View Javadoc

1   package com.atlassian.sal.api.websudo;
2   
3   import javax.servlet.http.HttpServletRequest;
4   import javax.servlet.http.HttpServletResponse;
5   
6   /**
7    * Allows the client to request WebSudo protection from the host application.
8    * <p/>
9    * <p/>
10   * Usage pattern:
11   * <pre>
12   *  @Override
13   * public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
14   * {
15   *      try {
16   *          webSudoManager.willExecuteWebSudoRequest(request);
17   *          // do something
18   *      } catch(WebSudoSessionException wes) {
19   *          webSudoManager.enforceWebSudoProtection(request, response);
20   *      }
21   * }
22   * </pre>
23   *
24   * @since 2.2
25   */
26  public interface WebSudoManager
27  {
28  
29      /**
30       * Check whether this request can be executed. This checks if the request is already part of
31       * a WebSudo session or if WebSudo is enabled at all.
32       * <p/> Calling this method has no side effects.
33       *
34       * @param request the current {@link HttpServletRequest}
35       * @return {@code true} if this request is protected by a WebSudo session or WebSudo is disabled, {@code false} otherwise.
36       */
37      boolean canExecuteRequest(HttpServletRequest request);
38  
39      /**
40       * Ensure that the current request is protected by a WebSudo session. Typically this will result in a redirect
41       * to a WebSudo form which in turn redirects to the original request.
42       * <p/>
43       * This is a no op if this request is already
44       * protected by a WebSudo session (i.e. {@link #canExecuteRequest(javax.servlet.http.HttpServletRequest)} would return true).
45       *
46       * @param request  the current {@link HttpServletRequest}
47       * @param response the current {@link HttpServletResponse}
48       */
49      void enforceWebSudoProtection(HttpServletRequest request, HttpServletResponse response);
50  
51      /**
52       * Mark the current request as a request for a WebSudo protected resource.
53       * <p/>
54       * Throws a {@link WebSudoSessionException} if the current {@code request} is not protected by WebSudo.
55       * <p/>
56       * This notifies the host application that the {@code request} is a request for a WebSudp protected resource.  
57       *
58       * @param request  the current {@link HttpServletRequest}
59       * @throws WebSudoSessionException if the current {@code request} is not protected by WebSudo.
60       * @since 2.2.0-beta10
61       */
62      void willExecuteWebSudoRequest(HttpServletRequest request) throws WebSudoSessionException;
63  }