Package com.sun.identity.authentication.server

Class AuthContextLocal

  • All Implemented Interfaces:
    Serializable
    public final class AuthContextLocal
extends Object
implements Serializable
    The AuthContextLocal provides the implementation for authenticating users.

    A typical caller instantiates this class and starts the login process. The caller then obtains an array of Callback objects, which contains the information required by the authentication plug-in module. The caller requests information from the user. On receiving the information from the user, the caller submits the same to this class. If more information is required, the above process continues until all the information required by the plug-ins/authentication modules, has been supplied. The caller then checks if the user has successfully been authenticated. If successfully authenticated, the caller can then get the Subject and SSOToken for the user; if not successfully authenticated, the caller obtains the AuthLoginException.

    The implementation supports authenticating users either locally i.e., in process with all authentication modules configured or remotely to an authentication service/framework. (See documentation to configure in either of the modes).

    The getRequirements() and submitRequirements() are used to pass the user credentials for authentication by the plugin modules,getStatus() returns the authentication status.

    It should be serializable as a requirement to be stored in HttpSession.

    See Also:
    Serialized Form

    • Field Detail

      • authDebug

        protected static Debug authDebug
        Hold the debug instance

      • bundle

        protected static ResourceBundle bundle
        Holds the locale-specific information

      • organizationName

        protected String organizationName
        Holds organizationName

      • moduleInstanceNames

        protected Set moduleInstanceNames
        Holds the set of module instance names

      • hostName

        protected String hostName
        Holds the host name

      • httpSession

        protected jakarta.servlet.http.HttpSession httpSession
        Holds the http session

      • ssoToken

        protected SSOToken ssoToken
        Holds Single Sign on Token

      • informationRequired

        protected Callback[] informationRequired
        Holds call back information

      • subject

        protected Subject subject
        Holds subject

      • password

        protected char[] password
        character array for password

    • Constructor Detail

      • AuthContextLocal

        public AuthContextLocal​(String orgName)
        Creates AuthContextLocal instance is obtained for a given organization name, or sub organization name. login method is then used to start the authentication process.
        Parameters:
        orgName - name of the user's organization.

    • Method Detail

      • getModuleInstanceNames

        public Set getModuleInstanceNames()
        Returns authentication module/s instances(or) plugin(s) configured for an organization, or sub-organization that was set during the AuthContext constructor.
        Returns:
        authentication module/s instances (or plugins).
        Throws:
        UnsupportedOperationException - if an error occurred.

      • login

        public void login()
           throws AuthLoginException
        Starts the login process for the given AuthContextLocal object.
        Throws:
        AuthLoginException - if an error occurred during login.

      • login

        public void login​(Principal principal,
                  char[] password)
           throws AuthLoginException
        Starts the login process for the given AuthContextLocals object for the given Principal and the user's password. This method should be called primarily when the authenticator knows there would no other credentials needed to complete the authentication process.
        Parameters:
        principal - Principal of the user to be authenticated.
        password - password for the user.
        Throws:
        AuthLoginException - if an error occurred during login.

      • login

        public void login​(AuthContext.IndexType type,
                  String indexName)
           throws AuthLoginException
        Start the login process for the AuthContextLocal object identified by the index type and index name. The IndexType defines the possible kinds of "objects" or "resources" for which an authentication can be performed. Currently supported index types are users, roles, services (or application), levels and mechanism.
        Parameters:
        type - authentication index type.
        indexName - authentication index name.
        Throws:
        AuthLoginException - if an error occurred during login.

      • login

        public void login​(Subject subject)
           throws AuthLoginException
        Starts the login process for the given AuthContextLocal object for the given Subject. Refer to JAAS for description on Subject.
        Parameters:
        subject - Subject of the user to be authenticated.
        Throws:
        AuthLoginException - if an error occurred during login.

