

     * This can be considered a logout operation.
     *
     * @param user the user to logout
     * @param ctx  the request containing the session
     */
    void detachFromSession(@Nonnull UserInfo user, @Nonnull WebContext ctx);

    /**
     * Determines if a login via username and password is possible.
     *
     * @return true if a username and password can be used to log a user in.
     */
    boolean isLoginSupported();

    /**
     * Determines if the login can be stored longer than a usual session.
     *
     * @return true if a "keep me logged in" function is available, false otherwise.
     */
    boolean isKeepLoginSupported();
}