public interface PrincipalCollection extends Iterable, Serializable
Subject
. A principal is
just a security term for an identifying attribute, such as a username or user id or social security number or
anything else that can be considered an 'identifying' attribute for a Subject
.
A PrincipalCollection organizes its internal principals based on the Realm
where they came from when the
Subject was first created. To obtain the principal(s) for a specific Realm, see the fromRealm(java.lang.String)
method. You
can also see which realms contributed to this collection via the getRealmNames()
method.getPrimaryPrincipal()
,
fromRealm(String realmName)
,
getRealmNames()
Modifier and Type | Method and Description |
---|---|
List |
asList()
Returns a single Subject's principals retrieved from all configured Realms as a List, or an empty List if
there are not any principals.
|
Set |
asSet()
Returns a single Subject's principals retrieved from all configured Realms as a Set, or an empty Set if there
are not any principals.
|
<T> Collection<T> |
byType(Class<T> type)
Returns all principals assignable from the specified type, or an empty Collection if no principals of that
type are contained.
|
Collection |
fromRealm(String realmName)
Returns a single Subject's principals retrieved from the specified Realm only as a Collection, or an empty
Collection if there are not any principals from that realm.
|
Object |
getPrimaryPrincipal()
Returns the primary principal used application-wide to uniquely identify the owning account/Subject.
|
Set<String> |
getRealmNames()
Returns the realm names that this collection has principals for.
|
boolean |
isEmpty()
Returns
true if this collection is empty, false otherwise. |
<T> T |
oneByType(Class<T> type)
Returns the first discovered principal assignable from the specified type, or
null if there are none
of the specified type. |
forEach, iterator, spliterator
Object getPrimaryPrincipal()
UUID
long
value such as a surrogate primary key in a relational databaseRealm
application, typically there is only ever one unique principal to retain and that
is the value returned from this method. However, in a multi-Realm
application, where the
PrincipalCollection
might retain principals across more than one realm, the value returned from this
method should be the single principal that uniquely identifies the subject for the entire application.
That value is of course application specific, but most applications will typically choose one of the primary
principals from one of the Realm
s.
Shiro's default implementations of this interface make this
assumption by usually simply returning Iterable.iterator()
.next()
, which just
returns the first returned principal obtained from the first consulted/configured Realm
during the
authentication attempt. This means in a multi-Realm
application, Realm
configuration order
matters if you want to retain this default heuristic.
If this heuristic is not sufficient, most Shiro end-users will need to implement a custom
AuthenticationStrategy
. An AuthenticationStrategy
has exact control
over the PrincipalCollection
returned at the end of an authentication attempt via the
AuthenticationStrategy#afterAllAttempts
implementation.<T> T oneByType(Class<T> type)
null
if there are none
of the specified type.
Note that this will return null
if the 'owning' subject has not yet logged in.type
- the type of the principal that should be returned.null
if there isn't one of the specified type.<T> Collection<T> byType(Class<T> type)
type
- the type of the principals that should be returned.List asList()
Set asSet()
Collection fromRealm(String realmName)
realmName
- the name of the Realm from which the principals were retrieved.Set<String> getRealmNames()
boolean isEmpty()
true
if this collection is empty, false
otherwise.true
if this collection is empty, false
otherwise.Copyright © 2004–2019 The Apache Software Foundation. All rights reserved.