View Javadoc
1   /*
2    * Copyright (c) 2002-2025, City of Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.portal.service.security;
35  
36  import java.util.Collection;
37  
38  import javax.security.auth.login.LoginException;
39  
40  import javax.servlet.http.HttpServletRequest;
41  
42  /**
43   * This Interface defines all methods required by an authentication service password is not valid
44   */
45  public interface LuteceAuthentication
46  {
47      /**
48       * Gets the Authentification service name
49       * 
50       * @return The Service Name
51       */
52      String getAuthServiceName( );
53  
54      /**
55       * Gets the Authentification type
56       * 
57       * @param request
58       *            The HTTP request
59       * @return The type of authentication
60       */
61      String getAuthType( HttpServletRequest request );
62  
63      /**
64       * Checks the login
65       *
66       * @param strUserName
67       *            The username
68       * @param strUserPassword
69       *            The user's password
70       * @param request
71       *            The HttpServletRequest
72       * @return The login
73       * @throws LoginException
74       *             If a Login error occured
75       * @throws LoginRedirectException
76       *             If the the login process should be redirected
77       */
78      LuteceUser login( final String strUserName, final String strUserPassword, HttpServletRequest request ) throws LoginException, LoginRedirectException;
79  
80      /**
81       * logout the user
82       * 
83       * @param user
84       *            The user
85       */
86      void logout( LuteceUser user );
87  
88      /**
89       * Checks if a user's password has been reset
90       * 
91       * @param request
92       *            The request
93       * @param strLogin
94       *            the login
95       * @return True if the password has been reset, false otherwise
96       */
97      boolean findResetPassword( HttpServletRequest request, String strLogin );
98  
99      /**
100      * This method creates an anonymous user
101      *
102      * @return A LuteceUser object corresponding to an anonymous user
103      */
104     LuteceUser getAnonymousUser( );
105 
106     /**
107      * Checks that the current user is associated to a given role
108      * 
109      * @param user
110      *            The user
111      * @param request
112      *            The HTTP request
113      * @param strRole
114      *            The role name
115      * @return Returns true if the user is associated to the role, otherwise false
116      */
117     boolean isUserInRole( LuteceUser user, HttpServletRequest request, String strRole );
118 
119     /**
120      * get all roles for this user : - user's roles - user's groups roles
121      *
122      * @param user
123      *            The user
124      * @return Array of roles
125      */
126     String [ ] getRolesByUser( LuteceUser user );
127 
128     /**
129      * Indicates that the user should be already authenticated by an external authentication service (ex : Web Server authentication).
130      * 
131      * @return true if the authentication is external, false if the authentication is provided by the Lutece portal.
132      */
133     boolean isExternalAuthentication( );
134 
135     /**
136      * Authentication is done by remote system (like OAuth)
137      * 
138      * @return <code>true</code> if part of the authentication if done by external website, <code>false</code> otherwise.
139      */
140     boolean isDelegatedAuthentication( );
141 
142     /**
143      * Returns a Lutece user object if the user is already authenticated in the Http request. This method should return null if the user is not authenticated or
144      * if the authentication service is not based on Http authentication.
145      * 
146      * @param request
147      *            The HTTP request
148      * @return Returns A Lutece User
149      */
150     LuteceUser getHttpAuthenticatedUser( HttpServletRequest request );
151 
152     /**
153      * Returns the Login page URL of the Authentication Service
154      * 
155      * @return The URL
156      */
157     String getLoginPageUrl( );
158 
159     /**
160      * Returns the DoLogin URL of the Authentication Service
161      * 
162      * @return The URL
163      */
164     String getDoLoginUrl( );
165 
166     /**
167      * Returns the DoLogout URL of the Authentication Service
168      * 
169      * @return The URL
170      */
171     String getDoLogoutUrl( );
172 
173     /**
174      * Returns the new account page URL of the Authentication Service
175      * 
176      * @return The URL
177      */
178     String getNewAccountPageUrl( );
179 
180     /**
181      * Returns the view account page URL of the Authentication Service
182      * 
183      * @return The URL
184      */
185     String getViewAccountPageUrl( );
186 
187     /**
188      * Returns the lost password URL of the Authentication Service
189      * 
190      * @return The URL
191      */
192     String getLostPasswordPageUrl( );
193 
194     /**
195      * Returns the lost login URL of the Authentication Service
196      * 
197      * @return The URL
198      */
199     String getLostLoginPageUrl( );
200 
201     /**
202      * Returns the reset password URL of the Authentication Service
203      * 
204      * @param request
205      *            the HTTP request
206      * @return The URL
207      */
208     String getResetPasswordPageUrl( HttpServletRequest request );
209 
210     /**
211      * Returns the template that contains the Access Denied message.
212      * 
213      * @return The template path
214      */
215     String getAccessDeniedTemplate( );
216 
217     /**
218      * Returns the template that contains the Access Controled message.
219      * 
220      * @return The template path
221      */
222     String getAccessControledTemplate( );
223 
224     /**
225      * Tells whether or not the authentication service can provide a list of all its users
226      * 
227      * @return true if the service can return a users list
228      */
229     boolean isUsersListAvailable( );
230 
231     /**
232      * Returns all users managed by the authentication service if this feature is available.
233      * 
234      * @return A collection of Lutece users or null if the service doesn't provide a users list
235      */
236     Collection<LuteceUser> getUsers( );
237 
238     /**
239      * Returns user managed by the authentication service if this feature is available.
240      * 
241      * @param strUserLogin
242      *            the user login
243      * @return A Lutece user or null if the service doesn't provide LuteceUser
244      */
245     LuteceUser getUser( String strUserLogin );
246 
247     /**
248      * <b>true</b> when the service provides multi authentication support
249      * 
250      * @return <code>true</code> if multi authentication is supported, <code>false</code> otherwise.
251      */
252     boolean isMultiAuthenticationSupported( );
253 
254     /**
255      * Icon url
256      * 
257      * @return icon url
258      */
259     String getIconUrl( );
260 
261     /**
262      * Used as Identifier. <b>MUST </b>be unique.
263      * 
264      * @return the identifier
265      */
266     String getName( );
267 
268     /**
269      * Returns the plugin name. <br>
270      * Used to show (or not) this authentication depending on the plugin status .
271      * 
272      * @return the plugin name
273      */
274     String getPluginName( );
275 
276     /**
277      * Update the last login date of a user
278      * 
279      * @param user
280      *            User to update
281      * @param request
282      *            The request
283      */
284     void updateDateLastLogin( LuteceUser user, HttpServletRequest request );
285 }