/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package javax.security.sasl;
import javax.security.auth.callback.Callback;
/**
* This callback is used by {@code SaslServer} to determine whether
* one entity (identified by an authenticated authentication id)
* can act on
* behalf of another entity (identified by an authorization id).
*
* @since 1.5
*
* @author Rosanna Lee
* @author Rob Weltman
*/
public class AuthorizeCallback implements Callback, java.io.Serializable {
/**
* The (authenticated) authentication id to check.
* @serial
*/
private String authenticationID;
/**
* The authorization id to check.
* @serial
*/
private String authorizationID;
/**
* The id of the authorized entity. If null, the id of
* the authorized entity is authorizationID.
* @serial
*/
private String authorizedID;
/**
* A flag indicating whether the authentication id is allowed to
* act on behalf of the authorization id.
* @serial
*/
private boolean authorized;
/**
* Constructs an instance of {@code AuthorizeCallback}.
*
* @param authnID The (authenticated) authentication id.
* @param authzID The authorization id.
*/
public AuthorizeCallback(String authnID, String authzID) {
authenticationID = authnID;
authorizationID = authzID;
}
/**
* Returns the authentication id to check.
* @return The authentication id to check.
*/
public String getAuthenticationID() {
return authenticationID;
}
/**
* Returns the authorization id to check.
* @return The authentication id to check.
*/
public String getAuthorizationID() {
return authorizationID;
}
/**
* Determines whether the authentication id is allowed to
* act on behalf of the authorization id.
*
* @return {@code true} if authorization is allowed; {@code false} otherwise
* @see #setAuthorized(boolean)
* @see #getAuthorizedID()
*/
public boolean isAuthorized() {
return authorized;
}
/**
* Sets whether the authorization is allowed.
* @param ok {@code true} if authorization is allowed; {@code false} otherwise
* @see #isAuthorized
* @see #setAuthorizedID(java.lang.String)
*/
public void setAuthorized(boolean ok) {
authorized = ok;
}
/**
* Returns the id of the authorized user.
* @return The id of the authorized user. {@code null} means the
* authorization failed.
* @see #setAuthorized(boolean)
* @see #setAuthorizedID(java.lang.String)
*/
public String getAuthorizedID() {
if (!authorized) {
return null;
}
return (authorizedID == null) ? authorizationID : authorizedID;
}
/**
* Sets the id of the authorized entity. Called by handler only when the id
* is different from getAuthorizationID(). For example, the id
* might need to be canonicalized for the environment in which it
* will be used.
* @param id The id of the authorized user.
* @see #setAuthorized(boolean)
* @see #getAuthorizedID
*/
public void setAuthorizedID(String id) {
authorizedID = id;
}
private static final long serialVersionUID = -2353344186490470805L;
}