|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/** |
|
4
|
|
|
* AppserverIo\Psr\Security\Auth\Subject |
|
5
|
|
|
* |
|
6
|
|
|
* NOTICE OF LICENSE |
|
7
|
|
|
* |
|
8
|
|
|
* This source file is subject to the Open Software License (OSL 3.0) |
|
9
|
|
|
* that is available through the world-wide-web at this URL: |
|
10
|
|
|
* http://opensource.org/licenses/osl-3.0.php |
|
11
|
|
|
* |
|
12
|
|
|
* PHP version 5 |
|
13
|
|
|
* |
|
14
|
|
|
* @author Tim Wagner <[email protected]> |
|
15
|
|
|
* @copyright 2015 TechDivision GmbH <[email protected]> |
|
16
|
|
|
* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0) |
|
17
|
|
|
* @link https://github.com/appserver-io-psr/security |
|
18
|
|
|
* @link http://www.appserver.io |
|
19
|
|
|
*/ |
|
20
|
|
|
|
|
21
|
|
|
namespace AppserverIo\Psr\Security\Auth; |
|
22
|
|
|
|
|
23
|
|
|
use AppserverIo\Collections\ArrayList; |
|
24
|
|
|
use AppserverIo\Collections\CollectionInterface; |
|
25
|
|
|
|
|
26
|
|
|
/** |
|
27
|
|
|
* A subject represents a grouping of related information for a single entity, such |
|
28
|
|
|
* as a person. Such information includes the subject's identities as well as its |
|
29
|
|
|
* security-related attributes (passwords and cryptographic keys, for example). |
|
30
|
|
|
* |
|
31
|
|
|
* Subjects may potentially have multiple identities. Each identity is represented |
|
32
|
|
|
* as a principal within the subject. Principals simply bind names to a subject. |
|
33
|
|
|
* For example, a subject that happens to be a person, Alice, might have |
|
34
|
|
|
* two principals: one which binds "Alice Bar", the name on her driver license, |
|
35
|
|
|
* to the subject, and another which binds, "999-99-9999", the number on her student |
|
36
|
|
|
* identification card, to the subject. Both principals refer to the same subject |
|
37
|
|
|
* even though each has a different name. |
|
38
|
|
|
* |
|
39
|
|
|
* A subject may also own security-related attributes, which are referred to as |
|
40
|
|
|
* credentials. Sensitive credentials that require special protection, such as |
|
41
|
|
|
* private cryptographic keys, are stored within the private credentials. |
|
42
|
|
|
* Credentials intended to be shared, such as public key certificates or Kerberos |
|
43
|
|
|
* server tickets are stored within the public credentials. Different permissions |
|
44
|
|
|
* are required to access and modify the different credential maps. |
|
45
|
|
|
* |
|
46
|
|
|
* To retrieve all the principals associated with a subject, invoke the |
|
47
|
|
|
* getPrincipals() method. To retrieve invoke the getPublicCredentials() method or |
|
48
|
|
|
* getPrivateCredentials() method, respectively. To modify the returned map of |
|
49
|
|
|
* principals and credentials, use the methods defined in the map class. For example: |
|
50
|
|
|
* |
|
51
|
|
|
* <pre> |
|
52
|
|
|
* $subject = new Subject(); |
|
53
|
|
|
* $principal = new Principal(); |
|
54
|
|
|
* $credential = new String(); |
|
55
|
|
|
* |
|
56
|
|
|
* // add a principal and credential to the subject |
|
57
|
|
|
* $subject->getPrincipals()->add($principal); |
|
58
|
|
|
* $subject->getPublicCredentials()->add($credential); |
|
59
|
|
|
* </pre> |
|
60
|
|
|
* |
|
61
|
|
|
* This subject class implements the Serializable interface. While the principals |
|
62
|
|
|
* associated with the subject are serialized, the credentials associated with the |
|
63
|
|
|
* subject are not. |
|
64
|
|
|
* |
|
65
|
|
|
