1//
2//  ========================================================================
3//  Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
4//  ------------------------------------------------------------------------
5//  All rights reserved. This program and the accompanying materials
6//  are made available under the terms of the Eclipse Public License v1.0
7//  and Apache License v2.0 which accompanies this distribution.
8//
9//      The Eclipse Public License is available at
10//      http://www.eclipse.org/legal/epl-v10.html
11//
12//      The Apache License v2.0 is available at
13//      http://www.opensource.org/licenses/apache2.0.php
14//
15//  You may elect to redistribute this code under either of these licenses.
16//  ========================================================================
17//
18
19package org.eclipse.jetty.server;
20import java.security.Principal;
21import java.util.Map;
22
23import javax.security.auth.Subject;
24
25/* ------------------------------------------------------------ */
26/** User object that encapsulates user identity and operations such as run-as-role actions,
27 * checking isUserInRole and getUserPrincipal.
28 *
29 * Implementations of UserIdentity should be immutable so that they may be
30 * cached by Authenticators and LoginServices.
31 *
32 */
33public interface UserIdentity
34{
35    /* ------------------------------------------------------------ */
36    /**
37     * @return The user subject
38     */
39    Subject getSubject();
40
41    /* ------------------------------------------------------------ */
42    /**
43     * @return The user principal
44     */
45    Principal getUserPrincipal();
46
47    /* ------------------------------------------------------------ */
48    /** Check if the user is in a role.
49     * This call is used to satisfy authorization calls from
50     * container code which will be using translated role names.
51     * @param role A role name.
52     * @param scope
53     * @return True if the user can act in that role.
54     */
55    boolean isUserInRole(String role, Scope scope);
56
57
58    /* ------------------------------------------------------------ */
59    /**
60     * A UserIdentity Scope.
61     * A scope is the environment in which a User Identity is to
62     * be interpreted. Typically it is set by the target servlet of
63     * a request.
64     */
65    interface Scope
66    {
67        /* ------------------------------------------------------------ */
68        /**
69         * @return The context path that the identity is being considered within
70         */
71        String getContextPath();
72
73        /* ------------------------------------------------------------ */
74        /**
75         * @return The name of the identity context. Typically this is the servlet name.
76         */
77        String getName();
78
79        /* ------------------------------------------------------------ */
80        /**
81         * @return A map of role reference names that converts from names used by application code
82         * to names used by the context deployment.
83         */
84        Map<String,String> getRoleRefMap();
85    }
86
87    /* ------------------------------------------------------------ */
88    public interface UnauthenticatedUserIdentity extends UserIdentity
89    {
90    }
91
92    /* ------------------------------------------------------------ */
93    public static final UserIdentity UNAUTHENTICATED_IDENTITY = new UnauthenticatedUserIdentity()
94    {
95        public Subject getSubject()
96        {
97            return null;
98        }
99
100        public Principal getUserPrincipal()
101        {
102            return null;
103        }
104
105        public boolean isUserInRole(String role, Scope scope)
106        {
107            return false;
108        }
109
110        @Override
111        public String toString()
112        {
113            return "UNAUTHENTICATED";
114        }
115    };
116}
117