View Javadoc

1   //
2   //  ========================================================================
3   //  Copyright (c) 1995-2013 Mort Bay Consulting Pty. Ltd.
4   //  ------------------------------------------------------------------------
5   //  All rights reserved. This program and the accompanying materials
6   //  are made available under the terms of the Eclipse Public License v1.0
7   //  and Apache License v2.0 which accompanies this distribution.
8   //
9   //      The Eclipse Public License is available at
10  //      http://www.eclipse.org/legal/epl-v10.html
11  //
12  //      The Apache License v2.0 is available at
13  //      http://www.opensource.org/licenses/apache2.0.php
14  //
15  //  You may elect to redistribute this code under either of these licenses.
16  //  ========================================================================
17  //
18  
19  package org.eclipse.jetty.security;
20  
21  import java.util.Set;
22  
23  import javax.servlet.ServletContext;
24  import javax.servlet.ServletRequest;
25  import javax.servlet.ServletResponse;
26  
27  import org.eclipse.jetty.server.Authentication;
28  import org.eclipse.jetty.server.Authentication.User;
29  import org.eclipse.jetty.server.Server;
30  
31  /**
32   * Authenticator Interface
33   * <p>
34   * An Authenticator is responsible for checking requests and sending
35   * response challenges in order to authenticate a request.
36   * Various types of {@link Authentication} are returned in order to
37   * signal the next step in authentication.
38   *
39   * @version $Rev: 4793 $ $Date: 2009-03-19 00:00:01 +0100 (Thu, 19 Mar 2009) $
40   */
41  public interface Authenticator
42  {
43      /* ------------------------------------------------------------ */
44      /**
45       * Configure the Authenticator
46       * @param configuration
47       */
48      void setConfiguration(AuthConfiguration configuration);
49  
50      /* ------------------------------------------------------------ */
51      /**
52       * @return The name of the authentication method
53       */
54      String getAuthMethod();
55  
56      /* ------------------------------------------------------------ */
57      /** Validate a response
58       * @param request The request
59       * @param response The response
60       * @param mandatory True if authentication is mandatory.
61       * @return An Authentication.  If Authentication is successful, this will be a {@link org.eclipse.jetty.server.Authentication.User}. If a response has
62       * been sent by the Authenticator (which can be done for both successful and unsuccessful authentications), then the result will
63       * implement {@link org.eclipse.jetty.server.Authentication.ResponseSent}.  If Authentication is not manditory, then a
64       * {@link org.eclipse.jetty.server.Authentication.Deferred} may be returned.
65       *
66       * @throws ServerAuthException
67       */
68      Authentication validateRequest(ServletRequest request, ServletResponse response, boolean mandatory) throws ServerAuthException;
69  
70      /* ------------------------------------------------------------ */
71      /**
72       * @param request
73       * @param response
74       * @param mandatory
75       * @param validatedUser
76       * @return true if response is secure
77       * @throws ServerAuthException
78       */
79      boolean secureResponse(ServletRequest request, ServletResponse response, boolean mandatory, User validatedUser) throws ServerAuthException;
80  
81  
82      /* ------------------------------------------------------------ */
83      /* ------------------------------------------------------------ */
84      /* ------------------------------------------------------------ */
85      /**
86       * Authenticator Configuration
87       */
88      interface AuthConfiguration
89      {
90          String getAuthMethod();
91          String getRealmName();
92  
93          /** Get a SecurityHandler init parameter
94           * @see SecurityHandler#getInitParameter(String)
95           * @param param parameter name
96           * @return Parameter value or null
97           */
98          String getInitParameter(String param);
99  
100         /* ------------------------------------------------------------ */
101         /** Get a SecurityHandler init parameter names
102          * @see SecurityHandler#getInitParameterNames()
103          * @return Set of parameter names
104          */
105         Set<String> getInitParameterNames();
106 
107         LoginService getLoginService();
108         IdentityService getIdentityService();
109         boolean isSessionRenewedOnAuthentication();
110     }
111 
112     /* ------------------------------------------------------------ */
113     /* ------------------------------------------------------------ */
114     /* ------------------------------------------------------------ */
115     /**
116      * Authenticator Factory
117      */
118     interface Factory
119     {
120         Authenticator getAuthenticator(Server server, ServletContext context, AuthConfiguration configuration, IdentityService identityService, LoginService loginService);
121     }
122 }