Module cloud.piranha.webapp.api
Package cloud.piranha.webapp.api

Interface SecurityManager

All Known Implementing Classes:
DefaultSecurityManager, JakartaSecurityManager
public interface SecurityManager
The SecurityManager API.
Author:
Manfred Riem ([email protected]), Arjan Tijms

  • Method Details

    • getDenyUncoveredHttpMethods

      boolean getDenyUncoveredHttpMethods()
      Get if we are denying uncovered HTTP methods.
      Returns:
      true if we are, false otherwise.

    • isRequestSecurityAsRequired

      default boolean isRequestSecurityAsRequired(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
      Check if the current request adheres to the user data constraint, if any.

      In practice this means checking if HTTPS is used when so required by the application.

      Parameters:
      request - the request.
      response - the response.
      Returns:
      true if request adheres to constraints, false otherwise
      Throws:
      IOException - when an I/O error occurs.
      ServletException - when a servlet error occurs.

    • isRequestedResourcePublic

      default boolean isRequestedResourcePublic(HttpServletRequest request)
      Check if the requested resource, represented by the request, is public or not.
      Parameters:
      request - the request.
      Returns:
      true if the requested resource can be accessed by public (unauthenticated) callers, otherwise false

    • isCallerAuthorizedForResource

      default boolean isCallerAuthorizedForResource(HttpServletRequest request)
      Check if the current caller (which can be the anonymous caller) is authorized to access the requested resource.

      If the unauthenticated caller is authorized, then this means the resource is public (aka unconstrained, aka unchecked), and the outcome of this method MUST be consistent with isRequestedResourcePublic(HttpServletRequest).

      Parameters:
      request - the request.
      Returns:
      true if the current caller is allowed to access the requested resource, false otherwise

    • authenticate

      boolean authenticate(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
      Authenticate the request.
      Parameters:
      request - the request.
      response - the response.
      Returns:
      true if authenticated.
      Throws:
      IOException - when an I/O error occurs.
      ServletException - when a servlet error occurs.

    • getAuthenticatedRequest

      default HttpServletRequest getAuthenticatedRequest(HttpServletRequest request, HttpServletResponse response)
      Gets the request object the security system wants to put in place.

      This method allows the security system (or authentication module being delegated to) a custom or, more likely, wrapped request.

      Parameters:
      request - the request.
      response - the response.
      Returns:
      a request object that the runtime should put into service

    • getAuthenticatedResponse

      default HttpServletResponse getAuthenticatedResponse(HttpServletRequest request, HttpServletResponse response)
      Gets the response object the security system wants to put in place.

      This method allows the security system (or authentication module being delegated to) a custom or, more likely, wrapped response.

      Parameters:
      request - the request.
      response - the response.
      Returns:
      a response object that the runtime should put into service

    • authenticate

      default boolean authenticate(HttpServletRequest request, HttpServletResponse response, SecurityManager.AuthenticateSource source) throws IOException, ServletException
      Authenticate the request.
      Parameters:
      request - the request.
      response - the response.
      source - the source or moment from where this authenticate method is called
      Returns:
      true if authenticated.
      Throws:
      IOException - when an I/O error occurs.
      ServletException - when a servlet error occurs.

    • postRequestProcess

      default void postRequestProcess(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
      Gives the security system the opportunity to process the response after the request (after the target resource has been invoked).

      Although this may be rare to used in practice, it allows for encryption of the response, inserting security tokens, signing the response, etc.

      Parameters:
      request - the request.
      response - the response.
      Throws:
      IOException - when an I/O error occurs.
      ServletException - when a servlet error occurs.

    • declareRoles

      void declareRoles(String[] roles)
      Declare roles.
      Parameters:
      roles - the roles.

    • declareRoles

      default void declareRoles(Collection<String> roles)
      Declare roles.
      Parameters:
      roles - the roles.

    • getRoles

      Set<String> getRoles()
      Get the declared roles
      Returns:
      the roles

    • getWebApplication

      WebApplication getWebApplication()
      Returns the web application.
      Returns:
      the web application

    • isUserInRole

      boolean isUserInRole(HttpServletRequest request, String role)
      Is the user in the specific role.
      Parameters:
      request - the request.
      role - the role.
      Returns:
      true if in the role, false otherwise.

    • login

      void login(HttpServletRequest request, String username, String password) throws ServletException
      Login.
      Parameters:
      request - the request.
      username - the username.
      password - the password.
      Throws:
      ServletException - when unable to login.

    • logout

      void logout(HttpServletRequest request, HttpServletResponse response) throws ServletException
      Logout.
      Parameters:
      request - the request.
      response - the response.
      Throws:
      ServletException - when a servlet error occurs.

    • setDenyUncoveredHttpMethods

      void setDenyUncoveredHttpMethods(boolean denyUncoveredHttpMethods)
      Set if we are denying uncovered HTTP methods.
      Parameters:
      denyUncoveredHttpMethods - the boolean value.

    • setWebApplication

      void setWebApplication(WebApplication webApplication)
      Set the web application.
      Parameters:
      webApplication - the web application.

    • setUsernamePasswordLoginHandler

      default void setUsernamePasswordLoginHandler(SecurityManager.UsernamePasswordLoginHandler usernamePasswordLoginHandler)
      Set the handler that may be used by the login method to contact an identity store.
      Parameters:
      usernamePasswordLoginHandler - the handler