Google Git
Sign in
apache / jsecurity / 1b81d496df8a9db9105e8c4c15352b26b8454d0f / . / src / org / jsecurity / authc / Account.java
blob: 44764d6d7dba4990b7ffa5e6302077909724fd18 [file] [log] [blame]
/*
* Copyright 2005-2008 Les Hazlewood, Les Hazlewood
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jsecurity.authc;
/**
* <p>An <tt>Account</tt> represents system-specific account/user information
* in an application-independent manner. Instead of forcing a JSecurity user to
* implement <tt>User</tt> or <tt>Role</tt> interfaces and being invasive on an application's
* data model, the application instead returns instances of this interface to represent such data. This enables a
* cleaner pluggable implementation and abstracts an application's core classes away from JSecurity.</p>
*
* <p>In fact, JSecurity's default implementations of this interface are usually good for the majority of applications
* and no additional implementation is required.
*
* <p>Please note: Since JSecurity sometimes logs account operations, please ensure your Account's <code>toString()</code>
* implementation does <em>not</em> print out account credentials (password, etc), as these might be viewable to
* someone reading your logs. This is good practice anyway, and account principals should rarely (if ever) be printed
* out for any reason. If you're using JSecurity's default implementations of this interface, they only ever print the
* account {@link #getPrincipal() principal}, so you do not need to do anything additional.</p>
*
* @see SimpleAccount
* @see org.jsecurity.authz.SimpleAuthorizingAccount
*
* @author Jeremy Haile
* @author Les Hazlewood
* @since 0.9
*/
public interface Account {
/**
* Returns the account's identifying principal, such as a user id or username.
*
* <p>In a multi-realm configuration, the object returned from this method
* might be an implementation-specific object representing multiple principals. This might be an instance of
* java.util.Collection, but it does not have to be - it is up to the Authenticator's modular authentication
* strategy as to exactly what is returned.
*
* @return the account's primary principal, such as a user id or username, or in a multi-realm configuration, maybe
* more than one principal encapsulated by an implementation-specific instance.
*/
Object getPrincipal();
/**
* The account's credentials as stored in the system associated with the
* {@link #getPrincipal() account identifier}, such as a password or private key.
*
* <p>It could be encrypted in which case an
* {@link org.jsecurity.realm.Realm Realm}
* must be aware of the fact (e.g. via configuration) in order to interpret and compare
* the credentials value.
*
* @return the account's credentials verifying the {@link #getPrincipal() identifier}
*/
Object getCredentials();
/**
* Determines if the account is locked, meaning that the user is
* not allowed to log in due to a manual or automatic lockout.
*
* @return true if the account is locked and the user should be
* denied authentication, false otherwise.
*/
boolean isLocked();
/**
* Determines if the user's credentials (e.g. password) have expired and must be
* changed before login is allowed.
*
* @return true if the user's credentials are expired and the user should
* be denied authentication, false otherwise.
*/
boolean isCredentialsExpired();
}