public interface PrincipalMapper

A PrincipalMapper is an object that maps from a collection of generic Principals or a Subject to well known entities in Jakarta EE.

The following target entities are supported:

The caller principal - a java.security.Principal containing the name of the current authenticated user.
The role - a java.lang.String representing the logical application role associated with the caller principal.

A PrincipalMapper is intended to be used by a Policy, but should work outside a Policy (for instance, during request processing in a Servlet container).

Author:: Arjan Tijms

Method Summary

Modifier and Type

Method

Description

default Principal

getCallerPrincipal(Set<Principal> principals)

Pick from the principals within the passed-in set of principals the platform-specific java.security.Principal that represents the name of the authenticated caller, or null if the current caller is not authenticated.

Principal

getCallerPrincipal(Subject subject)

Pick from the principals within the passed-in Subject the platform-specific java.security.Principal that represents the name of authenticated caller, or null if the current caller is not authenticated.

default Set<String>

getMappedRoles(Set<Principal> principals)

Pick from the principals within the passed-in set of principals all application roles that are associated with the caller principal.

Set<String>

getMappedRoles(Subject subject)

Pick from the principals within the passed-in Subject all application roles that are associated with the caller principal.

default boolean

isAnyAuthenticatedUserRoleMapped()

Jakarta Security defines the "any authenticated caller role" as "**" and allows an application specific mapping for this role to be established.

Method Details
- getCallerPrincipal
  
  Principal getCallerPrincipal(Subject subject)
  
  Pick from the principals within the passed-in Subject the platform-specific java.security.Principal that represents the name of authenticated caller, or null if the current caller is not authenticated.
  
  Parameters:
  
  subject - the subject from which the caller principal is to be retrieved.
  
  Returns:
  
  Principal representing the name of the current authenticated user, or null if not authenticated.
- getMappedRoles
  
  Set<String> getMappedRoles(Subject subject)
  
  Pick from the principals within the passed-in Subject all application roles that are associated with the caller principal.
  The roles returned here are the logical application roles. If the principals in the passed-in Subject represent non-application roles (called "groups"), the implementation must perform the group-to-role mapping. For instance, if a Principal representing the group "adm" is present in the Subject, and the group "adm" is mapped (in a implementation specific way) to "administrator", then "administrator" must be returned here.
  
  Parameters:
  
  subject - the subject from which the roles are to be retrieved.
  
  Returns:
  
  a set of logical application roles associated with the caller principal.
- getCallerPrincipal
  
  default Principal getCallerPrincipal(Set<Principal> principals)
  
  Pick from the principals within the passed-in set of principals the platform-specific java.security.Principal that represents the name of the authenticated caller, or null if the current caller is not authenticated.
  
  Parameters:
  
  principals - the set of principals from which the caller principal is to be retrieved.
  
  Returns:
  
  Principal representing the name of the current authenticated user, or null if not authenticated.
- getMappedRoles
  
  default Set<String> getMappedRoles(Set<Principal> principals)
  
  Pick from the principals within the passed-in set of principals all application roles that are associated with the caller principal.
  The roles returned here are the logical application roles. If the principals in the passed-in Subject represent non-application roles (called "groups"), the implementation must perform the group-to-role mapping. For instance, if a Principal representing the group "adm" is present in the Subject, and the group "adm" is mapped (in a implementation specific way) to "administrator", then "administrator" must be returned here.
  
  Parameters:
  
  principals - the set of principals from which the roles are to be retrieved.
  
  Returns:
  
  a set of logical application roles associated with the caller principal.
- isAnyAuthenticatedUserRoleMapped
  
  default boolean isAnyAuthenticatedUserRoleMapped()
  
  Jakarta Security defines the "any authenticated caller role" as "**" and allows an application specific mapping for this role to be established. E.g. "**" could be mapped to the logical application role "admin".
  This method is used to discover if such a mapping has indeed been done. If it has been done, "**" is a regular role name and we can no longer check for "any authenticated caller" using "**".
  
  Returns:
  
  true if the special "**" role has been mapped to something else, false otherwise.

Interface PrincipalMapper

Method Summary

Method Details

getCallerPrincipal

getMappedRoles

getCallerPrincipal

getMappedRoles

isAnyAuthenticatedUserRoleMapped