1 // 2 // ======================================================================== 3 // Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd. 4 // ------------------------------------------------------------------------ 5 // All rights reserved. This program and the accompanying materials 6 // are made available under the terms of the Eclipse Public License v1.0 7 // and Apache License v2.0 which accompanies this distribution. 8 // 9 // The Eclipse Public License is available at 10 // http://www.eclipse.org/legal/epl-v10.html 11 // 12 // The Apache License v2.0 is available at 13 // http://www.opensource.org/licenses/apache2.0.php 14 // 15 // You may elect to redistribute this code under either of these licenses. 16 // ======================================================================== 17 // 18 19 package org.eclipse.jetty.server; 20 import java.security.Principal; 21 import java.util.Map; 22 23 import javax.security.auth.Subject; 24 25 /* ------------------------------------------------------------ */ 26 /** User object that encapsulates user identity and operations such as run-as-role actions, 27 * checking isUserInRole and getUserPrincipal. 28 * 29 * Implementations of UserIdentity should be immutable so that they may be 30 * cached by Authenticators and LoginServices. 31 * 32 */ 33 public interface UserIdentity 34 { 35 /* ------------------------------------------------------------ */ 36 /** 37 * @return The user subject 38 */ getSubject()39 Subject getSubject(); 40 41 /* ------------------------------------------------------------ */ 42 /** 43 * @return The user principal 44 */ getUserPrincipal()45 Principal getUserPrincipal(); 46 47 /* ------------------------------------------------------------ */ 48 /** Check if the user is in a role. 49 * This call is used to satisfy authorization calls from 50 * container code which will be using translated role names. 51 * @param role A role name. 52 * @param scope 53 * @return True if the user can act in that role. 54 */ isUserInRole(String role, Scope scope)55 boolean isUserInRole(String role, Scope scope); 56 57 58 /* ------------------------------------------------------------ */ 59 /** 60 * A UserIdentity Scope. 61 * A scope is the environment in which a User Identity is to 62 * be interpreted. Typically it is set by the target servlet of 63 * a request. 64 */ 65 interface Scope 66 { 67 /* ------------------------------------------------------------ */ 68 /** 69 * @return The context path that the identity is being considered within 70 */ getContextPath()71 String getContextPath(); 72 73 /* ------------------------------------------------------------ */ 74 /** 75 * @return The name of the identity context. Typically this is the servlet name. 76 */ getName()77 String getName(); 78 79 /* ------------------------------------------------------------ */ 80 /** 81 * @return A map of role reference names that converts from names used by application code 82 * to names used by the context deployment. 83 */ getRoleRefMap()84 Map<String,String> getRoleRefMap(); 85 } 86 87 /* ------------------------------------------------------------ */ 88 public interface UnauthenticatedUserIdentity extends UserIdentity 89 { 90 } 91 92 /* ------------------------------------------------------------ */ 93 public static final UserIdentity UNAUTHENTICATED_IDENTITY = new UnauthenticatedUserIdentity() 94 { 95 public Subject getSubject() 96 { 97 return null; 98 } 99 100 public Principal getUserPrincipal() 101 { 102 return null; 103 } 104 105 public boolean isUserInRole(String role, Scope scope) 106 { 107 return false; 108 } 109 110 @Override 111 public String toString() 112 { 113 return "UNAUTHENTICATED"; 114 } 115 }; 116 } 117