1 // ======================================================================== 2 // Copyright (c) 2008-2009 Mort Bay Consulting Pty. Ltd. 3 // ------------------------------------------------------------------------ 4 // All rights reserved. This program and the accompanying materials 5 // are made available under the terms of the Eclipse Public License v1.0 6 // and Apache License v2.0 which accompanies this distribution. 7 // The Eclipse Public License is available at 8 // http://www.eclipse.org/legal/epl-v10.html 9 // The Apache License v2.0 is available at 10 // http://www.opensource.org/licenses/apache2.0.php 11 // You may elect to redistribute this code under either of these licenses. 12 // ======================================================================== 13 14 package org.eclipse.jetty.security; 15 16 import java.util.Set; 17 18 import javax.servlet.ServletContext; 19 import javax.servlet.ServletRequest; 20 import javax.servlet.ServletResponse; 21 22 import org.eclipse.jetty.server.Authentication; 23 import org.eclipse.jetty.server.Server; 24 import org.eclipse.jetty.server.Authentication.User; 25 26 /** 27 * Authenticator Interface 28 * <p> 29 * An Authenticator is responsible for checking requests and sending 30 * response challenges in order to authenticate a request. 31 * Various types of {@link Authentication} are returned in order to 32 * signal the next step in authentication. 33 * 34 * @version $Rev: 4793 $ $Date: 2009-03-19 00:00:01 +0100 (Thu, 19 Mar 2009) $ 35 */ 36 public interface Authenticator 37 { 38 /* ------------------------------------------------------------ */ 39 /** 40 * Configure the Authenticator 41 * @param configuration 42 */ 43 void setConfiguration(Configuration configuration); 44 45 /* ------------------------------------------------------------ */ 46 /** 47 * @return The name of the authentication method 48 */ 49 String getAuthMethod(); 50 51 /* ------------------------------------------------------------ */ 52 /** Validate a response 53 * @param request The request 54 * @param response The response 55 * @param mandatory True if authentication is mandatory. 56 * @return An Authentication. If Authentication is successful, this will be a {@link Authentication.User}. If a response has 57 * been sent by the Authenticator (which can be done for both successful and unsuccessful authentications), then the result will 58 * implement {@link Authentication.ResponseSent}. If Authentication is not manditory, then a {@link Authentication.Deferred} 59 * may be returned. 60 * 61 * @throws ServerAuthException 62 */ 63 Authentication validateRequest(ServletRequest request, ServletResponse response, boolean mandatory) throws ServerAuthException; 64 65 66 /* ------------------------------------------------------------ */ 67 /** 68 * @param request 69 * @param response 70 * @param mandatory 71 * @param validatedUser 72 * @return 73 * @throws ServerAuthException 74 */ 75 boolean secureResponse(ServletRequest request, ServletResponse response, boolean mandatory, User validatedUser) throws ServerAuthException; 76 77 78 /* ------------------------------------------------------------ */ 79 /* ------------------------------------------------------------ */ 80 /* ------------------------------------------------------------ */ 81 /** 82 * Authenticator Configuration 83 */ 84 interface Configuration 85 { 86 String getAuthMethod(); 87 String getRealmName(); 88 boolean isLazy(); 89 String getInitParameter(String key); 90 Set<String> getInitParameterNames(); 91 LoginService getLoginService(); 92 IdentityService getIdentityService(); 93 } 94 95 /* ------------------------------------------------------------ */ 96 /* ------------------------------------------------------------ */ 97 /* ------------------------------------------------------------ */ 98 /** 99 * Authenticator Facotory 100 */ 101 interface Factory 102 { 103 Authenticator getAuthenticator(Server server, ServletContext context, Configuration configuration, IdentityService identityService, LoginService loginService); 104 } 105 }