xmlBlaster 2.1.0 API

org.xmlBlaster.authentication.plugins.demo
Class Session

java.lang.Object
  extended by org.xmlBlaster.authentication.plugins.demo.Session
All Implemented Interfaces:
I_MsgSecurityInterceptor, I_Session

public class Session
extends java.lang.Object
implements I_Session

Author:
Wolfgang Kleinertz

Field Summary
private  boolean authenticated
           
private  ReversibleCrypt crypter
           
private  Subject dummyUsr
           
private  Manager secMgr
           
private  java.lang.String sessionId
           
private  Subject subject
           
 
Constructor Summary
Session(Manager sm, java.lang.String sessionId)
           
 
Method Summary
 void changeSecretSessionId(java.lang.String sessionId)
          The current implementation of the user session handling (especially Authenticate.connect(org.xmlBlaster.engine.qos.ConnectQosServer, String)) cannot provide a real sessionId when this object is created.
private  Subject determineSubject(java.lang.String user, java.lang.String passwd)
          Determine which subject is specified by user/passwd

private  byte[] exportMessage(byte[] byteArr)
           
 MsgUnitRaw exportMessage(CryptDataHolder dataHolder)
          encrypt, sign, seal an outgoing message.
private  java.lang.String exportMessage(java.lang.String xmlMsg)
           
 I_Manager getManager()
          How controls this session?

 java.lang.String getSecretSessionId()
          Return the id of this session.
 I_Subject getSubject()
          [I_Session]
private  byte[] importMessage(byte[] byteArr)
           
 MsgUnitRaw importMessage(CryptDataHolder dataHolder)
          decrypt, check, unseal an incoming message.
private  java.lang.String importMessage(java.lang.String xmlMsg)
           
 ConnectQosServer init(ConnectQosServer connectQos, java.util.Map map)
          Initialize the session with useful information.
 java.lang.String init(I_SecurityQos securityQos)
          Initialize the Session for a login or connect call.
 java.lang.String interceptExeptionByAuthorizer(java.lang.Throwable throwable, SessionHolder sessionHolder, DataHolder dataHolder)
          If an exception occurrs after successful authorization the security framework has the chance to suppress the exception by returning a return QOS
 boolean isAuthorized(SessionHolder sessionHolder, DataHolder dataHolder)
          Check if the user is permited (authorized) to do something
 boolean verify(I_SecurityQos securityQos)
          Allows to check the given securityQos again.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

subject

private Subject subject

secMgr

private Manager secMgr

sessionId

private java.lang.String sessionId

authenticated

private boolean authenticated

dummyUsr

private Subject dummyUsr

crypter

private ReversibleCrypt crypter
Constructor Detail

Session

public Session(Manager sm,
               java.lang.String sessionId)
Method Detail

init

public ConnectQosServer init(ConnectQosServer connectQos,
                             java.util.Map map)
                      throws XmlBlasterException
Description copied from interface: I_Session
Initialize the session with useful information.

Is called before I_Session.init(I_SecurityQos) which does the authentication

Specified by:
init in interface I_Session
Parameters:
connectQos - The current login information
map - Additional information, is currently null
Returns:
the connectQos we got, can be manipulated
Throws:
XmlBlasterException
See Also:
I_Session.init(ConnectQosServer, Map)

init

public java.lang.String init(I_SecurityQos securityQos)
                      throws XmlBlasterException
Initialize the Session for a login or connect call.

Specified by:
init in interface I_Session
Parameters:
String - The SecurityQos object containing the credentials, e.g. loginName/passwd
Returns:
String Like the securityQos param, but the other direction.
Throws:
XmlBlasterException - Thrown (in this case) if the user doesn't exist or the passwd is incorrect.
See Also:
#init(String)

verify

public boolean verify(I_SecurityQos securityQos)
Description copied from interface: I_Session
Allows to check the given securityQos again.

Note:

Specified by:
verify in interface I_Session
Returns:
true If the credentials are OK
false If access is denied
See Also:
I_Session.verify(I_SecurityQos)

changeSecretSessionId

public void changeSecretSessionId(java.lang.String sessionId)
                           throws XmlBlasterException
Description copied from interface: I_Session
The current implementation of the user session handling (especially Authenticate.connect(org.xmlBlaster.engine.qos.ConnectQosServer, String)) cannot provide a real sessionId when this object is created. Thus, it uses a temporary id first and changes it to the real in a later step.

The purpose of this method is to enable this functionality.