* @see \AppserverIo\Appserver\ServletEngine\Authentication\PrincipalInterface |
|
66
|
|
|
* |
|
67
|
|
|
* @author Tim Wagner <[email protected]> |
|
68
|
|
|
* @copyright 2015 TechDivision GmbH <[email protected]> |
|
69
|
|
|
* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0) |
|
70
|
|
|
* @link https://github.com/appserver-io-psr/security |
|
71
|
|
|
* @link http://www.appserver.io |
|
72
|
|
|
*/ |
|
73
|
|
|
class Subject implements \Serializable |
|
74
|
|
|
{ |
|
75
|
|
|
|
|
76
|
|
|
/** |
|
77
|
|
|
* Whether this subject is read-only or not. |
|
78
|
|
|
* |
|
79
|
|
|
* @var boolean |
|
80
|
|
|
*/ |
|
81
|
|
|
protected $readOnly = false; |
|
82
|
|
|
|
|
83
|
|
|
/** |
|
84
|
|
|
* A map that provides a view of all of this subject's principals. |
|
85
|
|
|
* |
|
86
|
|
|
* @var \AppserverIo\Collections\CollectionInterface |
|
87
|
|
|
*/ |
|
88
|
|
|
protected $principals; |
|
89
|
|
|
|
|
90
|
|
|
/** |
|
91
|
|
|
* A map that provide a view of private credentials of this subject's credentials. |
|
92
|
|
|
* |
|
93
|
|
|
* @var \AppserverIo\Collections\CollectionInterface |
|
94
|
|
|
*/ |
|
95
|
|
|
protected $privateCredentials; |
|
96
|
|
|
|
|
97
|
|
|
/** |
|
98
|
|
|
* A map that provide a view of public credentials of this subject's credentials. |
|
99
|
|
|
* |
|
100
|
|
|
* @var \AppserverIo\Collections\CollectionInterface |
|
101
|
|
|
*/ |
|
102
|
|
|
protected $publicCredentials; |
|
103
|
|
|
|
|
104
|
|
|
/** |
|
105
|
|
|
* Initialize the subject with the passed data. |
|
106
|
|
|
* |
|
107
|
|
|
* @param \AppserverIo\Collections\CollectionInterface $principals A map with subject's principals |
|
108
|
|
|
* @param \AppserverIo\Collections\CollectionInterface $publicCredentials A map with the public credentials |
|
109
|
|
|
* @param \AppserverIo\Collections\CollectionInterface $privateCredentials A map with the private credentials |
|
110
|
|
|
* @param boolean $readOnly Whether this subject is read-only or not |
|
111
|
|
|
*/ |
|
112
|
16 |
|
public function __construct( |
|
113
|
|
|
CollectionInterface $principals = null, |
|
114
|
|
|
CollectionInterface $publicCredentials = null, |
|
115
|
|
|
CollectionInterface $privateCredentials = null, |
|
116
|
|
|
$readOnly = false |
|
117
|
|
|
) { |
|
118
|
|
|
|
|
119
|
|
|
// initialize the principals |
|
120
|
16 |
|
if ($principals == null) { |
|
121
|
16 |
|
$this->principals = new ArrayList(); |
|
122
|
16 |
|
} else { |
|
123
|
2 |
|
$this->principals = $principals; |
|
124
|
|
|
} |
|
125
|
|
|
|
|
126
|
|
|
// initialize the public credentials |
|
127
|
16 |
|
if ($publicCredentials == null) { |
|
128
|
16 |
|
$this->publicCredentials = new ArrayList(); |
|
129
|
16 |
|
} else { |
|
130
|
2 |
|
$this->publicCredentials = $publicCredentials; |
|
131
|
|
|
} |
|
132
|
|
|
|
|
133
|
|
|
// initialize the private credentials |
|
134
|
16 |
|
if ($privateCredentials == null) { |
|
135
|
16 |
|
$this->privateCredentials = new ArrayList(); |
|
136
|
16 |
|
} else { |
|
137
|
2 |
|
$this->privateCredentials = $privateCredentials; |
|
138
|
|
|
} |
|
139
|
|
|
|
|
140
|
|
|
// mark the subject read-only or not |
|
141
|
16 |
|
$this->readOnly = $readOnly; |
|
142
|
16 |
|
} |
|
143
|
|
|
|
|
144
|
|
|
/** |
|
145
|
|
|
* Set this subject to be read-only. |
|
146
|
|
|
* |
|
147
|
|
|
* Modifications (additions and removals) to this subject's |
|
148
|
|
|
* principals and credentials will be disallowed. |
|
149
|
|
|
* |
|
150
|
|
|
