net.officefloor.plugin.web.http.security

Interface HttpSecuritySource<S,C,D extends Enum<D>,F extends Enum<F>>

All Known Implementing Classes:

AbstractHttpSecuritySource, BasicHttpSecuritySource, DigestHttpSecuritySource, FormHttpSecuritySource, MockHttpSecuritySource

public interface HttpSecuritySource<S,C,D extends Enum<D>,F extends Enum<F>>

Source for obtaining HTTP security.

As security is specific to applications, both the security object and credentials are specified by the application.

Author:

Daniel Sagenschneider

Method Summary

Modifier and Type	Method and Description
void	authenticate(HttpAuthenticateContext<S,C,D> context) Undertakes authentication.
void	challenge(HttpChallengeContext<D,F> context) Triggers the authentication challenge to the client.
HttpSecuritySourceMetaData<S,C,D,F>	getMetaData() Obtains the meta-data to describe this.
HttpSecuritySourceSpecification	getSpecification() Obtains the specification for this.
void	init(HttpSecuritySourceContext context) Called only once after the HttpSecuritySource is instantiated.
void	logout(HttpLogoutContext<D> context) Logs out.
boolean	ratify(HttpRatifyContext<S,C> context) Ratifies whether enough information is available to undertake authentication.

Method Detail

getSpecification

HttpSecuritySourceSpecification getSpecification()

Obtains the specification for this.

This will be called before any other methods, therefore this method must be able to return the specification immediately after a default constructor instantiation.

Returns:

Specification of this.

init

void init(HttpSecuritySourceContext context)
   throws Exception

Called only once after the HttpSecuritySource is instantiated.

Parameters:

context - HttpSecuritySourceContext to use in initialising.

Throws:

Exception - Should the HttpSecuritySource fail to configure itself from the input properties.

getMetaData

HttpSecuritySourceMetaData<S,C,D,F> getMetaData()

Obtains the meta-data to describe this.

This is called after the init(HttpSecuritySourceContext) method and therefore may use the configuration.

This should always return non-null. If there is a problem due to incorrect configuration, the init(HttpSecuritySourceContext) should indicate this via an exception.

Returns:

Meta-data to describe this.

ratify

boolean ratify(HttpRatifyContext<S,C> context)

Ratifies whether enough information is available to undertake authentication.

As authentication will likely require communication with external services (LDAP store, database, etc), this method allows checking whether enough information is available to undertake the authentication. The purpose is to avoid the Job depending on HttpAuthentication and inherit the dependencies of authentication subsequently causing execution by the authentication Team - especially as the majority of HttpRequest servicing will have the HTTP security cached in the HttpSession and not require the authentication dependencies causing the swap in Team.

Parameters:

context - HttpRatifyContext.

Returns:

true should enough information be available to undertake authentication. false if not enough information is available for authentication.

authenticate

void authenticate(HttpAuthenticateContext<S,C,D> context)
           throws IOException

Undertakes authentication.

Parameters:

context - HttpAuthenticateContext.

Throws:

IOException - If failure in communicating to necessary security services.

challenge

void challenge(HttpChallengeContext<D,F> context)
        throws IOException

Triggers the authentication challenge to the client.

Parameters:

context - HttpChallengeContext.

Throws:

IOException - If failure in communicating to necessary security services.

logout

void logout(HttpLogoutContext<D> context)
     throws IOException

Logs out.

Parameters:

context - HttpLogoutContext.

Throws:

IOException - If failure in communicating to necessary security services.