001/** 002 * Copyright 2015 DuraSpace, Inc. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016package org.fcrepo.auth.common; 017 018import javax.jcr.Credentials; 019 020import java.security.Principal; 021import java.util.Set; 022 023/** 024 * This interface provides a way for authentication code to communicate generic 025 * credentials to authorization delegates. An implementation of this interface 026 * could perform a query to determine group membership, for example. 027 * <p> 028 * The ServletContainerAuthenticationProvider's principalProviders set may be 029 * configured with zero or more instances of implementations of this interface, 030 * which it will consult during authentication. The union of the results will be 031 * assigned to the FEDORA_ALL_PRINCIPALS session attribute. 032 * </p> 033 * 034 * @author Gregory Jansen 035 * @see HttpHeaderPrincipalProvider 036 */ 037public interface PrincipalProvider { 038 039 /** 040 * Extract principals from the provided credentials. 041 * <p> 042 * If no principals can be extracted, for example because the credentials 043 * are of a different type than expected, implementations of this method 044 * should return the empty set rather than null. 045 * </p> 046 * 047 * @param credentials the credentials 048 * @return a set of security principals 049 */ 050 Set<Principal> getPrincipals(Credentials credentials); 051 052}