01: /*
02: * Copyright (c) 1998-2008 Caucho Technology -- all rights reserved
03: *
04: * This file is part of Resin(R) Open Source
05: *
06: * Each copy or derived work must preserve the copyright notice and this
07: * notice unmodified.
08: *
09: * Resin Open Source is free software; you can redistribute it and/or modify
10: * it under the terms of the GNU General Public License as published by
11: * the Free Software Foundation; either version 2 of the License, or
12: * (at your option) any later version.
13: *
14: * Resin Open Source is distributed in the hope that it will be useful,
15: * but WITHOUT ANY WARRANTY; without even the implied warranty of
16: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE, or any warranty
17: * of NON-INFRINGEMENT. See the GNU General Public License for more
18: * details.
19: *
20: * You should have received a copy of the GNU General Public License
21: * along with Resin Open Source; if not, write to the
22: * Free SoftwareFoundation, Inc.
23: * 59 Temple Place, Suite 330
24: * Boston, MA 02111-1307 USA
25: *
26: * @author Scott Ferguson
27: */
28:
29: package com.caucho.server.security;
30:
31: import javax.servlet.ServletContext;
32: import javax.servlet.ServletException;
33: import javax.servlet.http.HttpServletRequest;
34: import javax.servlet.http.HttpServletResponse;
35: import java.io.IOException;
36:
37: abstract public class AbstractConstraint {
38: /**
39: * Returns true if the constraint requires authentication.
40: */
41: public boolean needsAuthentication() {
42: return false;
43: }
44:
45: /**
46: * Returns true if any cache needs to be private.
47: */
48: public boolean isPrivateCache() {
49: return true;
50: }
51:
52: /**
53: * Returns true if the user is authorized for the resource.
54: *
55: * <p>isAuthorized must provide the response if the user is not
56: * authorized. Typically this will just call sendError.
57: *
58: * <p>isAuthorized will be called after all the other filters, but
59: * before the servlet.service().
60: *
61: * @param request the servlet request
62: * @param response the servlet response
63: *
64: * @return true if the request is authorized.
65: */
66: abstract public boolean isAuthorized(HttpServletRequest request,
67: HttpServletResponse response, ServletContext application)
68: throws ServletException, IOException;
69:
70: /**
71: * converts the sub constraints to an array.
72: */
73: protected AbstractConstraint[] toArray() {
74: return new AbstractConstraint[] { this };
75: }
76: }
|