Package org.apache.felix.webconsole.spi

Interface SecurityProvider

@ConsumerType
@Deprecated(since="2021-04-30")
public interface SecurityProvider

Deprecated.

The Apache Felix Webconsole is not supported in Cloud environments.

The SecurityProvider is a service interface allowing to use an external system to authenticate users before granting access to the Web Console.

Support for Jakarta servlets requires that the Jakarta Servlet API and the Apache Felix Http Wrappers are available in the runtime.

Since:

1.2.0

Field Summary

Fields

Modifier and Type	Field	Description
static java.lang.String	PROPERTY_ID	Deprecated. Security providers can be registered with an optional id which can be used in the configuration of the webconsole to require this provider to be available.

Method Summary

Modifier and Type	Method	Description
java.lang.Object	authenticate(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)	Deprecated. Authenticates the given request or asks the client for credentials.
boolean	authorize(java.lang.Object user, java.lang.String role)	Deprecated. Checks whether the authenticated user has the given role permission.
void	logout(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)	Deprecated. This method will be called by the web console when the user clicks the logout button.

Field Detail

PROPERTY_ID

static final java.lang.String PROPERTY_ID

Deprecated.

Security providers can be registered with an optional id which can be used in the configuration of the webconsole to require this provider to be available.

Since:

1.3.0

See Also:

Constant Field Values

Method Detail

authorize

boolean authorize(java.lang.Object user,
                  java.lang.String role)

Deprecated.

Checks whether the authenticated user has the given role permission.

Parameters:

user - The object referring to the authenticated user. This is the object returned from the authenticate(HttpServletRequest, HttpServletResponse) method and will never be null.

role - The requested role

Returns:

true if the user is given permission for the given role.

authenticate

java.lang.Object authenticate(jakarta.servlet.http.HttpServletRequest request,
                              jakarta.servlet.http.HttpServletResponse response)

Deprecated.

Authenticates the given request or asks the client for credentials.

Implementations of this method are expected to respect and implement the semantics of the ServletContextHelper.handleSecurity method as specified in the OSGi HTTP Service specification.

If this method returns an object (non null) it is assumed the request provided valid credentials identifying the user as accepted to access the web console.

If this method returns null the request to the web console is terminated without any more response sent back to the client. That is the implementation is expected to have informed the client in case of non-granted access.

Parameters:

request - The request object

response - The response object

Returns:

An object representing the user if the request provided valid credentials. Otherwise return null.

logout

void logout(jakarta.servlet.http.HttpServletRequest request,
            jakarta.servlet.http.HttpServletResponse response)

Deprecated.

This method will be called by the web console when the user clicks the logout button. The security provider shouldn't invalidate the session, it will be invalidated after this method exits. However the security provider must delete any cookies or objects, that matters during the authorization process.

Parameters:

request - the request

response - the response