Specified by:
changeSecretSessionId in interface I_Session
Throws:
XmlBlasterException - Thrown if the new sessionId is already in use.

getSecretSessionId

public java.lang.String getSecretSessionId()
Description copied from interface: I_Session
Return the id of this session.

Specified by:
getSecretSessionId in interface I_Session

getSubject

public I_Subject getSubject()
[I_Session]

Specified by:
getSubject in interface I_Session

getManager

public I_Manager getManager()
Description copied from interface: I_Session
How controls this session?

Specified by:
getManager in interface I_Session
Returns:
I_Manager

isAuthorized

public boolean isAuthorized(SessionHolder sessionHolder,
                            DataHolder dataHolder)
Check if the user is permited (authorized) to do something

Specified by:
isAuthorized in interface I_Session
Parameters:
sessionHolder - Holding information about the subject which requires rights
dataHolder - Holding information about the data which shall be accessed EXAMPLE: isAuthorized("publish", "thisIsAMessageKey"); The above line checks if this subject is permitted to >>publish<< a message under the key >>thisIsAMessageKey<< Known action keys: publish, subscribe, get, erase, ...

determineSubject

private Subject determineSubject(java.lang.String user,
                                 java.lang.String passwd)
                          throws XmlBlasterException
Determine which subject is specified by user/passwd

Parameters:
String - username
String - password
Throws:
XmlBlasterException - Thrown (in this case) if the user doesn't exist or the passwd is incorrect.

importMessage

public MsgUnitRaw importMessage(CryptDataHolder dataHolder)
                         throws XmlBlasterException
decrypt, check, unseal an incoming message.

Specified by:
importMessage in interface I_MsgSecurityInterceptor
Parameters:
MsgUnitRaw - The the received message
Returns:
MsgUnitRaw The original message
Throws:
XmlBlasterException - Thrown i.e. if the message has been modified
See Also:
I_MsgSecurityInterceptor.exportMessage(CryptDataHolder)

importMessage

private java.lang.String importMessage(java.lang.String xmlMsg)
                                throws XmlBlasterException
Throws:
XmlBlasterException
See Also:
importMessage(CryptDataHolder)

importMessage

private byte[] importMessage(byte[] byteArr)
                      throws XmlBlasterException
Throws:
XmlBlasterException
See Also:
importMessage(CryptDataHolder)

exportMessage

public MsgUnitRaw exportMessage(CryptDataHolder dataHolder)
                         throws XmlBlasterException
encrypt, sign, seal an outgoing message.

Specified by:
exportMessage in interface I_MsgSecurityInterceptor
Parameters:
MsgUnitRaw - The source message
Returns:
MsgUnitRaw
Throws:
XmlBlasterException - Thrown if the message cannot be processed
See Also:
I_MsgSecurityInterceptor.importMessage(CryptDataHolder)

exportMessage

private java.lang.String exportMessage(java.lang.String xmlMsg)
                                throws XmlBlasterException
Throws:
XmlBlasterException
See Also:
exportMessage(CryptDataHolder)

exportMessage

private byte[] exportMessage(byte[] byteArr)
                      throws XmlBlasterException
Throws:
XmlBlasterException
See Also:
exportMessage(CryptDataHolder)

interceptExeptionByAuthorizer

public java.lang.String interceptExeptionByAuthorizer(java.lang.Throwable throwable,
                                                      SessionHolder sessionHolder,
                                                      DataHolder dataHolder)
Description copied from interface: I_Session
If an exception occurrs after successful authorization the security framework has the chance to suppress the exception by returning a return QOS

A dummy implementation should always return null!

A dead message can be produced like this:

 SessionInfo sessionInfo = sessionHolder.getSessionInfo();
        try {
                return sessionInfo.getMsgErrorHandler().handleErrorSync(new MsgErrorInfo(glob, sessionInfo.getSessionName(), dataHolder.getMsgUnit(), throwable));
        } catch (XmlBlasterException e) {
                e.printStackTrace();
                return null;
        }
 

Specified by:
interceptExeptionByAuthorizer in interface I_Session
Returns:
if null, this call has no influence, usually the exception is thrown back to the client. if not null the string is returned to the client. Can be useful for dumb clients which don't know what to do with the exception. In this case the security framework should handle the message itself, e.g. send it as dead message or forward it to another place.

xmlBlaster 2.1.0 API

Copyright © 1999-2011 The xmlBlaster.org contributers.