001 /*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements. See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership. The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License. You may obtain a copy of the License at
009 *
010 * http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing,
013 * software distributed under the License is distributed on an
014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 * KIND, either express or implied. See the License for the
016 * specific language governing permissions and limitations
017 * under the License.
018 */
019 package org.tynamo.security.services;
020
021 import org.apache.shiro.subject.Subject;
022
023 /**
024 * General interface for work with shiro api.
025 *
026 */
027 public interface SecurityService {
028
029 Subject getSubject();
030
031 /**
032 * Return true only if the current user has executed a <b>successful</b> authentication attempt
033 * <em>during their current session</em>.
034 *
035 * <p>This is more restrictive than the {@link #isUser()}, which only
036 * ensures the current user is known to the system, either via a current login or from Remember Me services,
037 * which only makes the assumption that the current user is who they say they are, and does not guarantee it like
038 * this method does.
039 **/
040 boolean isAuthenticated();
041
042 /**
043 * Return true only if the current user has <em>not</em> executed a successful authentication
044 * attempt <em>during their current session</em>.
045 *
046 * <p>The logically opposite tag of this one is the {@link #isAuthenticated()}.
047 */
048 boolean isNotAuthenticated();
049
050
051 /**
052 *
053 * Return true if the current user known to the system, either from a successful login attempt
054 * (not necessarily during the current session) or from 'RememberMe' services.
055 *
056 * <p><b>Note:</b> This is <em>less</em> restrictive than the {@link #isAuthenticated()} since it only assumes
057 * the user is who they say they are, either via a current session login <em>or</em> via Remember Me services, which
058 * makes no guarantee the user is who they say they are. The {@link #isAuthenticated()} however
059 * guarantees that the current user has logged in <em>during their current session</em>, proving they really are
060 * who they say they are.
061 *
062 * <p>The logically opposite method of this one is the {@link #isGuest()}.
063 */
064 boolean isUser();
065
066 /**
067 * Return true if the current user <em>is not</em> known to the system, either because they
068 * haven't logged in yet, or because they have no 'RememberMe' identity.
069 *
070 * <p>The logically opposite method of this one is the {@link #isUser()}. Please read that class's JavaDoc as it explains
071 * more about the differences between Authenticated/Unauthenticated and User/Guest semantic differences.
072 **/
073 boolean isGuest();
074
075 /**
076 * Return true if the current user has any of the roles specified.
077 */
078 boolean hasAnyRoles(String roles);
079
080 boolean hasAllRoles(String roles);
081
082
083 boolean hasPermission(String permission);
084
085 boolean hasAnyPermissions(String permissions);
086
087 boolean hasAllPermissions(String permissions);
088
089 boolean hasRole(String role);
090
091 boolean isLacksPermission(String permission);
092
093 boolean isLacksRole(String role);
094
095 }