• Home
• org.neo4j.app
• neo4j-server
• 3.1.0-M03
• source code
• SecurityRule.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.neo4j.server.rest.security.SecurityRule Maven / Gradle / Ivy

/*
 * Copyright (c) 2002-2016 "Neo Technology,"
 * Network Engine for Objects in Lund AB [http://neotechnology.com]
 *
 * This file is part of Neo4j.
 *
 * Neo4j is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see .
 */
package org.neo4j.server.rest.security;

import javax.servlet.http.HttpServletRequest;

public interface SecurityRule
{
    /**
     * @param request The HTTP request currently under consideration.
     * @return true if the rule passes, false if the
     *         rule fails and the request is to be rejected with a "401 Unauthorized".
     */
    boolean isAuthorized(HttpServletRequest request);

    /**
     * @return the root of the URI path from which rules will be valid, e.g.
     *         /db/data will apply this rule to everything below
     *         the path /db/data It is possible to use * as a
     *         wildcard character in return values, e.g.
     *         /myExtension* will extend security coverage to
     *         everything under the /myExtension path. Similarly
     *         more complex path behavior can be specified with more wildcards,
     *         e.g.: /myExtension*myApplication*specialResources.
     *         Note that the wildcard represents any character (including the
     *         '/' character), meaning /myExtension/* is not the
     *         same as /myExtension* and implementers should take
     *         care to ensure their implementations are tested accordingly.
     *         

     *         Final note: the only wildcard supported is '*' and there is no
     *         support for regular expression syntax.
     */
    String forUriPath();

    /**
     * @return the opaque string representing the WWW-Authenticate header to
     *         which the rule applies. Will be used to formulate a
     *         401 response code if the rule denies a request.
     */
    String wwwAuthenticateHeader();
}