www.pudn.com > SecurityFilter.rar > Authenticator.java

package dev.trade.common.securityfilter.authenticator; 
 
import java.io.*; 
import java.security.*; 
import javax.servlet.*; 
import javax.servlet.http.*; 
import dev.trade.common.securityfilter.config.*; 
import dev.trade.common.securityfilter.filter.*; 
 
/** 
 * 
Title: 权限过滤器
 
 * 
 * 
Description: 验证器的接口类
 
 * 
 * 
Copyright: Copyright (c) 2006
 
 * 
 * 
Company: 
 
 * 
 * @author Zheng YanNan 
 * @version 1.0 
 */ 
public interface Authenticator{ 
 
  /** 
   * 初始化验证器 
   * @param filterConfig     过滤器配置(web.xml中的filter配置) 
   * @param securityConfig   安全配置(securityfilter-config.xml) 
   */ 
  public void init(FilterConfig filterConfig, SecurityConfig securityConfig) throws Exception; 
 
  /** 
   * 获取验证方式标识(如:BASIC, FORM, SSO 等) 
   * @return String 
   */ 
  public String getAuthMethod(); 
 
  /** 
   * 登录处理流程, 一般流程：验证是否为登录提交页面，否返回false, true进行验证处理最后返回true; 
   * @param request SecurityRequestWrapper 
   * @param response HttpServletResponse 
   * @param patternMatcher URLPatternMatcher 
   * @return boolean  如果过滤器需要跳过返回true，否则返回 false 
   * @throws Exception 
   */ 
  public boolean checkAndDoLogin(SecurityRequest request, HttpServletResponse response, 
      URLPatternMatcher patternMatcher) throws Exception; 
 
  /** 
   * 登录跳转流程, 用于处理需要用户登录时的跳转 
   * @param request HttpServletRequest 
   * @param response HttpServletResponse 
   * @throws IOException 
   */ 
  public void showLogin(HttpServletRequest request, 
      HttpServletResponse response) throws Exception; 
 
  /** 
   * 登录验证失败流程, 用于处理需要没有权限访问指定资源时的跳转 
   * @param request HttpServletRequest 
   * @param response HttpServletResponse 
   * @throws IOException 
   */ 
  public void showForbidden(HttpServletRequest request, 
      HttpServletResponse response) throws Exception; 
 
  /** 
   * 登出处理流程，一般流程：验证是否为登出操作页面，否返回false, true进行处理最后返回true; 
   * @param request SecurityRequestWrapper 
   * @param response HttpServletResponse 
   * @param patternMatcher URLPatternMatcher 
   * @return boolean 
   * @throws Exception 
   */ 
  public boolean checkAndDoLogout(SecurityRequest request, HttpServletResponse response, 
      URLPatternMatcher patternMatcher) throws Exception; 
 
  /** 
   * 忽略URL验证, 如果当前URL无需权限验证，返回true 
   * @param request SecurityRequestWrapper 
   * @param patternMatcher URLPatternMatcher 
   * @return boolean 
   * @throws Exception 
   */ 
  public boolean bypassSecurityForThisRequest(SecurityRequest request, 
      URLPatternMatcher patternMatcher) throws Exception; 
 
  /** 
   * 验证一个用户(用户登录验证) 
   * @param username a username 
   * @param password a plain text password, as entered by the user 
   * @return Principal  如果验证通过，返回一个Principal对象，否则为空 
   */ 
//  public Principal authenticate(String username, String password); 
 
  /** 
   * 用户角色检测，通过返回true，否则返回false; 
   * @param principal Principal 
   * @param rolename String 
   * @return boolean 
   */ 
  public boolean isUserInRole(Principal principal, String rolename); 
 
  /** 
   * 检测指定的URI当前用户是否有权限访问 
   * @param resName String         securityfilter-config.xml中配置的资源名称 
   * @param principal Principal 
   * @return boolean 
   */ 
  public boolean isResourceAuthorized(Principal principal, String resName); 
 
}