Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing,
013 * software distributed under the License is distributed on an
014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 * KIND, either express or implied.  See the License for the
016 * specific language governing permissions and limitations
017 * under the License.
018 */
019package org.apache.shiro.subject;
020
021import org.apache.shiro.authc.AuthenticationInfo;
022import org.apache.shiro.authc.AuthenticationToken;
023import org.apache.shiro.authc.pam.AuthenticationStrategy;
024
025import java.io.Serializable;
026import java.util.Collection;
027import java.util.List;
028import java.util.Set;
029
030/**
031 * A collection of all principals associated with a corresponding {@link Subject Subject}.  A <em>principal</em> is
032 * just a security term for an identifying attribute, such as a username or user id or social security number or
033 * anything else that can be considered an 'identifying' attribute for a {@code Subject}.
034 * <p/>
035 * A PrincipalCollection organizes its internal principals based on the {@code Realm} where they came from when the
036 * Subject was first created.  To obtain the principal(s) for a specific Realm, see the {@link #fromRealm} method.  You
037 * can also see which realms contributed to this collection via the {@link #getRealmNames() getRealmNames()} method.
038 *
039 * @see #getPrimaryPrincipal()
040 * @see #fromRealm(String realmName)
041 * @see #getRealmNames()
042 * @since 0.9
043 */
044public interface PrincipalCollection extends Iterable, Serializable {
045
046    /**
047     * Returns the primary principal used application-wide to uniquely identify the owning account/Subject.
048     * <p/>
049     * The value is usually always a uniquely identifying attribute specific to the data source that retrieved the
050     * account data.  Some examples:
051     * <ul>
052     * <li>a {@link java.util.UUID UUID}</li>
053     * <li>a {@code long} value such as a surrogate primary key in a relational database</li>
054     * <li>an LDAP UUID or static DN</li>
055     * <li>a String username unique across all user accounts</li>
056     * </ul>
057     * <h3>Multi-Realm Applications</h3>
058     * In a single-{@code Realm} application, typically there is only ever one unique principal to retain and that
059     * is the value returned from this method.  However, in a multi-{@code Realm} application, where the
060     * {@code PrincipalCollection} might retain principals across more than one realm, the value returned from this
061     * method should be the single principal that uniquely identifies the subject for the entire application.
062     * <p/>
063     * That value is of course application specific, but most applications will typically choose one of the primary
064     * principals from one of the {@code Realm}s.
065     * <p/>
066     * Shiro's default implementations of this interface make this
067     * assumption by usually simply returning {@link #iterator()}.{@link java.util.Iterator#next() next()}, which just
068     * returns the first returned principal obtained from the first consulted/configured {@code Realm} during the
069     * authentication attempt.  This means in a multi-{@code Realm} application, {@code Realm} configuration order
070     * matters if you want to retain this default heuristic.
071     * <p/>
072     * If this heuristic is not sufficient, most Shiro end-users will need to implement a custom
073     * {@link org.apache.shiro.authc.pam.AuthenticationStrategy}.  An {@code AuthenticationStrategy} has exact control
074     * over the {@link PrincipalCollection} returned at the end of an authentication attempt via the
075     * <code>AuthenticationStrategy#
076     * {@link AuthenticationStrategy#afterAllAttempts(AuthenticationToken, AuthenticationInfo) afterAllAttempts}</code>
077     * implementation.
078     *
079     * @return the primary principal used to uniquely identify the owning account/Subject
080     * @since 1.0
081     */
082    Object getPrimaryPrincipal();
083
084    /**
085     * Returns the first discovered principal assignable from the specified type, or {@code null} if there are none
086     * of the specified type.
087     * <p/>
088     * Note that this will return {@code null} if the 'owning' subject has not yet logged in.
089     *
090     * @param type the type of the principal that should be returned.
091     * @return a principal of the specified type or {@code null} if there isn't one of the specified type.
092     */
093    <T> T oneByType(Class<T> type);
094
095    /**
096     * Returns all principals assignable from the specified type, or an empty Collection if no principals of that
097     * type are contained.
098     * <p/>
099     * Note that this will return an empty Collection if the 'owning' subject has not yet logged in.
100     *
101     * @param type the type of the principals that should be returned.
102     * @return a Collection of principals that are assignable from the specified type, or
103     * an empty Collection if no principals of this type are associated.
104     */
105    <T> Collection<T> byType(Class<T> type);
106
107    /**
108     * Returns a single Subject's principals retrieved from all configured Realms as a List, or an empty List if
109     * there are not any principals.
110     * <p/>
111     * Note that this will return an empty List if the 'owning' subject has not yet logged in.
112     *
113     * @return a single Subject's principals retrieved from all configured Realms as a List.
114     */
115    List asList();
116
117    /**
118     * Returns a single Subject's principals retrieved from all configured Realms as a Set, or an empty Set if there
119     * are not any principals.
120     * <p/>
121     * Note that this will return an empty Set if the 'owning' subject has not yet logged in.
122     *
123     * @return a single Subject's principals retrieved from all configured Realms as a Set.
124     */
125    Set asSet();
126
127    /**
128     * Returns a single Subject's principals retrieved from the specified Realm <em>only</em> as a Collection, or an empty
129     * Collection if there are not any principals from that realm.
130     * <p/>
131     * Note that this will return an empty Collection if the 'owning' subject has not yet logged in.
132     *
133     * @param realmName the name of the Realm from which the principals were retrieved.
134     * @return the Subject's principals from the specified Realm only as a Collection or an empty Collection if there
135     * are not any principals from that realm.
136     */
137    Collection fromRealm(String realmName);
138
139    /**
140     * Returns the realm names that this collection has principals for.
141     *
142     * @return the names of realms that this collection has one or more principals for.
143     */
144    Set<String> getRealmNames();
145
146    /**
147     * Returns {@code true} if this collection is empty, {@code false} otherwise.
148     *
149     * @return {@code true} if this collection is empty, {@code false} otherwise.
150     */
151    boolean isEmpty();
152}