org.xmlBlaster.authentication.plugins
Interface I_Session

All Superinterfaces:

I_MsgSecurityInterceptor

All Known Implementing Classes:

Session, Session, Session, Session

public interface I_Session

extends I_MsgSecurityInterceptor

Author:

W. Kleinertz

Method Summary

void	changeSecretSessionId(java.lang.String sessionId) The current implementation of the user session handling (especially Authenticate.connect(org.xmlBlaster.engine.qos.ConnectQosServer, String)) cannot provide a real sessionId when this object is created.
I_Manager	getManager() How controls this session?
java.lang.String	getSecretSessionId() Return the id of this session.
I_Subject	getSubject() Get the owner of this session.
ConnectQosServer	init(ConnectQosServer connectQos, java.util.Map map) Initialize the session with useful information.
java.lang.String	init(I_SecurityQos securityQos) Initialize a new session and do the credential check.
boolean	isAuthorized(SessionHolder sessionHolder, DataHolder dataHolder) Check if this subject instance is permitted to do something
boolean	verify(I_SecurityQos securityQos) Allows to check the given securityQos again.

Methods inherited from interface org.xmlBlaster.authentication.plugins.I_MsgSecurityInterceptor

exportMessage, importMessage

Method Detail

init

public ConnectQosServer init(ConnectQosServer connectQos,
                             java.util.Map map)
                      throws XmlBlasterException

Initialize the session with useful information.

Is called before init(I_SecurityQos) which does the authentication

Parameters:

connectQos - The current login information

map - Additional information, is currently null

Returns:

the connectQos we got, can be manipulated

Throws:

XmlBlasterException

init

public java.lang.String init(I_SecurityQos securityQos)
                      throws XmlBlasterException

Initialize a new session and do the credential check.
E.g.: An implementation could include authentication etc.

Returns:

String Like the securityQos param, but the other direction.

Throws:

XmlBlasterException - The initialization failed (key exchange, authentication ... failed)

See Also:

#init(String)

verify

public boolean verify(I_SecurityQos securityQos)
               throws XmlBlasterException

Allows to check the given securityQos again.

Note:

• This call does not modify anything in the I_Session implementation.
• The init() method must have been invoked before, otherwise we return false

Returns:

true If the credentials are OK
false If access is denied

Throws:

XmlBlasterException

getSubject

public I_Subject getSubject()

Get the owner of this session.

getManager

public I_Manager getManager()

How controls this session?

Returns:

I_Manager

changeSecretSessionId

public void changeSecretSessionId(java.lang.String sessionId)
                           throws XmlBlasterException

The current implementation of the user session handling (especially Authenticate.connect(org.xmlBlaster.engine.qos.ConnectQosServer, String)) cannot provide a real sessionId when this object is created. Thus, it uses a temporary id first and changes it to the real in a later step.

The purpose of this method is to enable this functionality.

Throws:

XmlBlasterException - Thrown if the new sessionId is already in use.

getSecretSessionId

public java.lang.String getSecretSessionId()

Return the id of this session.

isAuthorized

public boolean isAuthorized(SessionHolder sessionHolder,
                            DataHolder dataHolder)

Check if this subject instance is permitted to do something

Parameters:

sessionHolder - Holding information about the subject which requires rights

dataHolder - Holding information about the data which shall be accessed EXAMPLE: isAuthorized("publish", "thisIsAMessageKey"); The above line checks if this subject is permitted to >>publish<< a message under the key >>thisIsAMessageKey<< Known action keys: publish, subscribe, get, erase, ...