//
// ========================================================================
// Copyright (c) 1995-2017 Mort Bay Consulting Pty. Ltd.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
//
// The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html
//
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
//
// You may elect to redistribute this code under either of these licenses.
// ========================================================================
//
package org.eclipse.jetty.security;
import java.util.Set;
import javax.servlet.ServletContext;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.eclipse.jetty.server.Authentication;
import org.eclipse.jetty.server.Authentication.User;
import org.eclipse.jetty.server.Server;
/**
* Authenticator Interface
* <p>
* An Authenticator is responsible for checking requests and sending
* response challenges in order to authenticate a request.
* Various types of {@link Authentication} are returned in order to
* signal the next step in authentication.
*
* @version $Rev: 4793 $ $Date: 2009-03-19 00:00:01 +0100 (Thu, 19 Mar 2009) $
*/
public interface Authenticator
{
/* ------------------------------------------------------------ */
/**
* Configure the Authenticator
*
* @param configuration the configuration
*/
void setConfiguration(AuthConfiguration configuration);
/* ------------------------------------------------------------ */
/**
* @return The name of the authentication method
*/
String getAuthMethod();
/* ------------------------------------------------------------ */
/**
* Called prior to validateRequest. The authenticator can
* manipulate the request to update it with information that
* can be inspected prior to validateRequest being called.
* The primary purpose of this method is to satisfy the Servlet
* Spec 3.1 section 13.6.3 on handling Form authentication
* where the http method of the original request causing authentication
* is not the same as the http method resulting from the redirect
* after authentication.
*
* @param request the request to manipulate
*/
void prepareRequest(ServletRequest request);
/* ------------------------------------------------------------ */
/**
* Validate a request
*
* @param request The request
* @param response The response
* @param mandatory True if authentication is mandatory.
* @return An Authentication. If Authentication is successful, this will be a {@link org.eclipse.jetty.server.Authentication.User}. If a response has
* been sent by the Authenticator (which can be done for both successful and unsuccessful authentications), then the result will
* implement {@link org.eclipse.jetty.server.Authentication.ResponseSent}. If Authentication is not manditory, then a
* {@link org.eclipse.jetty.server.Authentication.Deferred} may be returned.
*
* @throws ServerAuthException if unable to validate request
*/
Authentication validateRequest(ServletRequest request, ServletResponse response, boolean mandatory) throws ServerAuthException;
/* ------------------------------------------------------------ */
/**
* is response secure
*
* @param request the request
* @param response the response
* @param mandatory if security is mandator
* @param validatedUser the user that was validated
* @return true if response is secure
* @throws ServerAuthException if unable to test response
*/
boolean secureResponse(ServletRequest request, ServletResponse response, boolean mandatory, User validatedUser) throws ServerAuthException;
/* ------------------------------------------------------------ */
/* ------------------------------------------------------------ */
/* ------------------------------------------------------------ */
/**
* Authenticator Configuration
*/
interface AuthConfiguration
{
String getAuthMethod();
String getRealmName();
/**
* Get a SecurityHandler init parameter
* @see SecurityHandler#getInitParameter(String)
* @param param parameter name
* @return Parameter value or null
*/
String getInitParameter(String param);
/* ------------------------------------------------------------ */
/** Get a SecurityHandler init parameter names
* @see SecurityHandler#getInitParameterNames()
* @return Set of parameter names
*/
Set<String> getInitParameterNames();
LoginService getLoginService();
IdentityService getIdentityService();
boolean isSessionRenewedOnAuthentication();
}
/* ------------------------------------------------------------ */
/* ------------------------------------------------------------ */
/* ------------------------------------------------------------ */
/**
* Authenticator Factory
*/
interface Factory
{
Authenticator getAuthenticator(Server server, ServletContext context, AuthConfiguration configuration, IdentityService identityService, LoginService loginService);
}
}