@PublicSpi public interface

Authorisation

com.atlassian.jira.security.auth.Authorisation
Known Indirect Subclasses

@PublicSpi

This interface is designed for plugins to implement.

Clients of @PublicSpi can expect that programs compiled against a given version will remain binary compatible with later versions of the @PublicSpi as per each product's API policy (clients should refer to each product's API policy for the exact guarantee -- usually binary compatibility is guaranteed at least across minor versions).

Note: @PublicSpi interfaces and classes are specifically designed to be implemented/extended by clients. Hence, the guarantee of binary compatibility is different to that of @PublicApi elements (if an element is both @PublicApi and @PublicSpi, both guarantees apply).

Class Overview

Implementations of this interface can indicate whether a user is authorised to perform a given request.

They WILL be called for every request so you should make sure your authoriation check is somewhat performant.

Summary

Nested Classes
enum Authorisation.Decision When deciding whether to authorise a request, you can either grant it, deny or abstain from a decision  
Public Methods
Authorisation.Decision authoriseForLogin(User user, HttpServletRequest httpServletRequest)
Called to ask whether a user is authorised to perform the given request when trying to login and estblish a new session with JIRA.
Authorisation.Decision authoriseForRole(User user, HttpServletRequest httpServletRequest, String role)
This is called by the security layers to ask whether a user is authorised to perform the given request with the provided role string.
Set<String> getRequiredRoles(HttpServletRequest httpServletRequest)
This is called by the security layers to get a set of role strings that are required for this request.

Public Methods

public Authorisation.Decision authoriseForLogin (User user, HttpServletRequest httpServletRequest)

Called to ask whether a user is authorised to perform the given request when trying to login and estblish a new session with JIRA.

At this stage the user has been authenticated by not authorised to login.

Parameters
user a non null user that has been authenticated
httpServletRequest the request in play
Returns
  • a decision on authorisation

public Authorisation.Decision authoriseForRole (User user, HttpServletRequest httpServletRequest, String role)

This is called by the security layers to ask whether a user is authorised to perform the given request with the provided role string.

You may be called with role strings that you did not give out. In this case you should ABSTAIN from a decision.

Parameters
user a user that may be null
httpServletRequest the request in play
Returns
  • a decision on authorisation

public Set<String> getRequiredRoles (HttpServletRequest httpServletRequest)

This is called by the security layers to get a set of role strings that are required for this request. Once a user has been set into the authentication context then authoriseForRole(com.atlassian.crowd.embedded.api.User, javax.servlet.http.HttpServletRequest, String) will be called to decide if they are in fact authorised to execute this request. NOTE : If you give off a role MUST answer when you are called back via authoriseForRole(com.atlassian.crowd.embedded.api.User, javax.servlet.http.HttpServletRequest, String).

Parameters
httpServletRequest the request in play
Returns
  • a decision on authorisation