|
xmlBlaster 2.2.0 API | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.xmlBlaster.authentication.plugins.demo.Session
public class Session
Field Summary | |
---|---|
private boolean |
authenticated
|
private ReversibleCrypt |
crypter
|
private Subject |
dummyUsr
|
private Manager |
secMgr
|
private java.lang.String |
sessionId
|
private Subject |
subject
|
Constructor Summary | |
---|---|
Session(Manager sm,
java.lang.String sessionId)
|
Method Summary | |
---|---|
void |
changeSecretSessionId(java.lang.String sessionId)
The current implementation of the user session handling (especially Authenticate.connect(org.xmlBlaster.engine.qos.ConnectQosServer, String) )
cannot provide a real sessionId when this object is created. |
private Subject |
determineSubject(java.lang.String user,
java.lang.String passwd)
Determine which subject is specified by user/passwd |
private byte[] |
exportMessage(byte[] byteArr)
|
MsgUnitRaw |
exportMessage(CryptDataHolder dataHolder)
encrypt, sign, seal an outgoing message. |
private java.lang.String |
exportMessage(java.lang.String xmlMsg)
|
I_Manager |
getManager()
How controls this session? |
java.lang.String |
getSecretSessionId()
Return the id of this session. |
I_Subject |
getSubject()
[I_Session] |
private byte[] |
importMessage(byte[] byteArr)
|
MsgUnitRaw |
importMessage(CryptDataHolder dataHolder)
decrypt, check, unseal an incoming message. |
private java.lang.String |
importMessage(java.lang.String xmlMsg)
|
ConnectQosServer |
init(ConnectQosServer connectQos,
java.util.Map map)
Initialize the session with useful information. |
java.lang.String |
init(I_SecurityQos securityQos)
Initialize the Session for a login or connect call. |
java.lang.String |
interceptExeptionByAuthorizer(java.lang.Throwable throwable,
SessionHolder sessionHolder,
DataHolder dataHolder)
If an exception occurrs after successful authorization the security framework has the chance to suppress the exception by returning a return QOS |
boolean |
isAuthorized(SessionHolder sessionHolder,
DataHolder dataHolder)
Check if the user is permited (authorized) to do something |
boolean |
verify(I_SecurityQos securityQos)
Allows to check the given securityQos again. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
private Subject subject
private Manager secMgr
private java.lang.String sessionId
private boolean authenticated
private Subject dummyUsr
private ReversibleCrypt crypter
Constructor Detail |
---|
public Session(Manager sm, java.lang.String sessionId)
Method Detail |
---|
public ConnectQosServer init(ConnectQosServer connectQos, java.util.Map map) throws XmlBlasterException
I_Session
Is called before I_Session.init(I_SecurityQos)
which does the authentication
init
in interface I_Session
connectQos
- The current login informationmap
- Additional information, is currently null
XmlBlasterException
I_Session.init(ConnectQosServer, Map)
public java.lang.String init(I_SecurityQos securityQos) throws XmlBlasterException
init
in interface I_Session
String
- The SecurityQos object containing the credentials, e.g. loginName/passwd
XmlBlasterException
- Thrown (in this case) if the user doesn't
exist or the passwd is incorrect.#init(String)
public boolean verify(I_SecurityQos securityQos)
I_Session
Note:
verify
in interface I_Session
I_Session.verify(I_SecurityQos)
public void changeSecretSessionId(java.lang.String sessionId) throws XmlBlasterException
I_Session
Authenticate.connect(org.xmlBlaster.engine.qos.ConnectQosServer, String)
)
cannot provide a real sessionId when this object is created. Thus, it
uses a temporary id first and changes it to the real in a later step.The purpose of this method is to enable this functionality.
changeSecretSessionId
in interface I_Session
XmlBlasterException
- Thrown if the new sessionId is already in use.public java.lang.String getSecretSessionId()
I_Session
getSecretSessionId
in interface I_Session
public I_Subject getSubject()
getSubject
in interface I_Session
public I_Manager getManager()
I_Session
getManager
in interface I_Session
public boolean isAuthorized(SessionHolder sessionHolder, DataHolder dataHolder)
isAuthorized
in interface I_Session
sessionHolder
- Holding information about the subject which requires rightsdataHolder
- Holding information about the data which shall be accessed
EXAMPLE:
isAuthorized("publish", "thisIsAMessageKey");
The above line checks if this subject is permitted to >>publish<<
a message under the key >>thisIsAMessageKey<<
Known action keys:
publish, subscribe, get, erase, ...private Subject determineSubject(java.lang.String user, java.lang.String passwd) throws XmlBlasterException
String
- usernameString
- password
XmlBlasterException
- Thrown (in this case) if the user doesn't
exist or the passwd is incorrect.public MsgUnitRaw importMessage(CryptDataHolder dataHolder) throws XmlBlasterException
importMessage
in interface I_MsgSecurityInterceptor
MsgUnitRaw
- The the received message
XmlBlasterException
- Thrown i.e. if the message has been modifiedI_MsgSecurityInterceptor.exportMessage(CryptDataHolder)
private java.lang.String importMessage(java.lang.String xmlMsg) throws XmlBlasterException
XmlBlasterException
importMessage(CryptDataHolder)
private byte[] importMessage(byte[] byteArr) throws XmlBlasterException
XmlBlasterException
importMessage(CryptDataHolder)
public MsgUnitRaw exportMessage(CryptDataHolder dataHolder) throws XmlBlasterException
exportMessage
in interface I_MsgSecurityInterceptor
MsgUnitRaw
- The source message
XmlBlasterException
- Thrown if the message cannot be processedI_MsgSecurityInterceptor.importMessage(CryptDataHolder)
private java.lang.String exportMessage(java.lang.String xmlMsg) throws XmlBlasterException
XmlBlasterException
exportMessage(CryptDataHolder)
private byte[] exportMessage(byte[] byteArr) throws XmlBlasterException
XmlBlasterException
exportMessage(CryptDataHolder)
public java.lang.String interceptExeptionByAuthorizer(java.lang.Throwable throwable, SessionHolder sessionHolder, DataHolder dataHolder)
I_Session
A dummy implementation should always return null!
A dead message can be produced like this:
SessionInfo sessionInfo = sessionHolder.getSessionInfo(); try { return sessionInfo.getMsgErrorHandler().handleErrorSync(new MsgErrorInfo(glob, sessionInfo.getSessionName(), dataHolder.getMsgUnit(), throwable)); } catch (XmlBlasterException e) { e.printStackTrace(); return null; }
interceptExeptionByAuthorizer
in interface I_Session
|
xmlBlaster 2.2.0 API | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |