src/java/org/eclipse/jetty/security/IdentityService.java

//
//  ========================================================================
//  Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
//  ------------------------------------------------------------------------
//  All rights reserved. This program and the accompanying materials
//  are made available under the terms of the Eclipse Public License v1.0
//  and Apache License v2.0 which accompanies this distribution.
//
//      The Eclipse Public License is available at
//      http://www.eclipse.org/legal/epl-v10.html
//
//      The Apache License v2.0 is available at
//      http://www.opensource.org/licenses/apache2.0.php
//
//  You may elect to redistribute this code under either of these licenses.
//  ========================================================================
//

package org.eclipse.jetty.security;

import java.security.Principal;

import javax.security.auth.Subject;

import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.UserIdentity;

/* ------------------------------------------------------------ */
/**
 * Associates UserIdentities from with threads and UserIdentity.Contexts.
 * 
 */
public interface IdentityService
{
    final static String[] NO_ROLES = new String[]{}; 
    
    /* ------------------------------------------------------------ */
    /**
     * Associate a user identity with the current thread.
     * This is called with as a thread enters the 
     * {@link SecurityHandler#handle(String, Request, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)}
     * method and then again with a null argument as that call exits.
     * @param user The current user or null for no user to associated.
     * @return an object representing the previous associated state
     */
    Object associate(UserIdentity user);
    
    /* ------------------------------------------------------------ */
    /** 
     * Disassociate the user identity from the current thread 
     * and restore previous identity.
     * @param previous The opaque object returned from a call to {@link IdentityService#associate(UserIdentity)}
     */
    void disassociate(Object previous);

    /* ------------------------------------------------------------ */
    /**
     * Associate a runas Token with the current user and thread.
     * @param user The UserIdentity
     * @param token The runAsToken to associate.
     * @return The previous runAsToken or null.
     */
    Object setRunAs(UserIdentity user, RunAsToken token);
    
    /* ------------------------------------------------------------ */
    /**
     * Disassociate the current runAsToken from the thread
     * and reassociate the previous token.
     * @param token RUNAS returned from previous associateRunAs call
     */
    void unsetRunAs(Object token);

    /* ------------------------------------------------------------ */
    /**
     * Create a new UserIdentity for use with this identity service.
     * The UserIdentity should be immutable and able to be cached.
     * 
     * @param subject Subject to include in UserIdentity
     * @param userPrincipal Principal to include in UserIdentity.  This will be returned from getUserPrincipal calls
     * @param roles set of roles to include in UserIdentity.
     * @return A new immutable UserIdententity
     */
    UserIdentity newUserIdentity(Subject subject, Principal userPrincipal, String[] roles);

    /* ------------------------------------------------------------ */
    /**
     * Create a new RunAsToken from a runAsName (normally a role).
     * @param runAsName Normally a role name
     * @return A new immutable RunAsToken
     */
    RunAsToken newRunAsToken(String runAsName);

    /* ------------------------------------------------------------ */
    UserIdentity getSystemUserIdentity();
}