• Home
• org.ogema.ref-impl
• internal-api
• 2.2.1
• source code
• AdminWebAccessManager.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.ogema.webadmin.AdminWebAccessManager Maven / Gradle / Ivy

/**
 * Copyright 2011-2018 Fraunhofer-Gesellschaft zur Förderung der angewandten Wissenschaften e.V.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.ogema.webadmin;

import java.security.AccessControlException;

import javax.servlet.Servlet;
import javax.servlet.http.HttpServletRequest;

import org.ogema.core.security.WebAccessManager;

/**
 * This extension of {@link WebAccessManager} allows to register HTML pages
 * generated dynamically via a servlet. Http requests to the servlet need not
 * provide a one-time-password, contrary to servlets registered via
 * {@link WebAccessManager#registerWebResource(String, Servlet)}. 
 * 
 
 * Furthermore, there is a method to register static resources (similar to 
 * {@link #registerWebResource(String, String)}), which prevents the injection 
 * of one-time-passwords into HTML files. This is useful for instance for template HTML files.
 */
public interface AdminWebAccessManager extends WebAccessManager {

	/**
	 * Register a servlet that is treated like a static web resource, i.e.
	 * it can be accessed without a one-time-password. Furthermore,
	 * one-time-passwords can be generated for the page, which should then be injected into
	 * the HTML page and be included in all servlet requests sent from the page.
	 * 

	 * Note: all callers in the call stack need an import permission for the org.ogema.webadmin package
	 * @param alias
	 * @param name
	 * @return
	 * @throws AccessControlException 
	 */
	StaticRegistration registerStaticWebResource(String alias, Servlet name);
	
	/**
	 * Like {@link #registerWebResource(String, String)}, except that no one-time-password 
	 * will be injected into any HTML files associated with this registration. Unregister via
	 * {@link #unregisterWebResource(String)}.
	 * 

	 * Note: all callers in the call stack need an import permission for the org.ogema.webadmin package
	 * @param alias
	 * @param path
	 * @return
	 * @throws AccessControlException 
	 */
	String registerBasicResource(String alias, String path);
	
	interface StaticRegistration {
		
		String getPath();
		
		/**
		 * @param req
		 * @return
		 * 		a two-element array consisting of one-time-user and one-time-password;
		 * 		or null, if the web access manager has been shut down.
		 * @throws NullPointerException if req is null
		 * @throws IllegalStateException if resource has been unregistered
		 */
		String[] generateOneTimePwd(HttpServletRequest req);
		void unregister();
		
	}
	
}