/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.apache.shiro.subject;

import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.session.Session;

import java.io.Serializable;
import java.util.Map;

/**
 * A {@code SubjectContext} is a 'bucket' of data presented to a {@link SecurityManager} which interprets
 * this data to construct {@link org.apache.shiro.subject.Subject Subject} instances.  It is essentially a Map of data
 * with a few additional type-safe methods for easy retrieval of objects commonly used to construct Subject instances.
 * <p/>
 * While this interface contains type-safe setters and getters for common data types, the map can contain anything
 * additional that might be needed by the {@link SecurityManager} or
 * {@link org.apache.shiro.mgt.SubjectFactory SubjectFactory} implementation to construct {@code Subject} instances.
 * <h2>Data Resolution</h2>
 * The {@link SubjectContext} interface also allows for heuristic resolution of data used to construct a subject
 * instance.  That is, if an attribute has not been explicitly provided via a setter method, the {@code resolve*}
 * methods can use heuristics to obtain that data in another way from other attributes.
 * <p/>
 * For example, if one calls {@link #getPrincipals()} and no principals are returned, perhaps the principals exist
 * in the {@link #getSession() session} or another attribute in the context.  The {@link #resolvePrincipals()} will know
 * how to resolve the principals based on heuristics.  If the {@code resolve*} methods return {@code null} then the
 * data could not be achieved by any heuristics and must be considered as not available in the context.
 * <p/>
 * The general idea is that the normal getters can be called to see if the value was explicitly set.  The
 * {@code resolve*} methods should be used when actually constructing the {@code Subject} instance to ensure the most
 * specific/accurate data can be used.
 * <p/>
 * <b>USAGE</b>: Most Shiro end-users will never use a {@code SubjectContext} instance directly and instead will use a
 * {@link Subject.Builder} (which internally uses a {@code SubjectContext}) and build {@code Subject} instances that
 * way.
 *
 * @see org.apache.shiro.mgt.SecurityManager#createSubject SecurityManager.createSubject
 * @see org.apache.shiro.mgt.SubjectFactory SubjectFactory
 * @since 1.0
 */
public interface SubjectContext extends Map<String, Object> {

    /**
     * Returns the SecurityManager instance that should be used to back the constructed {@link Subject} instance or
     * {@code null} if one has not yet been provided to this context.
     *
     * @return the SecurityManager instance that should be used to back the constructed {@link Subject} instance or
     *         {@code null} if one has not yet been provided to this context.
     */
    SecurityManager getSecurityManager();

    /**
     * Sets the SecurityManager instance that should be used to back the constructed {@link Subject} instance
     * (typically used to support {@link org.apache.shiro.subject.support.DelegatingSubject DelegatingSubject} implementations).
     *
     * @param securityManager the SecurityManager instance that should be used to back the constructed {@link Subject}
     *                        instance.
     */
    void setSecurityManager(SecurityManager securityManager);

    /**
     * Resolves the {@code SecurityManager} instance that should be used to back the constructed {@link Subject}
     * instance (typically used to support {@link org.apache.shiro.subject.support.DelegatingSubject DelegatingSubject} implementations).
     *
     * @return the {@code SecurityManager} instance that should be used to back the constructed {@link Subject}
     *         instance
     */
    SecurityManager resolveSecurityManager();

    /**
     * Returns the session id of the session that should be associated with the constructed {@link Subject} instance.
     * <p/>
     * The construction process is expected to resolve the session with the specified id and then construct the Subject
     * instance based on the resolved session.
     *
     * @return the session id of the session that should be associated with the constructed {@link Subject} instance.
     */
    Serializable getSessionId();

    /**
     * Sets the session id of the session that should be associated with the constructed {@link Subject} instance.
     * <p/>
     * The construction process is expected to resolve the session with the specified id and then construct the Subject
     * instance based on the resolved session.
     *
     * @param sessionId the session id of the session that should be associated with the constructed {@link Subject}
     *                  instance.
     */
    void setSessionId(Serializable sessionId);

    /**
     * Returns any existing {@code Subject} that may be in use at the time the new {@code Subject} instance is
     * being created.
     * <p/>
     * This is typically used in the case where the existing {@code Subject} instance returned by
     * this method is unauthenticated and a new {@code Subject} instance is being created to reflect a successful
     * authentication - you want to return most of the state of the previous {@code Subject} instance when creating the
     * newly authenticated instance.
     *
     * @return any existing {@code Subject} that may be in use at the time the new {@code Subject} instance is
     *         being created.
     */
    Subject getSubject();

