no.tornado.brap.auth.AuthorizationProvider Maven / Gradle / Ivy
package no.tornado.brap.auth;
import no.tornado.brap.common.InvocationRequest;
import no.tornado.brap.exception.AuthorizationFailedException;
/**
* Authorize the InvocationRequest by checking the principal in
* the current AuthenticationContext. Return true to allow the invocation.
*
* Check the principal with the static method AuthenticationContext#getPrincipal(),
* which returns the principal from a ThreadLocal.
*
* You configure which AuthorizationProvider to use by setting it on the
* ServiceWrapper.
*
* @see AuthenticationNotRequiredAuthorizer
* @see AuthenticationRequiredAuthorizer
* @see AuthenticationContext
* @see no.tornado.brap.auth.AnonymousPrincipal
* @see no.tornado.brap.common.UsernamePasswordPrincipal
* @see no.tornado.brap.servlet.ServiceWrapper
*/
public interface AuthorizationProvider {
/**
* The authorization call. Is made from the ProxyServlet
* after an incoming invocation request is authenticated, and before the
* method is invoked on the exposed service.
*
* If a successful auhtorization is made, true is returned.
*
* Normally the AuthenticationContext#getPrincipal() method is consulted
* to retrieve the principal, so that the principal and the invocationRequest
* can be matched.
*
* @param invocationRequest The deserialized InvocationRequest
* @return true if the credentials passed authentication
* @throws no.tornado.brap.exception.AuthorizationFailedException to signal insufficient credentials
*
* @see no.tornado.brap.auth.AuthenticationProvider
* @see no.tornado.brap.common.InvocationRequest
* @see AuthenticationNotRequiredAuthorizer
*/
void authorize(InvocationRequest invocationRequest) throws AuthorizationFailedException;
}