1 //
2 // ========================================================================
3 // Copyright (c) 1995-2013 Mort Bay Consulting Pty. Ltd.
4 // ------------------------------------------------------------------------
5 // All rights reserved. This program and the accompanying materials
6 // are made available under the terms of the Eclipse Public License v1.0
7 // and Apache License v2.0 which accompanies this distribution.
8 //
9 // The Eclipse Public License is available at
10 // http://www.eclipse.org/legal/epl-v10.html
11 //
12 // The Apache License v2.0 is available at
13 // http://www.opensource.org/licenses/apache2.0.php
14 //
15 // You may elect to redistribute this code under either of these licenses.
16 // ========================================================================
17 //
18
19 package org.eclipse.jetty.server;
20
21 import java.security.Principal;
22 import java.util.Map;
23
24 import javax.security.auth.Subject;
25
26 /* ------------------------------------------------------------ */
27 /** User object that encapsulates user identity and operations such as run-as-role actions,
28 * checking isUserInRole and getUserPrincipal.
29 *
30 * Implementations of UserIdentity should be immutable so that they may be
31 * cached by Authenticators and LoginServices.
32 *
33 */
34 public interface UserIdentity
35 {
36 /* ------------------------------------------------------------ */
37 /**
38 * @return The user subject
39 */
40 Subject getSubject();
41
42 /* ------------------------------------------------------------ */
43 /**
44 * @return The user principal
45 */
46 Principal getUserPrincipal();
47
48 /* ------------------------------------------------------------ */
49 /** Check if the user is in a role.
50 * This call is used to satisfy authorization calls from
51 * container code which will be using translated role names.
52 * @param role A role name.
53 * @param scope
54 * @return True if the user can act in that role.
55 */
56 boolean isUserInRole(String role, Scope scope);
57
58
59 /* ------------------------------------------------------------ */
60 /**
61 * A UserIdentity Scope.
62 * A scope is the environment in which a User Identity is to
63 * be interpreted. Typically it is set by the target servlet of
64 * a request.
65 */
66 interface Scope
67 {
68 /* ------------------------------------------------------------ */
69 /**
70 * @return The context path that the identity is being considered within
71 */
72 String getContextPath();
73
74 /* ------------------------------------------------------------ */
75 /**
76 * @return The name of the identity context. Typically this is the servlet name.
77 */
78 String getName();
79
80 /* ------------------------------------------------------------ */
81 /**
82 * @return A map of role reference names that converts from names used by application code
83 * to names used by the context deployment.
84 */
85 Map<String,String> getRoleRefMap();
86 }
87
88 /* ------------------------------------------------------------ */
89 public interface UnauthenticatedUserIdentity extends UserIdentity
90 {
91 }
92
93 /* ------------------------------------------------------------ */
94 public static final UserIdentity UNAUTHENTICATED_IDENTITY = new UnauthenticatedUserIdentity()
95 {
96 public Subject getSubject()
97 {
98 return null;
99 }
100
101 public Principal getUserPrincipal()
102 {
103 return null;
104 }
105
106 public boolean isUserInRole(String role, Scope scope)
107 {
108 return false;
109 }
110
111 @Override
112 public String toString()
113 {
114 return "UNAUTHENTICATED";
115 }
116 };
117 }