view src/org/eclipse/jetty/server/UserIdentity.java @ 803:166b16bda630

remove org.eclipse.jetty.util.preventers
author Franklin Schmidt <fschmidt@gmail.com>
date Wed, 07 Sep 2016 21:21:32 -0600
parents 3428c60d7cfc
children
line wrap: on
line source

//
//  ========================================================================
//  Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
//  ------------------------------------------------------------------------
//  All rights reserved. This program and the accompanying materials
//  are made available under the terms of the Eclipse Public License v1.0
//  and Apache License v2.0 which accompanies this distribution.
//
//      The Eclipse Public License is available at
//      http://www.eclipse.org/legal/epl-v10.html
//
//      The Apache License v2.0 is available at
//      http://www.opensource.org/licenses/apache2.0.php
//
//  You may elect to redistribute this code under either of these licenses.
//  ========================================================================
//

package org.eclipse.jetty.server;
import java.security.Principal;
import java.util.Map;

import javax.security.auth.Subject;

/* ------------------------------------------------------------ */
/** User object that encapsulates user identity and operations such as run-as-role actions, 
 * checking isUserInRole and getUserPrincipal.
 *
 * Implementations of UserIdentity should be immutable so that they may be
 * cached by Authenticators and LoginServices.
 *
 */
public interface UserIdentity
{
    /* ------------------------------------------------------------ */
    /**
     * @return The user subject
     */
    Subject getSubject();

    /* ------------------------------------------------------------ */
    /**
     * @return The user principal
     */
    Principal getUserPrincipal();

    /* ------------------------------------------------------------ */
    /** Check if the user is in a role.
     * This call is used to satisfy authorization calls from 
     * container code which will be using translated role names.
     * @param role A role name.
     * @param scope
     * @return True if the user can act in that role.
     */
    boolean isUserInRole(String role, Scope scope);
    

    /* ------------------------------------------------------------ */
    /**
     * A UserIdentity Scope.
     * A scope is the environment in which a User Identity is to 
     * be interpreted. Typically it is set by the target servlet of 
     * a request.
     */
    interface Scope
    {
        /* ------------------------------------------------------------ */
        /**
         * @return The context path that the identity is being considered within
         */
        String getContextPath();
        
        /* ------------------------------------------------------------ */
        /**
         * @return The name of the identity context. Typically this is the servlet name.
         */
        String getName();
        
        /* ------------------------------------------------------------ */
        /**
         * @return A map of role reference names that converts from names used by application code
         * to names used by the context deployment.
         */
        Map<String,String> getRoleRefMap();
    }
    
    /* ------------------------------------------------------------ */
    public interface UnauthenticatedUserIdentity extends UserIdentity
    {
    }

    /* ------------------------------------------------------------ */
    public static final UserIdentity UNAUTHENTICATED_IDENTITY = new UnauthenticatedUserIdentity()
    {
        public Subject getSubject()
        {
            return null;
        }
        
        public Principal getUserPrincipal()
        {
            return null;
        }
        
        public boolean isUserInRole(String role, Scope scope)
        {
            return false;
        }
        
        @Override
        public String toString()
        {
            return "UNAUTHENTICATED";
        }
    };
}