org.picketlink

Interface Identity

All Superinterfaces:

Serializable

All Known Implementing Classes:

AbstractIdentity, DefaultIdentity

public interface Identity
extends Serializable

Represents the identity of the current user, and provides an API for authentication and authorization.

Author:

Shane Bryzak

Nested Class Summary

Nested Classes

Modifier and Type	Interface and Description
static class	Identity.AuthenticationResult

Method Summary

Methods

Modifier and Type	Method and Description
Account	getAccount()
boolean	hasPermission(Class<?> resourceClass, Serializable identifier, String operation) As above, however this method should be used when a reference to the resource is not available, or is expensive to retrieve, for example looking up an entity from a relational database.
boolean	hasPermission(Object resource, String operation) Tests if the currently authenticated user has permission to perform the specified operation on the specified resource.
boolean	isLoggedIn() Simple check that returns true if the user is logged in, without attempting to authenticate
Identity.AuthenticationResult	login() Attempts to authenticate the user.
void	logout() Logs out the currently authenticated user

Method Detail

isLoggedIn

boolean isLoggedIn()

Simple check that returns true if the user is logged in, without attempting to authenticate

Returns:

true if the user is logged in

getAccount

Account getAccount()

login

Identity.AuthenticationResult login()
                                    throws AuthenticationException

Attempts to authenticate the user. This method raises the following events in response to whether authentication is successful or not. The following events may be raised during the call to login():

LoggedInEvent - raised when authentication is successful LoginFailedEvent - raised when authentication fails AlreadyLoggedInEvent - raised if the user is already authenticated LockedAccountEvent - raised if the user is locked

Returns:

AuthenticationResult returns SUCCESS if user is authenticated, FAILED if authentication FAILED, or EXCEPTION if an EXCEPTION occurred during authentication. These response values may be used to control user navigation. For deferred authentication methods, such as Open ID the login() method will return an immediate result of FAILED (and subsequently fire a LoginFailedEvent) however in these conditions it is the responsibility of the Authenticator implementation to take over the authentication process, for example by redirecting the user to a third party authentication service such as an OpenID provider.

Throws:

AuthenticationException - if some unexpected error occurs or a subclass which identifies why the login failed.

logout

void logout()

Logs out the currently authenticated user

hasPermission

boolean hasPermission(Object resource,
                    String operation)

Tests if the currently authenticated user has permission to perform the specified operation on the specified resource. This method should be preferred over the overloaded hasPermission() method if a reference to the resource in question is already available.

Parameters:

resource - The resource for which the permission is required

operation - The operation that the user wishes to perform on the resource

Returns:

true if the current user has the permission.

hasPermission

boolean hasPermission(Class<?> resourceClass,
                    Serializable identifier,
                    String operation)

As above, however this method should be used when a reference to the resource is not available, or is expensive to retrieve, for example looking up an entity from a relational database.

Parameters:

resourceClass - The class of the resource

identifier - The identifier of the resource, for example may be a primary key value if an entity

operation - The operation that the user wishes to perform on the resource

Returns:

true if the current user has the permission.