1// 2// ======================================================================== 3// Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd. 4// ------------------------------------------------------------------------ 5// All rights reserved. This program and the accompanying materials 6// are made available under the terms of the Eclipse Public License v1.0 7// and Apache License v2.0 which accompanies this distribution. 8// 9// The Eclipse Public License is available at 10// http://www.eclipse.org/legal/epl-v10.html 11// 12// The Apache License v2.0 is available at 13// http://www.opensource.org/licenses/apache2.0.php 14// 15// You may elect to redistribute this code under either of these licenses. 16// ======================================================================== 17// 18 19package org.eclipse.jetty.security; 20 21import java.security.Principal; 22 23import javax.security.auth.Subject; 24 25import org.eclipse.jetty.server.Request; 26import org.eclipse.jetty.server.UserIdentity; 27 28/* ------------------------------------------------------------ */ 29/** 30 * Associates UserIdentities from with threads and UserIdentity.Contexts. 31 * 32 */ 33public interface IdentityService 34{ 35 final static String[] NO_ROLES = new String[]{}; 36 37 /* ------------------------------------------------------------ */ 38 /** 39 * Associate a user identity with the current thread. 40 * This is called with as a thread enters the 41 * {@link SecurityHandler#handle(String, Request, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)} 42 * method and then again with a null argument as that call exits. 43 * @param user The current user or null for no user to associated. 44 * @return an object representing the previous associated state 45 */ 46 Object associate(UserIdentity user); 47 48 /* ------------------------------------------------------------ */ 49 /** 50 * Disassociate the user identity from the current thread 51 * and restore previous identity. 52 * @param previous The opaque object returned from a call to {@link IdentityService#associate(UserIdentity)} 53 */ 54 void disassociate(Object previous); 55 56 /* ------------------------------------------------------------ */ 57 /** 58 * Associate a runas Token with the current user and thread. 59 * @param user The UserIdentity 60 * @param token The runAsToken to associate. 61 * @return The previous runAsToken or null. 62 */ 63 Object setRunAs(UserIdentity user, RunAsToken token); 64 65 /* ------------------------------------------------------------ */ 66 /** 67 * Disassociate the current runAsToken from the thread 68 * and reassociate the previous token. 69 * @param token RUNAS returned from previous associateRunAs call 70 */ 71 void unsetRunAs(Object token); 72 73 /* ------------------------------------------------------------ */ 74 /** 75 * Create a new UserIdentity for use with this identity service. 76 * The UserIdentity should be immutable and able to be cached. 77 * 78 * @param subject Subject to include in UserIdentity 79 * @param userPrincipal Principal to include in UserIdentity. This will be returned from getUserPrincipal calls 80 * @param roles set of roles to include in UserIdentity. 81 * @return A new immutable UserIdententity 82 */ 83 UserIdentity newUserIdentity(Subject subject, Principal userPrincipal, String[] roles); 84 85 /* ------------------------------------------------------------ */ 86 /** 87 * Create a new RunAsToken from a runAsName (normally a role). 88 * @param runAsName Normally a role name 89 * @return A new immutable RunAsToken 90 */ 91 RunAsToken newRunAsToken(String runAsName); 92 93 /* ------------------------------------------------------------ */ 94 UserIdentity getSystemUserIdentity(); 95} 96