X509AuthoritiesPopulator xref

View Javadoc

1   /* Copyright 2004, 2005 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity.providers.x509;
17  
18  import org.acegisecurity.AuthenticationException;
19  import org.acegisecurity.userdetails.UserDetails;
20  
21  import java.security.cert.X509Certificate;
22  
23  /***
24   * Populates the <code>UserDetails</code> associated with the X.509
25   * certificate presented by a client.
26   * <p>
27   * Although the certificate will already have been validated by the web container,
28   * implementations may choose to perform additional application-specific checks on
29   * the certificate content here. If an implementation chooses to reject the certificate,
30   * it should throw a {@link org.acegisecurity.BadCredentialsException}.
31   * </p>
32   *
33   * @author Luke
34   */
35  public interface X509AuthoritiesPopulator {
36      /***
37       * Obtains the granted authorities for the specified user.
38       *
39       * <p>
40       * May throw any <code>AuthenticationException</code> or return
41       * <code>null</code> if the authorities are unavailable.
42       * </p>
43       *
44       * @param userCertificate the X.509 certificate supplied
45       *
46       * @return the details of the indicated user (at minimum the granted
47       *         authorities and the username)
48       *
49       * @throws org.acegisecurity.AuthenticationException if the user details are not available
50       *  or the certificate isn't valid for the application's purpose.
51       */
52      UserDetails getUserDetails(X509Certificate userCertificate)
53          throws AuthenticationException;
54  
55  }