01: /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
02: *
03: * Licensed under the Apache License, Version 2.0 (the "License");
04: * you may not use this file except in compliance with the License.
05: * You may obtain a copy of the License at
06: *
07: * http://www.apache.org/licenses/LICENSE-2.0
08: *
09: * Unless required by applicable law or agreed to in writing, software
10: * distributed under the License is distributed on an "AS IS" BASIS,
11: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12: * See the License for the specific language governing permissions and
13: * limitations under the License.
14: */
15:
16: package org.acegisecurity.concurrent;
17:
18: import org.acegisecurity.Authentication;
19: import org.acegisecurity.AuthenticationException;
20:
21: /**
22: * Provides two methods that can be called by an {@link
23: * org.acegisecurity.AuthenticationManager} to integrate with the
24: * concurrent session handling infrastructure.
25: *
26: * @author Ben Alex
27: * @version $Id: ConcurrentSessionController.java 1784 2007-02-24 21:00:24Z luke_t $
28: */
29: public interface ConcurrentSessionController {
30: //~ Methods ========================================================================================================
31:
32: /**
33: * Called by any class that wishes to know whether the current authentication request should be permitted.
34: * Generally callers will be <code>AuthenticationManager</code>s before they authenticate, but could equally
35: * include <code>Filter</code>s or other interceptors that wish to confirm the ongoing validity of a previously
36: * authenticated <code>Authentication</code>.<p>The implementation should throw a suitable exception if the
37: * user has exceeded their maximum allowed concurrent sessions.</p>
38: *
39: * @param request the authentication request (never <code>null</code>)
40: *
41: * @throws AuthenticationException if the user has exceeded their maximum allowed current sessions
42: */
43: void checkAuthenticationAllowed(Authentication request)
44: throws AuthenticationException;
45:
46: /**
47: * Called by an <code>AuthenticationManager</code> when the authentication was successful. An
48: * implementation is expected to register the authenticated user in some sort of registry, for future concurrent
49: * tracking via the {@link #checkAuthenticationAllowed(Authentication)} method.
50: *
51: * @param authentication the successfully authenticated user (never <code>null</code>)
52: */
53: void registerSuccessfulAuthentication(Authentication authentication);
54: }
|