1 // ========================================================================
2 // Copyright (c) 2008-2009 Mort Bay Consulting Pty. Ltd.
3 // ------------------------------------------------------------------------
4 // All rights reserved. This program and the accompanying materials
5 // are made available under the terms of the Eclipse Public License v1.0
6 // and Apache License v2.0 which accompanies this distribution.
7 // The Eclipse Public License is available at
8 // http://www.eclipse.org/legal/epl-v10.html
9 // The Apache License v2.0 is available at
10 // http://www.opensource.org/licenses/apache2.0.php
11 // You may elect to redistribute this code under either of these licenses.
12 // ========================================================================
13
14 package org.eclipse.jetty.security;
15
16 import java.security.Principal;
17
18 import javax.security.auth.Subject;
19
20 import org.eclipse.jetty.server.Request;
21 import org.eclipse.jetty.server.UserIdentity;
22
23 /* ------------------------------------------------------------ */
24 /**
25 * Associates UserIdentities from with threads and UserIdentity.Contexts.
26 *
27 */
28 public interface IdentityService
29 {
30 final static String[] NO_ROLES = new String[]{};
31
32 /* ------------------------------------------------------------ */
33 /**
34 * Associate a user identity with the current thread.
35 * This is called with as a thread enters the
36 * {@link SecurityHandler#handle(String, Request, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)}
37 * method and then again with a null argument as that call exits.
38 * @param user The current user or null for no user to associated.
39 * @return an object representing the previous associated state
40 */
41 Object associate(UserIdentity user);
42
43 /* ------------------------------------------------------------ */
44 /**
45 * Disassociate the user identity from the current thread
46 * and restore previous identity.
47 * @param previous The opaque object returned from a call to {@link IdentityService#associate(UserIdentity)}
48 */
49 void disassociate(Object previous);
50
51 /* ------------------------------------------------------------ */
52 /**
53 * Associate a runas Token with the current user and thread.
54 * @param user The UserIdentity
55 * @param token The runAsToken to associate.
56 * @return The previous runAsToken or null.
57 */
58 Object setRunAs(UserIdentity user, RunAsToken token);
59
60 /* ------------------------------------------------------------ */
61 /**
62 * Disassociate the current runAsToken from the thread
63 * and reassociate the previous token.
64 * @param token RUNAS returned from previous associateRunAs call
65 */
66 void unsetRunAs(Object token);
67
68 /* ------------------------------------------------------------ */
69 /**
70 * Create a new UserIdentity for use with this identity service.
71 * The UserIdentity should be immutable and able to be cached.
72 *
73 * @param subject Subject to include in UserIdentity
74 * @param userPrincipal Principal to include in UserIdentity. This will be returned from getUserPrincipal calls
75 * @param roles set of roles to include in UserIdentity.
76 * @return A new immutable UserIdententity
77 */
78 UserIdentity newUserIdentity(Subject subject, Principal userPrincipal, String[] roles);
79
80 /* ------------------------------------------------------------ */
81 /**
82 * Create a new RunAsToken from a runAsName (normally a role).
83 * @param runAsName Normally a role name
84 * @return A new immutable RunAsToken
85 */
86 RunAsToken newRunAsToken(String runAsName);
87
88 /* ------------------------------------------------------------ */
89 UserIdentity getSystemUserIdentity();
90 }