org.xmlBlaster.authentication.plugins.htpasswd
Class Session

java.lang.Object
  org.xmlBlaster.authentication.plugins.htpasswd.Session

All Implemented Interfaces:

I_MsgSecurityInterceptor, I_Session, I_Subject

public class Session

extends java.lang.Object

implements I_Session, I_Subject

This implements the session AND the subject interface in the same class and supports simple authorization.

Example password configuration:

 guest:yZ24stvIel1j6:connect,disconnect,publish(tennis;sailing)
 admin:yZ24stvIel1j6:!erase
 other:yZ24stvIel1j6:! subscribe,unSubscribe
 all:yZ24stvIel1j6::
 

[userName] : [cryptedPassword] : [optional authorization]

Author:

Cyrille Giquello., Marcel Ruff.

See Also:

HtPasswd, The security.htpasswd requirement

Field Summary

protected boolean	authenticated
private Global	glob
protected HtPasswd	htpasswd
private static java.util.logging.Logger	log
protected java.lang.String	loginName
private static java.lang.String	ME
protected java.lang.String	passwd
protected Manager	secMgr
protected java.lang.String	secretSessionId

Constructor Summary

Session(Manager sm, java.lang.String sessionId)

Method Summary

void	changeSecretSessionId(java.lang.String sessionId) The current implementation of the user session handling (especially Authenticate.connect(org.xmlBlaster.engine.qos.ConnectQosServer, String)) cannot provide a real sessionId when this object is created.
MsgUnitRaw	exportMessage(CryptDataHolder dataHolder) Encrypt, sign, seal an outgoing message.
I_Manager	getManager() How controls this session?
java.lang.String	getName() Get the subjects login-name.
java.lang.String	getSecretSessionId() Return the id of this session.
I_Subject	getSubject() Get the owner of this session.
MsgUnitRaw	importMessage(CryptDataHolder dataHolder) Decrypt, check, unseal etc an incomming message.
ConnectQosServer	init(ConnectQosServer connectQos, java.util.Map map) Initialize the session with useful information.
java.lang.String	init(I_SecurityQos securityQos) Initialize the Session for a login or connect call.
boolean	isAuthorized(SessionHolder sessionHolder, DataHolder dataHolder) Check if this subject instance is permitted to do something
boolean	verify(I_SecurityQos securityQos) Allows to check the given securityQos again.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ME

private static final java.lang.String ME

See Also:

Constant Field Values

glob

private final Global glob

log

private static java.util.logging.Logger log

secMgr

protected Manager secMgr

secretSessionId

protected java.lang.String secretSessionId

authenticated

protected boolean authenticated

htpasswd

protected HtPasswd htpasswd

loginName

protected java.lang.String loginName

passwd

protected java.lang.String passwd

Constructor Detail

Session

public Session(Manager sm,
               java.lang.String sessionId)
        throws XmlBlasterException

Method Detail

init

public ConnectQosServer init(ConnectQosServer connectQos,
                             java.util.Map map)
                      throws XmlBlasterException

Description copied from interface: I_Session

Initialize the session with useful information.

Is called before I_Session.init(I_SecurityQos) which does the authentication

Specified by:

init in interface I_Session

Parameters:

connectQos - The current login information

map - Additional information, is currently null

Returns:

the connectQos we got, can be manipulated

Throws:

XmlBlasterException

init

public java.lang.String init(I_SecurityQos securityQos)
                      throws XmlBlasterException

Initialize the Session for a login or connect call.
[I_Session]

Specified by:

init in interface I_Session

Returns:

String Like the securityQos param, but the other direction.

Throws:

XmlBlasterException - Thrown (in this case) if the user doesn't exist or the passwd is incorrect.

See Also:

#init(String)

verify

public boolean verify(I_SecurityQos securityQos)

Description copied from interface: I_Session

Allows to check the given securityQos again.

Note:

• This call does not modify anything in the I_Session implementation.
• The init() method must have been invoked before, otherwise we return false

Specified by:

verify in interface I_Session

Returns:

true If the credentials are OK
false If access is denied

See Also:

I_Session.verify(I_SecurityQos)

getName

public java.lang.String getName()

Description copied from interface: I_Subject

Get the subjects login-name.

Specified by:

getName in interface I_Subject

Returns:

String name

isAuthorized

public boolean isAuthorized(SessionHolder sessionHolder,
                            DataHolder dataHolder)

Description copied from interface: I_Session

Check if this subject instance is permitted to do something

Specified by:

isAuthorized in interface I_Session

Parameters:

sessionHolder - Holding information about the subject which requires rights

dataHolder - Holding information about the data which shall be accessed EXAMPLE: isAuthorized("publish", "thisIsAMessageKey"); The above line checks if this subject is permitted to >>publish<< a message under the key >>thisIsAMessageKey<< Known action keys: publish, subscribe, get, erase, ...

changeSecretSessionId

public void changeSecretSessionId(java.lang.String sessionId)
                           throws XmlBlasterException

Description copied from interface: I_Session

The current implementation of the user session handling (especially Authenticate.connect(org.xmlBlaster.engine.qos.ConnectQosServer, String)) cannot provide a real sessionId when this object is created. Thus, it uses a temporary id first and changes it to the real in a later step.

The purpose of this method is to enable this functionality.

Specified by:

changeSecretSessionId in interface I_Session

Throws:

XmlBlasterException - Thrown if the new sessionId is already in use.

getSecretSessionId

public java.lang.String getSecretSessionId()

Description copied from interface: I_Session

Return the id of this session.

Specified by:

getSecretSessionId in interface I_Session

getSubject

public I_Subject getSubject()

Description copied from interface: I_Session

Get the owner of this session.

Specified by:

getSubject in interface I_Session

getManager

public I_Manager getManager()

Description copied from interface: I_Session

How controls this session?

Specified by:

getManager in interface I_Session

Returns:

I_Manager

importMessage

public MsgUnitRaw importMessage(CryptDataHolder dataHolder)
                         throws XmlBlasterException

Description copied from interface: I_MsgSecurityInterceptor

Decrypt, check, unseal etc an incomming message.

Use this to import (decrypt) the xmlKey or xmlQos

Specified by:

importMessage in interface I_MsgSecurityInterceptor

Parameters:

dataHolder - A container holding the MsgUnitRaw and some additional informations

Returns:

The original or modified message

Throws:

XmlBlasterException - Thrown i.e. if the message has been modified

See Also:

I_MsgSecurityInterceptor.exportMessage(CryptDataHolder)

exportMessage

public MsgUnitRaw exportMessage(CryptDataHolder dataHolder)
                         throws XmlBlasterException

Description copied from interface: I_MsgSecurityInterceptor

Encrypt, sign, seal an outgoing message.

Use this to export (encrypt) the xmlKey or xmlQos

Specified by:

exportMessage in interface I_MsgSecurityInterceptor

Parameters:

dataHolder - A container holding the MsgUnitRaw and some additional informations

Returns:

The probably more secure string

Throws:

XmlBlasterException - Thrown if the message cannot be processed

See Also:

I_MsgSecurityInterceptor.importMessage(CryptDataHolder)