• Home
• org.camunda.bpm
• camunda-engine-rest-core
• 7.16.0-alpha3
• source code
• AuthenticationProvider.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.camunda.bpm.engine.rest.security.auth.AuthenticationProvider Maven / Gradle / Ivy

/*
 * Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH
 * under one or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information regarding copyright
 * ownership. Camunda licenses this file to you under the Apache License,
 * Version 2.0; you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.camunda.bpm.engine.rest.security.auth;

import org.camunda.bpm.engine.IdentityService;
import org.camunda.bpm.engine.ProcessEngine;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * A provider to handle the authentication of {@link HttpServletRequest}s.
 * May implement a specific authentication scheme.
 *
 * @author Thorben Lindhauer
 */
public interface AuthenticationProvider {

  /**
   * Checks the request for authentication. May not return null, but always an
   * {@link AuthenticationResult} that indicates, whether authentication was
   * successful, and, if true, always provides the authenticated user.
   * 
   * The result can only be successful if a valid user id was provided in the
   * request. It is not required to provide the group or tenant id, as they will
   * be resolved via the {@link IdentityService} (e.g.
   * {@link ProcessEngineAuthenticationFilter#setAuthenticatedUser}).
   *
   * @param request
   *          the request to authenticate
   * @param engine
   *          the process engine the request addresses. May be used to
   *          authenticate against the engine's identity service.
   */
  AuthenticationResult extractAuthenticatedUser(HttpServletRequest request, ProcessEngine engine);

  /**
   * 

   * Callback to add an authentication challenge to the response to the client. Called in case of unsuccessful authentication.
   * 
   *
   * 

   * For example, a Http Basic auth implementation may set the WWW-Authenticate header to Basic realm="engine name".
   * 
   *
   * @param request the response to augment
   * @param engine the process engine the request addressed. May be considered as an authentication realm to create a specific authentication
   * challenge
   */
  void augmentResponseByAuthenticationChallenge(HttpServletResponse response, ProcessEngine engine);
}