View Javadoc

1   package com.atlassian.sal.api.auth;
2   
3   import javax.servlet.http.HttpServletRequest;
4   import javax.servlet.http.HttpServletResponse;
5   
6   /**
7    * Allows the underlying framework to take some actions on authentication events.
8    *
9    * @since 2.0
10   */
11  public interface AuthenticationListener {
12      /**
13       * <p>
14       * Called when the signature is validated and the user is resolved and permissions are verified.  Responsible
15       * for preparing the HTTP request or session such that the application sees the user as logged in for the rest of
16       * this request.
17       * </p>
18       *
19       * <p>
20       * Will also be called in the event of a "verified" request - where the request has been verified to come from a
21       * remote system that is trusted due to 2LO but where an impersonating user is not configured.
22       * </p>
23       *
24       * @param result   Authentication result containing the user
25       * @param request  Current HTTP request being processed
26       * @param response HTTP response for the current request, provided so the application can set any headers it might
27       *                 need set
28       */
29      void authenticationSuccess(Authenticator.Result result, HttpServletRequest request, HttpServletResponse response);
30  
31      /**
32       * Called when the signature cannot be validated or the user cannot be resolved or does not have permission
33       * to access the resource.
34       *
35       * @param result   Authentication result containing the details of the failure
36       * @param request  Current HTTP request being processed
37       * @param response HTTP response for the current request, provided so the application can set any headers it might
38       *                 need set
39       */
40      void authenticationFailure(Authenticator.Result result, HttpServletRequest request, HttpServletResponse response);
41  
42      /**
43       * Called when there is a failure in trying to process the request, such as an IO failure.
44       *
45       * @param result   Authentication result containing the details of the error
46       * @param request  Current HTTP request being processed
47       * @param response HTTP response for the current request, provided so the application can set any headers it might
48       *                 need set
49       */
50      void authenticationError(Authenticator.Result result, HttpServletRequest request, HttpServletResponse response);
51  
52      /**
53       * Called if it was determined that authentication should not be attempted, usually because the
54       * {@link AuthenticationController#shouldAttemptAuthentication(HttpServletRequest)} returned {@code false}.
55       *
56       * @param request  Current HTTP request being processed
57       * @param response HTTP response for the current request, provided so the application can set any headers it might
58       *                 need set
59       */
60      void authenticationNotAttempted(HttpServletRequest request, HttpServletResponse response);
61  }