1 // 2 // ======================================================================== 3 // Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd. 4 // ------------------------------------------------------------------------ 5 // All rights reserved. This program and the accompanying materials 6 // are made available under the terms of the Eclipse Public License v1.0 7 // and Apache License v2.0 which accompanies this distribution. 8 // 9 // The Eclipse Public License is available at 10 // http://www.eclipse.org/legal/epl-v10.html 11 // 12 // The Apache License v2.0 is available at 13 // http://www.opensource.org/licenses/apache2.0.php 14 // 15 // You may elect to redistribute this code under either of these licenses. 16 // ======================================================================== 17 // 18 19 package org.eclipse.jetty.security; 20 21 import java.security.Principal; 22 23 import javax.security.auth.Subject; 24 25 import org.eclipse.jetty.server.UserIdentity; 26 27 /* ------------------------------------------------------------ */ 28 /** 29 * Associates UserIdentities from with threads and UserIdentity.Contexts. 30 * 31 */ 32 public interface IdentityService 33 { 34 final static String[] NO_ROLES = new String[]{}; 35 36 /* ------------------------------------------------------------ */ 37 /** 38 * Associate a user identity with the current thread. 39 * This is called with as a thread enters the 40 * {@link SecurityHandler#handle(String, Request, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)} 41 * method and then again with a null argument as that call exits. 42 * @param user The current user or null for no user to associated. 43 * @return an object representing the previous associated state 44 */ 45 Object associate(UserIdentity user); 46 47 /* ------------------------------------------------------------ */ 48 /** 49 * Disassociate the user identity from the current thread 50 * and restore previous identity. 51 * @param previous The opaque object returned from a call to {@link IdentityService#associate(UserIdentity)} 52 */ 53 void disassociate(Object previous); 54 55 /* ------------------------------------------------------------ */ 56 /** 57 * Associate a runas Token with the current user and thread. 58 * @param user The UserIdentity 59 * @param token The runAsToken to associate. 60 * @return The previous runAsToken or null. 61 */ 62 Object setRunAs(UserIdentity user, RunAsToken token); 63 64 /* ------------------------------------------------------------ */ 65 /** 66 * Disassociate the current runAsToken from the thread 67 * and reassociate the previous token. 68 * @param token RUNAS returned from previous associateRunAs call 69 */ 70 void unsetRunAs(Object token); 71 72 /* ------------------------------------------------------------ */ 73 /** 74 * Create a new UserIdentity for use with this identity service. 75 * The UserIdentity should be immutable and able to be cached. 76 * 77 * @param subject Subject to include in UserIdentity 78 * @param userPrincipal Principal to include in UserIdentity. This will be returned from getUserPrincipal calls 79 * @param roles set of roles to include in UserIdentity. 80 * @return A new immutable UserIdententity 81 */ 82 UserIdentity newUserIdentity(Subject subject, Principal userPrincipal, String[] roles); 83 84 /* ------------------------------------------------------------ */ 85 /** 86 * Create a new RunAsToken from a runAsName (normally a role). 87 * @param runAsName Normally a role name 88 * @return A new immutable RunAsToken 89 */ 90 RunAsToken newRunAsToken(String runAsName); 91 92 /* ------------------------------------------------------------ */ 93 UserIdentity getSystemUserIdentity(); 94 }