1 /*
2  * Licensed to the Apache Software Foundation (ASF) under one
3  * or more contributor license agreements.  See the NOTICE file
4  * distributed with this work for additional information
5  * regarding copyright ownership.  The ASF licenses this file
6  * to you under the Apache License, Version 2.0 (the
7  * "License"); you may not use this file except in compliance
8  * with the License.  You may obtain a copy of the License at
9  *
10  *     http://www.apache.org/licenses/LICENSE-2.0
11  *
12  * Unless required by applicable law or agreed to in writing,
13  * software distributed under the License is distributed on an
14  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15  * KIND, either express or implied.  See the License for the
16  * specific language governing permissions and limitations
17  * under the License.
18  */
19 module hunt.shiro.subject.PrincipalCollection;
20 
21 import hunt.util.Common;
22 import hunt.collection;
23 
24 /**
25  * A collection of all principals associated with a corresponding {@link Subject Subject}.  A <em>principal</em> is
26  * just a security term for an identifying attribute, such as a username or user id or social security number or
27  * anything else that can be considered an 'identifying' attribute for a {@code Subject}.
28  * <p/>
29  * A PrincipalCollection organizes its internal principals based on the {@code Realm} where they came from when the
30  * Subject was first created.  To obtain the principal(s) for a specific Realm, see the {@link #fromRealm} method.  You
31  * can also see which realms contributed to this collection via the {@link #getRealmNames() getRealmNames()} method.
32  *
33  * @see #getPrimaryPrincipal()
34  * @see #fromRealm(string realmName)
35  * @see #getRealmNames()
36  */
37 interface PrincipalCollection : Iterable!Object {
38 
39     /**
40      * Returns the primary principal used application-wide to uniquely identify the owning account/Subject.
41      * <p/>
42      * The value is usually always a uniquely identifying attribute specific to the data source that retrieved the
43      * account data.  Some examples:
44      * <ul>
45      * <li>a {@link java.util.UUID UUID}</li>
46      * <li>a {@code long} value such as a surrogate primary key in a relational database</li>
47      * <li>an LDAP UUID or static DN</li>
48      * <li>a string username unique across all user accounts</li>
49      * </ul>
50      * <h3>Multi-Realm Applications</h3>
51      * In a single-{@code Realm} application, typically there is only ever one unique principal to retain and that
52      * is the value returned from this method.  However, in a multi-{@code Realm} application, where the
53      * {@code PrincipalCollection} might retain principals across more than one realm, the value returned from this
54      * method should be the single principal that uniquely identifies the subject for the entire application.
55      * <p/>
56      * That value is of course application specific, but most applications will typically choose one of the primary
57      * principals from one of the {@code Realm}s.
58      * <p/>
59      * Shiro's default implementations of this interface make this
60      * assumption by usually simply returning {@link #iterator()}.{@link java.util.Iterator#next() next()}, which just
61      * returns the first returned principal obtained from the first consulted/configured {@code Realm} during the
62      * authentication attempt.  This means in a multi-{@code Realm} application, {@code Realm} configuration order
63      * matters if you want to retain this default heuristic.
64      * <p/>
65      * If this heuristic is not sufficient, most Shiro end-users will need to implement a custom
66      * {@link hunt.shiro.authc.pam.AuthenticationStrategy}.  An {@code AuthenticationStrategy} has exact control
67      * over the {@link PrincipalCollection} returned at the end of an authentication attempt via the
68      * <code>AuthenticationStrategy#{@link hunt.shiro.authc.pam.AuthenticationStrategy#afterAllAttempts(hunt.shiro.authc.AuthenticationToken, hunt.shiro.authc.AuthenticationInfo) afterAllAttempts}</code>
69      * implementation.
70      *
71      * @return the primary principal used to uniquely identify the owning account/Subject
72      */
73     Object getPrimaryPrincipal();
74 
75     /**
76      * Returns the first discovered principal assignable from the specified type, or {@code null} if there are none
77      * of the specified type.
78      * <p/>
79      * Note that this will return {@code null} if the 'owning' subject has not yet logged in.
80      *
81      * @param type the type of the principal that should be returned.
82      * @return a principal of the specified type or {@code null} if there isn't one of the specified type.
83      */
84     // T oneByType(T)(TypeInfo_Class type);
85 
86     /**
87      * Returns all principals assignable from the specified type, or an empty Collection if no principals of that
88      * type are contained.
89      * <p/>
90      * Note that this will return an empty Collection if the 'owning' subject has not yet logged in.
91      *
92      * @param type the type of the principals that should be returned.
93      * @return a Collection of principals that are assignable from the specified type, or
94      *         an empty Collection if no principals of this type are associated.
95      */
96     // Collection!(T) byType(T)(TypeInfo_Class type);
97 
98     /**
99      * Returns a single Subject's principals retrieved from all configured Realms as a List, or an empty List if
100      * there are not any principals.
101      * <p/>
102      * Note that this will return an empty List if the 'owning' subject has not yet logged in.
103      *
104      * @return a single Subject's principals retrieved from all configured Realms as a List.
105      */
106     List!Object asList();
107 
108     /**
109      * Returns a single Subject's principals retrieved from all configured Realms as a Set, or an empty Set if there
110      * are not any principals.
111      * <p/>
112      * Note that this will return an empty Set if the 'owning' subject has not yet logged in.
113      *
114      * @return a single Subject's principals retrieved from all configured Realms as a Set.
115      */
116     Set!Object asSet();
117 
118     /**
119      * Returns a single Subject's principals retrieved from the specified Realm <em>only</em> as a Collection, or an empty
120      * Collection if there are not any principals from that realm.
121      * <p/>
122      * Note that this will return an empty Collection if the 'owning' subject has not yet logged in.
123      *
124      * @param realmName the name of the Realm from which the principals were retrieved.
125      * @return the Subject's principals from the specified Realm only as a Collection or an empty Collection if there
126      *         are not any principals from that realm.
127      */
128     Object[] fromRealm(string realmName);
129 
130     /**
131      * Returns the realm names that this collection has principals for.
132      *
133      * @return the names of realms that this collection has one or more principals for.
134      */
135     string[] getRealmNames();
136 
137     /**
138      * Returns {@code true} if this collection is empty, {@code false} otherwise.
139      *
140      * @return {@code true} if this collection is empty, {@code false} otherwise.
141      */
142     bool isEmpty();
143 }