1 // 2 // ======================================================================== 3 // Copyright (c) 1995-2015 Mort Bay Consulting Pty. Ltd. 4 // ------------------------------------------------------------------------ 5 // All rights reserved. This program and the accompanying materials 6 // are made available under the terms of the Eclipse Public License v1.0 7 // and Apache License v2.0 which accompanies this distribution. 8 // 9 // The Eclipse Public License is available at 10 // http://www.eclipse.org/legal/epl-v10.html 11 // 12 // The Apache License v2.0 is available at 13 // http://www.opensource.org/licenses/apache2.0.php 14 // 15 // You may elect to redistribute this code under either of these licenses. 16 // ======================================================================== 17 // 18 19 package org.eclipse.jetty.security; 20 21 import java.util.Set; 22 23 import javax.servlet.ServletContext; 24 import javax.servlet.ServletRequest; 25 import javax.servlet.ServletResponse; 26 27 import org.eclipse.jetty.server.Authentication; 28 import org.eclipse.jetty.server.Authentication.User; 29 import org.eclipse.jetty.server.Server; 30 31 /** 32 * Authenticator Interface 33 * <p> 34 * An Authenticator is responsible for checking requests and sending 35 * response challenges in order to authenticate a request. 36 * Various types of {@link Authentication} are returned in order to 37 * signal the next step in authentication. 38 * 39 * @version $Rev: 4793 $ $Date: 2009-03-19 00:00:01 +0100 (Thu, 19 Mar 2009) $ 40 */ 41 public interface Authenticator 42 { 43 /* ------------------------------------------------------------ */ 44 /** 45 * Configure the Authenticator 46 * @param configuration 47 */ 48 void setConfiguration(AuthConfiguration configuration); 49 50 /* ------------------------------------------------------------ */ 51 /** 52 * @return The name of the authentication method 53 */ 54 String getAuthMethod(); 55 56 57 /* ------------------------------------------------------------ */ 58 /** 59 * Called prior to validateRequest. The authenticator can 60 * manipulate the request to update it with information that 61 * can be inspected prior to validateRequest being called. 62 * The primary purpose of this method is to satisfy the Servlet 63 * Spec 3.1 section 13.6.3 on handling Form authentication 64 * where the http method of the original request causing authentication 65 * is not the same as the http method resulting from the redirect 66 * after authentication. 67 * @param request 68 */ 69 void prepareRequest(ServletRequest request); 70 71 72 /* ------------------------------------------------------------ */ 73 /** Validate a request 74 * @param request The request 75 * @param response The response 76 * @param mandatory True if authentication is mandatory. 77 * @return An Authentication. If Authentication is successful, this will be a {@link org.eclipse.jetty.server.Authentication.User}. If a response has 78 * been sent by the Authenticator (which can be done for both successful and unsuccessful authentications), then the result will 79 * implement {@link org.eclipse.jetty.server.Authentication.ResponseSent}. If Authentication is not manditory, then a 80 * {@link org.eclipse.jetty.server.Authentication.Deferred} may be returned. 81 * 82 * @throws ServerAuthException 83 */ 84 Authentication validateRequest(ServletRequest request, ServletResponse response, boolean mandatory) throws ServerAuthException; 85 86 /* ------------------------------------------------------------ */ 87 /** 88 * @param request 89 * @param response 90 * @param mandatory 91 * @param validatedUser 92 * @return true if response is secure 93 * @throws ServerAuthException 94 */ 95 boolean secureResponse(ServletRequest request, ServletResponse response, boolean mandatory, User validatedUser) throws ServerAuthException; 96 97 98 /* ------------------------------------------------------------ */ 99 /* ------------------------------------------------------------ */ 100 /* ------------------------------------------------------------ */ 101 /** 102 * Authenticator Configuration 103 */ 104 interface AuthConfiguration 105 { 106 String getAuthMethod(); 107 String getRealmName(); 108 109 /** Get a SecurityHandler init parameter 110 * @see SecurityHandler#getInitParameter(String) 111 * @param param parameter name 112 * @return Parameter value or null 113 */ 114 String getInitParameter(String param); 115 116 /* ------------------------------------------------------------ */ 117 /** Get a SecurityHandler init parameter names 118 * @see SecurityHandler#getInitParameterNames() 119 * @return Set of parameter names 120 */ 121 Set<String> getInitParameterNames(); 122 123 LoginService getLoginService(); 124 IdentityService getIdentityService(); 125 boolean isSessionRenewedOnAuthentication(); 126 } 127 128 /* ------------------------------------------------------------ */ 129 /* ------------------------------------------------------------ */ 130 /* ------------------------------------------------------------ */ 131 /** 132 * Authenticator Factory 133 */ 134 interface Factory 135 { 136 Authenticator getAuthenticator(Server server, ServletContext context, AuthConfiguration configuration, IdentityService identityService, LoginService loginService); 137 } 138 }