View Javadoc

1   /*
2    * Copyright (c) 2004 UNINETT FAS
3    *
4    * This program is free software; you can redistribute it and/or modify it
5    * under the terms of the GNU General Public License as published by the Free
6    * Software Foundation; either version 2 of the License, or (at your option)
7    * any later version.
8    *
9    * This program is distributed in the hope that it will be useful, but WITHOUT
10   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11   * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
12   * more details.
13   *
14   * You should have received a copy of the GNU General Public License along with
15   * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
16   * Place - Suite 330, Boston, MA 02111-1307, USA.
17   *
18   * $Id: Authentication.java,v 1.7 2005/06/20 14:40:33 catoolsen Exp $
19   */
20  
21  package no.feide.moria.webservices.v2_1;
22  
23  import java.rmi.Remote;
24  
25  import no.feide.moria.servlet.soap.SOAPException;
26  
27  
28  /***
29   * @author Bjørn Ola Smievoll <b.o.smievoll@conduct.no>
30   * @version $Revision: 1.7 $
31   */
32  public interface Authentication extends Remote {
33  
34      /***
35       * Initiates authentication.
36       *
37       * The initial call done by a service to start a login attempt.
38       *
39       * @param attributes
40       *          The attributes the service wants returned on login
41       * @param returnURLPrefix
42       *          The prefix of the url the user is to be returned to
43       * @param returnURLPostfix
44       *          The optional postfix of the return url
45       * @param forceInteractiveAuthentication
46       *          Whether or not cookie based authentication (SSO Light)
47       *          should be allowed.
48       * @return The Moria url the client is to be redirected to.
49       * @throws SOAPException
50       *          If anything fails during the call.
51       */
52      String initiateAuthentication(String[] attributes, String returnURLPrefix, String returnURLPostfix,
53                                    boolean forceInteractiveAuthentication)
54      throws SOAPException;
55  
56      /***
57       * Performs direct non-interactive authentication.
58       *
59       * A redirect- and html-less login method.  Only to be used in
60       * special cases where the client for some reason does not
61       * support the standard login procedure.  Inherently insecure as
62       * the service will have knowledge of the plaintext password.
63       *
64       * @param attributes
65       *          The attributes the service wants returned on login.
66       * @param username
67       *          The user name of the user to be authenticated.
68       * @param password
69       *          The password of the user to be authenticated.
70       * @return Array of attributes as requested.
71       * @throws SOAPException
72       *          If anything fails during the call.
73       */
74      Attribute[] directNonInteractiveAuthentication(String[] attributes, String username, String password)
75      throws SOAPException;
76  
77      /***
78       * Performs proxy authentication.
79       *
80       * Called by a subsystem to authenticate a user.
81       *
82       * @param attributes
83       *          The attributes the service wants returned on login.
84       * @param proxyTicket
85       *          The proxy ticket given to the calling system by its initiator.
86       * @return Array of attributes as requested.
87       * @throws SOAPException
88       *          If anything fails during the call.
89       */
90      Attribute[] proxyAuthentication(String[] attributes, String proxyTicket)
91      throws SOAPException;
92  
93      /***
94       * Gets a proxy ticket.
95       *
96       * A service may as part of the initial attribute request ask for
97       * a ticket granting ticket that later may be used in this call.
98       *
99       * The returned proxy ticket is to be handed over to the specified
100      * underlying system and may be used by that system only
101      * to authenticate the request.
102      *
103      * @param ticketGrantingTicket
104      *          A TGT that has been issued previously.
105      * @param proxyServicePrincipal
106      *          The service which the proxy ticket should be issued for.
107      * @return A proxy ticket.
108      * @throws SOAPException
109      *          If anything fails during the call.
110      */
111     String getProxyTicket(String ticketGrantingTicket, String proxyServicePrincipal)
112     throws SOAPException;
113 
114     /***
115      * Gets user attributes.
116      *
117      * Called by the service when the user returns after a successful
118      * login.
119      *
120      * @param serviceTicket
121      *          The ticket included in the return request issued by the client.
122      * @return Array of attributes as requested in initiateAuthentication.
123      * @throws SOAPException
124      *          If anything fails during the call.
125      */
126     Attribute[] getUserAttributes(String serviceTicket)
127     throws SOAPException;
128 
129     /***
130      * Verifies the existence of a given user in the underlying directories.
131      *
132      * @param username
133      *          The username to be validated.
134      * @return true if the user is found.
135      * @throws SOAPException
136      *          If anything fails during the call.
137      */
138     boolean verifyUserExistence(String username)
139     throws SOAPException;
140 }