PrincipalCollection

A collection of all principals associated with a corresponding {@link Subject Subject}. A <em>principal</em> is just a security term for an identifying attribute, such as a username or user id or social security number or anything else that can be considered an 'identifying' attribute for a {@code Subject}. <p/> A PrincipalCollection organizes its internal principals based on the {@code Realm} where they came from when the Subject was first created. To obtain the principal(s) for a specific Realm, see the {@link #fromRealm} method. You can also see which realms contributed to this collection via the {@link #getRealmNames() getRealmNames()} method.

@see #getPrimaryPrincipal() @see #fromRealm(string realmName) @see #getRealmNames()

Members

Functions

asList
List!Object asList()

Returns a single Subject's principals retrieved from all configured Realms as a List, or an empty List if there are not any principals. <p/> Note that this will return an empty List if the 'owning' subject has not yet logged in.

asSet
Set!Object asSet()

Returns a single Subject's principals retrieved from all configured Realms as a Set, or an empty Set if there are not any principals. <p/> Note that this will return an empty Set if the 'owning' subject has not yet logged in.

fromRealm
Object[] fromRealm(string realmName)

Returns a single Subject's principals retrieved from the specified Realm <em>only</em> as a Collection, or an empty Collection if there are not any principals from that realm. <p/> Note that this will return an empty Collection if the 'owning' subject has not yet logged in.

getPrimaryPrincipal
Object getPrimaryPrincipal()

Returns the primary principal used application-wide to uniquely identify the owning account/Subject. <p/> The value is usually always a uniquely identifying attribute specific to the data source that retrieved the account data. Some examples: <ul> <li>a {@link java.util.UUID UUID}</li> <li>a {@code long} value such as a surrogate primary key in a relational database</li> <li>an LDAP UUID or static DN</li> <li>a string username unique across all user accounts</li> </ul> <h3>Multi-Realm Applications</h3> In a single-{@code Realm} application, typically there is only ever one unique principal to retain and that is the value returned from this method. However, in a multi-{@code Realm} application, where the {@code PrincipalCollection} might retain principals across more than one realm, the value returned from this method should be the single principal that uniquely identifies the subject for the entire application. <p/> That value is of course application specific, but most applications will typically choose one of the primary principals from one of the {@code Realm}s. <p/> Shiro's default implementations of this interface make this assumption by usually simply returning {@link #iterator()}.{@link java.util.Iterator#next() next()}, which just returns the first returned principal obtained from the first consulted/configured {@code Realm} during the authentication attempt. This means in a multi-{@code Realm} application, {@code Realm} configuration order matters if you want to retain this default heuristic. <p/> If this heuristic is not sufficient, most Shiro end-users will need to implement a custom {@link hunt.shiro.authc.pam.AuthenticationStrategy}. An {@code AuthenticationStrategy} has exact control over the {@link PrincipalCollection} returned at the end of an authentication attempt via the <code>AuthenticationStrategy#{@link hunt.shiro.authc.pam.AuthenticationStrategy#afterAllAttempts(hunt.shiro.authc.AuthenticationToken, hunt.shiro.authc.AuthenticationInfo) afterAllAttempts}</code> implementation.

getRealmNames
string[] getRealmNames()

Returns the realm names that this collection has principals for.

isEmpty
bool isEmpty()

Returns {@code true} if this collection is empty, {@code false} otherwise.

Meta