1 /*
2 * Copyright (c) 2002-2014, Mairie de Paris
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright notice
10 * and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright notice
13 * and the following disclaimer in the documentation and/or other materials
14 * provided with the distribution.
15 *
16 * 3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17 * contributors may be used to endorse or promote products derived from
18 * this software without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30 * POSSIBILITY OF SUCH DAMAGE.
31 *
32 * License 1.0
33 */
34 package fr.paris.lutece.portal.service.security;
35
36 import java.util.Collection;
37
38 import javax.security.auth.login.LoginException;
39
40 import javax.servlet.http.HttpServletRequest;
41
42
43 /**
44 * This Interface defines all methods required by an authentication service password is not valid
45 */
46 public interface LuteceAuthentication
47 {
48 /**
49 * Gets the Authentification service name
50 * @return The Service Name
51 */
52 String getAuthServiceName( );
53
54 /**
55 * Gets the Authentification type
56 * @param request The HTTP request
57 * @return The type of authentication
58 */
59 String getAuthType( HttpServletRequest request );
60
61 /**
62 * Checks the login
63 *
64 * @param strUserName The username
65 * @param strUserPassword The user's password
66 * @param request The HttpServletRequest
67 * @return The login
68 * @throws LoginException If a Login error occured
69 * @throws LoginRedirectException If the the login process should be redirected
70 */
71 LuteceUser login( final String strUserName, final String strUserPassword, HttpServletRequest request )
72 throws LoginException, LoginRedirectException;
73
74 /**
75 * logout the user
76 * @param user The user
77 */
78 void logout( LuteceUser user );
79
80 /**
81 * Checks if a user's password has been reset
82 * @param request The request
83 * @param strLogin the login
84 * @return True if the password has been reset, false otherwise
85 */
86 boolean findResetPassword( HttpServletRequest request, String strLogin );
87
88 /**
89 * This method creates an anonymous user
90 *
91 * @return A LuteceUser object corresponding to an anonymous user
92 */
93 LuteceUser getAnonymousUser( );
94
95 /**
96 * Checks that the current user is associated to a given role
97 * @param user The user
98 * @param request The HTTP request
99 * @param strRole The role name
100 * @return Returns true if the user is associated to the role, otherwise false
101 */
102 boolean isUserInRole( LuteceUser user, HttpServletRequest request, String strRole );
103
104 /**
105 * get all roles for this user :
106 * - user's roles
107 * - user's groups roles
108 *
109 * @param user The user
110 * @return Array of roles
111 */
112 String[] getRolesByUser( LuteceUser user );
113
114 /**
115 * Indicates that the user should be already authenticated by an external
116 * authentication service (ex : Web Server authentication).
117 * @return true if the authentication is external, false if the authentication
118 * is provided by the Lutece portal.
119 */
120 boolean isExternalAuthentication( );
121
122 /**
123 * Authentication is done by remote system (like OAuth)
124 * @return <code>true</code> if part of the authentication if done by external website,
125 * <code>false</code> otherwise.
126 */
127 boolean isDelegatedAuthentication( );
128
129 /**
130 * Returns a Lutece user object if the user is already authenticated in the Http request.
131 * This method should return null if the user is not authenticated or if
132 * the authentication service is not based on Http authentication.
133 * @param request The HTTP request
134 * @return Returns A Lutece User
135 */
136 LuteceUser getHttpAuthenticatedUser( HttpServletRequest request );
137
138 /**
139 * Returns the Login page URL of the Authentication Service
140 * @return The URL
141 */
142 String getLoginPageUrl( );
143
144 /**
145 * Returns the DoLogin URL of the Authentication Service
146 * @return The URL
147 */
148 String getDoLoginUrl( );
149
150 /**
151 * Returns the DoLogout URL of the Authentication Service
152 * @return The URL
153 */
154 String getDoLogoutUrl( );
155
156 /**
157 * Returns the new account page URL of the Authentication Service
158 * @return The URL
159 */
160 String getNewAccountPageUrl( );
161
162 /**
163 * Returns the view account page URL of the Authentication Service
164 * @return The URL
165 */
166 String getViewAccountPageUrl( );
167
168 /**
169 * Returns the lost password URL of the Authentication Service
170 * @return The URL
171 */
172 String getLostPasswordPageUrl( );
173
174 /**
175 * Returns the lost login URL of the Authentication Service
176 * @return The URL
177 */
178 String getLostLoginPageUrl( );
179
180 /**
181 * Returns the reset password URL of the Authentication Service
182 * @param request the HTTP request
183 * @return The URL
184 */
185 String getResetPasswordPageUrl( HttpServletRequest request );
186
187 /**
188 * Returns the template that contains the Access Denied message.
189 * @return The template path
190 */
191 String getAccessDeniedTemplate( );
192
193 /**
194 * Returns the template that contains the Access Controled message.
195 * @return The template path
196 */
197 String getAccessControledTemplate( );
198
199 /**
200 * Tells whether or not the authentication service can provide a list of all its users
201 * @return true if the service can return a users list
202 */
203 boolean isUsersListAvailable( );
204
205 /**
206 * Returns all users managed by the authentication service if this feature is
207 * available.
208 * @return A collection of Lutece users or null if the service doesn't provide a users list
209 */
210 Collection<LuteceUser> getUsers( );
211
212 /**
213 * Returns user managed by the authentication service if this feature is available.
214 * @param strUserLogin the user login
215 * @return A Lutece user or null if the service doesn't provide LuteceUser
216 */
217 LuteceUser getUser( String strUserLogin );
218
219 /**
220 * <b>true</b> when the service provides multi authentication support
221 * @return <code>true</code> if multi authentication is supported, <code>false</code> otherwise.
222 */
223 boolean isMultiAuthenticationSupported( );
224
225 /**
226 * Icon url
227 * @return icon url
228 */
229 String getIconUrl( );
230
231 /**
232 * Used as Identifier. <b>MUST </b>be unique.
233 * @return the identifier
234 */
235 String getName( );
236
237 /**
238 * Returns the plugin name.
239 * <br>
240 * Used to show (or not) this authentication depending on the plugin status .
241 * @return the plugin name
242 */
243 String getPluginName( );
244
245 /**
246 * Update the last login date of a user
247 * @param user User to update
248 * @param request The request
249 */
250 void updateDateLastLogin( LuteceUser user, HttpServletRequest request );
251 }