View Javadoc

1   package com.atlassian.sal.api.auth;
2   
3   import javax.servlet.http.HttpServletRequest;
4   import javax.servlet.http.HttpServletResponse;
5   
6   /**
7    * Allows the underlying framework to take some actions on authentication events.
8    *
9    * @since 2.0
10   */
11  public interface AuthenticationListener
12  {
13      /**
14       * <p>
15       * Called when the signature is validated and the user is resolved and permissions are verified.  Responsible
16       * for preparing the HTTP request or session such that the application sees the user as logged in for the rest of
17       * this request.
18       * </p>
19       *
20       * <p>
21       * Will also be called in the event of a "verified" request - where the request has been verified to come from a
22       * remote system that is trusted due to 2LO but where an impersonating user is not configured.
23       * </p>
24       *
25       * @param result   Authentication result containing the user
26       * @param request  Current HTTP request being processed
27       * @param response HTTP response for the current request, provided so the application can set any headers it might
28       *                 need set
29       */
30      void authenticationSuccess(Authenticator.Result result, HttpServletRequest request, HttpServletResponse response);
31  
32      /**
33       * Called when the signature cannot be validated or the user cannot be resolved or does not have permission
34       * to access the resource.
35       *
36       * @param result   Authentication result containing the details of the failure
37       * @param request  Current HTTP request being processed
38       * @param response HTTP response for the current request, provided so the application can set any headers it might
39       *                 need set
40       */
41      void authenticationFailure(Authenticator.Result result, HttpServletRequest request, HttpServletResponse response);
42  
43      /**
44       * Called when there is a failure in trying to process the request, such as an IO failure.
45       *
46       * @param result   Authentication result containing the details of the error
47       * @param request  Current HTTP request being processed
48       * @param response HTTP response for the current request, provided so the application can set any headers it might
49       *                 need set
50       */
51      void authenticationError(Authenticator.Result result, HttpServletRequest request, HttpServletResponse response);
52  
53      /**
54       * Called if it was determined that authentication should not be attempted, usually because the
55       * {@link AuthenticationController#shouldAttemptAuthentication(HttpServletRequest)} returned {@code false}.
56       *
57       * @param request  Current HTTP request being processed
58       * @param response HTTP response for the current request, provided so the application can set any headers it might
59       *                 need set
60       */
61      void authenticationNotAttempted(HttpServletRequest request, HttpServletResponse response);
62  }