xmlBlaster 2.1.0 API

org.xmlBlaster.authentication.plugins.ldap
Class Session

java.lang.Object
  extended by org.xmlBlaster.authentication.plugins.ldap.Session
All Implemented Interfaces:
I_MsgSecurityInterceptor, I_Session, I_Subject

public class Session
extends java.lang.Object
implements I_Session, I_Subject

This implements the session AND the subject interface in the same class.

Author:
Marcel Ruff.
See Also:
LdapGateway

Field Summary
protected  boolean authenticated
           
protected  LdapGateway ldap
           
private static java.util.logging.Logger log
           
protected  java.lang.String loginName
           
private static java.lang.String ME
           
protected  Manager secMgr
           
protected  java.lang.String sessionId
           
 
Constructor Summary
Session(Manager sm, java.lang.String sessionId)
           
 
Method Summary
 void changeSecretSessionId(java.lang.String sessionId)
          The current implementation of the user session handling (especially Authenticate.connect(org.xmlBlaster.engine.qos.ConnectQosServer, String)) cannot provide a real sessionId when this object is created.
 MsgUnitRaw exportMessage(CryptDataHolder dataHolder)
          Encrypt, sign, seal an outgoing message.
 I_Manager getManager()
          How controls this session?

 java.lang.String getName()
          Get the subjects login-name.
 java.lang.String getSecretSessionId()
          Return the id of this session.
 I_Subject getSubject()
          Get the owner of this session.
 MsgUnitRaw importMessage(CryptDataHolder dataHolder)
          Decrypt, check, unseal etc an incomming message.
 ConnectQosServer init(ConnectQosServer connectQos, java.util.Map map)
          Initialize the session with useful information.
 java.lang.String init(I_SecurityQos securityQos)
          Initialize a new session and do the credential check.
 java.lang.String interceptExeptionByAuthorizer(java.lang.Throwable throwable, SessionHolder sessionHolder, DataHolder dataHolder)
          If an exception occurrs after successful authorization the security framework has the chance to suppress the exception by returning a return QOS
 boolean isAuthorized(SessionHolder sessionHolder, DataHolder dataHolder)
          Check if this subject instance is permitted to do something

 boolean verify(I_SecurityQos securityQos)
          Allows to check the given securityQos again.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ME

private static final java.lang.String ME
See Also:
Constant Field Values

secMgr

protected final Manager secMgr

log

private static java.util.logging.Logger log

sessionId

protected java.lang.String sessionId

authenticated

protected boolean authenticated

ldap

protected final LdapGateway ldap

loginName

protected java.lang.String loginName
Constructor Detail

Session

public Session(Manager sm,
               java.lang.String sessionId)
        throws XmlBlasterException
Throws:
XmlBlasterException
Method Detail

init

public ConnectQosServer init(ConnectQosServer connectQos,
                             java.util.Map map)
                      throws XmlBlasterException
Description copied from interface: I_Session
Initialize the session with useful information.

Is called before I_Session.init(I_SecurityQos) which does the authentication

Specified by:
init in interface I_Session
Parameters:
connectQos - The current login information
map - Additional information, is currently null
Returns:
the connectQos we got, can be manipulated
Throws:
XmlBlasterException
See Also:
I_Session.init(ConnectQosServer, Map)

init

public java.lang.String init(I_SecurityQos securityQos)
                      throws XmlBlasterException
Description copied from interface: I_Session
Initialize a new session and do the credential check.
E.g.: An implementation could include authentication etc.

Specified by:
init in interface I_Session
Returns:
String Like the securityQos param, but the other direction.
Throws:
XmlBlasterException - The initialization failed (key exchange, authentication ... failed)
See Also:
#init(String)

verify

public boolean verify(I_SecurityQos securityQos)
Description copied from interface: I_Session
Allows to check the given securityQos again.

Note:

Specified by:
verify in interface I_Session
Returns:
true If the credentials are OK
false If access is denied
See Also:
I_Session.verify(I_SecurityQos)

getName

public java.lang.String getName()
Description copied from interface: I_Subject
Get the subjects login-name.

