/**
* Licensed to Apereo under one or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information regarding copyright ownership. Apereo
* licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the License at the
* following location:
*
* <p>http://www.apache.org/licenses/LICENSE-2.0
*
* <p>Unless required by applicable law or agreed to in writing, software distributed under the
* License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apereo.portal.security;
import javax.portlet.PortletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.springframework.security.core.Authentication;
/**
* Manages workflow around use of the identity swapper features.
*
*/
public interface IdentitySwapperManager {
/**
* Check if the currentUser can impersonate the targetUsername, returns true if they can, false
* if not.
*/
boolean canImpersonateUser(IPerson currentUser, String targetUsername);
/**
* Check if the currentUser can impersonate the targetUsername, returns true if they can, false
* if not.
*/
boolean canImpersonateUser(String currentUserName, String targetUsername);
/**
* Setup the request so that a subsequent redirect to the login servlet will result in
* impersonation
*
* @throws RuntimeAuthorizationException if the current user cannot impersonate the target user
*/
void impersonateUser(PortletRequest portletRequest, IPerson currentUser, String targetUsername);
/**
* Setup the request so that a subsequent redirect to the login servlet will result in
* impersonation. This will login with the default profile.
*
* @throws RuntimeAuthorizationException if the current user cannot impersonate the target user
*/
void impersonateUser(
PortletRequest portletRequest, String currentUserName, String targetUsername);
/**
* Setup the request so that a subsequent redirect to the login servlet will result in an
* impersonation with a selected profile
*
* @param portletRequest The portlet request
* @param currentUserName The current username of the administrator
* @param targetUsername The target user name of the person being impersonated
* @param profile The profile of which you want to login under
*/
void impersonateUser(
PortletRequest portletRequest,
String currentUserName,
String targetUsername,
String profile);
/**
* During impersonation of targetUsername sets the original user to currentUserName for later
* retrieval by {@link #getOriginalUsername(HttpSession)}. If the original authentication will
* also be needed for later retrieval, use {@link #setOriginalUser(HttpSession, String, String,
* Authentication)} instead.
*
* @throws RuntimeAuthorizationException if the current user cannot impersonate the target user
*/
void setOriginalUser(HttpSession session, String currentUserName, String targetUsername);
/**
* During impersonation of targetUsername sets the original user to currentUserName for later retrieval by
* {@link #getOriginalUsername(HttpSession)} and the set the original authentication for later retrieval by
* {@link #getOriginalAuthentication(HttpSession).
*
* @throws RuntimeAuthorizationException if the current user cannot impersonate the target user
*/
void setOriginalUser(
HttpSession session,
String currentUserName,
String targetUsername,
Authentication originalAuth);
/**
* @return The original user if the current user is an impersonation, null if no impersonation
* is happening
*/
String getOriginalUsername(HttpSession session);
/** @return the authentication for the original user */
Authentication getOriginalAuthentication(HttpSession session);
/** @return The target of impersonation, null if there is no impersonation target */
String getTargetUsername(HttpSession session);
/**
* @return The requested profile as part of an impersonation, null if there is no profile (will
* use default)
*/
String getTargetProfile(HttpSession session);
/**
* @param request needed to provide a session for the user
* @return a true/false the user is actually another user impersonating as this user.
*/
boolean isImpersonating(HttpServletRequest request);
}