@PublicSpi
public interface Authorisation
They WILL be called for every request so you should make sure your authoriation check is somewhat performant.
Modifier and Type | Interface and Description |
---|---|
static class |
Authorisation.Decision
When deciding whether to authorise a request, you can either grant it, deny or abstain from a decision
|
Modifier and Type | Method and Description |
---|---|
Authorisation.Decision |
authoriseForLogin(ApplicationUser user,
javax.servlet.http.HttpServletRequest httpServletRequest)
Called to ask whether a user is authorised to perform the given request when trying to login and estblish a new
session with JIRA.
|
Authorisation.Decision |
authoriseForRole(ApplicationUser user,
javax.servlet.http.HttpServletRequest httpServletRequest,
String role)
This is called by the security layers to ask whether a user is authorised to perform the given request with the
provided role string.
|
Set<String> |
getRequiredRoles(javax.servlet.http.HttpServletRequest httpServletRequest)
This is called by the security layers to get a set of role strings that are required for this request.
|
Authorisation.Decision authoriseForLogin(@Nonnull ApplicationUser user, javax.servlet.http.HttpServletRequest httpServletRequest)
At this stage the user has been authenticated by not authorised to login.
user
- a non null user that has been authenticatedhttpServletRequest
- the request in playSet<String> getRequiredRoles(javax.servlet.http.HttpServletRequest httpServletRequest)
#authoriseForRole(com.atlassian.crowd.embedded.api.User,
javax.servlet.http.HttpServletRequest, String)
will be called to decide if they are in fact authorised to
execute this request.
NOTE : If you give off a role MUST answer when you are called back via #authoriseForRole(com.atlassian.crowd.embedded.api.User, javax.servlet.http.HttpServletRequest, String)
.
httpServletRequest
- the request in playAuthorisation.Decision authoriseForRole(@Nullable ApplicationUser user, javax.servlet.http.HttpServletRequest httpServletRequest, String role)
You may be called with role strings that you did not give out. In this case you should ABSTAIN from a decision.
user
- a user that may be nullhttpServletRequest
- the request in playCopyright © 2002-2021 Atlassian. All Rights Reserved.