| // |
| // ======================================================================== |
| // Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd. |
| // ------------------------------------------------------------------------ |
| // All rights reserved. This program and the accompanying materials |
| // are made available under the terms of the Eclipse Public License v1.0 |
| // and Apache License v2.0 which accompanies this distribution. |
| // |
| // The Eclipse Public License is available at |
| // http://www.eclipse.org/legal/epl-v10.html |
| // |
| // The Apache License v2.0 is available at |
| // http://www.opensource.org/licenses/apache2.0.php |
| // |
| // You may elect to redistribute this code under either of these licenses. |
| // ======================================================================== |
| // |
| |
| package org.eclipse.jetty.server; |
| import java.security.Principal; |
| import java.util.Map; |
| |
| import javax.security.auth.Subject; |
| |
| /* ------------------------------------------------------------ */ |
| /** User object that encapsulates user identity and operations such as run-as-role actions, |
| * checking isUserInRole and getUserPrincipal. |
| * |
| * Implementations of UserIdentity should be immutable so that they may be |
| * cached by Authenticators and LoginServices. |
| * |
| */ |
| public interface UserIdentity |
| { |
| /* ------------------------------------------------------------ */ |
| /** |
| * @return The user subject |
| */ |
| Subject getSubject(); |
| |
| /* ------------------------------------------------------------ */ |
| /** |
| * @return The user principal |
| */ |
| Principal getUserPrincipal(); |
| |
| /* ------------------------------------------------------------ */ |
| /** Check if the user is in a role. |
| * This call is used to satisfy authorization calls from |
| * container code which will be using translated role names. |
| * @param role A role name. |
| * @param scope |
| * @return True if the user can act in that role. |
| */ |
| boolean isUserInRole(String role, Scope scope); |
| |
| |
| /* ------------------------------------------------------------ */ |
| /** |
| * A UserIdentity Scope. |
| * A scope is the environment in which a User Identity is to |
| * be interpreted. Typically it is set by the target servlet of |
| * a request. |
| */ |
| interface Scope |
| { |
| /* ------------------------------------------------------------ */ |
| /** |
| * @return The context path that the identity is being considered within |
| */ |
| String getContextPath(); |
| |
| /* ------------------------------------------------------------ */ |
| /** |
| * @return The name of the identity context. Typically this is the servlet name. |
| */ |
| String getName(); |
| |
| /* ------------------------------------------------------------ */ |
| /** |
| * @return A map of role reference names that converts from names used by application code |
| * to names used by the context deployment. |
| */ |
| Map<String,String> getRoleRefMap(); |
| } |
| |
| /* ------------------------------------------------------------ */ |
| public interface UnauthenticatedUserIdentity extends UserIdentity |
| { |
| } |
| |
| /* ------------------------------------------------------------ */ |
| public static final UserIdentity UNAUTHENTICATED_IDENTITY = new UnauthenticatedUserIdentity() |
| { |
| public Subject getSubject() |
| { |
| return null; |
| } |
| |
| public Principal getUserPrincipal() |
| { |
| return null; |
| } |
| |
| public boolean isUserInRole(String role, Scope scope) |
| { |
| return false; |
| } |
| |
| @Override |
| public String toString() |
| { |
| return "UNAUTHENTICATED"; |
| } |
| }; |
| } |
