2 // ========================================================================
3 // Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd.
4 // ------------------------------------------------------------------------
5 // All rights reserved. This program and the accompanying materials
6 // are made available under the terms of the Eclipse Public License v1.0
7 // and Apache License v2.0 which accompanies this distribution.
9 // The Eclipse Public License is available at
10 // http://www.eclipse.org/legal/epl-v10.html
12 // The Apache License v2.0 is available at
13 // http://www.opensource.org/licenses/apache2.0.php
15 // You may elect to redistribute this code under either of these licenses.
16 // ========================================================================
19 package org.eclipse.jetty.server;
21 import java.security.Principal;
24 import javax.security.auth.Subject;
26 /* ------------------------------------------------------------ */
27 /** User object that encapsulates user identity and operations such as run-as-role actions,
28 * checking isUserInRole and getUserPrincipal.
30 * Implementations of UserIdentity should be immutable so that they may be
31 * cached by Authenticators and LoginServices.
34 public interface UserIdentity
36 /* ------------------------------------------------------------ */
38 * @return The user subject
42 /* ------------------------------------------------------------ */
44 * @return The user principal
46 Principal getUserPrincipal();
48 /* ------------------------------------------------------------ */
49 /** Check if the user is in a role.
50 * This call is used to satisfy authorization calls from
51 * container code which will be using translated role names.
52 * @param role A role name.
54 * @return True if the user can act in that role.
56 boolean isUserInRole(String role, Scope scope);
59 /* ------------------------------------------------------------ */
61 * A UserIdentity Scope.
62 * A scope is the environment in which a User Identity is to
63 * be interpreted. Typically it is set by the target servlet of
68 /* ------------------------------------------------------------ */
70 * @return The context path that the identity is being considered within
72 String getContextPath();
74 /* ------------------------------------------------------------ */
76 * @return The name of the identity context. Typically this is the servlet name.
80 /* ------------------------------------------------------------ */
82 * @return A map of role reference names that converts from names used by application code
83 * to names used by the context deployment.
85 Map<String,String> getRoleRefMap();
88 /* ------------------------------------------------------------ */
89 public interface UnauthenticatedUserIdentity extends UserIdentity
93 /* ------------------------------------------------------------ */
94 public static final UserIdentity UNAUTHENTICATED_IDENTITY = new UnauthenticatedUserIdentity()
96 public Subject getSubject()
101 public Principal getUserPrincipal()
106 public boolean isUserInRole(String role, Scope scope)
112 public String toString()
114 return "UNAUTHENTICATED";