org.mortbay.http

Interface UserRealm

public interface UserRealm

User Realm. This interface should be specialized to provide specific user lookup and authentication using arbitrary methods. For SSO implementation sof UserRealm should also implement SSORealm.

Version: $Id: UserRealm.java,v 1.16 2006/02/28 12:45:01 gregwilkins Exp $

Author: Greg Wilkins (gregw)

See Also: SSORealm

Method Summary
Principalauthenticate(String username, Object credentials, HttpRequest request)
Authenticate a users credentials.
voiddisassociate(Principal user)
Dissassociate the calling context with a Principal.
StringgetName()
PrincipalgetPrincipal(String username)
Get the principal for a username.
booleanisUserInRole(Principal user, String role)
Check if the user is in a role.
voidlogout(Principal user)
logout a user Principal.
PrincipalpopRole(Principal user)
Pop role from a Principal.
PrincipalpushRole(Principal user, String role)
Push role onto a Principal.
booleanreauthenticate(Principal user)
Re Authenticate a Principal.

Method Detail

authenticate

public Principal authenticate(String username, Object credentials, HttpRequest request)
Authenticate a users credentials. Implementations of this method may adorn the calling context to assoicate it with the authenticated principal (eg ThreadLocals). If such context associations are made, they should be considered valid until a UserRealm.deAuthenticate(UserPrincipal) call is made for this UserPrincipal.

Parameters: username The username. credentials The user credentials, normally a String password. request The request to be authenticated. Additional parameters may be extracted or set on this request as needed for the authentication mechanism (none required for BASIC and FORM authentication).

Returns: The authenticated UserPrincipal.

disassociate

public void disassociate(Principal user)
Dissassociate the calling context with a Principal. This method is called when the calling context is not longer associated with the Principal. It should be used by an implementation to remove context associations such as ThreadLocals. The UserPrincipal object remains authenticated, as it may be associated with other contexts.

Parameters: user A UserPrincipal allocated from this realm.

getName

public String getName()

getPrincipal

public Principal getPrincipal(String username)
Get the principal for a username. This method is not guaranteed to return a Principal for non-authenticated users.

isUserInRole

public boolean isUserInRole(Principal user, String role)
Check if the user is in a role.

Parameters: role A role name.

Returns: True if the user can act in that role.

logout

public void logout(Principal user)
logout a user Principal. Called by authentication mechanisms (eg FORM) that can detect logout.

Parameters: user A Principal previously returned from this realm

popRole

public Principal popRole(Principal user)
Pop role from a Principal.

Parameters: user A UserPrincipal previously returned from pushRole

Returns: The principal without the role. Most often this will be the original UserPrincipal passed.

pushRole

public Principal pushRole(Principal user, String role)
Push role onto a Principal. This method is used to add a role to an existing principal.

Parameters: user An existing UserPrincipal or null for an anonymous user. role The role to add.

Returns: A new UserPrincipal object that wraps the passed user, but with the added role.

reauthenticate

public boolean reauthenticate(Principal user)
Re Authenticate a Principal. Authenicate a principal that has previously been return from the authenticate method. Implementations of this method may adorn the calling context to assoicate it with the authenticated principal (eg ThreadLocals). If such context associations are made, they should be considered valid until a UserRealm.deAuthenticate(UserPrincipal) call is made for this UserPrincipal.

Returns: True if this user is still authenticated.

Copyright © 2004 Mortbay Consulting Pty. Ltd. All Rights Reserved.