Package org.apache.felix.webconsole.spi

Interface SecurityProvider

@ConsumerType public interface SecurityProvider
The SecurityProvider is a service interface allowing to use an external system to authenticate users before granting access to the Web Console.

Support for Jakarta servlets requires that the Jakarta Servlet API and the Apache Felix Http Wrappers are available in the runtime.

Since:
1.2.0

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    PROPERTY_ID
    Security providers can be registered with an optional id which can be used in the configuration of the webconsole to require this provider to be available.

  • Method Summary

    Modifier and Type
    Method
    Description
    Object
    authenticate(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
    Authenticates the given request or asks the client for credentials.
    boolean
    authorize(Object user, String role)
    Checks whether the authenticated user has the given role permission.
    void
    logout(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
    This method will be called by the web console when the user clicks the logout button.

  • Field Details

    • PROPERTY_ID

      static final String PROPERTY_ID
      Security providers can be registered with an optional id which can be used in the configuration of the webconsole to require this provider to be available.
      Since:
      1.3.0
      See Also:

  • Method Details

    • authorize

      boolean authorize(Object user, String role)
      Checks whether the authenticated user has the given role permission.
      Parameters:
      user - The object referring to the authenticated user. This is the object returned from the authenticate(HttpServletRequest, HttpServletResponse) method and will never be null.
      role - The requested role
      Returns:
      true if the user is given permission for the given role.

    • authenticate

      Object authenticate(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Authenticates the given request or asks the client for credentials.

      Implementations of this method are expected to respect and implement the semantics of the ServletContextHelper.handleSecurity method as specified in the OSGi HTTP Service specification.

      If this method returns an object (non null) it is assumed the request provided valid credentials identifying the user as accepted to access the web console.

      If this method returns null the request to the web console is terminated without any more response sent back to the client. That is the implementation is expected to have informed the client in case of non-granted access.

      Parameters:
      request - The request object
      response - The response object
      Returns:
      An object representing the user if the request provided valid credentials. Otherwise return null.

    • logout

      void logout(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      This method will be called by the web console when the user clicks the logout button. The security provider shouldn't invalidate the session, it will be invalidated after this method exits. However the security provider must delete any cookies or objects, that matters during the authorization process.
      Parameters:
      request - the request
      response - the response