Specified by:
getName in interface I_Subject
Returns:
String name

isAuthorized

public boolean isAuthorized(SessionHolder sessionHolder,
                            DataHolder dataHolder)
Description copied from interface: I_Session
Check if this subject instance is permitted to do something

Specified by:
isAuthorized in interface I_Session
Parameters:
sessionHolder - Holding information about the subject which requires rights
dataHolder - Holding information about the data which shall be accessed EXAMPLE: isAuthorized("publish", "thisIsAMessageKey"); The above line checks if this subject is permitted to >>publish<< a message under the key >>thisIsAMessageKey<< Known action keys: publish, subscribe, get, erase, ...

changeSecretSessionId

public void changeSecretSessionId(java.lang.String sessionId)
                           throws XmlBlasterException
Description copied from interface: I_Session
The current implementation of the user session handling (especially Authenticate.connect(org.xmlBlaster.engine.qos.ConnectQosServer, String)) cannot provide a real sessionId when this object is created. Thus, it uses a temporary id first and changes it to the real in a later step.

The purpose of this method is to enable this functionality.

Specified by:
changeSecretSessionId in interface I_Session
Throws:
XmlBlasterException - Thrown if the new sessionId is already in use.

getSecretSessionId

public java.lang.String getSecretSessionId()
Description copied from interface: I_Session
Return the id of this session.

Specified by:
getSecretSessionId in interface I_Session

getSubject

public I_Subject getSubject()
Description copied from interface: I_Session
Get the owner of this session.

Specified by:
getSubject in interface I_Session

getManager

public I_Manager getManager()
Description copied from interface: I_Session
How controls this session?

Specified by:
getManager in interface I_Session
Returns:
I_Manager

importMessage

public MsgUnitRaw importMessage(CryptDataHolder dataHolder)
                         throws XmlBlasterException
Description copied from interface: I_MsgSecurityInterceptor
Decrypt, check, unseal etc an incomming message.

Use this to import (decrypt) the xmlKey or xmlQos

Specified by:
importMessage in interface I_MsgSecurityInterceptor
Parameters:
dataHolder - A container holding the MsgUnitRaw and some additional informations
Returns:
The original or modified message
Throws:
XmlBlasterException - Thrown i.e. if the message has been modified
See Also:
I_MsgSecurityInterceptor.exportMessage(CryptDataHolder)

exportMessage

public MsgUnitRaw exportMessage(CryptDataHolder dataHolder)
                         throws XmlBlasterException
Description copied from interface: I_MsgSecurityInterceptor
Encrypt, sign, seal an outgoing message.

Use this to export (encrypt) the xmlKey or xmlQos

Specified by:
exportMessage in interface I_MsgSecurityInterceptor
Parameters:
dataHolder - A container holding the MsgUnitRaw and some additional informations
Returns:
The probably more secure string
Throws:
XmlBlasterException - Thrown if the message cannot be processed
See Also:
I_MsgSecurityInterceptor.importMessage(CryptDataHolder)

interceptExeptionByAuthorizer

public java.lang.String interceptExeptionByAuthorizer(java.lang.Throwable throwable,
                                                      SessionHolder sessionHolder,
                                                      DataHolder dataHolder)
Description copied from interface: I_Session
If an exception occurrs after successful authorization the security framework has the chance to suppress the exception by returning a return QOS

A dummy implementation should always return null!

A dead message can be produced like this:

 SessionInfo sessionInfo = sessionHolder.getSessionInfo();
        try {
                return sessionInfo.getMsgErrorHandler().handleErrorSync(new MsgErrorInfo(glob, sessionInfo.getSessionName(), dataHolder.getMsgUnit(), throwable));
        } catch (XmlBlasterException e) {
                e.printStackTrace();
                return null;
        }
 

Specified by:
interceptExeptionByAuthorizer in interface I_Session
Returns:
if null, this call has no influence, usually the exception is thrown back to the client. if not null the string is returned to the client. Can be useful for dumb clients which don't know what to do with the exception. In this case the security framework should handle the message itself, e.g. send it as dead message or forward it to another place.

xmlBlaster 2.1.0 API

Copyright © 1999-2011 The xmlBlaster.org contributers.