org.xmlBlaster.authentication.plugins.demo
Class Session

java.lang.Object
  org.xmlBlaster.authentication.plugins.demo.Session

All Implemented Interfaces:

I_MsgSecurityInterceptor, I_Session

public class Session

extends java.lang.Object

implements I_Session

Author:

Wolfgang Kleinertz

Field Summary

private boolean	authenticated
private ReversibleCrypt	crypter
private Subject	dummyUsr
private Manager	secMgr
private java.lang.String	sessionId
private Subject	subject

Constructor Summary

Session(Manager sm, java.lang.String sessionId)

Method Summary

void	changeSecretSessionId(java.lang.String sessionId) The current implementation of the user session handling (especially Authenticate.connect(org.xmlBlaster.engine.qos.ConnectQosServer, String)) cannot provide a real sessionId when this object is created.
private Subject	determineSubject(java.lang.String user, java.lang.String passwd) Determine which subject is specified by user/passwd
private byte[]	exportMessage(byte[] byteArr)
MsgUnitRaw	exportMessage(CryptDataHolder dataHolder) encrypt, sign, seal an outgoing message.
private java.lang.String	exportMessage(java.lang.String xmlMsg)
I_Manager	getManager() How controls this session?
java.lang.String	getSecretSessionId() Return the id of this session.
I_Subject	getSubject() [I_Session]
private byte[]	importMessage(byte[] byteArr)
MsgUnitRaw	importMessage(CryptDataHolder dataHolder) decrypt, check, unseal an incoming message.
private java.lang.String	importMessage(java.lang.String xmlMsg)
ConnectQosServer	init(ConnectQosServer connectQos, java.util.Map map) Initialize the session with useful information.
java.lang.String	init(I_SecurityQos securityQos) Initialize the Session for a login or connect call.
boolean	isAuthorized(SessionHolder sessionHolder, DataHolder dataHolder) Check if the user is permited (authorized) to do something
boolean	verify(I_SecurityQos securityQos) Allows to check the given securityQos again.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

subject

private Subject subject

secMgr

private Manager secMgr

sessionId

private java.lang.String sessionId

authenticated

private boolean authenticated

dummyUsr

private Subject dummyUsr

crypter

private ReversibleCrypt crypter

Constructor Detail

Session

public Session(Manager sm,
               java.lang.String sessionId)

Method Detail

init

public ConnectQosServer init(ConnectQosServer connectQos,
                             java.util.Map map)
                      throws XmlBlasterException

Description copied from interface: I_Session

Initialize the session with useful information.

Is called before I_Session.init(I_SecurityQos) which does the authentication

Specified by:

init in interface I_Session

Parameters:

connectQos - The current login information

map - Additional information, is currently null

Returns:

the connectQos we got, can be manipulated

Throws:

XmlBlasterException

See Also:

I_Session.init(ConnectQosServer, Map)

init

public java.lang.String init(I_SecurityQos securityQos)
                      throws XmlBlasterException

Initialize the Session for a login or connect call.

Specified by:

init in interface I_Session

Returns:

String Like the securityQos param, but the other direction.

Throws:

XmlBlasterException - Thrown (in this case) if the user doesn't exist or the passwd is incorrect.

See Also:

#init(String)

verify

public boolean verify(I_SecurityQos securityQos)

Description copied from interface: I_Session

Allows to check the given securityQos again.

Note:

• This call does not modify anything in the I_Session implementation.
• The init() method must have been invoked before, otherwise we return false

Specified by:

verify in interface I_Session

Returns:

true If the credentials are OK
false If access is denied

See Also:

I_Session.verify(I_SecurityQos)

changeSecretSessionId

public void changeSecretSessionId(java.lang.String sessionId)
                           throws XmlBlasterException

Description copied from interface: I_Session

The current implementation of the user session handling (especially Authenticate.connect(org.xmlBlaster.engine.qos.ConnectQosServer, String)) cannot provide a real sessionId when this object is created. Thus, it uses a temporary id first and changes it to the real in a later step.

The purpose of this method is to enable this functionality.

Specified by:

changeSecretSessionId in interface I_Session

Throws:

XmlBlasterException - Thrown if the new sessionId is already in use.

getSecretSessionId

public java.lang.String getSecretSessionId()

Description copied from interface: I_Session

Return the id of this session.

Specified by:

getSecretSessionId in interface I_Session

getSubject

public I_Subject getSubject()

[I_Session]

Specified by:

getSubject in interface I_Session

getManager

public I_Manager getManager()

Description copied from interface: I_Session

How controls this session?

Specified by:

getManager in interface I_Session

Returns:

I_Manager

isAuthorized

public boolean isAuthorized(SessionHolder sessionHolder,
                            DataHolder dataHolder)

Check if the user is permited (authorized) to do something

Specified by:

isAuthorized in interface I_Session

Parameters:

sessionHolder - Holding information about the subject which requires rights

dataHolder - Holding information about the data which shall be accessed EXAMPLE: isAuthorized("publish", "thisIsAMessageKey"); The above line checks if this subject is permitted to >>publish<< a message under the key >>thisIsAMessageKey<< Known action keys: publish, subscribe, get, erase, ...

determineSubject

private Subject determineSubject(java.lang.String user,
                                 java.lang.String passwd)
                          throws XmlBlasterException

Determine which subject is specified by user/passwd

Throws:

XmlBlasterException - Thrown (in this case) if the user doesn't exist or the passwd is incorrect.

importMessage

public MsgUnitRaw importMessage(CryptDataHolder dataHolder)
                         throws XmlBlasterException

decrypt, check, unseal an incoming message.

Specified by:

importMessage in interface I_MsgSecurityInterceptor

Parameters:

dataHolder - A container holding the MsgUnitRaw and some additional informations

Returns:

MsgUnitRaw The original message

Throws:

XmlBlasterException - Thrown i.e. if the message has been modified

See Also:

I_MsgSecurityInterceptor.exportMessage(CryptDataHolder)

importMessage

private java.lang.String importMessage(java.lang.String xmlMsg)
                                throws XmlBlasterException

Throws:

XmlBlasterException

See Also:

importMessage(CryptDataHolder)

importMessage

private byte[] importMessage(byte[] byteArr)
                      throws XmlBlasterException

Throws:

XmlBlasterException

See Also:

importMessage(CryptDataHolder)

exportMessage

public MsgUnitRaw exportMessage(CryptDataHolder dataHolder)
                         throws XmlBlasterException

encrypt, sign, seal an outgoing message.

Specified by:

exportMessage in interface I_MsgSecurityInterceptor

Parameters:

dataHolder - A container holding the MsgUnitRaw and some additional informations

Returns:

MsgUnitRaw

Throws:

XmlBlasterException - Thrown if the message cannot be processed

See Also:

I_MsgSecurityInterceptor.importMessage(CryptDataHolder)

exportMessage

private java.lang.String exportMessage(java.lang.String xmlMsg)
                                throws XmlBlasterException

Throws:

XmlBlasterException

See Also:

exportMessage(CryptDataHolder)

exportMessage

private byte[] exportMessage(byte[] byteArr)
                      throws XmlBlasterException

Throws:

XmlBlasterException

See Also:

exportMessage(CryptDataHolder)