Module cloud.piranha.core.api
Package cloud.piranha.core.api

Interface SecurityManager

All Known Implementing Classes:
ServletSecurityManager, SlimSecurityManager
public interface SecurityManager
The SecurityManager API.
Author:
Manfred Riem ([email protected]), Arjan Tijms

  • Nested Class Summary

    Nested Classes
    Modifier and Type
    Interface
    Description
    static enum 
    SecurityManager.AuthenticateSource
    The enum that qualifies the source of the authentication.
    static interface 
    SecurityManager.UsernamePasswordLoginHandler
    Method that bypasses the authentication mechanism installed by the authentication manager and directly invokes an identity store.

  • Method Summary

    Modifier and Type
    Method
    Description
    boolean
    authenticate(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
    Authenticate the request.
    default boolean
    authenticate(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, SecurityManager.AuthenticateSource source)
    Authenticate the request.
    void
    declareRoles(String[] roles)
    Declare roles.
    default void
    declareRoles(Collection<String> roles)
    Declare roles.
    default jakarta.servlet.http.HttpServletRequest
    getAuthenticatedRequest(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
    Gets the request object the security system wants to put in place.
    default jakarta.servlet.http.HttpServletResponse
    getAuthenticatedResponse(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
    Gets the response object the security system wants to put in place.
    default String
    getAuthMethod()
    Get the auth method.
    default boolean
    getDenyUncoveredHttpMethods()
    Get if we are denying uncovered HTTP methods.
    default String
    getFormErrorPage()
    Get the form error page.
    default String
    getFormLoginPage()
    Get the form login page.
    default String
    getRealmName()
    Get the realm name.
    Set<String>
    getRoles()
    Get the declared roles
    WebApplication
    getWebApplication()
    Get the web application.
    default boolean
    isCallerAuthorizedForResource(jakarta.servlet.http.HttpServletRequest request)
    Check if the current caller (which can be the anonymous caller) is authorized to access the requested resource.
    default boolean
    isRequestedResourcePublic(jakarta.servlet.http.HttpServletRequest request)
    Check if the requested resource, represented by the request, is public or not.
    default boolean
    isRequestSecurityAsRequired(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
    Check if the current request adheres to the user data constraint, if any.
    boolean
    isUserInRole(jakarta.servlet.http.HttpServletRequest request, String role)
    Is the user in the specific role.
    void
    login(jakarta.servlet.http.HttpServletRequest request, String username, String password)
    Login.
    void
    logout(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
    Logout.
    default void
    postRequestProcess(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
    Gives the security system the opportunity to process the response after the request (after the target resource has been invoked).
    default void
    setAuthMethod(String authMethod)
    Set the auth method.
    default void
    setDenyUncoveredHttpMethods(boolean denyUncoveredHttpMethods)
    Set if we are denying uncovered HTTP methods.
    default void
    setFormErrorPage(String formErrorPage)
    Set the form error page.
    default void
    setFormLoginPage(String formLoginPage)
    Set the form login page.
    default void
    setRealmName(String realmName)
    Set the realm name.
    default void
    setUsernamePasswordLoginHandler(SecurityManager.UsernamePasswordLoginHandler usernamePasswordLoginHandler)
    Set the handler that may be used by the login method to contact an identity store.
    void
    setWebApplication(WebApplication webApplication)
    Set the web application.

  • Method Details

    • authenticate

      boolean authenticate(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws IOException, jakarta.servlet.ServletException
      Authenticate the request.
      Parameters:
      request - the request.
      response - the response.
      Returns:
      true if authenticated.
      Throws:
      IOException - when an I/O error occurs.
      jakarta.servlet.ServletException - when a servlet error occurs.

    • authenticate

      default boolean authenticate(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, SecurityManager.AuthenticateSource source) throws IOException, jakarta.servlet.ServletException
      Authenticate the request.
      Parameters:
      request - the request.
      response - the response.
      source - the source or moment from where this authenticate method is called
      Returns:
      true if authenticated.
      Throws:
      IOException - when an I/O error occurs.
      jakarta.servlet.ServletException - when a servlet error occurs.

    • declareRoles

      void declareRoles(String[] roles)
      Declare roles.
      Parameters:
      roles - the roles.

    • declareRoles

      default void declareRoles(Collection<String> roles)
      Declare roles.
      Parameters:
      roles - the roles.

    • getAuthMethod

      default String getAuthMethod()
      Get the auth method.
      Returns:
      the auth method.

    • getAuthenticatedRequest

      default jakarta.servlet.http.HttpServletRequest getAuthenticatedRequest(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Gets the request object the security system wants to put in place.

      This method allows the security system (or authentication module being delegated to) a custom or, more likely, wrapped request.

      Parameters:
      request - the request.
      response - the response.
      Returns:
      a request object that the runtime should put into service

    • getAuthenticatedResponse

      default jakarta.servlet.http.HttpServletResponse getAuthenticatedResponse(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Gets the response object the security system wants to put in place.

