001 package hirondelle.web4j.security; 002 003 import hirondelle.web4j.model.AppException; 004 import hirondelle.web4j.model.Id; 005 006 /** 007 Look up the login name of the user who owns an 008 <a href='UntrustedProxyForUserId.html#UntrustedIdentifier'>untrusted identifer</a>. 009 010 <P>See the <a href='http://www.web4j.com/UserGuide.jsp#DataOwnershipConstraints'>User Guide</a> 011 and {@link hirondelle.web4j.security.UntrustedProxyForUserId} for important information regarding 012 this interface. 013 */ 014 public interface FetchIdentifierOwner { 015 016 /** 017 Return the user login name of the user that 'owns' the <a href='UntrustedProxyForUserId.html#UntrustedIdentifier'>untrusted proxy for the 018 user id</a> used in the current request. If an owner cannot be found, then return <tt>null</tt>. 019 020 <P>The meaning of the untrusted identifier depends on the context, and changes for each action/operation. 021 A typical implmentation will follow these steps: 022 <ul> 023 <li>use a request parameter value, whose value contains the untrusted identifier 024 <li>the value of the untrusted identifier is then passed to a <tt>SELECT</tt> statement, 025 which returns a single value - the owner's login name 026 </ul> 027 */ 028 Id fetchOwner() throws AppException; 029 030 }