The contracts

package com.ai.aspire.authentication;
import javax.servlet.http.*;

public interface IAuthentication 
{
   public boolean verifyPassword(final String userid, final String passwd ) 
      throws AuthorizationException;
      
   public boolean isAccessAllowed(final String userid, final String resource )
      throws AuthorizationException;
} 

public interface IAuthentication1 extends IAuthentication
{
   public boolean isAccessAllowed(final String userid
                                 , HttpServletRequest request
                                  ,HttpServletResponse response)
      throws AuthorizationException;
} 

public interface IAuthentication1 extends IAuthentication
{
   public boolean isAccessAllowed(final String userid
                                 , HttpServletRequest request
                                  ,HttpServletResponse response)
      throws AuthorizationException;
} 

public interface IAuthentication2 extends IAuthentication1
{
   public boolean isAPublicURL(HttpServletRequest request
                                  ,HttpServletResponse response)
      throws AuthorizationException;
}

Aggregated contract

public interface IAuthentication2 extends IAuthentication1
{
   //from original
   public boolean verifyPassword(final String userid, final String passwd ) 
      throws AuthorizationException;
      
   public boolean isAccessAllowed(final String userid, final String resource )
      throws AuthorizationException;
	  
   //from 1
   public boolean isAccessAllowed(final String userid
                                 , HttpServletRequest request
                                  ,HttpServletResponse response)
      throws AuthorizationException;

   //from 2	  
   public boolean isAPublicURL(HttpServletRequest request
                                  ,HttpServletResponse response)
      throws AuthorizationException;
}

Known derived classes

TrivialAuthentication
SimpleDBAuthentication1