authenticator.java.svn-base

用于JAVA的Web的权限过滤器

package dev.trade.common.securityfilter.authenticator;

import java.io.*;
import java.security.*;
import javax.servlet.*;
import javax.servlet.http.*;
import dev.trade.common.securityfilter.config.*;
import dev.trade.common.securityfilter.filter.*;

/**
 * <p>Title: 权限过滤器</p>
 *
 * <p>Description: 验证器的接口类</p>
 *
 * <p>Copyright: Copyright (c) 2006</p>
 *
 * <p>Company: </p>
 *
 * @author Zheng YanNan
 * @version 1.0
 */
public interface Authenticator{

  /**
   * 初始化验证器
   * @param filterConfig     过滤器配置(web.xml中的filter配置)
   * @param securityConfig   安全配置(securityfilter-config.xml)
   */
  public void init(FilterConfig filterConfig, SecurityConfig securityConfig) throws Exception;

  /**
   * 获取验证方式标识(如:BASIC, FORM, SSO 等)
   * @return String
   */
  public String getAuthMethod();

  /**
   * 登录处理流程, 一般流程：验证是否为登录提交页面，否返回false, true进行验证处理最后返回true;
   * @param request SecurityRequestWrapper
   * @param response HttpServletResponse
   * @param patternMatcher URLPatternMatcher
   * @return boolean  如果过滤器需要跳过返回true，否则返回 false
   * @throws Exception
   */
  public boolean checkAndDoLogin(SecurityRequest request, HttpServletResponse response,
      URLPatternMatcher patternMatcher) throws Exception;

  /**
   * 登录跳转流程, 用于处理需要用户登录时的跳转
   * @param request HttpServletRequest
   * @param response HttpServletResponse
   * @throws IOException
   */
  public void showLogin(HttpServletRequest request,
      HttpServletResponse response) throws Exception;

  /**
   * 登录验证失败流程, 用于处理需要没有权限访问指定资源时的跳转
   * @param request HttpServletRequest
   * @param response HttpServletResponse
   * @throws IOException
   */
  public void showForbidden(HttpServletRequest request,
      HttpServletResponse response) throws Exception;

  /**
   * 登出处理流程，一般流程：验证是否为登出操作页面，否返回false, true进行处理最后返回true;
   * @param request SecurityRequestWrapper
   * @param response HttpServletResponse
   * @param patternMatcher URLPatternMatcher
   * @return boolean
   * @throws Exception
   */
  public boolean checkAndDoLogout(SecurityRequest request, HttpServletResponse response,
      URLPatternMatcher patternMatcher) throws Exception;

  /**
   * 忽略URL验证, 如果当前URL无需权限验证，返回true
   * @param request SecurityRequestWrapper
   * @param patternMatcher URLPatternMatcher
   * @return boolean
   * @throws Exception
   */
  public boolean bypassSecurityForThisRequest(SecurityRequest request,
      URLPatternMatcher patternMatcher) throws Exception;

  /**
   * 验证一个用户(用户登录验证)
   * @param username a username
   * @param password a plain text password, as entered by the user
   * @return Principal  如果验证通过，返回一个Principal对象，否则为空
   */
//  public Principal authenticate(String username, String password);

  /**
   * 用户角色检测，通过返回true，否则返回false;
   * @param principal Principal
   * @param rolename String
   * @return boolean
   */
  public boolean isUserInRole(Principal principal, String rolename);

  /**
   * 检测指定的URI当前用户是否有权限访问
   * @param resName String         securityfilter-config.xml中配置的资源名称
   * @param principal Principal
   * @return boolean
   */
  public boolean isResourceAuthorized(Principal principal, String resName);

}