Package org.apache.felix.webconsole.spi
Interface SecurityProvider
-
@ConsumerType @Deprecated(since="2021-04-30") public interface SecurityProvider
Deprecated.The Apache Felix Webconsole is not supported in Cloud environments.TheSecurityProvider
is a service interface allowing to use an external system to authenticate users before granting access to the Web Console.Support for Jakarta servlets requires that the Jakarta Servlet API and the Apache Felix Http Wrappers are available in the runtime.
- Since:
- 1.2.0
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
PROPERTY_ID
Deprecated.Security providers can be registered with an optional id which can be used in the configuration of the webconsole to require this provider to be available.
-
Method Summary
All Methods Instance Methods Abstract Methods Deprecated Methods Modifier and Type Method Description java.lang.Object
authenticate(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
Deprecated.Authenticates the given request or asks the client for credentials.boolean
authorize(java.lang.Object user, java.lang.String role)
Deprecated.Checks whether the authenticated user has the given role permission.void
logout(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
Deprecated.This method will be called by the web console when the user clicks the logout button.
-
-
-
Field Detail
-
PROPERTY_ID
static final java.lang.String PROPERTY_ID
Deprecated.Security providers can be registered with an optional id which can be used in the configuration of the webconsole to require this provider to be available.- Since:
- 1.3.0
- See Also:
- Constant Field Values
-
-
Method Detail
-
authorize
boolean authorize(java.lang.Object user, java.lang.String role)
Deprecated.Checks whether the authenticated user has the given role permission.- Parameters:
user
- The object referring to the authenticated user. This is the object returned from theauthenticate(HttpServletRequest, HttpServletResponse)
method and will never benull
.role
- The requested role- Returns:
true
if the user is given permission for the given role.
-
authenticate
java.lang.Object authenticate(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
Deprecated.Authenticates the given request or asks the client for credentials.Implementations of this method are expected to respect and implement the semantics of the
ServletContextHelper.handleSecurity
method as specified in the OSGi HTTP Service specification.If this method returns an object (non null) it is assumed the request provided valid credentials identifying the user as accepted to access the web console.
If this method returns
null
the request to the web console is terminated without any more response sent back to the client. That is the implementation is expected to have informed the client in case of non-granted access.- Parameters:
request
- The request objectresponse
- The response object- Returns:
- An object representing the user if the request provided valid credentials.
Otherwise return
null
.
-
logout
void logout(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
Deprecated.This method will be called by the web console when the user clicks the logout button. The security provider shouldn't invalidate the session, it will be invalidated after this method exits. However the security provider must delete any cookies or objects, that matters during the authorization process.- Parameters:
request
- the requestresponse
- the response
-
-