All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.eclipse.jetty.security.Authenticator Maven / Gradle / Ivy

The newest version!
//
//  ========================================================================
//  Copyright (c) 1995-2018 Mort Bay Consulting Pty. Ltd.
//  ------------------------------------------------------------------------
//  All rights reserved. This program and the accompanying materials
//  are made available under the terms of the Eclipse Public License v1.0
//  and Apache License v2.0 which accompanies this distribution.
//
//      The Eclipse Public License is available at
//      http://www.eclipse.org/legal/epl-v10.html
//
//      The Apache License v2.0 is available at
//      http://www.opensource.org/licenses/apache2.0.php
//
//  You may elect to redistribute this code under either of these licenses.
//  ========================================================================
//

package org.eclipse.jetty.security;

import java.util.Set;

import javax.servlet.ServletContext;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import org.eclipse.jetty.server.Authentication;
import org.eclipse.jetty.server.Authentication.User;
import org.eclipse.jetty.server.Server;

/**
 * Authenticator Interface
 * 

* An Authenticator is responsible for checking requests and sending * response challenges in order to authenticate a request. * Various types of {@link Authentication} are returned in order to * signal the next step in authentication. * * @version $Rev: 4793 $ $Date: 2009-03-19 00:00:01 +0100 (Thu, 19 Mar 2009) $ */ public interface Authenticator { /* ------------------------------------------------------------ */ /** * Configure the Authenticator * * @param configuration the configuration */ void setConfiguration(AuthConfiguration configuration); /* ------------------------------------------------------------ */ /** * @return The name of the authentication method */ String getAuthMethod(); /* ------------------------------------------------------------ */ /** * Called prior to validateRequest. The authenticator can * manipulate the request to update it with information that * can be inspected prior to validateRequest being called. * The primary purpose of this method is to satisfy the Servlet * Spec 3.1 section 13.6.3 on handling Form authentication * where the http method of the original request causing authentication * is not the same as the http method resulting from the redirect * after authentication. * * @param request the request to manipulate */ void prepareRequest(ServletRequest request); /* ------------------------------------------------------------ */ /** * Validate a request * * @param request The request * @param response The response * @param mandatory True if authentication is mandatory. * @return An Authentication. If Authentication is successful, this will be a {@link org.eclipse.jetty.server.Authentication.User}. If a response has * been sent by the Authenticator (which can be done for both successful and unsuccessful authentications), then the result will * implement {@link org.eclipse.jetty.server.Authentication.ResponseSent}. If Authentication is not manditory, then a * {@link org.eclipse.jetty.server.Authentication.Deferred} may be returned. * * @throws ServerAuthException if unable to validate request */ Authentication validateRequest(ServletRequest request, ServletResponse response, boolean mandatory) throws ServerAuthException; /* ------------------------------------------------------------ */ /** * is response secure * * @param request the request * @param response the response * @param mandatory if security is mandator * @param validatedUser the user that was validated * @return true if response is secure * @throws ServerAuthException if unable to test response */ boolean secureResponse(ServletRequest request, ServletResponse response, boolean mandatory, User validatedUser) throws ServerAuthException; /* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */ /** * Authenticator Configuration */ interface AuthConfiguration { String getAuthMethod(); String getRealmName(); /** * Get a SecurityHandler init parameter * @see SecurityHandler#getInitParameter(String) * @param param parameter name * @return Parameter value or null */ String getInitParameter(String param); /* ------------------------------------------------------------ */ /** Get a SecurityHandler init parameter names * @see SecurityHandler#getInitParameterNames() * @return Set of parameter names */ Set getInitParameterNames(); LoginService getLoginService(); IdentityService getIdentityService(); boolean isSessionRenewedOnAuthentication(); } /* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */ /** * Authenticator Factory */ interface Factory { Authenticator getAuthenticator(Server server, ServletContext context, AuthConfiguration configuration, IdentityService identityService, LoginService loginService); } }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy