Package org.eclipse.jetty.security
Class DefaultIdentityService
- java.lang.Object
-
- org.eclipse.jetty.security.DefaultIdentityService
-
- All Implemented Interfaces:
IdentityService
public class DefaultIdentityService extends java.lang.Object implements IdentityService
Default Identity Service implementation. This service handles only role reference maps passed in an associatedUserIdentity.Scope
. If there are roles refs present, then associate will wrap the UserIdentity with one that uses the role references in theUserIdentity.isUserInRole(String, org.eclipse.jetty.server.UserIdentity.Scope)
implementation. All other operations are effectively noops.
-
-
Field Summary
-
Fields inherited from interface org.eclipse.jetty.security.IdentityService
NO_ROLES
-
-
Constructor Summary
Constructors Constructor Description DefaultIdentityService()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description java.lang.Object
associate(UserIdentity user)
If there are roles refs present in the scope, then wrap the UserIdentity with one that uses the role references in theUserIdentity.isUserInRole(String, org.eclipse.jetty.server.UserIdentity.Scope)
void
disassociate(java.lang.Object previous)
Disassociate the user identity from the current thread and restore previous identity.UserIdentity
getSystemUserIdentity()
RunAsToken
newRunAsToken(java.lang.String runAsName)
Create a new RunAsToken from a runAsName (normally a role).UserIdentity
newUserIdentity(javax.security.auth.Subject subject, java.security.Principal userPrincipal, java.lang.String[] roles)
Create a new UserIdentity for use with this identity service.java.lang.Object
setRunAs(UserIdentity user, RunAsToken token)
Associate a runas Token with the current user and thread.void
unsetRunAs(java.lang.Object lastToken)
Disassociate the current runAsToken from the thread and reassociate the previous token.
-
-
-
Method Detail
-
associate
public java.lang.Object associate(UserIdentity user)
If there are roles refs present in the scope, then wrap the UserIdentity with one that uses the role references in theUserIdentity.isUserInRole(String, org.eclipse.jetty.server.UserIdentity.Scope)
- Specified by:
associate
in interfaceIdentityService
- Parameters:
user
- The current user or null for no user to associated.- Returns:
- an object representing the previous associated state
-
disassociate
public void disassociate(java.lang.Object previous)
Description copied from interface:IdentityService
Disassociate the user identity from the current thread and restore previous identity.- Specified by:
disassociate
in interfaceIdentityService
- Parameters:
previous
- The opaque object returned from a call toIdentityService.associate(UserIdentity)
-
setRunAs
public java.lang.Object setRunAs(UserIdentity user, RunAsToken token)
Description copied from interface:IdentityService
Associate a runas Token with the current user and thread.- Specified by:
setRunAs
in interfaceIdentityService
- Parameters:
user
- The UserIdentitytoken
- The runAsToken to associate.- Returns:
- The previous runAsToken or null.
-
unsetRunAs
public void unsetRunAs(java.lang.Object lastToken)
Description copied from interface:IdentityService
Disassociate the current runAsToken from the thread and reassociate the previous token.- Specified by:
unsetRunAs
in interfaceIdentityService
- Parameters:
lastToken
- RUNAS returned from previous associateRunAs call
-
newRunAsToken
public RunAsToken newRunAsToken(java.lang.String runAsName)
Description copied from interface:IdentityService
Create a new RunAsToken from a runAsName (normally a role).- Specified by:
newRunAsToken
in interfaceIdentityService
- Parameters:
runAsName
- Normally a role name- Returns:
- A new immutable RunAsToken
-
getSystemUserIdentity
public UserIdentity getSystemUserIdentity()
- Specified by:
getSystemUserIdentity
in interfaceIdentityService
-
newUserIdentity
public UserIdentity newUserIdentity(javax.security.auth.Subject subject, java.security.Principal userPrincipal, java.lang.String[] roles)
Description copied from interface:IdentityService
Create a new UserIdentity for use with this identity service. The UserIdentity should be immutable and able to be cached.- Specified by:
newUserIdentity
in interfaceIdentityService
- Parameters:
subject
- Subject to include in UserIdentityuserPrincipal
- Principal to include in UserIdentity. This will be returned from getUserPrincipal callsroles
- set of roles to include in UserIdentity.- Returns:
- A new immutable UserIdententity
-
-