opt/tomcat/tomcat-base/src/main/java/flex/messaging/security/TomcatLogin.java - flex-blazeds - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package flex.messaging.security;

 import java.security.Principal;
 import java.util.List;

 import javax.servlet.http.HttpServletRequest;

 /**
  * Interface to code in the Tomcat valve. This is needed because Tomcat has a classloader system
  * where code in a valve does not appear in the classloader that is used for servlets.
  * There is a commons area that both valves and servlets share and this interface
  * needs to be placed there.
  */
 public interface TomcatLogin {
     /**
      * Attempt to login user with the specified credentials.  Return a generated
      * Principal object if login were successful
      *
      * @param username username.
      * @param password credentials.
      * @param request  request via which this login attempt was made
      * @return Principal generated for user if login were successful
      */
     Principal login(String username, String password, HttpServletRequest request);

     /**
      * The gateway calls this method to perform programmatic authorization.
      * <p>
      * A typical implementation would simply iterate over the supplied roles and
      * check that atleast one of the roles returned true from a call to
      * HttpServletRequest.isUserInRole(String role).
      * </p>
      *
      * @param principal The principal being checked for authorization
      * @param roles     A List of role names to check, all members should be strings
      * @return true if the principal is authorized given the list of roles
      */
     boolean authorize(Principal principal, List roles);

     /**
      * Logs out the user associated with the passed-in request.
      *
      * @param request whose associated user is to be loged-out
      * @return true if logout were successful
      */
     boolean logout(HttpServletRequest request);

     /**
      * Classes that implement the flex.messaging.security.PrinciplaConverter interface, to convert a J2EE Principal to a
      * Flex Principal impl. A Flex Principal impl is specific to different Application Servers and will be used by Flex to
      * do security authorization check, which calls security framework API specific to Application Servers.
      */
     Principal convertPrincipal(Principal principal);
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package flex.messaging.security;

	import java.security.Principal;
	import java.util.List;

	import javax.servlet.http.HttpServletRequest;

	/**
	* Interface to code in the Tomcat valve. This is needed because Tomcat has a classloader system
	* where code in a valve does not appear in the classloader that is used for servlets.
	* There is a commons area that both valves and servlets share and this interface
	* needs to be placed there.
	*/
	public interface TomcatLogin {
	/**
	* Attempt to login user with the specified credentials. Return a generated
	* Principal object if login were successful
	*
	* @param username username.
	* @param password credentials.
	* @param request request via which this login attempt was made
	* @return Principal generated for user if login were successful
	*/
	Principal login(String username, String password, HttpServletRequest request);

	/**
	* The gateway calls this method to perform programmatic authorization.
	* <p>
	* A typical implementation would simply iterate over the supplied roles and
	* check that atleast one of the roles returned true from a call to
	* HttpServletRequest.isUserInRole(String role).
	* </p>
	*
	* @param principal The principal being checked for authorization
	* @param roles A List of role names to check, all members should be strings
	* @return true if the principal is authorized given the list of roles
	*/
	boolean authorize(Principal principal, List roles);

	/**
	* Logs out the user associated with the passed-in request.
	*
	* @param request whose associated user is to be loged-out
	* @return true if logout were successful
	*/
	boolean logout(HttpServletRequest request);

	/**
	* Classes that implement the flex.messaging.security.PrinciplaConverter interface, to convert a J2EE Principal to a
	* Flex Principal impl. A Flex Principal impl is specific to different Application Servers and will be used by Flex to
	* do security authorization check, which calls security framework API specific to Application Servers.
	*/
	Principal convertPrincipal(Principal principal);
	}