1 package org.apache.archiva.security;
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
22 import javax.servlet.http.HttpServletRequest;
24 import org.codehaus.plexus.redback.authentication.AuthenticationException;
25 import org.codehaus.plexus.redback.authentication.AuthenticationResult;
26 import org.codehaus.plexus.redback.authorization.AuthorizationException;
27 import org.codehaus.plexus.redback.authorization.UnauthorizedException;
28 import org.codehaus.plexus.redback.policy.AccountLockedException;
29 import org.codehaus.plexus.redback.policy.MustChangePasswordException;
30 import org.codehaus.plexus.redback.system.SecuritySession;
35 public interface ServletAuthenticator
38 * Authentication check for users.
43 * @throws AuthenticationException
44 * @throws AccountLockedException
45 * @throws MustChangePasswordException
47 boolean isAuthenticated( HttpServletRequest request, AuthenticationResult result )
48 throws AuthenticationException, AccountLockedException, MustChangePasswordException;
51 * Authorization check for valid users.
54 * @param securitySession
56 * @param isWriteRequest
58 * @throws AuthorizationException
59 * @throws UnauthorizedException
61 boolean isAuthorized( HttpServletRequest request, SecuritySession securitySession, String repositoryId,
62 String permission ) throws AuthorizationException, UnauthorizedException;
65 * Authorization check specific for user guest, which doesn't go through
66 * HttpBasicAuthentication#getAuthenticationResult( HttpServletRequest request, HttpServletResponse response )
67 * since no credentials are attached to the request.
73 * @param isWriteRequest
75 * @throws UnauthorizedException
77 boolean isAuthorized( String principal, String repoId, String permission )
78 throws UnauthorizedException;