View Javadoc

1   // ========================================================================
2   // Copyright (c) 2008-2009 Mort Bay Consulting Pty. Ltd.
3   // ------------------------------------------------------------------------
4   // All rights reserved. This program and the accompanying materials
5   // are made available under the terms of the Eclipse Public License v1.0
6   // and Apache License v2.0 which accompanies this distribution.
7   // The Eclipse Public License is available at 
8   // http://www.eclipse.org/legal/epl-v10.html
9   // The Apache License v2.0 is available at
10  // http://www.opensource.org/licenses/apache2.0.php
11  // You may elect to redistribute this code under either of these licenses. 
12  // ========================================================================
13  
14  package org.eclipse.jetty.security;
15  
16  import java.util.Set;
17  
18  import javax.servlet.ServletContext;
19  import javax.servlet.ServletRequest;
20  import javax.servlet.ServletResponse;
21  
22  import org.eclipse.jetty.server.Authentication;
23  import org.eclipse.jetty.server.Server;
24  import org.eclipse.jetty.server.Authentication.User;
25  import org.eclipse.jetty.server.SessionManager;
26  
27  /**
28   * Authenticator Interface
29   * <p>
30   * An Authenticator is responsible for checking requests and sending
31   * response challenges in order to authenticate a request. 
32   * Various types of {@link Authentication} are returned in order to
33   * signal the next step in authentication.
34   * 
35   * @version $Rev: 4793 $ $Date: 2009-03-19 00:00:01 +0100 (Thu, 19 Mar 2009) $
36   */
37  public interface Authenticator
38  {
39      /* ------------------------------------------------------------ */
40      /**
41       * Configure the Authenticator
42       * @param configuration
43       */
44      void setConfiguration(AuthConfiguration configuration);
45      
46      /* ------------------------------------------------------------ */
47      /**
48       * @return The name of the authentication method
49       */
50      String getAuthMethod();
51      
52      /* ------------------------------------------------------------ */
53      /** Validate a response
54       * @param request The request
55       * @param response The response
56       * @param mandatory True if authentication is mandatory.
57       * @return An Authentication.  If Authentication is successful, this will be a {@link org.eclipse.jetty.server.Authentication.User}. If a response has 
58       * been sent by the Authenticator (which can be done for both successful and unsuccessful authentications), then the result will
59       * implement {@link org.eclipse.jetty.server.Authentication.ResponseSent}.  If Authentication is not manditory, then a 
60       * {@link org.eclipse.jetty.server.Authentication.Deferred} may be returned.
61       * 
62       * @throws ServerAuthException
63       */
64      Authentication validateRequest(ServletRequest request, ServletResponse response, boolean mandatory) throws ServerAuthException;
65      
66      /* ------------------------------------------------------------ */
67      /**
68       * @param request
69       * @param response
70       * @param mandatory
71       * @param validatedUser
72       * @return true if response is secure
73       * @throws ServerAuthException
74       */
75      boolean secureResponse(ServletRequest request, ServletResponse response, boolean mandatory, User validatedUser) throws ServerAuthException;
76      
77      
78      /* ------------------------------------------------------------ */
79      /* ------------------------------------------------------------ */
80      /* ------------------------------------------------------------ */
81      /** 
82       * Authenticator Configuration
83       */
84      interface AuthConfiguration
85      {
86          String getAuthMethod();
87          String getRealmName();
88          
89          /** Get a SecurityHandler init parameter
90           * @see SecurityHandler#getInitParameter(String)
91           * @param param parameter name
92           * @return Parameter value or null
93           */
94          String getInitParameter(String param);
95          
96          /* ------------------------------------------------------------ */
97          /** Get a SecurityHandler init parameter names
98           * @see SecurityHandler#getInitParameterNames()
99           * @return Set of parameter names
100          */
101         Set<String> getInitParameterNames();
102         
103         LoginService getLoginService();
104         IdentityService getIdentityService();
105         boolean isSessionRenewedOnAuthentication();
106     }
107 
108     /* ------------------------------------------------------------ */
109     /* ------------------------------------------------------------ */
110     /* ------------------------------------------------------------ */
111     /** 
112      * Authenticator Factory
113      */
114     interface Factory
115     {
116         Authenticator getAuthenticator(Server server, ServletContext context, AuthConfiguration configuration, IdentityService identityService, LoginService loginService);
117     }
118 }