1 //
2 // ========================================================================
3 // Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd.
4 // ------------------------------------------------------------------------
5 // All rights reserved. This program and the accompanying materials
6 // are made available under the terms of the Eclipse Public License v1.0
7 // and Apache License v2.0 which accompanies this distribution.
8 //
9 // The Eclipse Public License is available at
10 // http://www.eclipse.org/legal/epl-v10.html
11 //
12 // The Apache License v2.0 is available at
13 // http://www.opensource.org/licenses/apache2.0.php
14 //
15 // You may elect to redistribute this code under either of these licenses.
16 // ========================================================================
17 //
18
19 package org.eclipse.jetty.server;
20
21 import java.security.Principal;
22 import java.util.Map;
23
24 import javax.security.auth.Subject;
25
26 /**
27 * User object that encapsulates user identity and operations such as run-as-role actions,
28 * checking isUserInRole and getUserPrincipal.
29 * <p>
30 * Implementations of UserIdentity should be immutable so that they may be
31 * cached by Authenticators and LoginServices.
32 */
33 public interface UserIdentity
34 {
35 /* ------------------------------------------------------------ */
36 /**
37 * @return The user subject
38 */
39 Subject getSubject();
40
41 /* ------------------------------------------------------------ */
42 /**
43 * @return The user principal
44 */
45 Principal getUserPrincipal();
46
47 /* ------------------------------------------------------------ */
48 /** Check if the user is in a role.
49 * This call is used to satisfy authorization calls from
50 * container code which will be using translated role names.
51 * @param role A role name.
52 * @param scope the scope
53 * @return True if the user can act in that role.
54 */
55 boolean isUserInRole(String role, Scope scope);
56
57
58 /* ------------------------------------------------------------ */
59 /**
60 * A UserIdentity Scope.
61 * A scope is the environment in which a User Identity is to
62 * be interpreted. Typically it is set by the target servlet of
63 * a request.
64 */
65 interface Scope
66 {
67 /* ------------------------------------------------------------ */
68 /**
69 * @return The context path that the identity is being considered within
70 */
71 String getContextPath();
72
73 /* ------------------------------------------------------------ */
74 /**
75 * @return The name of the identity context. Typically this is the servlet name.
76 */
77 String getName();
78
79 /* ------------------------------------------------------------ */
80 /**
81 * @return A map of role reference names that converts from names used by application code
82 * to names used by the context deployment.
83 */
84 Map<String,String> getRoleRefMap();
85 }
86
87 /* ------------------------------------------------------------ */
88 public interface UnauthenticatedUserIdentity extends UserIdentity
89 {
90 }
91
92 /* ------------------------------------------------------------ */
93 public static final UserIdentity UNAUTHENTICATED_IDENTITY = new UnauthenticatedUserIdentity()
94 {
95 public Subject getSubject()
96 {
97 return null;
98 }
99
100 public Principal getUserPrincipal()
101 {
102 return null;
103 }
104
105 public boolean isUserInRole(String role, Scope scope)
106 {
107 return false;
108 }
109
110 @Override
111 public String toString()
112 {
113 return "UNAUTHENTICATED";
114 }
115 };
116 }