001/* 002 * Licensed to DuraSpace under one or more contributor license agreements. 003 * See the NOTICE file distributed with this work for additional information 004 * regarding copyright ownership. 005 * 006 * DuraSpace licenses this file to you under the Apache License, 007 * Version 2.0 (the "License"); you may not use this file except in 008 * compliance with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018package org.fcrepo.auth.common; 019 020import javax.jcr.Credentials; 021 022import java.security.Principal; 023import java.util.Set; 024 025/** 026 * This interface provides a way for authentication code to communicate generic 027 * credentials to authorization delegates. An implementation of this interface 028 * could perform a query to determine group membership, for example. 029 * <p> 030 * The ServletContainerAuthenticationProvider's principalProviders set may be 031 * configured with zero or more instances of implementations of this interface, 032 * which it will consult during authentication. The union of the results will be 033 * assigned to the FEDORA_ALL_PRINCIPALS session attribute. 034 * </p> 035 * 036 * @author Gregory Jansen 037 * @see HttpHeaderPrincipalProvider 038 */ 039public interface PrincipalProvider { 040 041 /** 042 * Extract principals from the provided credentials. 043 * <p> 044 * If no principals can be extracted, for example because the credentials 045 * are of a different type than expected, implementations of this method 046 * should return the empty set rather than null. 047 * </p> 048 * 049 * @param credentials the credentials 050 * @return a set of security principals 051 */ 052 Set<Principal> getPrincipals(Credentials credentials); 053 054}