1 /**
2 * Created by IntelliJ IDEA.
3 * User: Administrator
4 * Date: Nov 26, 2002
5 * Time: 12:48:18 PM
6 * To change this template use Options | File Templates.
7 */
8 package com.atlassian.seraph.auth;
9
10 import com.atlassian.seraph.Initable;
11
12 import javax.servlet.http.HttpServletRequest;
13 import java.security.Principal;
14
15 /**
16 * Determines whether an authenticated user has a "role" (permission) within the system, and specifically, whether
17 * they have permission to log in to the system.
18 * <p>
19 * In applications using Seraph, role assignment is typically done by checking for membership of certain groups, eg:
20 * <ul>
21 * <li>hasRole() implementation will map between group membership (eg. 'administrators' group) and roles (eg. 'delete_user', 'see_admin_pages').
22 * <li>canLogin() implementation checks for membership of a global "users" group, thus allowing existing users' access to a
23 * site to be revoked by removal from the "users" group.
24 * </ul>
25 */
26 public interface RoleMapper extends Initable
27 {
28 boolean hasRole(Principal user, HttpServletRequest request, String role);
29
30 boolean canLogin(Principal user, HttpServletRequest request);
31 }