Google Git
Sign in
apache / tomcat / f50f3e306fe649b6afa6b270dea518a9b1a3d239 / . / java / org / apache / catalina / TomcatPrincipal.java
blob: 3d69f0b0531a8f6eeadd3095f4dc91122b054ddf [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.catalina;
import java.security.Principal;
import java.util.Enumeration;
import org.ietf.jgss.GSSCredential;
/**
* Defines additional methods implemented by {@link Principal}s created by
* Tomcat's standard {@link Realm} implementations.
*/
public interface TomcatPrincipal extends Principal {
/**
* @return The authenticated Principal to be exposed to applications.
*/
Principal getUserPrincipal();
/**
* @return The user's delegated credentials.
*/
GSSCredential getGssCredential();
/**
* Calls logout, if necessary, on any associated JAASLoginContext and/or
* GSSContext. May in the future be extended to cover other logout
* requirements.
*
* @throws Exception If something goes wrong with the logout. Uses Exception
* to allow for future expansion of this method to cover
* other logout mechanisms that might throw a different
* exception to LoginContext
*/
void logout() throws Exception;
/**
* Returns the value of the named attribute as an <code>Object</code>, or
* <code>null</code> if no attribute of the given name exists, or if
* <code>null</code> has been specified as the attribute's name.
* <p>
* Only the servlet container may set attributes to make available custom
* information about a Principal or the user it represents.
* <p>
* The purpose of the method is to implement read only access to attributes
* which may be stored in the <code>Realm</code> implementation's backend
* due to its inherent design.
* <p>
* As using this method from application code will make it non portable to
* other EE compliant containers, it is advised this should never be used
* as an object storage facility tied to the <code>Principal</code>, but
* rather as simple extra additional metadata. It is recommended that a
* container level object is used to further process the attributes that
* may be associated with the <code>Principal</code>.
* <p>
* <code>Realm</code> implementations that are provided by Tomcat will
* not provide complex type mapping, but will in most cases always
* return a result as a <code>String</code> object which may need custom
* decoding.
* <p>
* <code>Realm</code> implementations that are provided by Tomcat will
* not provide an implementation for this facility unless it is inherent
* to the storage backend of the <code>Realm</code> itself and metadata
* is available without additional user intervention or configuration.
*
* @param name a <code>String</code> specifying the name of the attribute
* @return an <code>Object</code> containing the value of the attribute, or
* <code>null</code> if the attribute does not exist, or if
* <code>null</code> has been specified as the attribute's name
*/
Object getAttribute(String name);
/**
* Returns an <code>Enumeration</code> containing the names of the
* attributes available to this Principal. This method returns an empty
* <code>Enumeration</code> if the Principal has no attributes available to
* it.
*
* @return an <code>Enumeration</code> of strings containing the names of
* the Principal's attributes
*/
Enumeration<String> getAttributeNames();
}