Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.atlassian.jira.security.auth
Interface Authorisation

All Known Implementing Classes:
ReferenceAuthorisation
@PublicSpi
public interface Authorisation

Implementations of this interface can indicate whether a user is authorised to perform a given request.

They WILL be called for every request so you should make sure your authoriation check is somewhat performant.

Since:
5.2.3

Nested Class Summary
static class Authorisation.Decision
          When deciding whether to authorise a request, you can either grant it, deny or abstain from a decision
 
Method Summary
 Authorisation.Decision authoriseForLogin(com.atlassian.crowd.embedded.api.User user, javax.servlet.http.HttpServletRequest httpServletRequest)
          Called to ask whether a user is authorised to perform the given request when trying to login and estblish a new session with JIRA.
 Authorisation.Decision authoriseForRole(com.atlassian.crowd.embedded.api.User user, javax.servlet.http.HttpServletRequest httpServletRequest, String role)
          This is called by the security layers to ask whether a user is authorised to perform the given request with the provided role string.
 Set<String> getRequiredRoles(javax.servlet.http.HttpServletRequest httpServletRequest)
          This is called by the security layers to get a set of role strings that are required for this request.
 

Method Detail

authoriseForLogin

Authorisation.Decision authoriseForLogin(@Nonnull
                                         com.atlassian.crowd.embedded.api.User user,
                                         javax.servlet.http.HttpServletRequest httpServletRequest)
Called to ask whether a user is authorised to perform the given request when trying to login and estblish a new session with JIRA.

At this stage the user has been authenticated by not authorised to login.

Parameters:
user - a non null user that has been authenticated
httpServletRequest - the request in play
Returns:
a decision on authorisation

getRequiredRoles

Set<String> getRequiredRoles(javax.servlet.http.HttpServletRequest httpServletRequest)
This is called by the security layers to get a set of role strings that are required for this request. Once a user has been set into the authentication context then authoriseForRole(com.atlassian.crowd.embedded.api.User, javax.servlet.http.HttpServletRequest, String) will be called to decide if they are in fact authorised to execute this request. NOTE : If you give off a role MUST answer when you are called back via authoriseForRole(com.atlassian.crowd.embedded.api.User, javax.servlet.http.HttpServletRequest, String).

Parameters:
httpServletRequest - the request in play
Returns:
a decision on authorisation

authoriseForRole

Authorisation.Decision authoriseForRole(@Nullable
                                        com.atlassian.crowd.embedded.api.User user,
                                        javax.servlet.http.HttpServletRequest httpServletRequest,
                                        String role)
This is called by the security layers to ask whether a user is authorised to perform the given request with the provided role string.

You may be called with role strings that you did not give out. In this case you should ABSTAIN from a decision.

Parameters:
user - a user that may be null
httpServletRequest - the request in play
Returns:
a decision on authorisation
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2002-2014 Atlassian. All Rights Reserved.