Application.java

/*******************************************************************************
 * Copyright (c) 2012 IBM Corporation.
 *
 *  All rights reserved. This program and the accompanying materials
 *  are made available under the terms of the Eclipse Public License v1.0
 *  and Eclipse Distribution License v. 1.0 which accompanies this distribution.
 *  
 *  The Eclipse Public License is available at http://www.eclipse.org/legal/epl-v10.html
 *  and the Eclipse Distribution License is available at
 *  http://www.eclipse.org/org/documents/edl-v10.php.
 *  
 *  Contributors:
 *  
 *     IBM Corporation - initial API and implementation
 *******************************************************************************/
package org.eclipse.lyo.server.oauth.core;

import javax.servlet.http.HttpServletRequest;

/**
 * Handles authentication with the backend system.
 * 
 * @author Samuel Padgett <spadgett@us.ibm.com>
 * @see OAuthConfiguration#setApplication(Authentication)
 */
public interface Application {
	/**
	 * Gets the name of the application to show in the login dialog.
	 * 
	 * @return the application name
	 */
	public String getName();

	/**
	 * Authenticates with the application. On errors, throws an
	 * {@link AuthenticationException}.
	 * 
	 * @param request
	 *            the servlet request
	 * @param id
	 *            the user's ID
	 * @param password
	 *            the user's password
	 * @throws AuthenticationException
	 *             if authentication fails
	 */
	public void login(HttpServletRequest request, String id, String password)
			throws AuthenticationException;

	/**
	 * Determines if the user is already authenticated with the application. If
	 * so, the OAuth provider can show a different authorization dialog that
	 * doesn't require a login.
	 * 
	 * @param request
	 *            the servlet request
	 * @return if the user is already logged in for this session
	 */
	public boolean isAuthenticated(HttpServletRequest request);
	
	/**
	 * Determines if the current session is an admin session. If so, the user
	 * will be able to approve, edit, and delete OAuth consumers.
	 * 
	 * @param request
	 *            the HTTP request
	 * @return if this is an admin session
	 */
	public boolean isAdminSession(HttpServletRequest request);

	/**
	 * Gets the realm to be included in OAuth problem responses.
	 * 
	 * @param request
	 *            the HTTP request
	 * @return the realm
	 */
	public String getRealm(HttpServletRequest request);
}