//
//  ========================================================================
//  Copyright (c) 1995-2019 Mort Bay Consulting Pty. Ltd.
//  ------------------------------------------------------------------------
//  All rights reserved. This program and the accompanying materials
//  are made available under the terms of the Eclipse Public License v1.0
//  and Apache License v2.0 which accompanies this distribution.
//
//      The Eclipse Public License is available at
//      http://www.eclipse.org/legal/epl-v10.html
//
//      The Apache License v2.0 is available at
//      http://www.opensource.org/licenses/apache2.0.php
//
//  You may elect to redistribute this code under either of these licenses.
//  ========================================================================
//

package org.eclipse.jetty.server;

import java.security.Principal;
import java.util.Map;
import javax.security.auth.Subject;

import org.eclipse.jetty.server.handler.ContextHandler;

User object that encapsulates user identity and operations such as run-as-role actions, checking isUserInRole and getUserPrincipal.

Implementations of UserIdentity should be immutable so that they may be cached by Authenticators and LoginServices.

/** * User object that encapsulates user identity and operations such as run-as-role actions, * checking isUserInRole and getUserPrincipal. * <p> * Implementations of UserIdentity should be immutable so that they may be * cached by Authenticators and LoginServices. */
public interface UserIdentity {
Returns:The user subject
/** * @return The user subject */
Subject getSubject();
Returns:The user principal
/** * @return The user principal */
Principal getUserPrincipal();
Check if the user is in a role. This call is used to satisfy authorization calls from container code which will be using translated role names.
Params:
  • role – A role name.
  • scope – the scope
Returns:True if the user can act in that role.
/** * Check if the user is in a role. * This call is used to satisfy authorization calls from * container code which will be using translated role names. * * @param role A role name. * @param scope the scope * @return True if the user can act in that role. */
boolean isUserInRole(String role, Scope scope);
A UserIdentity Scope. A scope is the environment in which a User Identity is to be interpreted. Typically it is set by the target servlet of a request.
/** * A UserIdentity Scope. * A scope is the environment in which a User Identity is to * be interpreted. Typically it is set by the target servlet of * a request. */
interface Scope {
Returns:The context handler that the identity is being considered within
/** * @return The context handler that the identity is being considered within */
ContextHandler getContextHandler();
Returns:The context path that the identity is being considered within
/** * @return The context path that the identity is being considered within */
String getContextPath();
Returns:The name of the identity context. Typically this is the servlet name.
/** * @return The name of the identity context. Typically this is the servlet name. */
String getName();
Returns:A map of role reference names that converts from names used by application code to names used by the context deployment.
/** * @return A map of role reference names that converts from names used by application code * to names used by the context deployment. */
Map<String, String> getRoleRefMap(); } public interface UnauthenticatedUserIdentity extends UserIdentity { } public static final UserIdentity UNAUTHENTICATED_IDENTITY = new UnauthenticatedUserIdentity() { @Override public Subject getSubject() { return null; } @Override public Principal getUserPrincipal() { return null; } @Override public boolean isUserInRole(String role, Scope scope) { return false; } @Override public String toString() { return "UNAUTHENTICATED"; } }; }