Package org.eclipse.jetty.security
Interface IdentityService
- All Known Implementing Classes:
DefaultIdentityService
public interface IdentityService
Associates UserIdentities from with threads and UserIdentity.Contexts.
-
Field Summary
-
Method Summary
Modifier and TypeMethodDescriptionassociate
(UserIdentity user) Associate a user identity with the current thread.void
disassociate
(Object previous) Disassociate the user identity from the current thread and restore previous identity.newRunAsToken
(String runAsName) Create a new RunAsToken from a runAsName (normally a role).newUserIdentity
(Subject subject, Principal userPrincipal, String[] roles) Create a new UserIdentity for use with this identity service.setRunAs
(UserIdentity user, RunAsToken token) Associate a runas Token with the current user and thread.void
unsetRunAs
(Object token) Disassociate the current runAsToken from the thread and reassociate the previous token.
-
Field Details
-
NO_ROLES
-
-
Method Details
-
associate
Associate a user identity with the current thread. This is called with as a thread enters theSecurityHandler.handle(String, org.eclipse.jetty.server.Request, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
method and then again with a null argument as that call exits.- Parameters:
user
- The current user or null for no user to associated.- Returns:
- an object representing the previous associated state
-
disassociate
Disassociate the user identity from the current thread and restore previous identity.- Parameters:
previous
- The opaque object returned from a call toassociate(UserIdentity)
-
setRunAs
Associate a runas Token with the current user and thread.- Parameters:
user
- The UserIdentitytoken
- The runAsToken to associate.- Returns:
- The previous runAsToken or null.
-
unsetRunAs
Disassociate the current runAsToken from the thread and reassociate the previous token.- Parameters:
token
- RUNAS returned from previous associateRunAs call
-
newUserIdentity
Create a new UserIdentity for use with this identity service. The UserIdentity should be immutable and able to be cached.- Parameters:
subject
- Subject to include in UserIdentityuserPrincipal
- Principal to include in UserIdentity. This will be returned from getUserPrincipal callsroles
- set of roles to include in UserIdentity.- Returns:
- A new immutable UserIdententity
-
newRunAsToken
Create a new RunAsToken from a runAsName (normally a role).- Parameters:
runAsName
- Normally a role name- Returns:
- A new immutable RunAsToken
-
getSystemUserIdentity
UserIdentity getSystemUserIdentity()
-