org.mortbay.jetty.security
Interface UserRealm

All Known Implementing Classes:
HashUserRealm, JDBCUserRealm

public interface UserRealm

User Realm. This interface should be specialized to provide specific user lookup and authentication using arbitrary methods. For SSO implementation sof UserRealm should also implement SSORealm.

Author:
Greg Wilkins (gregw)
See Also:
SSORealm

Method Summary
 Principal authenticate(String username, Object credentials, Request request)
          Authenticate a users credentials.
 void disassociate(Principal user)
          Dissassociate the calling context with a Principal.
 String getName()
           
 Principal getPrincipal(String username)
          Get the principal for a username.
 boolean isUserInRole(Principal user, String role)
          Check if the user is in a role.
 void logout(Principal user)
          logout a user Principal.
 Principal popRole(Principal user)
          Pop role from a Principal.
 Principal pushRole(Principal user, String role)
          Push role onto a Principal.
 boolean reauthenticate(Principal user)
          Re Authenticate a Principal.
 

Method Detail

getName

public String getName()

getPrincipal

public Principal getPrincipal(String username)
Get the principal for a username. This method is not guaranteed to return a Principal for non-authenticated users.


authenticate

public Principal authenticate(String username,
                              Object credentials,
                              Request request)
Authenticate a users credentials. Implementations of this method may adorn the calling context to assoicate it with the authenticated principal (eg ThreadLocals). If such context associations are made, they should be considered valid until a UserRealm.deAuthenticate(UserPrincipal) call is made for this UserPrincipal.

Parameters:
username - The username.
credentials - The user credentials, normally a String password.
request - The request to be authenticated. Additional parameters may be extracted or set on this request as needed for the authentication mechanism (none required for BASIC and FORM authentication).
Returns:
The authenticated UserPrincipal.

reauthenticate

public boolean reauthenticate(Principal user)
Re Authenticate a Principal. Authenicate a principal that has previously been return from the authenticate method. Implementations of this method may adorn the calling context to assoicate it with the authenticated principal (eg ThreadLocals). If such context associations are made, they should be considered valid until a UserRealm.deAuthenticate(UserPrincipal) call is made for this UserPrincipal.

Returns:
True if this user is still authenticated.

isUserInRole

public boolean isUserInRole(Principal user,
                            String role)
Check if the user is in a role.

Parameters:
role - A role name.
Returns:
True if the user can act in that role.

disassociate

public void disassociate(Principal user)
Dissassociate the calling context with a Principal. This method is called when the calling context is not longer associated with the Principal. It should be used by an implementation to remove context associations such as ThreadLocals. The UserPrincipal object remains authenticated, as it may be associated with other contexts.

Parameters:
user - A UserPrincipal allocated from this realm.

pushRole

public Principal pushRole(Principal user,
                          String role)
Push role onto a Principal. This method is used to add a role to an existing principal.

Parameters:
user - An existing UserPrincipal or null for an anonymous user.
role - The role to add.
Returns:
A new UserPrincipal object that wraps the passed user, but with the added role.

popRole

public Principal popRole(Principal user)
Pop role from a Principal.

Parameters:
user - A UserPrincipal previously returned from pushRole
Returns:
The principal without the role. Most often this will be the original UserPrincipal passed.

logout

public void logout(Principal user)
logout a user Principal. Called by authentication mechanisms (eg FORM) that can detect logout.

Parameters:
user - A Principal previously returned from this realm