001: /*
002:
003: This software is OSI Certified Open Source Software.
004: OSI Certified is a certification mark of the Open Source Initiative.
005:
006: The license (Mozilla version 1.0) can be read at the MMBase site.
007: See http://www.MMBase.org/license
008:
009: */
010: package org.mmbase.security;
011:
012: import org.mmbase.util.functions.*;
013: import org.mmbase.bridge.Node;
014:
015: /**
016: * This interface represents information about the authentication implemtentation.
017: *
018: * @author Michiel Meeuwissen
019: * @version $Id: AuthenticationData.java,v 1.9 2007/06/18 09:01:14 michiel Exp $
020: * @since MMBase-1.8
021: */
022: public interface AuthenticationData {
023:
024: static final int METHOD_UNSET = -1;
025:
026: // general methods
027: /**
028: * Requests an 'anonymous' cloud, with a user with no credentials. This can only be used if the
029: * security implementation provides the 'anonymous' authentication application.
030: */
031: static final int METHOD_ANONYMOUS = 0;
032:
033: /**
034: * Delegates authentication completely to the authentication implementation. When using http, request and response
035: * objects are added to the credentials (if the Parameters object returned by {@link
036: * #createParameters} can accept that) which can be used for user-interaction.
037: *
038: */
039: static final int METHOD_DELEGATE = 1;
040: /**
041: * Logon with given credentials (only Strings), and don't store this any where (except for the current 'page').
042: */
043: static final int METHOD_PAGELOGON = 2;
044:
045: // http methods
046: /**
047: * Use Http 'Basic' authentication. This only provides username / password and is not very safe,
048: * because http basic authentication sends those unencrypted.
049: */
050: static final int METHOD_HTTP = 100;
051: /**
052: * Use the authenticated user which is stored in the session, or if no such user can be found,
053: * try to supply 'anonymous'.
054: */
055: static final int METHOD_ASIS = 101;
056: /**
057: * Remove the authenticated user from the session, and otherwise invalidate the user if
058: * necessary (e.g. notify an authentication service).
059: */
060: static final int METHOD_LOGOUT = 102;
061: /**
062: * Use a dedicated 'login' jsp, to log in.
063: */
064: static final int METHOD_LOGINPAGE = 103;
065: /**
066: * Delegates authentication comletely to the authentication implementation {@link
067: * #METHOD_DELEGATE}, but stores the authenticated in the session then. A second request with
068: * this method will simply use the session.
069: */
070: static final int METHOD_SESSIONDELEGATE = 104;
071: /**
072: * Logon with given credentials (only Strings), and don't store this in the session.
073: */
074: static final int METHOD_SESSIONLOGON = 105;
075:
076: //static final int METHOD_GIVEN_OR_ANONYMOUS = 5;
077:
078: static final int METHOD_DEFAULT = Integer.MAX_VALUE;
079:
080: /**
081: * Resourcebundle containing all kind of i18n versions of parameter names and so on. Used in
082: * static block of {@link Authentication} (because no static blocks allowed in interface).
083: */
084: static final String STRINGS = "org.mmbase.security.resources.parameters";
085:
086: /**
087: * Common parameters for logon-info.
088: */
089: static final Parameter<String> PARAMETER_USERNAME = new Parameter<String>(
090: "username", String.class, true);
091: static final Parameter<String> PARAMETER_PASSWORD = new Parameter<String>(
092: "password", String.class, true);
093: static final Parameter PARAMETER_USERNAMES = new Parameter(
094: "usernames", java.util.List.class);
095: static final Parameter PARAMETER_RANK = new Parameter("rank",
096: Rank.class);
097: // static final Parameter PARAMETER_REMOTEADDR = new Parameter("remoteaddr", String.class);
098:
099: static final Parameter PARAMETER_SESSIONNAME = new Parameter(
100: "sessionname", String.class);
101:
102: // parameters used for logout
103: static final Parameter PARAMETER_LOGOUT = new Parameter("logout",
104: Boolean.class);
105: static final Parameter PARAMETER_AUTHENTICATE = new Parameter(
106: "authenticate", String.class);
107:
108: /**
109: * The method returns wether the UserContext has become invalid for some reason (change in security config?)
