001: /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
002: *
003: * Licensed under the Apache License, Version 2.0 (the "License");
004: * you may not use this file except in compliance with the License.
005: * You may obtain a copy of the License at
006: *
007: * http://www.apache.org/licenses/LICENSE-2.0
008: *
009: * Unless required by applicable law or agreed to in writing, software
010: * distributed under the License is distributed on an "AS IS" BASIS,
011: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
012: * See the License for the specific language governing permissions and
013: * limitations under the License.
014: */
015:
016: package org.acegisecurity;
017:
018: import java.io.Serializable;
019:
020: import java.security.Principal;
021:
022: /**
023: * Represents an authentication request.
024: *
025: * <p>
026: * An <code>Authentication</code> object is not considered authenticated until
027: * it is processed by an {@link AuthenticationManager}.
028: * </p>
029: *
030: * <p>
031: * Stored in a request {@link org.acegisecurity.context.SecurityContext}.
032: * </p>
033: *
034: * @author Ben Alex
035: * @version $Id: Authentication.java 1784 2007-02-24 21:00:24Z luke_t $
036: */
037: public interface Authentication extends Principal, Serializable {
038: //~ Methods ========================================================================================================
039:
040: /**
041: * Set by an <code>AuthenticationManager</code> to indicate the authorities that the principal has been
042: * granted. Note that classes should not rely on this value as being valid unless it has been set by a trusted
043: * <code>AuthenticationManager</code>.<p>Implementations should ensure that modifications to the returned
044: * array do not affect the state of the Authentication object (e.g. by returning an array copy).</p>
045: *
046: * @return the authorities granted to the principal, or <code>null</code> if authentication has not been completed
047: */
048: GrantedAuthority[] getAuthorities();
049:
050: /**
051: * The credentials that prove the principal is correct. This is usually a password, but could be anything
052: * relevant to the <code>AuthenticationManager</code>. Callers are expected to populate the credentials.
053: *
054: * @return the credentials that prove the identity of the <code>Principal</code>
055: */
056: Object getCredentials();
057:
058: /**
059: * Stores additional details about the authentication request. These might be an IP address, certificate
060: * serial number etc.
061: *
062: * @return additional details about the authentication request, or <code>null</code> if not used
063: */
064: Object getDetails();
065:
066: /**
067: * The identity of the principal being authenticated. This is usually a username. Callers are expected to
068: * populate the principal.
069: *
070: * @return the <code>Principal</code> being authenticated
071: */
072: Object getPrincipal();
073:
074: /**
075: * Used to indicate to <code>AbstractSecurityInterceptor</code> whether it should present the
076: * authentication token to the <code>AuthenticationManager</code>. Typically an <code>AuthenticationManager</code>
077: * (or, more often, one of its <code>AuthenticationProvider</code>s) will return an immutable authentication token
078: * after successful authentication, in which case that token can safely return <code>true</code> to this method.
079: * Returning <code>true</code> will improve performance, as calling the <code>AuthenticationManager</code> for
080: * every request will no longer be necessary.<p>For security reasons, implementations of this interface
081: * should be very careful about returning <code>true</code> to this method unless they are either immutable, or
082: * have some way of ensuring the properties have not been changed since original creation.</p>
083: *
084: * @return true if the token has been authenticated and the <code>AbstractSecurityInterceptor</code> does not need
085: * to represent the token for re-authentication to the <code>AuthenticationManager</code>
086: */
087: boolean isAuthenticated();
088:
089: /**
090: * See {@link #isAuthenticated()} for a full description.<p>Implementations should <b>always</b> allow this
091: * method to be called with a <code>false</code> parameter, as this is used by various classes to specify the
092: * authentication token should not be trusted. If an implementation wishes to reject an invocation with a
093: * <code>true</code> parameter (which would indicate the authentication token is trusted - a potential security
094: * risk) the implementation should throw an {@link IllegalArgumentException}.</p>
095: *
096: * @param isAuthenticated <code>true</code> if the token should be trusted (which may result in an exception) or
097: * <code>false</code> if the token should not be trusted
098: *
099: * @throws IllegalArgumentException if an attempt to make the authentication token trusted (by passing
100: * <code>true</code> as the argument) is rejected due to the implementation being immutable or
101: * implementing its own alternative approach to {@link #isAuthenticated()}
102: */
103: void setAuthenticated(boolean isAuthenticated)
104: throws IllegalArgumentException;
105: }
|