Package org.eclipse.jetty.security
Class DefaultIdentityService
java.lang.Object
org.eclipse.jetty.security.DefaultIdentityService
- All Implemented Interfaces:
IdentityService
Default Identity Service implementation.
This service handles only role reference maps passed in an
associated
UserIdentity.Scope. If there are roles
refs present, then associate will wrap the UserIdentity with one
that uses the role references in the
UserIdentity.isUserInRole(String, org.eclipse.jetty.server.UserIdentity.Scope)
implementation. All other operations are effectively noops.-
Field Summary
Fields inherited from interface org.eclipse.jetty.security.IdentityService
NO_ROLES -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionassociate(UserIdentity user) If there are roles refs present in the scope, then wrap the UserIdentity with one that uses the role references in theUserIdentity.isUserInRole(String, org.eclipse.jetty.server.UserIdentity.Scope)voiddisassociate(Object previous) Disassociate the user identity from the current thread and restore previous identity.newRunAsToken(String runAsName) Create a new RunAsToken from a runAsName (normally a role).newUserIdentity(Subject subject, Principal userPrincipal, String[] roles) Create a new UserIdentity for use with this identity service.setRunAs(UserIdentity user, RunAsToken token) Associate a runas Token with the current user and thread.voidunsetRunAs(Object lastToken) Disassociate the current runAsToken from the thread and reassociate the previous token.
-
Constructor Details
-
DefaultIdentityService
public DefaultIdentityService()
-
-
Method Details
-
associate
If there are roles refs present in the scope, then wrap the UserIdentity with one that uses the role references in theUserIdentity.isUserInRole(String, org.eclipse.jetty.server.UserIdentity.Scope)- Specified by:
associatein interfaceIdentityService- Parameters:
user- The current user or null for no user to associated.- Returns:
- an object representing the previous associated state
-
disassociate
Description copied from interface:IdentityServiceDisassociate the user identity from the current thread and restore previous identity.- Specified by:
disassociatein interfaceIdentityService- Parameters:
previous- The opaque object returned from a call toIdentityService.associate(UserIdentity)
-
setRunAs
Description copied from interface:IdentityServiceAssociate a runas Token with the current user and thread.- Specified by:
setRunAsin interfaceIdentityService- Parameters:
user- The UserIdentitytoken- The runAsToken to associate.- Returns:
- The previous runAsToken or null.
-
unsetRunAs
Description copied from interface:IdentityServiceDisassociate the current runAsToken from the thread and reassociate the previous token.- Specified by:
unsetRunAsin interfaceIdentityService- Parameters:
lastToken- RUNAS returned from previous associateRunAs call
-
newRunAsToken
Description copied from interface:IdentityServiceCreate a new RunAsToken from a runAsName (normally a role).- Specified by:
newRunAsTokenin interfaceIdentityService- Parameters:
runAsName- Normally a role name- Returns:
- A new immutable RunAsToken
-
getSystemUserIdentity
- Specified by:
getSystemUserIdentityin interfaceIdentityService
-
newUserIdentity
Description copied from interface:IdentityServiceCreate a new UserIdentity for use with this identity service. The UserIdentity should be immutable and able to be cached.- Specified by:
newUserIdentityin interfaceIdentityService- Parameters:
subject- Subject to include in UserIdentityuserPrincipal- Principal to include in UserIdentity. This will be returned from getUserPrincipal callsroles- set of roles to include in UserIdentity.- Returns:
- A new immutable UserIdententity
-