1 // ========================================================================
2 // Copyright (c) 1996-2009 Mort Bay Consulting Pty. Ltd.
3 // ------------------------------------------------------------------------
4 // All rights reserved. This program and the accompanying materials
5 // are made available under the terms of the Eclipse Public License v1.0
6 // and Apache License v2.0 which accompanies this distribution.
7 // The Eclipse Public License is available at
8 // http://www.eclipse.org/legal/epl-v10.html
9 // The Apache License v2.0 is available at
10 // http://www.opensource.org/licenses/apache2.0.php
11 // You may elect to redistribute this code under either of these licenses.
12 // ========================================================================
13
14 package org.eclipse.jetty.server;
15 import java.security.Principal;
16 import java.util.Map;
17
18 import javax.security.auth.Subject;
19
20 /* ------------------------------------------------------------ */
21 /** User object that encapsulates user identity and operations such as run-as-role actions,
22 * checking isUserInRole and getUserPrincipal.
23 *
24 * Implementations of UserIdentity should be immutable so that they may be
25 * cached by Authenticators and LoginServices.
26 *
27 */
28 public interface UserIdentity
29 {
30 /* ------------------------------------------------------------ */
31 /**
32 * @return The user subject
33 */
34 Subject getSubject();
35
36 /* ------------------------------------------------------------ */
37 /**
38 * @return The user principal
39 */
40 Principal getUserPrincipal();
41
42 /* ------------------------------------------------------------ */
43 /** Check if the user is in a role.
44 * This call is used to satisfy authorization calls from
45 * container code which will be using translated role names.
46 * @param role A role name.
47 * @param scope
48 * @return True if the user can act in that role.
49 */
50 boolean isUserInRole(String role, Scope scope);
51
52
53 /* ------------------------------------------------------------ */
54 /**
55 * A UserIdentity Scope.
56 * A scope is the environment in which a User Identity is to
57 * be interpreted. Typically it is set by the target servlet of
58 * a request.
59 */
60 interface Scope
61 {
62 /* ------------------------------------------------------------ */
63 /**
64 * @return The context path that the identity is being considered within
65 */
66 String getContextPath();
67
68 /* ------------------------------------------------------------ */
69 /**
70 * @return The name of the identity context. Typically this is the servlet name.
71 */
72 String getName();
73
74 /* ------------------------------------------------------------ */
75 /**
76 * @return A map of role reference names that converts from names used by application code
77 * to names used by the context deployment.
78 */
79 Map<String,String> getRoleRefMap();
80 }
81
82 /* ------------------------------------------------------------ */
83 public interface UnauthenticatedUserIdentity extends UserIdentity
84 {
85 }
86
87 /* ------------------------------------------------------------ */
88 public static final UserIdentity UNAUTHENTICATED_IDENTITY = new UnauthenticatedUserIdentity()
89 {
90 public Subject getSubject()
91 {
92 return null;
93 }
94
95 public Principal getUserPrincipal()
96 {
97 return null;
98 }
99
100 public boolean isUserInRole(String role, Scope scope)
101 {
102 return false;
103 }
104
105 @Override
106 public String toString()
107 {
108 return "UNAUTHENTICATED";
109 }
110 };
111 }