/* * $Header: /home/wistrand/cvs/knopflerfish.org/osgi/bundles/http/http/src/org/osgi/service/http/HttpContext.java,v 1.1.1.1 2004/03/05 20:35:10 wistrand Exp $ * * Copyright (c) The Open Services Gateway Initiative (2000, 2002). * All Rights Reserved. * * Implementation of certain elements of the Open Services Gateway Initiative * (OSGI) Specification may be subject to third party intellectual property * rights, including without limitation, patent rights (such a third party may * or may not be a member of OSGi). OSGi is not responsible and shall not be * held responsible in any manner for identifying or failing to identify any or * all such third party intellectual property rights. * * This document and the information contained herein are provided on an "AS * IS" basis and OSGI DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING * BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL * NOT INFRINGE ANY RIGHTS AND ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR * FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT WILL OSGI BE LIABLE FOR ANY * LOSS OF PROFITS, LOSS OF BUSINESS, LOSS OF USE OF DATA, INTERRUPTION OF * BUSINESS, OR FOR DIRECT, INDIRECT, SPECIAL OR EXEMPLARY, INCIDENTIAL, * PUNITIVE OR CONSEQUENTIAL DAMAGES OF ANY KIND IN CONNECTION WITH THIS * DOCUMENT OR THE INFORMATION CONTAINED HEREIN, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH LOSS OR DAMAGE. * * All Company, brand and product names may be trademarks that are the sole * property of their respective owners. All rights reserved. */ package org.osgi.service.http; import java.io.IOException; import java.net.URL; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * This interface defines methods * that the Http Service may call to get information about a registration. * *

Servlets and resources may be registered with an HttpContext * object; if no HttpContext object is specified, a default * HttpContext object is used. * Servlets that are registered using the same HttpContext object will * share the same ServletContext object. * *

This interface is implemented by users of the HttpService. * * @version $Revision: 1.1.1.1 $ * @author Open Services Gateway Initiative */ public abstract interface HttpContext { /** * HttpServletRequest attribute specifying the name of the * authenticated user. The value of the attribute can be retrieved * by HttpServletRequest.getRemoteUser. This attribute name is * org.osgi.service.http.authentication.remote.user. * @since 1.1 */ public static final String REMOTE_USER = "org.osgi.service.http.authentication.remote.user"; /** * HttpServletRequest attribute specifying the scheme used in * authentication. The value of the attribute can be retrieved by * HttpServletRequest.getAuthType. This attribute name is * org.osgi.service.http.authentication.type. * @since 1.1 */ public static final String AUTHENTICATION_TYPE = "org.osgi.service.http.authentication.type"; /** * HttpServletRequest attribute specifying the * Authorization object obtained from the * org.osgi.service.useradmin.UserAdmin service. The * value of the attribute can be retrieved by * HttpServletRequest.getAttribute(HttpContext.AUTHORIZATION). * This attribute name is * org.osgi.service.useradmin.authorization. * @since 1.1 */ public static final String AUTHORIZATION = "org.osgi.service.useradmin.authorization"; /** * Handles security for the specified request. * *

The Http Service calls this method prior to servicing the specified * request. * This method controls whether the request is processed in the normal * manner or an error is returned. * *

If the request requires authentication and the * Authorization header in the request * is missing or not acceptable, then this method should * set the WWW-Authenticate header in the response object, * set the status in the response object to Unauthorized(401) * and return false. * See also RFC 2617: * HTTP Authentication: Basic and Digest Access Authentication * (available at http://www.ietf.org/rfc/rfc2617.txt). * *

If the request requires a secure connection and the * getScheme method in the request * does not return 'https' or some other acceptable secure * protocol, then this method should * set the status in the response object to Forbidden(403) * and return false. * *

When this method returns false, * the Http Service will send the response back to the client, thereby * completing the request. * When this method returns true, * the Http Service will proceed with servicing the request. * *

If the specified request has been authenticated, this method must * set the {@link #AUTHENTICATION_TYPE} request attribute * to the type of authentication used, and the * {@link #REMOTE_USER} request attribute to the * remote user (request attributes are set using the * setAttribute method on the request). If this method does not * perform any authentication, it must not set these attributes. * *

If the authenticated user is also authorized to access * certain resources, this method must set the * {@link #AUTHORIZATION} request attribute to the * Authorization object obtained from the * org.osgi.service.useradmin.UserAdmin service. * *

The servlet responsible for servicing the specified * request determines the authentication type and remote user by * calling the getAuthType and getRemoteUser methods, * respectively, on the request. * * @param request the HTTP request * @param response the HTTP response * @return true if the request should be serviced, * false if the request should not be serviced * and Http Service will send the response back to the client. * @exception java.io.IOException may be thrown by this method. * If this occurs, the Http Service will terminate the request and close * the socket. */ public abstract boolean handleSecurity(HttpServletRequest request, HttpServletResponse response) throws IOException; /** * Maps a resource name to a URL. * *

Called by the Http Service to map a resource name to a URL. * For servlet registrations, Http Service will call this method * to support the ServletContext methods * getResource and getResourceAsStream. * For resource registrations, Http Service will call this method * to locate the named resource. * The context can control from where resources come. * For example, the resource can be mapped to a file * in the bundle's persistent storage area via * bundleContext.getDataFile(name).toURL() * or to a resource in the context's bundle via * getClass().getResource(name) * * @param name the name of the requested resource * @return URL that Http Service can use to read the resource * or null if the resource does not * exist. */ public abstract URL getResource(String name); /** * Maps a name to a MIME type. * * Called by the Http Service to determine the MIME type for the * name. For servlet registrations, the Http Service will call this method * to support the ServletContext method getMimeType. * For resource registrations, the Http Service will call this method * to determine the MIME type for the Content-Type * header in the response. * * @param name determine the MIME type for this name. * @return MIME type (e.g. text/html) of the name or * null to indicate that the Http Service should determine * the MIME type itself. */ public abstract String getMimeType(String name); }