Package com.atlassian.confluence.security.websudo

Interface WebSudoManager

All Known Implementing Classes:
DefaultWebSudoManager
public interface WebSudoManager
Manages the WebSudo related access to Request, Response and Session objects and provides a method to determine if Servlets or Struts actions should be WebSudo protected.

  • Method Summary

    Modifier and Type
    Method
    Description
    URI
    buildAuthenticationRedirectUri(jakarta.servlet.http.HttpServletRequest request)
     
    boolean
    canExecuteRequest(jakarta.servlet.http.HttpServletRequest httpServletRequest)
     
    void
    enforceWebSudoProtection(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
     
    boolean
    hasValidSession(@Nullable jakarta.servlet.http.HttpSession session)
    Check if this is a valid WebSudo session.
    void
    invalidateSession(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
    Invalidate the current WebSudo session.
    boolean
    isEnabled()
     
    boolean
    isWebSudoRequest(@Nullable jakarta.servlet.http.HttpServletRequest request)
    Checks if the request is a WebSudo request.
    void
    markWebSudoRequest(@Nullable jakarta.servlet.http.HttpServletRequest request)
    Marks the request as a request for a WebSudo resource.
    boolean
    matches(String requestServletPath, Class<?> actionClass, Method method)
    Check if a Class method should be WebSudo protected for a given request servlet path
    void
    startSession(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
    Start a new WebSudo session.

  • Method Details

    • isEnabled

      boolean isEnabled()
      Returns:
      true if WebSudo is enabled, false otherwise.

    • matches

      boolean matches(String requestServletPath, Class<?> actionClass, Method method)
      Check if a Class method should be WebSudo protected for a given request servlet path
      Parameters:
      requestServletPath - the request servlet path
      actionClass - Action or Servlet class
      method - Name of method on class being executed
      Returns:
      true if the Class method should be WebSudo protected, false otherwise.

    • hasValidSession

      boolean hasValidSession(@Nullable jakarta.servlet.http.HttpSession session)
      Check if this is a valid WebSudo session.
      Parameters:
      session - the current HttpSession. Can be null
      Returns:
      true if the HttpSession is a WebSudo session.

    • isWebSudoRequest

      boolean isWebSudoRequest(@Nullable jakarta.servlet.http.HttpServletRequest request)
      Checks if the request is a WebSudo request.
      Parameters:
      request - the current HttpServletRequest
      Returns:
      true if the current request is requesting a WebSudo protected web resource, false otherwise.
      Since:
      3.4

    • startSession

      void startSession(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Start a new WebSudo session. Creates a new HttpSession if necessary.
      Parameters:
      request - the current HttpServletRequest
      response - the current HttpServletResponse
      Since:
      3.4

    • markWebSudoRequest

      void markWebSudoRequest(@Nullable jakarta.servlet.http.HttpServletRequest request)
      Marks the request as a request for a WebSudo resource.
      Parameters:
      request - the current HttpServletRequest
      Since:
      3.4

    • invalidateSession

      void invalidateSession(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Invalidate the current WebSudo session. This does NOT invalidate the HttpSession.
      Parameters:
      request - the current HttpServletRequest
      response - the current HttpServletResponse
      Since:
      3.4

    • buildAuthenticationRedirectUri

      URI buildAuthenticationRedirectUri(jakarta.servlet.http.HttpServletRequest request)

    • canExecuteRequest

      boolean canExecuteRequest(jakarta.servlet.http.HttpServletRequest httpServletRequest)
      Since:
      9.3
      See Also:
      • WebSudoManager.canExecuteRequest(HttpServletRequest)

    • enforceWebSudoProtection

      void enforceWebSudoProtection(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws IOException
      Throws:
      IOException
      Since:
      9.3
      See Also:
      • WebSudoManager.enforceWebSudoProtection(HttpServletRequest, HttpServletResponse)