| <!DOCTYPE HTML> |
| <html lang="en"> |
| <head> |
| <title>Source code</title> |
| <link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="Style"> |
| </head> |
| <body> |
| <main role="main"> |
| <div class="sourceContainer"> |
| <pre><span class="sourceLineNo">001</span><a id="line.1">/*</a> |
| <span class="sourceLineNo">002</span><a id="line.2"> * Licensed to the Apache Software Foundation (ASF) under one</a> |
| <span class="sourceLineNo">003</span><a id="line.3"> * or more contributor license agreements. See the NOTICE file</a> |
| <span class="sourceLineNo">004</span><a id="line.4"> * distributed with this work for additional information</a> |
| <span class="sourceLineNo">005</span><a id="line.5"> * regarding copyright ownership. The ASF licenses this file</a> |
| <span class="sourceLineNo">006</span><a id="line.6"> * to you under the Apache License, Version 2.0 (the</a> |
| <span class="sourceLineNo">007</span><a id="line.7"> * "License"); you may not use this file except in compliance</a> |
| <span class="sourceLineNo">008</span><a id="line.8"> * with the License. You may obtain a copy of the License at</a> |
| <span class="sourceLineNo">009</span><a id="line.9"> *</a> |
| <span class="sourceLineNo">010</span><a id="line.10"> * http://www.apache.org/licenses/LICENSE-2.0</a> |
| <span class="sourceLineNo">011</span><a id="line.11"> *</a> |
| <span class="sourceLineNo">012</span><a id="line.12"> * Unless required by applicable law or agreed to in writing,</a> |
| <span class="sourceLineNo">013</span><a id="line.13"> * software distributed under the License is distributed on an</a> |
| <span class="sourceLineNo">014</span><a id="line.14"> * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY</a> |
| <span class="sourceLineNo">015</span><a id="line.15"> * KIND, either express or implied. See the License for the</a> |
| <span class="sourceLineNo">016</span><a id="line.16"> * specific language governing permissions and limitations</a> |
| <span class="sourceLineNo">017</span><a id="line.17"> * under the License.</a> |
| <span class="sourceLineNo">018</span><a id="line.18"> */</a> |
| <span class="sourceLineNo">019</span><a id="line.19">package org.apache.shiro.realm;</a> |
| <span class="sourceLineNo">020</span><a id="line.20"></a> |
| <span class="sourceLineNo">021</span><a id="line.21">import org.apache.shiro.authc.AuthenticationException;</a> |
| <span class="sourceLineNo">022</span><a id="line.22">import org.apache.shiro.authc.AuthenticationInfo;</a> |
| <span class="sourceLineNo">023</span><a id="line.23">import org.apache.shiro.authc.AuthenticationToken;</a> |
| <span class="sourceLineNo">024</span><a id="line.24"></a> |
| <span class="sourceLineNo">025</span><a id="line.25">/**</a> |
| <span class="sourceLineNo">026</span><a id="line.26"> * A <tt>Realm</tt> is a security component that can access application-specific security entities</a> |
| <span class="sourceLineNo">027</span><a id="line.27"> * such as users, roles, and permissions to determine authentication and authorization operations.</a> |
| <span class="sourceLineNo">028</span><a id="line.28"> *</a> |
| <span class="sourceLineNo">029</span><a id="line.29"> * <p><tt>Realm</tt>s usually have a 1-to-1 correspondence with a datasource such as a relational database,</a> |
| <span class="sourceLineNo">030</span><a id="line.30"> * file system, or other similar resource. As such, implementations of this interface use datasource-specific APIs to</a> |
| <span class="sourceLineNo">031</span><a id="line.31"> * determine authorization data (roles, permissions, etc), such as JDBC, File IO, Hibernate or JPA, or any other</a> |
| <span class="sourceLineNo">032</span><a id="line.32"> * Data Access API. They are essentially security-specific</a> |
| <span class="sourceLineNo">033</span><a id="line.33"> * <a href="http://en.wikipedia.org/wiki/Data_Access_Object" target="_blank">DAO</a>s.</a> |
| <span class="sourceLineNo">034</span><a id="line.34"> *</a> |
| <span class="sourceLineNo">035</span><a id="line.35"> * <p>Because most of these datasources usually contain Subject (a.k.a. User) information such as usernames and</a> |