    /**
     * Sets the existing {@code Subject} that may be in use at the time the new {@code Subject} instance is
     * being created.
     * <p/>
     * This is typically used in the case where the existing {@code Subject} instance returned by
     * this method is unauthenticated and a new {@code Subject} instance is being created to reflect a successful
     * authentication - you want to return most of the state of the previous {@code Subject} instance when creating the
     * newly authenticated instance.
     *
     * @param subject the existing {@code Subject} that may be in use at the time the new {@code Subject} instance is
     *                being created.
     */
    void setSubject(Subject subject);

    /**
     * Returns the principals (aka identity) that the constructed {@code Subject} should reflect.
     *
     * @return the principals (aka identity) that the constructed {@code Subject} should reflect.
     */
    PrincipalCollection getPrincipals();

    PrincipalCollection resolvePrincipals();

    /**
     * Sets the principals (aka identity) that the constructed {@code Subject} should reflect.
     *
     * @param principals the principals (aka identity) that the constructed {@code Subject} should reflect.
     */
    void setPrincipals(PrincipalCollection principals);

    /**
     * Returns the {@code Session} to use when building the {@code Subject} instance.  Note that it is more
     * common to specify a {@link #setSessionId sessionId} to acquire the desired session rather than having to
     * construct a {@code Session} to be returned by this method.
     *
     * @return the {@code Session} to use when building the {@code Subject} instance.
     */
    Session getSession();

    /**
     * Sets the {@code Session} to use when building the {@code Subject} instance.  Note that it is more
     * common to specify a {@link #setSessionId sessionId} to automatically resolve the desired session rather than
     * constructing a {@code Session} to call this method.
     *
     * @param session the {@code Session} to use when building the {@code Subject} instance.
     */
    void setSession(Session session);

    Session resolveSession();

    /**
     * Returns {@code true} if the constructed {@code Subject} should be considered authenticated, {@code false}
     * otherwise.  Be careful setting this value to {@code true} - you should know what you are doing and have a good
     * reason for ignoring Shiro's default authentication state mechanisms.
     *
     * @return {@code true} if the constructed {@code Subject} should be considered authenticated, {@code false}
     *         otherwise.
     */
    boolean isAuthenticated();

    /**
     * Sets whether or not the constructed {@code Subject} instance should be considered as authenticated.  Be careful
     * when specifying {@code true} - you should know what you are doing and have a good reason for ignoring Shiro's
     * default authentication state mechanisms.
     *
     * @param authc whether or not the constructed {@code Subject} instance should be considered as authenticated.
     */
    void setAuthenticated(boolean authc);

    /**
     * Returns {@code true} if the constructed {@code Subject} should be allowed to create a session, {@code false}
     * otherwise.  Shiro's configuration defaults to {@code true} as most applications find value in Sessions.
     *
     * @return {@code true} if the constructed {@code Subject} should be allowed to create sessions, {@code false}
     * otherwise.
     * @since 1.2
     */
    boolean isSessionCreationEnabled();

    /**
     * Sets whether or not the constructed {@code Subject} instance should be allowed to create a session,
     * {@code false} otherwise.
     *
     * @param enabled whether or not the constructed {@code Subject} instance should be allowed to create a session,
     * {@code false} otherwise.
     * @since 1.2
     */
    void setSessionCreationEnabled(boolean enabled);

    boolean resolveAuthenticated();

    AuthenticationInfo getAuthenticationInfo();

    void setAuthenticationInfo(AuthenticationInfo info);

    AuthenticationToken getAuthenticationToken();

    void setAuthenticationToken(AuthenticationToken token);

    /**
     * Returns the host name or IP that should reflect the constructed {@code Subject}'s originating location.
     *
     * @return the host name or IP that should reflect the constructed {@code Subject}'s originating location.
     */
    String getHost();

    /**
     * Sets the host name or IP that should reflect the constructed {@code Subject}'s originating location.
     *
     * @param host the host name or IP that should reflect the constructed {@code Subject}'s originating location.
     */
    void setHost(String host);

    String resolveHost();
}