110: * @param userContext The UserContext of which we want to know the rights
111: * @return <code>true</code> when valid, otherwise <code>false</code>
112: * @exception SecurityException When something strange happened
113: */
114: boolean isValid(UserContext userContext) throws SecurityException;
115:
116: /**
117: * This method returns an MMBase node that corresponds with the given UserContext
118: * @since MMBase-1.9
119: */
120: Node getNode(UserContext userContext) throws SecurityException;
121:
122: /**
123: * This method returns the builder name of the nodes that will be returned by the
124: * {@link #getNode()} call.
125: * @since MMBase-1.9
126: */
127: String getUserBuilder();
128:
129: /**
130: * <p>Several 'methods' to authenticate could be available. A method is a kind of protocol which
131: * must be used to authenticate some body.</p>
132: * <p>Not all authentication methods may be applicable for all communication protocols (like
133: * http, https etc).</p>
134: *
135: * <p>This method converts a user-friendly string describing the 'method' to a integer constant which can be used in
136: * {@link #getTypes(int)}.</p>
137: *
138: * @param m A String like 'http', 'anonymous', 'loginpage', or 'delegatesession'.
139: * @return An integer contant. {@link #METHOD_DELEGATE}, {@link #METHOD_PAGELOGON},
140: * {@link #METHOD_HTTP}, {@link #METHOD_ASIS}, {@link #METHOD_LOGOUT}, {@link #METHOD_LOGINPAGE}
141: * {@link #METHOD_SESSIONDELEGATE}, {@link #METHOD_SESSIONLOGON}. This method was introduced
142: * before java 1.5 (where the return type would more obviously be a AuthenticionMethod
143: * enumeration).
144: * @see #getDefaultMethod
145: */
146: int getMethod(String m);
147:
148: /**
149: * The security implementation can override a default method. The default default method (as
150: * implemented in {@link org.mmbase.security.Authentication} for the 'http' protocol is HTTP
151: * (which means that basic authentication of the http protocol can be used), but may not be
152: * feasible for every implementation (it is e.g. useless if the security implementation does not have
153: * name/password authentication).
154: *
155: * @param protocol For which protocol or <code>null</code>, which means 'for HTTP/1.1'.
156: */
157: int getDefaultMethod(String protocol);
158:
159: /**
160: * <p>Gives all availabe authentication types. The first one can be used as the default. Typically,
161: * an implemention should at least support 'anonynmous' and 'class'.</p>
162: * <p>
163: * Since most of the time we are using HTTP any way, types for the method {@link #METHOD_HTTP}
164: * ('name/password' based) and method {@link #METHOD_LOGINPAGE} ({@link #createParameters} can
165: * request anything presentable in a HTML-form) are common too.</p>
166: */
167: String[] getTypes();
168:
169: /**
170: * <p>For a given method, returns the available 'applications'. The first one can be used as the
171: * default.</p>
172: *
173: * <p>Typically for the method {@link #METHOD_ANONYMOUS} at least 'anonymous' must be returned, and
174: * for {@link #METHOD_DELEGATE} at least 'class'. Everything else is optional, because
175: * are not generic.</p>
176: */
177: String[] getTypes(int method);
178:
179: /**
180: * For a given authentication type returns a parameters object to fill with credentials. {@link Parameters#toMap} can be used as the second argument
181: * for {@link org.mmbase.security.Authentication#login}
182: * Given a certain 'application' this will return a {@link org.mmbase.util.functions.Parameters}
183: * which tells you excactly which parameters you can and must supply to {@link #login}.
184: */
185: Parameters createParameters(String application);
186: }
|