| <span class="sourceLineNo">036</span><a id="line.36"> * passwords, a Realm can act as a pluggable authentication module in a</a> |
| <span class="sourceLineNo">037</span><a id="line.37"> * <a href="http://en.wikipedia.org/wiki/Pluggable_Authentication_Modules">PAM</a> configuration. This allows a Realm to</a> |
| <span class="sourceLineNo">038</span><a id="line.38"> * perform <i>both</i> authentication and authorization duties for a single datasource, which caters to the large</a> |
| <span class="sourceLineNo">039</span><a id="line.39"> * majority of applications. If for some reason you don't want your Realm implementation to perform authentication</a> |
| <span class="sourceLineNo">040</span><a id="line.40"> * duties, you should override the {@link #supports(org.apache.shiro.authc.AuthenticationToken)} method to always</a> |
| <span class="sourceLineNo">041</span><a id="line.41"> * return <tt>false</tt>.</a> |
| <span class="sourceLineNo">042</span><a id="line.42"> *</a> |
| <span class="sourceLineNo">043</span><a id="line.43"> * <p>Because every application is different, security data such as users and roles can be</a> |
| <span class="sourceLineNo">044</span><a id="line.44"> * represented in any number of ways. Shiro tries to maintain a non-intrusive development philosophy whenever</a> |
| <span class="sourceLineNo">045</span><a id="line.45"> * possible - it does not require you to implement or extend any <tt>User</tt>, <tt>Group</tt> or <tt>Role</tt></a> |
| <span class="sourceLineNo">046</span><a id="line.46"> * interfaces or classes.</a> |
| <span class="sourceLineNo">047</span><a id="line.47"> *</a> |
| <span class="sourceLineNo">048</span><a id="line.48"> * <p>Instead, Shiro allows applications to implement this interface to access environment-specific datasources</a> |
| <span class="sourceLineNo">049</span><a id="line.49"> * and data model objects. The implementation can then be plugged in to the application's Shiro configuration.</a> |
| <span class="sourceLineNo">050</span><a id="line.50"> * This modular technique abstracts away any environment/modeling details and allows Shiro to be deployed in</a> |
| <span class="sourceLineNo">051</span><a id="line.51"> * practically any application environment.</a> |
| <span class="sourceLineNo">052</span><a id="line.52"> *</a> |
| <span class="sourceLineNo">053</span><a id="line.53"> * <p>Most users will not implement the <tt>Realm</tt> interface directly, but will extend one of the subclasses,</a> |
| <span class="sourceLineNo">054</span><a id="line.54"> * {@link org.apache.shiro.realm.AuthenticatingRealm AuthenticatingRealm} or {@link org.apache.shiro.realm.AuthorizingRealm}, greatly reducing the effort requird</a> |
| <span class="sourceLineNo">055</span><a id="line.55"> * to implement a <tt>Realm</tt> from scratch.</p></a> |
| <span class="sourceLineNo">056</span><a id="line.56"> *</a> |
| <span class="sourceLineNo">057</span><a id="line.57"> * @see org.apache.shiro.realm.CachingRealm CachingRealm</a> |
| <span class="sourceLineNo">058</span><a id="line.58"> * @see org.apache.shiro.realm.AuthenticatingRealm AuthenticatingRealm</a> |
| <span class="sourceLineNo">059</span><a id="line.59"> * @see org.apache.shiro.realm.AuthorizingRealm AuthorizingRealm</a> |
| <span class="sourceLineNo">060</span><a id="line.60"> * @see org.apache.shiro.authc.pam.ModularRealmAuthenticator ModularRealmAuthenticator</a> |
| <span class="sourceLineNo">061</span><a id="line.61"> * @since 0.1</a> |
| <span class="sourceLineNo">062</span><a id="line.62"> */</a> |
| <span class="sourceLineNo">063</span><a id="line.63">public interface Realm {</a> |
| <span class="sourceLineNo">064</span><a id="line.64"></a> |
| <span class="sourceLineNo">065</span><a id="line.65"> /**</a> |
| <span class="sourceLineNo">066</span><a id="line.66"> * Returns the (application-unique) name assigned to this <code>Realm</code>. All realms configured for a single</a> |
| <span class="sourceLineNo">067</span><a id="line.67"> * application must have a unique name.</a> |
| <span class="sourceLineNo">068</span><a id="line.68"> *</a> |
| <span class="sourceLineNo">069</span><a id="line.69"> * @return the (application-unique) name assigned to this <code>Realm</code>.</a> |
