Package org.eclipse.jetty.security

Interface IdentityService

All Known Implementing Classes:

DefaultIdentityService

public interface IdentityService

Associates UserIdentities from with threads and UserIdentity.Contexts.

Field Summary

Fields

Modifier and Type	Field	Description
static final String[]	NO_ROLES

Method Summary

Modifier and Type	Method	Description
Object	associate(UserIdentity user)	Associate a user identity with the current thread.
void	disassociate(Object previous)	Disassociate the user identity from the current thread and restore previous identity.
UserIdentity	getSystemUserIdentity()
RunAsToken	newRunAsToken(String runAsName)	Create a new RunAsToken from a runAsName (normally a role).
UserIdentity	newUserIdentity(Subject subject, Principal userPrincipal, String[] roles)	Create a new UserIdentity for use with this identity service.
Object	setRunAs(UserIdentity user, RunAsToken token)	Associate a runas Token with the current user and thread.
void	unsetRunAs(Object token)	Disassociate the current runAsToken from the thread and reassociate the previous token.

Field Details

NO_ROLES

static final String[] NO_ROLES

Method Details

associate

Object associate(UserIdentity user)

Associate a user identity with the current thread. This is called with as a thread enters the SecurityHandler.handle(String, org.eclipse.jetty.server.Request, jakarta.servlet.http.HttpServletRequest, jakarta.servlet.http.HttpServletResponse) method and then again with a null argument as that call exits.

Parameters:

user - The current user or null for no user to associated.

Returns:

an object representing the previous associated state

disassociate

void disassociate(Object previous)

Disassociate the user identity from the current thread and restore previous identity.

Parameters:

previous - The opaque object returned from a call to associate(UserIdentity)

setRunAs

Object setRunAs(UserIdentity user,
 RunAsToken token)

Associate a runas Token with the current user and thread.

Parameters:

user - The UserIdentity

token - The runAsToken to associate.

Returns:

The previous runAsToken or null.

unsetRunAs

void unsetRunAs(Object token)

Disassociate the current runAsToken from the thread and reassociate the previous token.

Parameters:

token - RUNAS returned from previous associateRunAs call

newUserIdentity

UserIdentity newUserIdentity(Subject subject,
 Principal userPrincipal,
 String[] roles)

Create a new UserIdentity for use with this identity service. The UserIdentity should be immutable and able to be cached.

Parameters:

subject - Subject to include in UserIdentity

userPrincipal - Principal to include in UserIdentity. This will be returned from getUserPrincipal calls

roles - set of roles to include in UserIdentity.

Returns:

A new immutable UserIdententity

newRunAsToken

RunAsToken newRunAsToken(String runAsName)

Create a new RunAsToken from a runAsName (normally a role).

Parameters:

runAsName - Normally a role name

Returns:

A new immutable RunAsToken

getSystemUserIdentity

UserIdentity getSystemUserIdentity()