001/**
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements.  See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License.  You may obtain a copy of the License at
008 *
009 *      http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017package org.apache.activemq.shiro;
018
019import org.apache.activemq.security.SecurityContext;
020import org.apache.activemq.shiro.subject.SubjectConnectionReference;
021import org.apache.shiro.subject.Subject;
022
023/**
024 * A {@code SecurityContextFactory} returns a {@link SecurityContext} instance that retains a client
025 * connection's {@link Subject} instance.
026 * <p/>
027 * It should be noted that at the time a {@code SecurityContextFactory} is invoked, a {@link Subject} is already
028 * associated with the client connection.  A {@code SecurityContextFactory} is merely responsible for creating
029 * a Shiro-specific {@link org.apache.activemq.security.SecurityContext SecurityContext} instance.
030 * <p/>
031 * The returned {@code SecurityContext} instance will then be made available to any downstream Broker Filters via
032 * {@code connectionContext.}{@link org.apache.activemq.broker.ConnectionContext#getSecurityContext() getSecurityContext()}
033 * to ensure it may be used for Shiro-based security checks.
034 *
035 * @see org.apache.activemq.shiro.subject.SubjectSecurityContext
036 * @since 5.10.0
037 */
038public interface SecurityContextFactory {
039
040    /**
041     * Creates a new {@link SecurityContext} retaining the client connection's {@link Subject} instance.
042     * <p/>
043     * It should be noted that at the time a {@code SecurityContextFactory} is invoked, a {@code Subject} is already
044     * associated with the client connection.  A {@code SecurityContextFactory} is merely responsible for creating
045     * a Shiro-specific {@link org.apache.activemq.security.SecurityContext SecurityContext} instance.
046     * <p/>
047     * The returned {@code SecurityContext} instance will then be made available to any downstream Broker Filters via
048     * {@code connectionContext.}{@link org.apache.activemq.broker.ConnectionContext#getSecurityContext() getSecurityContext()}
049     * to ensure it may be used for Shiro-based security checks.
050     *
051     * @param ref the client's connection and subject
052     * @return a new {@link SecurityContext} retaining the client connection's {@link Subject} instance.
053     * @see org.apache.activemq.shiro.subject.SubjectSecurityContext
054     */
055    SecurityContext createSecurityContext(SubjectConnectionReference ref);
056}