001/**
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements.  See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License.  You may obtain a copy of the License at
008 *
009 *      http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017package org.apache.activemq.shiro.subject;
018
019import org.apache.activemq.shiro.ConnectionReference;
020import org.apache.shiro.subject.Subject;
021
022/**
023 * A {@code ConnectionSubjectFactory} creates a {@code Subject} instance that represents the connection client's identity.
024 * <p/>
025 * Most implementations will simply use the {@link Subject.Builder Subject.Builder} to create an anonymous
026 * {@code Subject} instance and let a downstream {@link org.apache.activemq.shiro.authc.AuthenticationFilter} authenticate the {@code Subject} based on
027 * any credentials associated with the connection.  After authentication, the {@code Subject} will have an identity, and
028 * this is the expected flow for most connection clients.
029 * <p/>
030 * However, if there is some other data associated with the connection that can be inspected to create a
031 * {@code Subject} instance beyond what the {@link DefaultConnectionSubjectFactory} provides, this interface allows that
032 * logic to be plugged in as necessary.
033 *
034 * @see DefaultConnectionSubjectFactory
035 * @since 5.10.0
036 */
037public interface ConnectionSubjectFactory {
038
039    /**
040     * Creates a {@code Subject} instance representing the connection client.  It is common for {@code Subject} instances
041     * returned from this method to be anonymous until a downstream {@link org.apache.activemq.shiro.authc.AuthenticationFilter} authenticates the
042     * subject to associate an identity.
043     *
044     * @param ref a reference to the client's connection metadata
045     * @return a {@code Subject} instance representing the connection client.
046     */
047    Subject createSubject(ConnectionReference ref);
048}