• Home
• com.sap.cloud.security.ams.client
• jakarta-ams
• 2.0.0
• source code
• Principal.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.sap.cloud.security.ams.api.Principal Maven / Gradle / Ivy

/************************************************************************
* © 2019-2023 SAP SE or an SAP affiliate company. All rights reserved. *
************************************************************************/
package com.sap.cloud.security.ams.api;

import java.util.List;

/**
 * This represents a Principal, that may provide Authorization Management policies.
 * If policies are provided e.g. as part of the id token, in that case Authorization Management Service
 * performs NO lookup of policies, that are assigned to
 * the user or client.
 */
public interface Principal extends AttributesProvider {

	/**
	 * @deprecated use {@link #CLAIM_APP_TID_KEY} instead
	 * Will be removed with version 0.16.0
	 */
	@Deprecated
	String CLAIM_ZONE_UUID_KEY = "zone_uuid";
	String CLAIM_APP_TID_KEY = "app_tid";
	String CLAIM_USER_UUID_KEY = "user_uuid";
	String CLAIM_SCIM_ID_KEY = "scim_id";
	String CLAIM_ZID = "zid";
	String CLAIM_SUBJECT = "sub";
	String CLAIM_IAS_APIS = "ias_apis";
	String CLAIM_AZP = "azp";

	/**
	 * @deprecated use {@link #getAppTid()} instead
	 * Will be removed with version 0.16.0
	 */
	@Deprecated
	String getZoneId();


	/**
	 * Returns a unique tenant identifier.
	 *
	 * @return app tenant id
	 */
	String getAppTid();

	/**
	 * Returns unique principal id.
	 *
	 * @return user id if principal is user
	 */
	String getId();

	/**
	 * Returns true, in case the user has at least one Authorization Management Service
	 * policy assigned.
	 *
	 * @return true if user has policies assigned
	 */
	boolean hasPolicies();

	/**
	 * Tries to create a {@link Principal} instance for an oidc token that is stored
	 * thread-locally in the {@code com.sap.cloud.security.token.SecurityContext}
	 * class.
	 * 

	 * The SecurityContext class has to be provided with this dependency: {@code
	 * 
	 *      com.sap.cloud.security
	 *      java-api
	 * 
	 * }
	 *
	 * @return principal
	 */
	static Principal create() {
		Principal principal = PrincipalBuilder.buildFromSecurityContextHolder();
		if (principal == null) {
			principal = PrincipalBuilder.buildFromSecurityContext();
		}
		return principal;
	}

	/**
	 * Returns email of principal, derived from token.
	 *
	 * @return email if principal is user
	 */
	String getEmail();

	/**
	 * Returns groups of principal, derived from token.
	 *
	 * @return groups if principal is user
	 */
	List getGroups();

	/**
	 * Intended to be called during {@link AttributesProcessor#processAttributes(Principal)} for providing
	 * {@link PolicyAssignments} that are applied to the {@link com.sap.cloud.security.ams.dcl.client.pdp.Attributes}
	 * depending on the detected {@link AuthorizationMode}.
	 *
	 * @param policyAssignments Policy assignment prepared using {@link PolicyAssignmentBuilder}
	 */
	void setPolicyAssignments(PolicyAssignments policyAssignments);
}