xmlBlaster 2.1.0 API

org.xmlBlaster.authentication.plugins
Interface I_Session

All Superinterfaces:
I_MsgSecurityInterceptor
All Known Implementing Classes:
Session, Session, Session, Session

public interface I_Session
extends I_MsgSecurityInterceptor

Author:
W. Kleinertz

Method Summary
 void changeSecretSessionId(java.lang.String sessionId)
          The current implementation of the user session handling (especially Authenticate.connect(org.xmlBlaster.engine.qos.ConnectQosServer, String)) cannot provide a real sessionId when this object is created.
 I_Manager getManager()
          How controls this session?

 java.lang.String getSecretSessionId()
          Return the id of this session.
 I_Subject getSubject()
          Get the owner of this session.
 ConnectQosServer init(ConnectQosServer connectQos, java.util.Map map)
          Initialize the session with useful information.
 java.lang.String init(I_SecurityQos securityQos)
          Initialize a new session and do the credential check.
 java.lang.String interceptExeptionByAuthorizer(java.lang.Throwable throwable, SessionHolder sessionHolder, DataHolder dataHolder)
          If an exception occurrs after successful authorization the security framework has the chance to suppress the exception by returning a return QOS
 boolean isAuthorized(SessionHolder sessionHolder, DataHolder dataHolder)
          Check if this subject instance is permitted to do something

 boolean verify(I_SecurityQos securityQos)
          Allows to check the given securityQos again.
 
Methods inherited from interface org.xmlBlaster.authentication.plugins.I_MsgSecurityInterceptor
exportMessage, importMessage
 

Method Detail

init

ConnectQosServer init(ConnectQosServer connectQos,
                      java.util.Map map)
                      throws XmlBlasterException
Initialize the session with useful information.

Is called before init(I_SecurityQos) which does the authentication

Parameters:
connectQos - The current login information
map - Additional information, is currently null
Returns:
the connectQos we got, can be manipulated
Throws:
XmlBlasterException

init

java.lang.String init(I_SecurityQos securityQos)
                      throws XmlBlasterException
Initialize a new session and do the credential check.
E.g.: An implementation could include authentication etc.

Parameters:
String - The already parsed QoS. The meaning will be defined by the real implementation.
Returns:
String Like the securityQos param, but the other direction.
Throws:
XmlBlasterException - The initialization failed (key exchange, authentication ... failed)
See Also:
#init(String)

verify

boolean verify(I_SecurityQos securityQos)
               throws XmlBlasterException
Allows to check the given securityQos again.

Note:

Parameters:
String - The already parsed QoS. The meaning will be defined by the real implementation.
Returns:
true If the credentials are OK
false If access is denied
Throws:
XmlBlasterException

getSubject

I_Subject getSubject()
Get the owner of this session.

Parameters:
I_Subject - The owner.

getManager

I_Manager getManager()
How controls this session?

Returns:
I_Manager

changeSecretSessionId

void changeSecretSessionId(java.lang.String sessionId)
                           throws XmlBlasterException
The current implementation of the user session handling (especially Authenticate.connect(org.xmlBlaster.engine.qos.ConnectQosServer, String)) cannot provide a real sessionId when this object is created. Thus, it uses a temporary id first and changes it to the real in a later step.

The purpose of this method is to enable this functionality.

Parameters:
String - The new sessionId.
Throws:
XmlBlasterException - Thrown if the new sessionId is already in use.

getSecretSessionId

java.lang.String getSecretSessionId()
Return the id of this session.

Parameters:
String - The sessionId.

isAuthorized

boolean isAuthorized(SessionHolder sessionHolder,
                     DataHolder dataHolder)
Check if this subject instance is permitted to do something

Parameters:
sessionHolder - Holding information about the subject which requires rights
dataHolder - Holding information about the data which shall be accessed EXAMPLE: isAuthorized("publish", "thisIsAMessageKey"); The above line checks if this subject is permitted to >>publish<< a message under the key >>thisIsAMessageKey<< Known action keys: publish, subscribe, get, erase, ...

interceptExeptionByAuthorizer

java.lang.String interceptExeptionByAuthorizer(java.lang.Throwable throwable,
                                               SessionHolder sessionHolder,
                                               DataHolder dataHolder)
If an exception occurrs after successful authorization the security framework has the chance to suppress the exception by returning a return QOS

A dummy implementation should always return null!

A dead message can be produced like this:

 SessionInfo sessionInfo = sessionHolder.getSessionInfo();
        try {
                return sessionInfo.getMsgErrorHandler().handleErrorSync(new MsgErrorInfo(glob, sessionInfo.getSessionName(), dataHolder.getMsgUnit(), throwable));
        } catch (XmlBlasterException e) {
                e.printStackTrace();
                return null;
        }
 

Parameters:
sessionHolder -
dataHolder -
throwable -
Returns:
if null, this call has no influence, usually the exception is thrown back to the client. if not null the string is returned to the client. Can be useful for dumb clients which don't know what to do with the exception. In this case the security framework should handle the message itself, e.g. send it as dead message or forward it to another place.

xmlBlaster 2.1.0 API

Copyright © 1999-2011 The xmlBlaster.org contributers.