View Javadoc
1   package com.atlassian.sal.api.websudo;
2   
3   import javax.servlet.http.HttpServletRequest;
4   import javax.servlet.http.HttpServletResponse;
5   
6   /**
7    * Allows the client to request WebSudo protection from the host application.
8    * <p>
9    * Usage pattern:
10   * <pre>
11   * public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
12   * {
13   *      try {
14   *          webSudoManager.willExecuteWebSudoRequest(request);
15   *          // do something
16   *      } catch(WebSudoSessionException wes) {
17   *          webSudoManager.enforceWebSudoProtection(request, response);
18   *      }
19   * }
20   * </pre>
21   *
22   * @since 2.2
23   */
24  public interface WebSudoManager {
25  
26      /**
27       * Check whether this request can be executed. This checks if the request is already part of
28       * a WebSudo session or if WebSudo is enabled at all.
29       * <p> Calling this method has no side effects.
30       *
31       * @param request the current {@link HttpServletRequest}
32       * @return {@code true} if this request is protected by a WebSudo session or WebSudo is disabled, {@code false} otherwise.
33       */
34      boolean canExecuteRequest(HttpServletRequest request);
35  
36      /**
37       * Ensure that the current request is protected by a WebSudo session. Typically this will result in a redirect
38       * to a WebSudo form which in turn redirects to the original request.
39       * <p>
40       * This is a no op if this request is already
41       * protected by a WebSudo session (i.e. {@link #canExecuteRequest(javax.servlet.http.HttpServletRequest)} would return true).
42       *
43       * @param request  the current {@link HttpServletRequest}
44       * @param response the current {@link HttpServletResponse}
45       */
46      void enforceWebSudoProtection(HttpServletRequest request, HttpServletResponse response);
47  
48      /**
49       * Mark the current request as a request for a WebSudo protected resource.
50       * <p>
51       * Throws a {@link WebSudoSessionException} if the current {@code request} is not protected by WebSudo.
52       * <p>
53       * This notifies the host application that the {@code request} is a request for a WebSudp protected resource.
54       *
55       * @param request the current {@link HttpServletRequest}
56       * @throws WebSudoSessionException if the current {@code request} is not protected by WebSudo.
57       * @since 2.2.0-beta10
58       */
59      void willExecuteWebSudoRequest(HttpServletRequest request) throws WebSudoSessionException;
60  }