Package org.silverpeas.core.web.rs

Interface UserPrivilegeValidation

  • All Known Implementing Classes:
    UserPrivilegeValidator
    public interface UserPrivilegeValidation
    The behavior to validate the privilege of a user to access a resource or a contribution in Silverpeas through an HTTP connexion. For doing, a user can first to be authenticated in order to identify him behind an incoming HTTP request, then its access rights to targeted resource or contribution are checked. All implementors of such behaviour have to satisfy this interface.
    Author:
    mmoquillon

    • Field Detail

      • HTTP_SESSIONKEY

        static final String HTTP_SESSIONKEY
        The HTTP header parameter in an incoming request that carries the user session key. By the user session key could be passed a user token to perform a HTTP request without opening a session. This parameter isn't mandatory as the session key can be found from an active HTTP session. If neither HTTP session nor session key is available for the incoming request, user credentials must be passed in the standard HTTP header parameter Authorization.
        See Also:
        Constant Field Values

      • HTTP_ACCESS_TOKEN

        static final String HTTP_ACCESS_TOKEN
        The name of the standard URI query parameter and of the standard form-encoded parameter in an HTTP request to use in a token based authentication mechanism like for example OAuth2.
        See Also:
        Constant Field Values

      • HTTP_AUTHORIZATION

        static final String HTTP_AUTHORIZATION
        The standard HTTP header parameter in an incoming request that carries user credentials information in order to open an authorized connexion with the web service that backs the referred resource. This parameter must be used when requests aren't sent through an opened HTTP session. It should be the preferred way for a REST client to access resources in Silverpeas as it offers better scalability.
        See Also:
        Constant Field Values

    • Method Detail

      • validateUserAuthentication

        SessionInfo validateUserAuthentication​(javax.servlet.http.HttpServletRequest request,
                                       javax.servlet.http.HttpServletResponse response)
        Validates the authentication of the user at the origin of a web request.

        The validation checks first the user is already authenticated, then it has a valid opened session in Silverpeas. Otherwise, it attempts to open a new session for the user by using its credentials passed through the request (as an HTTP header). Once the authentication succeed, the identification of the user is done and detail about it can then be got, and the session information is set in the header(s) of the HTTP response. A runtime exception is thrown with an HTTP status code UNAUTHORIZED (401) at validation failure. The validation fails when one of the bellowed situation is occurring:

        • The user session key is invalid;
        • The user isn't authenticated and no credentials are passed with the request;
        • The user authentication failed.
        Parameters:
        request - the HTTP request from which the authentication of the caller can be done.
        response - the HTTP response that will be sent with the session information set in the header(s).
        Returns:
        the opened session of the user at the origin of the specified request.
        Throws:
        javax.ws.rs.WebApplicationException - exception if the validation failed.

      • skipLastUserAccessTimeRegistering

        UserPrivilegeValidation skipLastUserAccessTimeRegistering​(javax.servlet.http.HttpServletRequest request)
        Sets into the request attributes the property to skip the registering of the last access of the user.
        Parameters:
        request - the current request performed.
        Returns:
        itself.

      • validateUserAuthorizationOnComponentInstance

        void validateUserAuthorizationOnComponentInstance​(User user,
                                                  String instanceId)
        Validates the authorization of the specified user to access the component instance with the specified unique identifier.
        Parameters:
        user - the user for whom the authorization has to be validated.
        instanceId - the unique identifier of the accessed component instance.
        Throws:
        javax.ws.rs.WebApplicationException - exception if the validation failed.

      • validateUserAuthorizationOnAttachment

        void validateUserAuthorizationOnAttachment​(javax.servlet.http.HttpServletRequest request,
                                           User user,
                                           SimpleDocument doc)
        Validates the authorization of the specified user to access the specified attachment.
        Parameters:
        request - the HTTP request from which the authentication of the caller can be done.
        user - the user for whom the authorization has to be validated.
        doc - the document accessed.
        Throws:
        javax.ws.rs.WebApplicationException - exception if the validation failed.

      • validateUserAuthorizationOnPublication

        void validateUserAuthorizationOnPublication​(javax.servlet.http.HttpServletRequest request,
                                            User user,
                                            PublicationDetail publi)
        Validates the authorization of the specified user to access the specified publication.
        Parameters:
        request - the HTTP request from which the authentication of the caller can be done.
        user - the user for whom the authorization has to be validated.
        publi - the publication accessed.
        Throws:
        javax.ws.rs.WebApplicationException - exception if the validation failed.