OntopolyAccessStrategy.java

/*
 * #!
 * Ontopoly Editor
 * #-
 * Copyright (C) 2001 - 2013 The Ontopia Project
 * #-
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *      http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 * !#
 */
package ontopoly;

import java.io.Serializable;

import javax.servlet.http.HttpServletRequest;

import ontopoly.model.FieldInstance;
import ontopoly.model.Topic;

/**
 * Default access strategy implementation used by OntopolyApplication.
 * Subclasses can extend this functionality to enable authentication and/or
 * authorization for their ontopoly instance. To activate your own
 * implementation, create an extension of {@link OntopolyApplication} and
 * override the {@link OntopolyApplication#newAccessStrategy()} method.
 *
 * @see <a href="https://github.com/ontopia/ontopia/wiki/OntopolyHowTo">
 *      Ontopia github - Ontopoly tips</a>
 * @see OntopolyApplication
 * @see OntopolyApplication#newAccessStrategy()
 */
public abstract class OntopolyAccessStrategy implements Serializable {

  /**
   * The set of Privileges that a user can have.
   */
  public enum Privilege { EDIT, READ_ONLY, NONE };

  /**
   * Indicates if this strategy is enabled. An enabled strategy will cause the
   * login page to be used. The default implementation always returns true.
   * @return True if the strategy is enabled, false if disabled.
   */
  public boolean isEnabled() {
    return true;
  }

  /**
   * Automatically authenticates a user based on a request made. Subclasses can
   * implement a remember-me functionality by using this method, for example by
   * checking the presence of a cookie. Default implementation always returns
   * null.
   * @param request The request made that requires automatic authentication
   * checks
   * @return A User object when the automated authentication has succeeded, or
   * null.
   */
  public User autoAuthenticate(HttpServletRequest request) {
    return null;
  }

  /**
   * Attempts to authenticate a user with given name and password. Subclasses
   * should override this method to include their user verification. The default
   * implementation makes a new user with username as name, and ignores the
   * provided password. Note that subclasses should not throw exceptions when
   * authentication fails, but instead return null.
   * @param username The username to authenticate
   * @param password The password in plain text used by the user attempting to
   * login
   * @return A User object when authentication succeeded, or null
   */
  public User authenticate(String username, String password) {
    return new User(username, false);
  }

  /**
   * Resolves the privilege of a user for the provided topic. In this context,
   * the privileges mean:
   * <ul><li>Privilege.EDIT: The user is allowed to change this topic</li>
   * <li>Privilege.READ_ONLY: The user is allowed to view this topic, but not
   * to change it.</li>
   * <li>Privilege.NONE: The user is not allowed to view or change this topic.
   * </li></ul>
   * @param user The user to retrieve the privilege for
   * @param topic The topic the user is trying to access
   * @return The privilege of the user regarding the provided topic. Must not
   * be null.
   */
  public Privilege getPrivilege(User user, Topic topic) {
    return Privilege.EDIT;
  }

  /**
   * Resolves the privilege of a user for the provided field. In this context,
   * the privileges mean:
   * <ul><li>Privilege.EDIT: The user is allowed to change this field</li>
   * <li>Privilege.READ_ONLY: The user is allowed to view this field, but not
   * to change it.</li>
   * <li>Privilege.NONE: The user is not allowed to view or change this field.
   * </li></ul>
   * The field privilege has precedence over the topic privilege provided by
   * {@link #getPrivilege(User, Topic)}.
   * @param user The user to retrieve the privilege for
   * @param fieldInstance The fieldinstance the user is trying to access
   * @return The privilege of the user regarding the provided fieldinstance.
   * Must not be null.
   */
  public Privilege getPrivilege(User user, FieldInstance fieldInstance) {
    return Privilege.EDIT;
  }

  /**
   * Returns the message displayed on the login page.
   * @return The message displayed on the login page
   */
  public String getSignInMessage() {
    return "Please sign in.";
  }
}