1 //
2 // ========================================================================
3 // Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
4 // ------------------------------------------------------------------------
5 // All rights reserved. This program and the accompanying materials
6 // are made available under the terms of the Eclipse Public License v1.0
7 // and Apache License v2.0 which accompanies this distribution.
8 //
9 // The Eclipse Public License is available at
10 // http://www.eclipse.org/legal/epl-v10.html
11 //
12 // The Apache License v2.0 is available at
13 // http://www.opensource.org/licenses/apache2.0.php
14 //
15 // You may elect to redistribute this code under either of these licenses.
16 // ========================================================================
17 //
18
19 package org.eclipse.jetty.security;
20
21 import java.security.Principal;
22
23 import javax.security.auth.Subject;
24
25 import org.eclipse.jetty.server.UserIdentity;
26
27 /* ------------------------------------------------------------ */
28 /**
29 * Associates UserIdentities from with threads and UserIdentity.Contexts.
30 *
31 */
32 public interface IdentityService
33 {
34 final static String[] NO_ROLES = new String[]{};
35
36 /* ------------------------------------------------------------ */
37 /**
38 * Associate a user identity with the current thread.
39 * This is called with as a thread enters the
40 * {@link SecurityHandler#handle(String, Request, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)}
41 * method and then again with a null argument as that call exits.
42 * @param user The current user or null for no user to associated.
43 * @return an object representing the previous associated state
44 */
45 Object associate(UserIdentity user);
46
47 /* ------------------------------------------------------------ */
48 /**
49 * Disassociate the user identity from the current thread
50 * and restore previous identity.
51 * @param previous The opaque object returned from a call to {@link IdentityService#associate(UserIdentity)}
52 */
53 void disassociate(Object previous);
54
55 /* ------------------------------------------------------------ */
56 /**
57 * Associate a runas Token with the current user and thread.
58 * @param user The UserIdentity
59 * @param token The runAsToken to associate.
60 * @return The previous runAsToken or null.
61 */
62 Object setRunAs(UserIdentity user, RunAsToken token);
63
64 /* ------------------------------------------------------------ */
65 /**
66 * Disassociate the current runAsToken from the thread
67 * and reassociate the previous token.
68 * @param token RUNAS returned from previous associateRunAs call
69 */
70 void unsetRunAs(Object token);
71
72 /* ------------------------------------------------------------ */
73 /**
74 * Create a new UserIdentity for use with this identity service.
75 * The UserIdentity should be immutable and able to be cached.
76 *
77 * @param subject Subject to include in UserIdentity
78 * @param userPrincipal Principal to include in UserIdentity. This will be returned from getUserPrincipal calls
79 * @param roles set of roles to include in UserIdentity.
80 * @return A new immutable UserIdententity
81 */
82 UserIdentity newUserIdentity(Subject subject, Principal userPrincipal, String[] roles);
83
84 /* ------------------------------------------------------------ */
85 /**
86 * Create a new RunAsToken from a runAsName (normally a role).
87 * @param runAsName Normally a role name
88 * @return A new immutable RunAsToken
89 */
90 RunAsToken newRunAsToken(String runAsName);
91
92 /* ------------------------------------------------------------ */
93 UserIdentity getSystemUserIdentity();
94 }