com.atlassian.jira.security.auth
Interface AuthorisationManager

All Known Implementing Classes:
AuthorisationManagerImpl

public interface AuthorisationManager

Provides Authorisation of the user to a request. Called as part of the Seraph waltz!


Method Summary
 boolean authoriseForLogin(ApplicationUser user, javax.servlet.http.HttpServletRequest httpServletRequest)
          Called to ask whether a user (non null always) is authorised to perform the given request as a login event
 boolean authoriseForRole(ApplicationUser user, javax.servlet.http.HttpServletRequest httpServletRequest, String role)
          Called to ask whether a user (non null always) is authorised to perform the given request as a login event
 Set<String> getRequiredRoles(javax.servlet.http.HttpServletRequest httpServletRequest)
          Gets the set of role strings that are examined by Seraph to decide if a user is authorised to execute a request.
 

Method Detail

authoriseForLogin

boolean authoriseForLogin(@Nonnull
                          ApplicationUser user,
                          javax.servlet.http.HttpServletRequest httpServletRequest)
Called to ask whether a user (non null always) is authorised to perform the given request as a login event

Parameters:
user - a non null user
httpServletRequest - the request in play
Returns:
true if they are authorised to perform the request

getRequiredRoles

Set<String> getRequiredRoles(javax.servlet.http.HttpServletRequest httpServletRequest)
Gets the set of role strings that are examined by Seraph to decide if a user is authorised to execute a request.

Parameters:
httpServletRequest - the request in play
Returns:
a set of roles

authoriseForRole

boolean authoriseForRole(@Nullable
                         ApplicationUser user,
                         javax.servlet.http.HttpServletRequest httpServletRequest,
                         String role)
Called to ask whether a user (non null always) is authorised to perform the given request as a login event

Parameters:
user - a possibly null user
httpServletRequest - the request in play
role - one or more of the roles that was given out during getRequiredRoles(javax.servlet.http.HttpServletRequest)
Returns:
true if they are authorised to perform the request


Copyright © 2002-2014 Atlassian. All Rights Reserved.