1 // ========================================================================
2 // Copyright (c) 1996-2009 Mort Bay Consulting Pty. Ltd.
3 // ------------------------------------------------------------------------
4 // All rights reserved. This program and the accompanying materials
5 // are made available under the terms of the Eclipse Public License v1.0
6 // and Apache License v2.0 which accompanies this distribution.
7 // The Eclipse Public License is available at
8 // http://www.eclipse.org/legal/epl-v10.html
9 // The Apache License v2.0 is available at
10 // http://www.opensource.org/licenses/apache2.0.php
11 // You may elect to redistribute this code under either of these licenses.
12 // ========================================================================
13
14 package org.eclipse.jetty.server;
15 import java.security.Principal;
16 import java.util.Map;
17
18 import javax.security.auth.Subject;
19
20 /* ------------------------------------------------------------ */
21 /** User object that encapsulates user identity and operations such as run-as-role actions,
22 * checking isUserInRole and getUserPrincipal.
23 *
24 * Implementations of UserIdentity should be immutable so that they may be
25 * cached by Authenticators and LoginServices.
26 *
27 */
28 public interface UserIdentity
29 {
30 /* ------------------------------------------------------------ */
31 /**
32 * @return The user subject
33 */
34 Subject getSubject();
35
36 /* ------------------------------------------------------------ */
37 /**
38 * @return The user principal
39 */
40 Principal getUserPrincipal();
41
42 /* ------------------------------------------------------------ */
43 /** Check if the user is in a role.
44 * This call is used to satisfy authorization calls from
45 * container code which will be using translated role names.
46 * @param role A role name.
47 * @param scope
48 * @return True if the user can act in that role.
49 */
50 boolean isUserInRole(String role, Scope scope);
51
52
53 /* ------------------------------------------------------------ */
54 /* ------------------------------------------------------------ */
55 /* ------------------------------------------------------------ */
56 /**
57 * A UserIdentity Scope.
58 * A scope is the environment in which a User Identity is to
59 * be interpreted. Typically it is set by the target servlet of
60 * a request.
61 * @see org.eclipse.jetty.servlet.ServletHolder
62 */
63 interface Scope
64 {
65 /* ------------------------------------------------------------ */
66 /**
67 * @return The context path that the identity is being considered within
68 */
69 String getContextPath();
70
71 /* ------------------------------------------------------------ */
72 /**
73 * @return The name of the identity context. Typically this is the servlet name.
74 */
75 String getName();
76
77 /* ------------------------------------------------------------ */
78 /**
79 * @return A map of role reference names that converts from names used by application code
80 * to names used by the context deployment.
81 */
82 Map<String,String> getRoleRefMap();
83 }
84
85 /* ------------------------------------------------------------ */
86 /* ------------------------------------------------------------ */
87 /* ------------------------------------------------------------ */
88 public interface UnauthenticatedUserIdentity extends UserIdentity
89 {
90 }
91
92 /* ------------------------------------------------------------ */
93 /* ------------------------------------------------------------ */
94 /* ------------------------------------------------------------ */
95 public static final UserIdentity UNAUTHENTICATED_IDENTITY = new UnauthenticatedUserIdentity()
96 {
97 public Subject getSubject()
98 {
99 return null;
100 }
101
102 public Principal getUserPrincipal()
103 {
104 return null;
105 }
106
107 public boolean isUserInRole(String role, Scope scope)
108 {
109 return false;
110 }
111
112 public String toString()
113 {
114 return "UNAUTHENTICATED";
115 }
116 };
117 }