X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;ds=sidebyside;f=lib%2Fjetty%2Forg%2Feclipse%2Fjetty%2Fsecurity%2FIdentityService.java;fp=lib%2Fjetty%2Forg%2Feclipse%2Fjetty%2Fsecurity%2FIdentityService.java;h=99094c17a9e6fd567f03da088ea5fed80a602d53;hb=73ef54a38e3930a1a789cdc6b5fa23cdd4c9d086;hp=0000000000000000000000000000000000000000;hpb=515007c7c1351045420669d65b59c08fa46850f2;p=gigi.git diff --git a/lib/jetty/org/eclipse/jetty/security/IdentityService.java b/lib/jetty/org/eclipse/jetty/security/IdentityService.java new file mode 100644 index 00000000..99094c17 --- /dev/null +++ b/lib/jetty/org/eclipse/jetty/security/IdentityService.java @@ -0,0 +1,95 @@ +// +// ======================================================================== +// Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd. +// ------------------------------------------------------------------------ +// All rights reserved. This program and the accompanying materials +// are made available under the terms of the Eclipse Public License v1.0 +// and Apache License v2.0 which accompanies this distribution. +// +// The Eclipse Public License is available at +// http://www.eclipse.org/legal/epl-v10.html +// +// The Apache License v2.0 is available at +// http://www.opensource.org/licenses/apache2.0.php +// +// You may elect to redistribute this code under either of these licenses. +// ======================================================================== +// + +package org.eclipse.jetty.security; + +import java.security.Principal; + +import javax.security.auth.Subject; + +import org.eclipse.jetty.server.Request; +import org.eclipse.jetty.server.UserIdentity; + +/* ------------------------------------------------------------ */ +/** + * Associates UserIdentities from with threads and UserIdentity.Contexts. + * + */ +public interface IdentityService +{ + final static String[] NO_ROLES = new String[]{}; + + /* ------------------------------------------------------------ */ + /** + * Associate a user identity with the current thread. + * This is called with as a thread enters the + * {@link SecurityHandler#handle(String, Request, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)} + * method and then again with a null argument as that call exits. + * @param user The current user or null for no user to associated. + * @return an object representing the previous associated state + */ + Object associate(UserIdentity user); + + /* ------------------------------------------------------------ */ + /** + * Disassociate the user identity from the current thread + * and restore previous identity. + * @param previous The opaque object returned from a call to {@link IdentityService#associate(UserIdentity)} + */ + void disassociate(Object previous); + + /* ------------------------------------------------------------ */ + /** + * Associate a runas Token with the current user and thread. + * @param user The UserIdentity + * @param token The runAsToken to associate. + * @return The previous runAsToken or null. + */ + Object setRunAs(UserIdentity user, RunAsToken token); + + /* ------------------------------------------------------------ */ + /** + * Disassociate the current runAsToken from the thread + * and reassociate the previous token. + * @param token RUNAS returned from previous associateRunAs call + */ + void unsetRunAs(Object token); + + /* ------------------------------------------------------------ */ + /** + * Create a new UserIdentity for use with this identity service. + * The UserIdentity should be immutable and able to be cached. + * + * @param subject Subject to include in UserIdentity + * @param userPrincipal Principal to include in UserIdentity. This will be returned from getUserPrincipal calls + * @param roles set of roles to include in UserIdentity. + * @return A new immutable UserIdententity + */ + UserIdentity newUserIdentity(Subject subject, Principal userPrincipal, String[] roles); + + /* ------------------------------------------------------------ */ + /** + * Create a new RunAsToken from a runAsName (normally a role). + * @param runAsName Normally a role name + * @return A new immutable RunAsToken + */ + RunAsToken newRunAsToken(String runAsName); + + /* ------------------------------------------------------------ */ + UserIdentity getSystemUserIdentity(); +}