com.iplanet.sso.providers.dpro

Class SSOProviderImpl

java.lang.Object

com.iplanet.sso.providers.dpro.SSOProviderImpl

All Implemented Interfaces:

SSOProvider

public final class SSOProviderImpl
extends Object
implements SSOProvider

This final class SSOProviderImpl implements SSOProvider interface and provides implementation of the methods to create , destroy , check the validity of a single sign on token. Note: Used by ClientSDK, therefore must not use Guice for initialisation.

Field Summary

Fields

Modifier and Type	Field and Description
static Debug	debug Debug SSOProvider

Constructor Summary

Constructors

Constructor and Description
SSOProviderImpl() Constructs a instance of SSOProviderImpl

Method Summary

Modifier and Type	Method and Description
SSOToken	createSSOToken(javax.servlet.http.HttpServletRequest request) Creates a single sign on token for the HttpRequest
SSOToken	createSSOToken(Principal user, String password) Deprecated. This method has been deprecated. Please use the regular LDAP authentication mechanism instead. More information on how to use the authentication programming interfaces as well as the code samples can be obtained from the "Authenticating Using OpenAM Java SDK" chapter of the OpenAM Developer's Guide.
SSOToken	createSSOToken(String tokenId) Deprecated. Use #createSSOToken(String, String)
SSOToken	createSSOToken(String tokenId, boolean invokedByAuth) Creates a single sign on token.
SSOToken	createSSOToken(String tokenId, boolean invokedByAuth, boolean possiblyResetIdleTime) Creates a single sign on token.
SSOToken	createSSOToken(String tokenId, String clientIP) Deprecated. Use #createSSOToken(String, String)
void	destroyToken(SSOToken token) Destroys a single sign on token
void	destroyToken(SSOToken destroyer, SSOToken destroyed) Destroys a single sign on token.
Set<SSOToken>	getValidSessions(SSOToken requester, String server) Returns a list of single sign on token objects which correspond to valid Sessions accessible to requester. single sign on token objects returned are restricted: they can only be used to retrieve properties and destroy sessions they represent.
boolean	isIPValid(Session sess, String clientIP) Validate the IP address of the client with the IP stored in Session.
boolean	isValidToken(SSOToken token) Checks the validity of the single sign on token
boolean	isValidToken(SSOToken token, boolean refresh) Checks the validity of the single sign on token
void	logout(SSOToken token) Logs out of the session underlying this SSOToken.
void	refreshSession(SSOToken token) Refresh the Session corresponding to the single sign on token from the Session Server.
void	refreshSession(SSOToken token, boolean possiblyResetIdleTime) Refresh the Session corresponding to the single sign on token from the Session Server.
void	validateToken(SSOToken token) Checks if the single sign on token is valid.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

debug

public static Debug debug

Debug SSOProvider

Constructor Detail

SSOProviderImpl

public SSOProviderImpl()
                throws SSOException

Constructs a instance of SSOProviderImpl

Throws:

SSOException

Method Detail

createSSOToken

public SSOToken createSSOToken(javax.servlet.http.HttpServletRequest request)
                        throws SSOException

Creates a single sign on token for the HttpRequest

Specified by:

createSSOToken in interface SSOProvider

Parameters:

request - HttpServletRequest

Returns:

single sign on token for the request

Throws:

SSOException - if the single sign on token cannot be created.

createSSOToken

public SSOToken createSSOToken(Principal user,
                               String password)
                        throws SSOException,
                               UnsupportedOperationException

Deprecated. This method has been deprecated. Please use the regular LDAP authentication mechanism instead. More information on how to use the authentication programming interfaces as well as the code samples can be obtained from the "Authenticating Using OpenAM Java SDK" chapter of the OpenAM Developer's Guide.

Creates a single sign on token with user or service as the entity

Specified by:

createSSOToken in interface SSOProvider

Parameters:

user - Principal representing a user or service

password - password string.

Returns:

single sign on token

Throws:

SSOException - if the single sign on token cannot be created.

UnsupportedOperationException - Thrown to indicate that the requested operation is not supported.

createSSOToken

public SSOToken createSSOToken(String tokenId,
                               boolean invokedByAuth)
                        throws SSOException,
                               UnsupportedOperationException

Creates a single sign on token. Note: this method should remain private and get called only by the AuthContext API. Note also: this method may reset the idle time of the session.

Parameters:

tokenId - single sign on token ID.

invokedByAuth - boolean flag indicating that this method has been invoked by the AuthContext.getSSOToken() API.

Returns:

single sign on token.

Throws:

SSOException - if the single sign on token cannot be created.

UnsupportedOperationException - Thrown to indicate that the requested operation is not supported.

createSSOToken

public SSOToken createSSOToken(String tokenId,
                               boolean invokedByAuth,
                               boolean possiblyResetIdleTime)
                        throws SSOException,
                               UnsupportedOperationException

Creates a single sign on token.

