org.eclipse.jetty.security.IdentityService Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of ehcache Show documentation
Show all versions of ehcache Show documentation
Ehcache is an open source, standards-based cache used to boost performance,
offload the database and simplify scalability. Ehcache is robust, proven and full-featured and
this has made it the most widely-used Java-based cache.
//
// ========================================================================
// Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
//
// The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html
//
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
//
// You may elect to redistribute this code under either of these licenses.
// ========================================================================
//
package org.eclipse.jetty.security;
import java.security.Principal;
import javax.security.auth.Subject;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.UserIdentity;
/* ------------------------------------------------------------ */
/**
* Associates UserIdentities from with threads and UserIdentity.Contexts.
*
*/
public interface IdentityService
{
final static String[] NO_ROLES = new String[]{};
/* ------------------------------------------------------------ */
/**
* Associate a user identity with the current thread.
* This is called with as a thread enters the
* {@link SecurityHandler#handle(String, Request, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)}
* method and then again with a null argument as that call exits.
* @param user The current user or null for no user to associated.
* @return an object representing the previous associated state
*/
Object associate(UserIdentity user);
/* ------------------------------------------------------------ */
/**
* Disassociate the user identity from the current thread
* and restore previous identity.
* @param previous The opaque object returned from a call to {@link IdentityService#associate(UserIdentity)}
*/
void disassociate(Object previous);
/* ------------------------------------------------------------ */
/**
* Associate a runas Token with the current user and thread.
* @param user The UserIdentity
* @param token The runAsToken to associate.
* @return The previous runAsToken or null.
*/
Object setRunAs(UserIdentity user, RunAsToken token);
/* ------------------------------------------------------------ */
/**
* Disassociate the current runAsToken from the thread
* and reassociate the previous token.
* @param token RUNAS returned from previous associateRunAs call
*/
void unsetRunAs(Object token);
/* ------------------------------------------------------------ */
/**
* Create a new UserIdentity for use with this identity service.
* The UserIdentity should be immutable and able to be cached.
*
* @param subject Subject to include in UserIdentity
* @param userPrincipal Principal to include in UserIdentity. This will be returned from getUserPrincipal calls
* @param roles set of roles to include in UserIdentity.
* @return A new immutable UserIdententity
*/
UserIdentity newUserIdentity(Subject subject, Principal userPrincipal, String[] roles);
/* ------------------------------------------------------------ */
/**
* Create a new RunAsToken from a runAsName (normally a role).
* @param runAsName Normally a role name
* @return A new immutable RunAsToken
*/
RunAsToken newRunAsToken(String runAsName);
/* ------------------------------------------------------------ */
UserIdentity getSystemUserIdentity();
}