| Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||||
| Authentication |
|
| 1.0;1 |
| 1 | /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited |
|
| 2 | * |
|
| 3 | * Licensed under the Apache License, Version 2.0 (the "License"); |
|
| 4 | * you may not use this file except in compliance with the License. |
|
| 5 | * You may obtain a copy of the License at |
|
| 6 | * |
|
| 7 | * http://www.apache.org/licenses/LICENSE-2.0 |
|
| 8 | * |
|
| 9 | * Unless required by applicable law or agreed to in writing, software |
|
| 10 | * distributed under the License is distributed on an "AS IS" BASIS, |
|
| 11 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
| 12 | * See the License for the specific language governing permissions and |
|
| 13 | * limitations under the License. |
|
| 14 | */ |
|
| 15 | ||
| 16 | package org.acegisecurity; |
|
| 17 | ||
| 18 | import java.io.Serializable; |
|
| 19 | ||
| 20 | import java.security.Principal; |
|
| 21 | ||
| 22 | ||
| 23 | /** |
|
| 24 | * Represents an authentication request. |
|
| 25 | * |
|
| 26 | * <p> |
|
| 27 | * An <code>Authentication</code> object is not considered authenticated until |
|
| 28 | * it is processed by an {@link AuthenticationManager}. |
|
| 29 | * </p> |
|
| 30 | * |
|
| 31 | * <p> |
|
| 32 | * Stored in a request {@link org.acegisecurity.context.SecurityContext}. |
|
| 33 | * </p> |
|
| 34 | * |
|
| 35 | * @author Ben Alex |
|
| 36 | * @version $Id: Authentication.java 1784 2007-02-24 21:00:24Z luke_t $ |
|
| 37 | */ |
|
| 38 | public interface Authentication extends Principal, Serializable { |
|
| 39 | //~ Methods ======================================================================================================== |
|
| 40 | ||
| 41 | /** |
|
| 42 | * Set by an <code>AuthenticationManager</code> to indicate the authorities that the principal has been |
|
| 43 | * granted. Note that classes should not rely on this value as being valid unless it has been set by a trusted |
|
| 44 | * <code>AuthenticationManager</code>.<p>Implementations should ensure that modifications to the returned |
|
| 45 | * array do not affect the state of the Authentication object (e.g. by returning an array copy).</p> |
|
| 46 | * |
|
| 47 | * @return the authorities granted to the principal, or <code>null</code> if authentication has not been completed |
|
| 48 | */ |
|
| 49 | GrantedAuthority[] getAuthorities(); |
|
| 50 | ||
| 51 | /** |
|
| 52 | * The credentials that prove the principal is correct. This is usually a password, but could be anything |
|
| 53 | * relevant to the <code>AuthenticationManager</code>. Callers are expected to populate the credentials. |
|
| 54 | * |
|
| 55 | * @return the credentials that prove the identity of the <code>Principal</code> |
|
| 56 | */ |
|
| 57 | Object getCredentials(); |
|
| 58 | ||
| 59 | /** |
|
| 60 | * Stores additional details about the authentication request. These might be an IP address, certificate |
|
| 61 | * serial number etc. |
|
| 62 | * |
|
| 63 | * @return additional details about the authentication request, or <code>null</code> if not used |
|
| 64 | */ |
|
| 65 | Object getDetails(); |
|
| 66 | ||
| 67 | /** |
|
| 68 | * The identity of the principal being authenticated. This is usually a username. Callers are expected to |
|
| 69 | * populate the principal. |
|
| 70 | * |
|
| 71 | * @return the <code>Principal</code> being authenticated |
|
| 72 | */ |
|
| 73 | Object getPrincipal(); |
|
| 74 | ||
| 75 | /** |
|
| 76 | * Used to indicate to <code>AbstractSecurityInterceptor</code> whether it should present the |
|
| 77 | * authentication token to the <code>AuthenticationManager</code>. Typically an <code>AuthenticationManager</code> |
|
| 78 | * (or, more often, one of its <code>AuthenticationProvider</code>s) will return an immutable authentication token |
|
| 79 | * after successful authentication, in which case that token can safely return <code>true</code> to this method. |
|
| 80 | * Returning <code>true</code> will improve performance, as calling the <code>AuthenticationManager</code> for |
|
| 81 | * every request will no longer be necessary.<p>For security reasons, implementations of this interface |
|
| 82 | * should be very careful about returning <code>true</code> to this method unless they are either immutable, or |
|
| 83 | * have some way of ensuring the properties have not been changed since original creation.</p> |
|
| 84 | * |
|
| 85 | * @return true if the token has been authenticated and the <code>AbstractSecurityInterceptor</code> does not need |
|
| 86 | * to represent the token for re-authentication to the <code>AuthenticationManager</code> |
|
| 87 | */ |
|
| 88 | boolean isAuthenticated(); |
|
| 89 | ||
| 90 | /** |
|
| 91 | * See {@link #isAuthenticated()} for a full description.<p>Implementations should <b>always</b> allow this |
|
| 92 | * method to be called with a <code>false</code> parameter, as this is used by various classes to specify the |
|
| 93 | * authentication token should not be trusted. If an implementation wishes to reject an invocation with a |
|
| 94 | * <code>true</code> parameter (which would indicate the authentication token is trusted - a potential security |
|
| 95 | * risk) the implementation should throw an {@link IllegalArgumentException}.</p> |
|
| 96 | * |
|
| 97 | * @param isAuthenticated <code>true</code> if the token should be trusted (which may result in an exception) or |
|
| 98 | * <code>false</code> if the token should not be trusted |
|
| 99 | * |
|
| 100 | * @throws IllegalArgumentException if an attempt to make the authentication token trusted (by passing |
|
| 101 | * <code>true</code> as the argument) is rejected due to the implementation being immutable or |
|
| 102 | * implementing its own alternative approach to {@link #isAuthenticated()} |
|
| 103 | */ |
|
| 104 | void setAuthenticated(boolean isAuthenticated) |
|
| 105 | throws IllegalArgumentException; |
|
| 106 | } |