1 /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited 2 * 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 package org.springframework.security; 17 18 /** 19 * Processes an {@link Authentication} request. 20 * 21 * @author Ben Alex 22 * @version $Id: AuthenticationManager.java 2217 2007-10-27 00:45:30Z luke_t $ 23 */ 24 public interface AuthenticationManager { 25 //~ Methods ======================================================================================================== 26 27 /** 28 * Attempts to authenticate the passed {@link Authentication} object, returning a fully populated 29 * <code>Authentication</code> object (including granted authorities) if successful.<p>An 30 * <code>AuthenticationManager</code> must honour the following contract concerning exceptions:</p> 31 * <p>A {@link DisabledException} must be thrown if an account is disabled and the 32 * <code>AuthenticationManager</code> can test for this state.</p> 33 * <p>A {@link LockedException} must be thrown if an account is locked and the 34 * <code>AuthenticationManager</code> can test for account locking.</p> 35 * <p>A {@link BadCredentialsException} must be thrown if incorrect credentials are presented. Whilst the 36 * above exceptions are optional, an <code>AuthenticationManager</code> must <B>always</B> test credentials.</p> 37 * <p>Exceptions should be tested for and if applicable thrown in the order expressed above (ie if an 38 * account is disabled or locked, the authentication request is immediately rejected and the credentials testing 39 * process is not performed). This prevents credentials being tested against disabled or locked accounts.</p> 40 * 41 * @param authentication the authentication request object 42 * 43 * @return a fully authenticated object including credentials 44 * 45 * @throws AuthenticationException if authentication fails 46 */ 47 Authentication authenticate(Authentication authentication) 48 throws AuthenticationException; 49 }