      • login

        public void login​(AuthContext.IndexType type,
                  String indexName,
                  String locale)
           throws AuthLoginException
        Starts the login process for the given AuthContextLocal object identified by the index type and index name. The IndexType defines the possible kinds of "objects" or "resources" for which an authentication can be performed.Currently supported index types are users, roles, services (or application), levels and mechanism. The locale specifies the user preferred locale setting.
        Parameters:
        type - authentication index type.
        indexName - authentication index name.
        locale - locale setting.
        Throws:
        AuthLoginException - if an error occurred during login process.

      • login

        public void login​(AuthContext.IndexType type,
                  String indexName,
                  Map envMap,
                  String locale)
           throws AuthLoginException
        Starts the login process for the given AuthContextLocal object identified by the index type and index name. The IndexType defines the possible kinds of "objects" or "resources" for which an authentication can be performed.Currently supported index types are users, roles, services (or application), levels and mechanism. The locale specifies the user preferred locale setting.
        Parameters:
        type - authentication index type.
        indexName - authentication index name.
        envMap - Environment Map, key is String, value is set of string. this is applicable only when the type is AuthContext.IndexType.RESOURCE
        locale - locale setting.
        Throws:
        AuthLoginException - if an error occurred during login process.

      • login

        protected void login​(AuthContext.IndexType type,
                     String indexName,
                     Principal principal,
                     char[] password,
                     Subject subject)
              throws AuthLoginException
        Performs the Login for the given AuthContext
        Parameters:
        type - authentication index type
        indexName - authentication index name
        principal - principal name of the user to be authenticated
        password - password for the user
        subject - authentication subject
        Throws:
        AuthLoginException - if error occurs during login

      • login

        protected void login​(AuthContext.IndexType type,
                     String indexName,
                     Principal principal,
                     char[] password,
                     Subject subject,
                     Map envMap,
                     String locale)
              throws AuthLoginException
        Performs the Login for the given AuthContext
        Parameters:
        type - authentication index type
        indexName - authentication index name
        principal - principal name of the user to be authenticated
        password - password for the user
        subject - authentication subject
        envMap - Environment map, this is applicable only when the type is AuthContext.IndexType.RESOURCE
        locale - locale setting
        Throws:
        AuthLoginException - if error occurs during login

      • reset

        public void reset()
        Resets this instance of AuthContextLocal object, so that a new login process can be initiated. A new authentication process can started using any one of the login methods.

      • getSubject

        public Subject getSubject()
        Returns the set of Principals the user has been authenticated as. This should be invoked only after successful authentication. If the authentication fails or the authentication is in process, this will return null.
        Returns:
        The set of Principals the user has been authenticated as.

      • hasMoreRequirements

        public boolean hasMoreRequirements()
        Checks if the login process requires more information from the user to complete the authentication.
        Returns:
        true if more credentials are required from the user.

      • hasMoreRequirements

        public boolean hasMoreRequirements​(boolean noFilter)
        Checks if the login process requires more information from the user to complete the authentication
        Parameters:
        noFilter - falg to indicate if there is a Filter
        Returns:
        true if more credentials are required from the user.

      • getRequirements

        public Callback[] getRequirements()
        Returns an array of Callback objects that must be populated by the user and returned back. These objects are requested by the authentication plug-ins, and these are usually displayed to the user. The user then provides the requested information for it to be authenticated.
        Returns:
        an array of Callback objects requesting credentials from user.

      • getRequirements

        public Callback[] getRequirements​(boolean noFilter)
        Returns an array of Callback objects that must be populated by the user and returned back. These objects are requested by the authentication plug-ins, and these are usually displayed to the user. The user then provides the requested information for it to be authenticated.
        Parameters:
        noFilter - flag to indicate if there is a Filter
        Returns:
        an array of Callback objects requesting credentials from user.

      • submitRequirements

        public void submitRequirements​(Callback[] info)
        Submit the populated Callback objects to the authentication plug-in modules. Called after getRequirements method and obtaining user's response to these requests.
        Parameters:
        info - array of Callback objects

      • logout

        public void logout()
            throws AuthLoginException
        Logs out the user and also invalidates the SSOToken associated with this AuthContextLocal.
        Throws:
        AuthLoginException - if an error occurred during logout

      • getLoginException

        public AuthLoginException getLoginException()
        Returns login exception, if any, during the authentication process. Typically set when the login fails.
        Returns:
        login exception.