Specified by:

createSSOToken in interface SSOProvider

Parameters:

tokenId - single sign on token ID.

invokedByAuth - boolean flag indicating that this method has been invoked by the AuthContext.getSSOToken() API.

possiblyResetIdleTime - If true, the idle time of the token/session may be reset to zero. If false, the idle time will never be reset.

Returns:

single sign on token.

Throws:

SSOException - if the single sign on token cannot be created for any reason.

UnsupportedOperationException - only here to satisfy the interface, this is never thrown.

createSSOToken

public SSOToken createSSOToken(String tokenId)
                        throws SSOException,
                               UnsupportedOperationException

Deprecated. Use #createSSOToken(String, String)

Creates a single sign on token.

Specified by:

createSSOToken in interface SSOProvider

Parameters:

tokenId - single sign on token ID.

Returns:

single sign on token.

Throws:

SSOException - if the single sign on token cannot be created.

UnsupportedOperationException

createSSOToken

public SSOToken createSSOToken(String tokenId,
                               String clientIP)
                        throws SSOException,
                               UnsupportedOperationException

Deprecated. Use #createSSOToken(String, String)

Creates a single sign on token.

Specified by:

createSSOToken in interface SSOProvider

Parameters:

tokenId - single sign on token ID.

clientIP - client IP address

Returns:

single sign on token.

Throws:

SSOException - if the single sign on token cannot be created.

UnsupportedOperationException - Thrown to indicate that the requested operation is not supported.

isValidToken

public boolean isValidToken(SSOToken token)

Checks the validity of the single sign on token

Specified by:

isValidToken in interface SSOProvider

Parameters:

token - The single sign on token object to be validated

Returns:

Returns true if the SSOToken is valid

isValidToken

public boolean isValidToken(SSOToken token,
                            boolean refresh)

Checks the validity of the single sign on token

Specified by:

isValidToken in interface SSOProvider

Parameters:

token - The single sign on token object to be validated

refresh - Flag indicating whether refreshing the token is allowed

Returns:

Returns true if the SSOToken is valid, false otherwise

validateToken

public void validateToken(SSOToken token)
                   throws SSOException

Checks if the single sign on token is valid.

Specified by:

validateToken in interface SSOProvider

Parameters:

token - single sign on token.

Throws:

SSOException - if the single sign on token is not valid.

destroyToken

public void destroyToken(SSOToken token)
                  throws SSOException

Destroys a single sign on token

Specified by:

destroyToken in interface SSOProvider

Parameters:

token - The single sign on token object to be destroyed

Throws:

SSOException - if the given token cannot be destroyed

logout

public void logout(SSOToken token)
            throws SSOException

Description copied from interface: SSOProvider

Logs out of the session underlying this SSOToken.

Specified by:

logout in interface SSOProvider

Parameters:

token - the sso token to log out.

Throws:

SSOException - if an error occurs during logout.

isIPValid

public boolean isIPValid(Session sess,
                         String clientIP)
                  throws SSOException

Validate the IP address of the client with the IP stored in Session.

Parameters:

sess - Session object associated with the token

clientIP - IP address of the current client who made HttpRequest.

Returns:

Returns true if the IP is valid else false.

Throws:

SSOException - if IP cannot be validated for the given session

refreshSession

public void refreshSession(SSOToken token)
                    throws SSOException

Refresh the Session corresponding to the single sign on token from the Session Server.

Specified by:

refreshSession in interface SSOProvider

Parameters:

token - single sign on token for which session need to be refreshed

Throws:

SSOException - if the session cannot be refreshed

refreshSession

public void refreshSession(SSOToken token,
                           boolean possiblyResetIdleTime)
                    throws SSOException

Refresh the Session corresponding to the single sign on token from the Session Server.

Specified by:

refreshSession in interface SSOProvider

Parameters:

token - single sign on token for which session need to be refreshed.

possiblyResetIdleTime - if true, the idle time may be reset, if false it will never be.

Throws:

SSOException - if the session cannot be refreshed.

destroyToken

public void destroyToken(SSOToken destroyer,
                         SSOToken destroyed)
                  throws SSOException

Destroys a single sign on token.

Specified by:

destroyToken in interface SSOProvider

Parameters:

destroyer - The single sign on token object used to authorize the operation

destroyed - The single sign on token object to be destroyed.

Throws:

SSOException - if the there was an error during communication with session service.

getValidSessions

public Set<SSOToken> getValidSessions(SSOToken requester,
                                      String server)
                               throws SSOException

Returns a list of single sign on token objects which correspond to valid Sessions accessible to requester. single sign on token objects returned are restricted: they can only be used to retrieve properties and destroy sessions they represent.

Specified by:

getValidSessions in interface SSOProvider

Parameters:

requester - The single sign on token object used to authorize the operation

server - The server for which the valid sessions are to be retrieved

Returns:

Set of Valid Sessions

Throws:

SSOException - if the there was an error during communication with session service.