| <span class="sourceLineNo">070</span><a id="line.70"> */</a> |
| <span class="sourceLineNo">071</span><a id="line.71"> String getName();</a> |
| <span class="sourceLineNo">072</span><a id="line.72"></a> |
| <span class="sourceLineNo">073</span><a id="line.73"> /**</a> |
| <span class="sourceLineNo">074</span><a id="line.74"> * Returns <tt>true</tt> if this realm wishes to authenticate the Subject represented by the given</a> |
| <span class="sourceLineNo">075</span><a id="line.75"> * {@link org.apache.shiro.authc.AuthenticationToken AuthenticationToken} instance, <tt>false</tt> otherwise.</a> |
| <span class="sourceLineNo">076</span><a id="line.76"> *</a> |
| <span class="sourceLineNo">077</span><a id="line.77"> * <p>If this method returns <tt>false</tt>, it will not be called to authenticate the Subject represented by</a> |
| <span class="sourceLineNo">078</span><a id="line.78"> * the token - more specifically, a <tt>false</tt> return value means this Realm instance's</a> |
| <span class="sourceLineNo">079</span><a id="line.79"> * {@link #getAuthenticationInfo} method will not be invoked for that token.</a> |
| <span class="sourceLineNo">080</span><a id="line.80"> *</a> |
| <span class="sourceLineNo">081</span><a id="line.81"> * @param token the AuthenticationToken submitted for the authentication attempt</a> |
| <span class="sourceLineNo">082</span><a id="line.82"> * @return <tt>true</tt> if this realm can/will authenticate Subjects represented by specified token,</a> |
| <span class="sourceLineNo">083</span><a id="line.83"> * <tt>false</tt> otherwise.</a> |
| <span class="sourceLineNo">084</span><a id="line.84"> */</a> |
| <span class="sourceLineNo">085</span><a id="line.85"> boolean supports(AuthenticationToken token);</a> |
| <span class="sourceLineNo">086</span><a id="line.86"></a> |
| <span class="sourceLineNo">087</span><a id="line.87"> /**</a> |
| <span class="sourceLineNo">088</span><a id="line.88"> * Returns an account's authentication-specific information for the specified <tt>token</tt>,</a> |
| <span class="sourceLineNo">089</span><a id="line.89"> * or <tt>null</tt> if no account could be found based on the <tt>token</tt>.</a> |
| <span class="sourceLineNo">090</span><a id="line.90"> *</a> |
| <span class="sourceLineNo">091</span><a id="line.91"> * <p>This method effectively represents a login attempt for the corresponding user with the underlying EIS datasource.</a> |
| <span class="sourceLineNo">092</span><a id="line.92"> * Most implementations merely just need to lookup and return the account data only (as the method name implies)</a> |
| <span class="sourceLineNo">093</span><a id="line.93"> * and let Shiro do the rest, but implementations may of course perform eis specific login operations if so</a> |
| <span class="sourceLineNo">094</span><a id="line.94"> * desired.</a> |
| <span class="sourceLineNo">095</span><a id="line.95"> *</a> |
| <span class="sourceLineNo">096</span><a id="line.96"> * @param token the application-specific representation of an account principal and credentials.</a> |
| <span class="sourceLineNo">097</span><a id="line.97"> * @return the authentication information for the account associated with the specified <tt>token</tt>,</a> |
| <span class="sourceLineNo">098</span><a id="line.98"> * or <tt>null</tt> if no account could be found.</a> |
| <span class="sourceLineNo">099</span><a id="line.99"> * @throws org.apache.shiro.authc.AuthenticationException</a> |
| <span class="sourceLineNo">100</span><a id="line.100"> * if there is an error obtaining or constructing an AuthenticationInfo object based on the</a> |
| <span class="sourceLineNo">101</span><a id="line.101"> * specified <tt>token</tt> or implementation-specific login behavior fails.</a> |
| <span class="sourceLineNo">102</span><a id="line.102"> */</a> |
| <span class="sourceLineNo">103</span><a id="line.103"> AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException;</a> |
| <span class="sourceLineNo">104</span><a id="line.104"></a> |
| <span class="sourceLineNo">105</span><a id="line.105">}</a> |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| </pre> |
| </div> |
| </main> |
| </body> |
| </html> |