      This method allows the security system (or authentication module being delegated to) a custom or, more likely, wrapped response.

      Parameters:
      request - the request.
      response - the response.
      Returns:
      a response object that the runtime should put into service

    • getDenyUncoveredHttpMethods

      default boolean getDenyUncoveredHttpMethods()
      Get if we are denying uncovered HTTP methods.
      Returns:
      true if we are, false otherwise.

    • getFormErrorPage

      default String getFormErrorPage()
      Get the form error page.
      Returns:
      the form error page.

    • getFormLoginPage

      default String getFormLoginPage()
      Get the form login page.
      Returns:
      the form login page.

    • getRealmName

      default String getRealmName()
      Get the realm name.
      Returns:
      the realm name.

    • getRoles

      Set<String> getRoles()
      Get the declared roles
      Returns:
      the roles

    • isRequestSecurityAsRequired

      default boolean isRequestSecurityAsRequired(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws IOException, jakarta.servlet.ServletException
      Check if the current request adheres to the user data constraint, if any.

      In practice this means checking if HTTPS is used when so required by the application.

      Parameters:
      request - the request.
      response - the response.
      Returns:
      true if request adheres to constraints, false otherwise
      Throws:
      IOException - when an I/O error occurs.
      jakarta.servlet.ServletException - when a servlet error occurs.

    • isRequestedResourcePublic

      default boolean isRequestedResourcePublic(jakarta.servlet.http.HttpServletRequest request)
      Check if the requested resource, represented by the request, is public or not.
      Parameters:
      request - the request.
      Returns:
      true if the requested resource can be accessed by public (unauthenticated) callers, otherwise false

    • isCallerAuthorizedForResource

      default boolean isCallerAuthorizedForResource(jakarta.servlet.http.HttpServletRequest request)
      Check if the current caller (which can be the anonymous caller) is authorized to access the requested resource.

      If the unauthenticated caller is authorized, then this means the resource is public (aka unconstrained, aka unchecked), and the outcome of this method MUST be consistent with isRequestedResourcePublic(HttpServletRequest).

      Parameters:
      request - the request.
      Returns:
      true if the current caller is allowed to access the requested resource, false otherwise

    • postRequestProcess

      default void postRequestProcess(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws IOException, jakarta.servlet.ServletException
      Gives the security system the opportunity to process the response after the request (after the target resource has been invoked).

      Although this may be rare to used in practice, it allows for encryption of the response, inserting security tokens, signing the response, etc.

      Parameters:
      request - the request.
      response - the response.
      Throws:
      IOException - when an I/O error occurs.
      jakarta.servlet.ServletException - when a servlet error occurs.

    • getWebApplication

      WebApplication getWebApplication()
      Get the web application.
      Returns:
      the web application.

    • isUserInRole

      boolean isUserInRole(jakarta.servlet.http.HttpServletRequest request, String role)
      Is the user in the specific role.
      Parameters:
      request - the request.
      role - the role.
      Returns:
      true if in the role, false otherwise.

    • login

      void login(jakarta.servlet.http.HttpServletRequest request, String username, String password) throws jakarta.servlet.ServletException
      Login.
      Parameters:
      request - the request.
      username - the username.
      password - the password.
      Throws:
      jakarta.servlet.ServletException - when unable to login.

    • logout

      void logout(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws jakarta.servlet.ServletException
      Logout.
      Parameters:
      request - the request.
      response - the response.
      Throws:
      jakarta.servlet.ServletException - when a servlet error occurs.

    • setAuthMethod

      default void setAuthMethod(String authMethod)
      Set the auth method.
      Parameters:
      authMethod - the auth method.

    • setDenyUncoveredHttpMethods

      default void setDenyUncoveredHttpMethods(boolean denyUncoveredHttpMethods)
      Set if we are denying uncovered HTTP methods.
      Parameters:
      denyUncoveredHttpMethods - the boolean value.

    • setFormErrorPage

      default void setFormErrorPage(String formErrorPage)
      Set the form error page.
      Parameters:
      formErrorPage - the form error page.

    • setFormLoginPage

      default void setFormLoginPage(String formLoginPage)
      Set the form login page.
      Parameters:
      formLoginPage - the form login page.

    • setRealmName

      default void setRealmName(String realmName)
      Set the realm name.
      Parameters:
      realmName - the realm name.

    • setWebApplication

      void setWebApplication(WebApplication webApplication)
      Set the web application.
      Parameters:
      webApplication - the web application.

    • setUsernamePasswordLoginHandler

      default void setUsernamePasswordLoginHandler(SecurityManager.UsernamePasswordLoginHandler usernamePasswordLoginHandler)
      Set the handler that may be used by the login method to contact an identity store.
      Parameters:
      usernamePasswordLoginHandler - the handler