      • setLoginException

        public void setLoginException​(AuthLoginException exception)
        Sets the login exception that represents errors during the authentication process.
        Parameters:
        exception - AuthLoginException to be set.

      • getStatus

        public AuthContext.Status getStatus()
        Returns the current status of the authentication process.
        Returns:
        the current status of the authentication process.

      • setLoginStatus

        protected void setLoginStatus​(AuthContext.Status status)
        Sets the login status. Used internally and not visible outside this package.
        Parameters:
        status - login status

      • getSSOToken

        public SSOToken getSSOToken()
        Returns the Single-Sign-On (SSO) Token for the authenticated user.Single-Sign-On token can be used as the authenticated token.
        Returns:
        single-sign-on token

      • getSuccessURL

        public String getSuccessURL()
        Returns the Successful Login URL for the authenticated user.
        Returns:
        the Successful Login URL for the authenticated user.

      • getFailureURL

        public String getFailureURL()
        Returns the Failure Login URL for the authenticating user.
        Returns:
        the Failure Login URL for the authenticating user.

      • getOrganizationName

        public String getOrganizationName()
        Returns the the organization name that was set during the AuthContextLocal constructor.
        Returns:
        Organization name.

      • abort

        public void abort()
           throws AuthLoginException
        Terminates an ongoing login call that has not yet completed.
        Throws:
        AuthLoginException - if an error occurred during abort.

      • getErrorTemplate

        public String getErrorTemplate()
        Returns the error template.
        Returns:
        the error template.

      • getErrorMessage

        public String getErrorMessage()
        Returns the error message.
        Returns:
        the error message.

      • getErrorCode

        public String getErrorCode()
        Returns the error code.
        Returns:
        error code.

      • getAuthIdentifier

        public String getAuthIdentifier()
        Returns the current 'authIdentifier' of the authentication process as String Session ID.
        Returns:
        authIdentifier of the authentication process

      • getLockoutMsg

        public String getLockoutMsg()
        Returns the account lockout message. This can be either a dynamic message indicating the number of tries left or the the account deactivated message.
        Returns:
        account lockout message.

      • isLockedOut

        public boolean isLockedOut()
        Checks the account is locked out
        Returns:
        true if the account is locked, false otherwise

      • setClientHostName

        public void setClientHostName​(String hostname)
        Sets the client's host name , this method is used in case of remote authentication,to set the client's hostname or IP address. This could be used by the policy component to restrict access to resources.
        Parameters:
        hostname - Host name.

      • getClientHostName

        protected String getClientHostName()
        Returns the clients host name
        Returns:
        hostname

      • submittedRequirements

        public boolean submittedRequirements()

      • setHttpSession

        public void setHttpSession​(jakarta.servlet.http.HttpSession session)
        Sets the HttpSession that will be used by the SSO component to store the session information. In the absence of HttpSession the information is stored in HashMap and will have issues with fail-over. With session fail-over turned on HttpSession would be provide persistance storage mechanism for SSO.
        Parameters:
        session - HttpSession

      • getHttpSession

        protected jakarta.servlet.http.HttpSession getHttpSession()
        Returns the HTTPSession associated with the current authentication context
        Returns:
        httpSession

      • getCallbacks

        protected static Callback[] getCallbacks​(Callback[] recdCallbacks,
                                         boolean noFilter)
        Returns the array of Callback requirements objects
        Parameters:
        recdCallbacks - callbacks requirements
        noFilter - boolean to indicate if filter exists
        Returns:
        an array of Callback objects

      • setLoginState

        public void setLoginState​(LoginState state)
        Sets the Login State
        Parameters:
        state - login state

      • getLoginState

        public LoginState getLoginState()
        Returns the login state
        Returns:
        loginState

      • setOrgDN

        public void setOrgDN​(String orgDN)
        Sets the Organization DN
        Parameters:
        orgDN - Organization DN

      • getOrgDN

        public String getOrgDN()
        Returns the Organization DN
        Returns:
        the Organization DN