* The destroy operation on this subject's credentials will |
|
151
|
|
|
* still be permitted. |
|
152
|
|
|
* |
|
153
|
|
|
* Subsequent attempts to modify the subject's principals and |
|
154
|
|
|
* credentials will result in an >IllegalStateException being |
|
155
|
|
|
* thrown. Also, once a subject is read-only, it can not be |
|
156
|
|
|
* reset to being writable again. |
|
157
|
|
|
* |
|
158
|
|
|
* @return void |
|
159
|
|
|
*/ |
|
160
|
1 |
|
public function setReadOnly() |
|
161
|
|
|
{ |
|
162
|
1 |
|
$this->readOnly = true; |
|
163
|
1 |
|
} |
|
164
|
|
|
|
|
165
|
|
|
/** |
|
166
|
|
|
* Query whether this subject is read-only. |
|
167
|
|
|
* |
|
168
|
|
|
* @return boolean TRUE if this subject is read-only, FALSE otherwise |
|
169
|
|
|
*/ |
|
170
|
4 |
|
public function isReadOnly() |
|
171
|
|
|
{ |
|
172
|
4 |
|
return $this->readOnly; |
|
173
|
|
|
} |
|
174
|
|
|
|
|
175
|
|
|
/** |
|
176
|
|
|
* Return's the subject's principals. |
|
177
|
|
|
* |
|
178
|
|
|
* @return \AppserverIo\Collections\CollectionInterface The principals |
|
179
|
|
|
*/ |
|
180
|
3 |
|
public function getPrincipals() |
|
181
|
|
|
{ |
|
182
|
3 |
|
return $this->principals; |
|
183
|
|
|
} |
|
184
|
|
|
|
|
185
|
|
|
/** |
|
186
|
|
|
* Return's the subject's public credentials. |
|
187
|
|
|
* |
|
188
|
|
|
* @return \AppserverIo\Collections\CollectionInterface The public credentials |
|
189
|
|
|
*/ |
|
190
|
3 |
|
public function getPublicCredentials() |
|
191
|
|
|
{ |
|
192
|
3 |
|
return $this->publicCredentials; |
|
193
|
|
|
} |
|
194
|
|
|
|
|
195
|
|
|
/** |
|
196
|
|
|
* Return's the subject's private credentials. |
|
197
|
|
|
* |
|
198
|
|
|
* @return \AppserverIo\Collections\CollectionInterface The private credentials |
|
199
|
|
|
*/ |
|
200
|
3 |
|
public function getPrivateCredentials() |
|
201
|
|
|
{ |
|
202
|
3 |
|
return $this->privateCredentials; |
|
203
|
|
|
} |
|
204
|
|
|
|
|
205
|
|
|
/** |
|
206
|
|
|
* Return's a string representation of the subject and the principals. |
|
207
|
|
|
* |
|
208
|
|
|
* @return string|null The subject as string representation |
|
209
|
|
|
* @see \Serializable::serialize() |
|
210
|
|
|
*/ |
|
211
|
1 |
|
public function serialize() |
|
212
|
|
|
{ |
|
213
|
|
|
|
|
214
|
|
|
// prepare the data that has to be serialized |
|
215
|
1 |
|
$data = new \stdClass(); |
|
216
|
1 |
|
$data->principals = $this->principals; |
|
217
|
1 |
|
$data->readOnly = $this->readOnly; |
|
218
|
|
|
|
|
219
|
|
|
// return the serialized data |
|
220
|
1 |
|
return serialize($data); |
|
221
|
|
|
} |
|
222
|
|
|
|
|
223
|
|
|
/** |
|
224
|
|
|
* Called during unserialization of the object. |
|
225
|
|
|
* |
|
226
|
|
|
* @param string $data The subject as string representation |
|
227
|
|
|
* |
|
228
|
|
|
* @return void |
|
229
|
|
|
* @see \Serializable::unserialize() |
|
230
|
|
|
*/ |
|
231
|
1 |
|
public function unserialize($data) |
|
232
|
|
|
{ |
|
233
|
|
|
|
|
234
|
|
|
// unserialize the passed data |
|
235
|
1 |
|
$unserialized = unserialize($data); |
|
236
|
|
|
|
|
237
|
|
|
// restore the data |
|
238
|
1 |
|
$this->principals = $unserialized->principals; |
|
239
|
1 |
|
$this->readOnly = $unserialized->readOnly; |
|
240
|
|
|
|
|
241
|
|
|
// initialize the credentials (that are NOT serialized) |
|
242
|
1 |
|
$this->publicCredentials = new ArrayList(); |
|
243
|
1 |
|
$this->privateCredentials = new ArrayList(); |
|
244
|
1 |
|
} |
|
245
|
|
|
} |
|
246
|
|
|
|
appserver-io-psr /
security
