Package org.eclipse.jetty.security
Class DefaultIdentityService
- java.lang.Object
-
- org.eclipse.jetty.security.DefaultIdentityService
-
- All Implemented Interfaces:
IdentityService
public class DefaultIdentityService extends java.lang.Object implements IdentityService
Default Identity Service implementation. This service handles only role reference maps passed in an associatedUserIdentity.Scope. If there are roles refs present, then associate will wrap the UserIdentity with one that uses the role references in theUserIdentity.isUserInRole(String, org.eclipse.jetty.server.UserIdentity.Scope)implementation. All other operations are effectively noops.
-
-
Field Summary
-
Fields inherited from interface org.eclipse.jetty.security.IdentityService
NO_ROLES
-
-
Constructor Summary
Constructors Constructor Description DefaultIdentityService()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description java.lang.Objectassociate(UserIdentity user)If there are roles refs present in the scope, then wrap the UserIdentity with one that uses the role references in theUserIdentity.isUserInRole(String, org.eclipse.jetty.server.UserIdentity.Scope)voiddisassociate(java.lang.Object previous)Disassociate the user identity from the current thread and restore previous identity.UserIdentitygetSystemUserIdentity()RunAsTokennewRunAsToken(java.lang.String runAsName)Create a new RunAsToken from a runAsName (normally a role).UserIdentitynewUserIdentity(javax.security.auth.Subject subject, java.security.Principal userPrincipal, java.lang.String[] roles)Create a new UserIdentity for use with this identity service.java.lang.ObjectsetRunAs(UserIdentity user, RunAsToken token)Associate a runas Token with the current user and thread.voidunsetRunAs(java.lang.Object lastToken)Disassociate the current runAsToken from the thread and reassociate the previous token.
-
-
-
Method Detail
-
associate
public java.lang.Object associate(UserIdentity user)
If there are roles refs present in the scope, then wrap the UserIdentity with one that uses the role references in theUserIdentity.isUserInRole(String, org.eclipse.jetty.server.UserIdentity.Scope)- Specified by:
associatein interfaceIdentityService- Parameters:
user- The current user or null for no user to associated.- Returns:
- an object representing the previous associated state
-
disassociate
public void disassociate(java.lang.Object previous)
Description copied from interface:IdentityServiceDisassociate the user identity from the current thread and restore previous identity.- Specified by:
disassociatein interfaceIdentityService- Parameters:
previous- The opaque object returned from a call toIdentityService.associate(UserIdentity)
-
setRunAs
public java.lang.Object setRunAs(UserIdentity user, RunAsToken token)
Description copied from interface:IdentityServiceAssociate a runas Token with the current user and thread.- Specified by:
setRunAsin interfaceIdentityService- Parameters:
user- The UserIdentitytoken- The runAsToken to associate.- Returns:
- The previous runAsToken or null.
-
unsetRunAs
public void unsetRunAs(java.lang.Object lastToken)
Description copied from interface:IdentityServiceDisassociate the current runAsToken from the thread and reassociate the previous token.- Specified by:
unsetRunAsin interfaceIdentityService- Parameters:
lastToken- RUNAS returned from previous associateRunAs call
-
newRunAsToken
public RunAsToken newRunAsToken(java.lang.String runAsName)
Description copied from interface:IdentityServiceCreate a new RunAsToken from a runAsName (normally a role).- Specified by:
newRunAsTokenin interfaceIdentityService- Parameters:
runAsName- Normally a role name- Returns:
- A new immutable RunAsToken
-
getSystemUserIdentity
public UserIdentity getSystemUserIdentity()
- Specified by:
getSystemUserIdentityin interfaceIdentityService
-
newUserIdentity
public UserIdentity newUserIdentity(javax.security.auth.Subject subject, java.security.Principal userPrincipal, java.lang.String[] roles)
Description copied from interface:IdentityServiceCreate a new UserIdentity for use with this identity service. The UserIdentity should be immutable and able to be cached.- Specified by:
newUserIdentityin interfaceIdentityService- Parameters:
subject- Subject to include in UserIdentityuserPrincipal- Principal to include in UserIdentity. This will be returned from getUserPrincipal callsroles- set of roles to include in UserIdentity.- Returns:
- A new immutable UserIdententity
-
-