View Javadoc

1   package com.atlassian.sal.api.websudo;
2   
3   import javax.servlet.http.HttpServletRequest;
4   import javax.servlet.http.HttpServletResponse;
5   
6   /**
7    * Allows the client to request WebSudo protection from the host application.
8    * <p/>
9    * <p/>
10   * Usage pattern:
11   * <pre>
12   *  @Override
13   * public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
14   * {
15   *      try {
16   *          webSudoManager.willExecuteWebSudoRequest(request);
17   *          // do something
18   *      } catch(WebSudoSessionException wes) {
19   *          webSudoManager.enforceWebSudoProtection(request, response);
20   *      }
21   * }
22   * </pre>
23   *
24   * @since 2.2
25   */
26  public interface WebSudoManager {
27  
28      /**
29       * Check whether this request can be executed. This checks if the request is already part of
30       * a WebSudo session or if WebSudo is enabled at all.
31       * <p/> Calling this method has no side effects.
32       *
33       * @param request the current {@link HttpServletRequest}
34       * @return {@code true} if this request is protected by a WebSudo session or WebSudo is disabled, {@code false} otherwise.
35       */
36      boolean canExecuteRequest(HttpServletRequest request);
37  
38      /**
39       * Ensure that the current request is protected by a WebSudo session. Typically this will result in a redirect
40       * to a WebSudo form which in turn redirects to the original request.
41       * <p/>
42       * This is a no op if this request is already
43       * protected by a WebSudo session (i.e. {@link #canExecuteRequest(javax.servlet.http.HttpServletRequest)} would return true).
44       *
45       * @param request  the current {@link HttpServletRequest}
46       * @param response the current {@link HttpServletResponse}
47       */
48      void enforceWebSudoProtection(HttpServletRequest request, HttpServletResponse response);
49  
50      /**
51       * Mark the current request as a request for a WebSudo protected resource.
52       * <p/>
53       * Throws a {@link WebSudoSessionException} if the current {@code request} is not protected by WebSudo.
54       * <p/>
55       * This notifies the host application that the {@code request} is a request for a WebSudp protected resource.
56       *
57       * @param request the current {@link HttpServletRequest}
58       * @throws WebSudoSessionException if the current {@code request} is not protected by WebSudo.
59       * @since 2.2.0-beta10
60       */
61      void willExecuteWebSudoRequest(HttpServletRequest request) throws WebSudoSessionException;
62  }