01: /*
02: * NEMESIS-FORUM.
03: * Copyright (C) 2002 David Laurent(lithium2@free.fr). All rights reserved.
04: *
05: * Copyright (c) 2000 The Apache Software Foundation. All rights reserved.
06: *
07: * Copyright (C) 2001 Yasna.com. All rights reserved.
08: *
09: * Copyright (C) 2000 CoolServlets.com. All rights reserved.
10: *
11: * NEMESIS-FORUM. is free software; you can redistribute it and/or
12: * modify it under the terms of the Apache Software License, Version 1.1,
13: * or (at your option) any later version.
14: *
15: * NEMESIS-FORUM core framework, NEMESIS-FORUM backoffice, NEMESIS-FORUM frontoffice
16: * application are parts of NEMESIS-FORUM and are distributed under
17: * same terms of licence.
18: *
19: *
20: * NEMESIS-FORUM includes software developed by the Apache Software Foundation (http://www.apache.org/)
21: * and software developed by CoolServlets.com (http://www.coolservlets.com).
22: * and software developed by Yasna.com (http://www.yasna.com).
23: *
24: */
25: package org.nemesis.forum;
26:
27: /**
28: * Proves that a user has successfully logged in. The existence of an
29: * Authorization object indicates that a person has logged in correctly
30: * and has authentication to act as the user associated with the
31: * authentication. An instance of this object can be obtained from an
32: * AuthorizationFactory and must be passed in to to get an intstance of
33: * ForumFactory.
34: * <p>
35: * In the case of using the core forum services through a web interface, the
36: * expected behavior is to have a user login and then store the Authorization
37: * object in their session.
38: * <p>
39: * (Note by Matt) It's my opinion that this authorization method needs better
40: * security. At the moment, this method is certainly ok if forum skins
41: * can be trusted. However, the security goal has always been to protect as
42: * much as possible against malicious skins. Therefore, the implementation of
43: * this class will be changed in the near future to use signed objects. Some
44: * thought will have to be given to a public/private key management system, so
45: * I'm going to delay implementing it for now. This means -- be sure you can
46: * trust your skins!!
47: *
48: * @see AuthorizationFactory
49: * @see ForumFactory
50: */
51: public interface Authorization {
52:
53: /**
54: * Returns the userID associated with this Authorization.
55: */
56: public int getUserID();
57:
58: }
|