Package com.iplanet.sso.providers.dpro

Class SSOProviderImpl

  • All Implemented Interfaces:
    SSOProvider
    public final class SSOProviderImpl
extends Object
implements SSOProvider
    This final class SSOProviderImpl implements SSOProvider interface and provides implementation of the methods to create , destroy , check the validity of a single sign on token. Note: Used by ClientSDK, therefore must not use Guice for initialisation.

    • Field Detail

      • debug

        public static Debug debug
        Debug SSOProvider

    • Constructor Detail

      • SSOProviderImpl

        public SSOProviderImpl()
                throws SSOException
        Constructs a instance of SSOProviderImpl
        Throws:
        SSOException

    • Method Detail

      • createSSOToken

        public SSOToken createSSOToken​(jakarta.servlet.http.HttpServletRequest request)
                        throws SSOException
        Creates a single sign on token for the HttpRequest
        Specified by:
        createSSOToken in interface SSOProvider
        Parameters:
        request - HttpServletRequest
        Returns:
        single sign on token for the request
        Throws:
        SSOException - if the single sign on token cannot be created.

      • createSSOToken

        public SSOToken createSSOToken​(Principal user,
                               String password)
                        throws SSOException,
                               UnsupportedOperationException
        Deprecated.
        This method has been deprecated. Please use the regular LDAP authentication mechanism instead. More information on how to use the authentication programming interfaces as well as the code samples can be obtained from the "Authenticating Using OpenAM Java SDK" chapter of the OpenAM Developer's Guide.
        Creates a single sign on token with user or service as the entity
        Specified by:
        createSSOToken in interface SSOProvider
        Parameters:
        user - Principal representing a user or service
        password - password string.
        Returns:
        single sign on token
        Throws:
        SSOException - if the single sign on token cannot be created.
        UnsupportedOperationException - Thrown to indicate that the requested operation is not supported.

      • createSSOToken

        public SSOToken createSSOToken​(String tokenId,
                               boolean invokedByAuth)
                        throws SSOException,
                               UnsupportedOperationException
        Creates a single sign on token. Note: this method should remain private and get called only by the AuthContext API. Note also: this method may reset the idle time of the session.
        Parameters:
        tokenId - single sign on token ID.
        invokedByAuth - boolean flag indicating that this method has been invoked by the AuthContext.getSSOToken() API.
        Returns:
        single sign on token.
        Throws:
        SSOException - if the single sign on token cannot be created.
        UnsupportedOperationException - Thrown to indicate that the requested operation is not supported.

      • createSSOToken

        public SSOToken createSSOToken​(String tokenId,
                               boolean invokedByAuth,
                               boolean possiblyResetIdleTime)
                        throws SSOException,
                               UnsupportedOperationException
        Creates a single sign on token.
        Specified by:
        createSSOToken in interface SSOProvider
        Parameters:
        tokenId - single sign on token ID.
        invokedByAuth - boolean flag indicating that this method has been invoked by the AuthContext.getSSOToken() API.
        possiblyResetIdleTime - If true, the idle time of the token/session may be reset to zero. If false, the idle time will never be reset.
        Returns:
        single sign on token.
        Throws:
        SSOException - if the single sign on token cannot be created for any reason.
        UnsupportedOperationException - only here to satisfy the interface, this is never thrown.

      • isValidToken

        public boolean isValidToken​(SSOToken token)
        Checks the validity of the single sign on token
        Specified by:
        isValidToken in interface SSOProvider
        Parameters:
        token - The single sign on token object to be validated
        Returns:
        Returns true if the SSOToken is valid

      • isValidToken

        public boolean isValidToken​(SSOToken token,
                            boolean refresh)
        Checks the validity of the single sign on token
        Specified by:
        isValidToken in interface SSOProvider
        Parameters:
        token - The single sign on token object to be validated
        refresh - Flag indicating whether refreshing the token is allowed
        Returns:
        Returns true if the SSOToken is valid, false otherwise

      • validateToken

        public void validateToken​(SSOToken token)
                   throws SSOException
        Checks if the single sign on token is valid.
        Specified by:
        validateToken in interface SSOProvider
        Parameters:
        token - single sign on token.
        Throws:
        SSOException - if the single sign on token is not valid.

      • destroyToken

        public void destroyToken​(SSOToken token)
                  throws SSOException
        Destroys a single sign on token
        Specified by:
        destroyToken in interface SSOProvider
        Parameters:
        token - The single sign on token object to be destroyed
        Throws:
        SSOException - if the given token cannot be destroyed

      • logout

        public void logout​(SSOToken token)
            throws SSOException
        Description copied from interface: SSOProvider
        Logs out of the session underlying this SSOToken.
        Specified by:
        logout in interface SSOProvider
        Parameters:
        token - the sso token to log out.
        Throws:
        SSOException - if an error occurs during logout.

      • isIPValid

        public boolean isIPValid​(Session sess,
                         String clientIP)
                  throws SSOException
        Validate the IP address of the client with the IP stored in Session.
        Parameters:
        sess - Session object associated with the token
        clientIP - IP address of the current client who made HttpRequest.
        Returns:
        Returns true if the IP is valid else false.
        Throws:
        SSOException - if IP cannot be validated for the given session

      • refreshSession

        public void refreshSession​(SSOToken token)
                    throws SSOException
        Refresh the Session corresponding to the single sign on token from the Session Server.
        Specified by:
        refreshSession in interface SSOProvider
        Parameters:
        token - single sign on token for which session need to be refreshed
        Throws:
        SSOException - if the session cannot be refreshed

      • refreshSession

        public void refreshSession​(SSOToken token,
                           boolean possiblyResetIdleTime)
                    throws SSOException
        Refresh the Session corresponding to the single sign on token from the Session Server.
        Specified by:
        refreshSession in interface SSOProvider
        Parameters:
        token - single sign on token for which session need to be refreshed.
        possiblyResetIdleTime - if true, the idle time may be reset, if false it will never be.
        Throws:
        SSOException - if the session cannot be refreshed.

      • destroyToken

        public void destroyToken​(SSOToken destroyer,
                         SSOToken destroyed)
                  throws SSOException
        Destroys a single sign on token.
        Specified by:
        destroyToken in interface SSOProvider
        Parameters:
        destroyer - The single sign on token object used to authorize the operation
        destroyed - The single sign on token object to be destroyed.
        Throws:
        SSOException - if the there was an error during communication with session service.

      • getValidSessions

        public Set<SSOToken> getValidSessions​(SSOToken requester,
                                      String server)
                               throws SSOException
        Returns a list of single sign on token objects which correspond to valid Sessions accessible to requester. single sign on token objects returned are restricted: they can only be used to retrieve properties and destroy sessions they represent.
        Specified by:
        getValidSessions in interface SSOProvider
        Parameters:
        requester - The single sign on token object used to authorize the operation
        server - The server for which the valid sessions are to be retrieved
        Returns:
        Set of Valid Sessions
        Throws:
        SSOException - if the there was an error during communication with session service.