--- /dev/null
+//
+// ========================================================================
+// Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
+// ------------------------------------------------------------------------
+// All rights reserved. This program and the accompanying materials
+// are made available under the terms of the Eclipse Public License v1.0
+// and Apache License v2.0 which accompanies this distribution.
+//
+// The Eclipse Public License is available at
+// http://www.eclipse.org/legal/epl-v10.html
+//
+// The Apache License v2.0 is available at
+// http://www.opensource.org/licenses/apache2.0.php
+//
+// You may elect to redistribute this code under either of these licenses.
+// ========================================================================
+//
+
+package org.eclipse.jetty.server;
+
+import java.security.Principal;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+
+/* ------------------------------------------------------------ */
+/** User object that encapsulates user identity and operations such as run-as-role actions,
+ * checking isUserInRole and getUserPrincipal.
+ *
+ * Implementations of UserIdentity should be immutable so that they may be
+ * cached by Authenticators and LoginServices.
+ *
+ */
+public interface UserIdentity
+{
+ /* ------------------------------------------------------------ */
+ /**
+ * @return The user subject
+ */
+ Subject getSubject();
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @return The user principal
+ */
+ Principal getUserPrincipal();
+
+ /* ------------------------------------------------------------ */
+ /** Check if the user is in a role.
+ * This call is used to satisfy authorization calls from
+ * container code which will be using translated role names.
+ * @param role A role name.
+ * @param scope
+ * @return True if the user can act in that role.
+ */
+ boolean isUserInRole(String role, Scope scope);
+
+
+ /* ------------------------------------------------------------ */
+ /**
+ * A UserIdentity Scope.
+ * A scope is the environment in which a User Identity is to
+ * be interpreted. Typically it is set by the target servlet of
+ * a request.
+ */
+ interface Scope
+ {
+ /* ------------------------------------------------------------ */
+ /**
+ * @return The context path that the identity is being considered within
+ */
+ String getContextPath();
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @return The name of the identity context. Typically this is the servlet name.
+ */
+ String getName();
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @return A map of role reference names that converts from names used by application code
+ * to names used by the context deployment.
+ */
+ Map<String,String> getRoleRefMap();
+ }
+
+ /* ------------------------------------------------------------ */
+ public interface UnauthenticatedUserIdentity extends UserIdentity
+ {
+ }
+
+ /* ------------------------------------------------------------ */
+ public static final UserIdentity UNAUTHENTICATED_IDENTITY = new UnauthenticatedUserIdentity()
+ {
+ public Subject getSubject()
+ {
+ return null;
+ }
+
+ public Principal getUserPrincipal()
+ {
+ return null;
+ }
+
+ public boolean isUserInRole(String role, Scope scope)
+ {
+ return false;
+ }
+
+ @Override
+ public String toString()
+ {
+ return "UNAUTHENTICATED";
+ }
+ };
+}