Package org.eclipse.jetty.security
Interface IdentityService
-
- All Known Implementing Classes:
DefaultIdentityService
public interface IdentityService
Associates UserIdentities from with threads and UserIdentity.Contexts.
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String[]
NO_ROLES
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description java.lang.Object
associate(UserIdentity user)
Associate a user identity with the current thread.void
disassociate(java.lang.Object previous)
Disassociate the user identity from the current thread and restore previous identity.UserIdentity
getSystemUserIdentity()
RunAsToken
newRunAsToken(java.lang.String runAsName)
Create a new RunAsToken from a runAsName (normally a role).UserIdentity
newUserIdentity(javax.security.auth.Subject subject, java.security.Principal userPrincipal, java.lang.String[] roles)
Create a new UserIdentity for use with this identity service.java.lang.Object
setRunAs(UserIdentity user, RunAsToken token)
Associate a runas Token with the current user and thread.void
unsetRunAs(java.lang.Object token)
Disassociate the current runAsToken from the thread and reassociate the previous token.
-
-
-
Method Detail
-
associate
java.lang.Object associate(UserIdentity user)
Associate a user identity with the current thread. This is called with as a thread enters theSecurityHandler.handle(String, org.eclipse.jetty.server.Request, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
method and then again with a null argument as that call exits.- Parameters:
user
- The current user or null for no user to associated.- Returns:
- an object representing the previous associated state
-
disassociate
void disassociate(java.lang.Object previous)
Disassociate the user identity from the current thread and restore previous identity.- Parameters:
previous
- The opaque object returned from a call toassociate(UserIdentity)
-
setRunAs
java.lang.Object setRunAs(UserIdentity user, RunAsToken token)
Associate a runas Token with the current user and thread.- Parameters:
user
- The UserIdentitytoken
- The runAsToken to associate.- Returns:
- The previous runAsToken or null.
-
unsetRunAs
void unsetRunAs(java.lang.Object token)
Disassociate the current runAsToken from the thread and reassociate the previous token.- Parameters:
token
- RUNAS returned from previous associateRunAs call
-
newUserIdentity
UserIdentity newUserIdentity(javax.security.auth.Subject subject, java.security.Principal userPrincipal, java.lang.String[] roles)
Create a new UserIdentity for use with this identity service. The UserIdentity should be immutable and able to be cached.- Parameters:
subject
- Subject to include in UserIdentityuserPrincipal
- Principal to include in UserIdentity. This will be returned from getUserPrincipal callsroles
- set of roles to include in UserIdentity.- Returns:
- A new immutable UserIdententity
-
newRunAsToken
RunAsToken newRunAsToken(java.lang.String runAsName)
Create a new RunAsToken from a runAsName (normally a role).- Parameters:
runAsName
- Normally a role name- Returns:
- A new immutable RunAsToken
-
getSystemUserIdentity
UserIdentity getSystemUserIdentity()
-
-