001/*
002 * Licensed to DuraSpace under one or more contributor license agreements.
003 * See the NOTICE file distributed with this work for additional information
004 * regarding copyright ownership.
005 *
006 * DuraSpace licenses this file to you under the Apache License,
007 * Version 2.0 (the "License"); you may not use this file except in
008 * compliance with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.fcrepo.auth.common;
019
020import javax.jcr.Credentials;
021
022import java.security.Principal;
023import java.util.Set;
024
025/**
026 * This interface provides a way for authentication code to communicate generic
027 * credentials to authorization delegates. An implementation of this interface
028 * could perform a query to determine group membership, for example.
029 * <p>
030 * The ServletContainerAuthenticationProvider's principalProviders set may be
031 * configured with zero or more instances of implementations of this interface,
032 * which it will consult during authentication. The union of the results will be
033 * assigned to the FEDORA_ALL_PRINCIPALS session attribute.
034 * </p>
035 *
036 * @author Gregory Jansen
037 * @see HttpHeaderPrincipalProvider
038 */
039public interface PrincipalProvider {
040
041    /**
042     * Extract principals from the provided credentials.
043     * <p>
044     * If no principals can be extracted, for example because the credentials
045     * are of a different type than expected, implementations of this method
046     * should return the empty set rather than null.
047     * </p>
048     *
049     * @param credentials the credentials
050     * @return a set of security principals
051     */
052    Set<Principal> getPrincipals(Credentials credentials);
053
054}