001 /*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements. See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership. The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License. You may obtain a copy of the License at
009 *
010 * http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing,
013 * software distributed under the License is distributed on an
014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 * KIND, either express or implied. See the License for the
016 * specific language governing permissions and limitations
017 * under the License.
018 */
019 package org.apache.shiro.subject;
020
021 import java.io.Serializable;
022 import java.util.Collection;
023 import java.util.List;
024 import java.util.Set;
025
026 /**
027 * A collection of all principals associated with a corresponding {@link Subject Subject}. A <em>principal</em> is
028 * just a security term for an identifying attribute, such as a username or user id or social security number or
029 * anything else that can be considered an 'identifying' attribute for a {@code Subject}.
030 * <p/>
031 * A PrincipalCollection organizes its internal principals based on the {@code Realm} where they came from when the
032 * Subject was first created. To obtain the principal(s) for a specific Realm, see the {@link #fromRealm} method. You
033 * can also see which realms contributed to this collection via the {@link #getRealmNames() getRealmNames()} method.
034 *
035 * @author Les Hazlewood
036 * @see #getPrimaryPrincipal()
037 * @see #fromRealm(String realmName)
038 * @see #getRealmNames()
039 * @since 0.9
040 */
041 public interface PrincipalCollection extends Iterable, Serializable {
042
043 /**
044 * Returns the primary principal used application-wide to uniquely identify the owning account/Subject.
045 * <p/>
046 * The value is usually always a uniquely identifying attribute specific to the data source that retrieved the
047 * account data. Some examples:
048 * <ul>
049 * <li>a {@link java.util.UUID UUID}</li>
050 * <li>a {@code long} value such as a surrogate primary key in a relational database</li>
051 * <li>an LDAP UUID or static DN</li>
052 * <li>a String username unique across all user accounts</li>
053 * </ul>
054 * <h3>Multi-Realm Applications</h3>
055 * In a single-{@code Realm} application, typically there is only ever one unique principal to retain and that
056 * is the value returned from this method. However, in a multi-{@code Realm} application, where the
057 * {@code PrincipalCollection} might retain principals across more than one realm, the value returned from this
058 * method should be the single principal that uniquely identifies the subject for the entire application.
059 * <p/>
060 * That value is of course application specific, but most applications will typically choose one of the primary
061 * principals from one of the {@code Realm}s.
062 * <p/>
063 * Shiro's default implementations of this interface make this
064 * assumption by usually simply returning {@link #iterator()}.{@link java.util.Iterator#next() next()}, which just
065 * returns the first returned principal obtained from the first consulted/configured {@code Realm} during the
066 * authentication attempt. This means in a multi-{@code Realm} application, {@code Realm} configuraiton order
067 * matters if you want to retain this default heuristic.
068 * <p/>
069 * If this heuristic is not sufficient, most Shiro end-users will need to implement a custom
070 * {@link org.apache.shiro.authc.pam.AuthenticationStrategy}. An {@code AuthenticationStrategy} has exact control
071 * over the {@link PrincipalCollection} returned at the end of an authentication attempt via the
072 * <code>AuthenticationStrategy#{@link org.apache.shiro.authc.pam.AuthenticationStrategy#afterAllAttempts(org.apache.shiro.authc.AuthenticationToken, org.apache.shiro.authc.AuthenticationInfo) afterAllAttempts}</code>
073 * implementation.
074 *
075 * @return the primary principal used to uniquely identify the owning account/Subject
076 * @since 1.0
077 */
078 Object getPrimaryPrincipal();
079
080 /**
081 * Returns the first discovered principal assignable from the specified type, or {@code null} if there are none
082 * of the specified type.
083 * <p/>
084 * Note that this will return {@code null} if the 'owning' subject has not yet logged in.
085 *
086 * @param type the type of the principal that should be returned.
087 * @return a principal of the specified type or {@code null} if there isn't one of the specified type.
088 */
089 <T> T oneByType(Class<T> type);
090
091 /**
092 * Returns all principals assignable from the specified type, or an empty Collection if no principals of that
093 * type are contained.
094 * <p/>
095 * Note that this will return an empty Collection if the 'owning' subject has not yet logged in.
096 *
097 * @param type the type of the principals that should be returned.
098 * @return a Collection of principals that are assignable from the specified type, or
099 * an empty Collection if no principals of this type are associated.
100 */
101 <T> Collection<T> byType(Class<T> type);
102
103 /**
104 * Returns a single Subject's principals retrieved from all configured Realms as a List, or an empty List if
105 * there are not any principals.
106 * <p/>
107 * Note that this will return an empty List if the 'owning' subject has not yet logged in.
108 *
109 * @return a single Subject's principals retrieved from all configured Realms as a List.
110 */
111 List asList();
112
113 /**
114 * Returns a single Subject's principals retrieved from all configured Realms as a Set, or an empty Set if there
115 * are not any principals.
116 * <p/>
117 * Note that this will return an empty Set if the 'owning' subject has not yet logged in.
118 *
119 * @return a single Subject's principals retrieved from all configured Realms as a Set.
120 */
121 Set asSet();
122
123 /**
124 * Returns a single Subject's principals retrieved from the specified Realm <em>only</em> as a Collection, or an empty
125 * Collection if there are not any principals from that realm.
126 * <p/>
127 * Note that this will return an empty Collection if the 'owning' subject has not yet logged in.
128 *
129 * @param realmName the name of the Realm from which the principals were retrieved.
130 * @return the Subject's principals from the specified Realm only as a Collection or an empty Collection if there
131 * are not any principals from that realm.
132 */
133 Collection fromRealm(String realmName);
134
135 /**
136 * Returns the realm names that this collection has principals for.
137 *
138 * @return the names of realms that this collection has one or more principals for.
139 */
140 Set<String> getRealmNames();
141
142 /**
143 * Returns {@code true} if this collection is empty, {@code false} otherwise.
144 *
145 * @return {@code true} if this collection is empty, {@code false} otherwise.
146 */
147 boolean isEmpty();
148 }