com.sun.identity.authentication.server

Class AuthContextLocal

java.lang.Object

com.sun.identity.authentication.server.AuthContextLocal

All Implemented Interfaces:

Serializable

public final class AuthContextLocal
extends Object
implements Serializable

The AuthContextLocal provides the implementation for authenticating users.

A typical caller instantiates this class and starts the login process. The caller then obtains an array of Callback objects, which contains the information required by the authentication plug-in module. The caller requests information from the user. On receiving the information from the user, the caller submits the same to this class. If more information is required, the above process continues until all the information required by the plug-ins/authentication modules, has been supplied. The caller then checks if the user has successfully been authenticated. If successfully authenticated, the caller can then get the Subject and SSOToken for the user; if not successfully authenticated, the caller obtains the AuthLoginException.

The implementation supports authenticating users either locally i.e., in process with all authentication modules configured or remotely to an authentication service/framework. (See documentation to configure in either of the modes).

The getRequirements() and submitRequirements() are used to pass the user credentials for authentication by the plugin modules,getStatus() returns the authentication status.

It should be serializable as a requirement to be stored in HttpSession.

See Also:

Serialized Form

Field Summary

Fields

Modifier and Type	Field and Description
AMLoginContext	amlc AuthLoginContext
protected static Debug	authDebug Hold the debug instance
protected static ResourceBundle	bundle Holds the locale-specific information
protected String	hostName Holds the host name
protected javax.servlet.http.HttpSession	httpSession Holds the http session
static String	INDEX_NAME authentication index name
static String	INDEX_TYPE authentication index type
protected Callback[]	informationRequired Holds call back information
static String	LDAP_AUTH_URL Holds LDAP URL
static String	LOCALE locale setting
protected AuthLoginException	loginException AuthLoginException
protected AuthContext.Status	loginStatus
LoginStatus	ls Holds LoginStatus
protected Set	moduleInstanceNames Holds the set of module instance names
protected String	organizationName Holds organizationName
protected char[]	password character array for password
static String	PASSWORD Holds Password for the user
static String	PRINCIPAL Holds principal name to be authenticated
static String	REDIRECT_URL Redirection URL
protected SSOToken	ssoToken Holds Single Sign on Token
protected Subject	subject Holds subject
static String	SUBJECT authentication subject

Constructor Summary

Constructors

Constructor and Description
AuthContextLocal(String orgName) Creates AuthContextLocal instance is obtained for a given organization name, or sub organization name.

Method Summary

Modifier and Type	Method and Description
void	abort() Terminates an ongoing login call that has not yet completed.
String	getAuthIdentifier() Returns the current 'authIdentifier' of the authentication process as String Session ID.
protected static Callback[]	getCallbacks(Callback[] recdCallbacks, boolean noFilter) Returns the array of Callback requirements objects
protected String	getClientHostName() Returns the clients host name
String	getErrorCode() Returns the error code.
String	getErrorMessage() Returns the error message.
String	getErrorTemplate() Returns the error template.
String	getFailureURL() Returns the Failure Login URL for the authenticating user.
protected javax.servlet.http.HttpSession	getHttpSession() Returns the HTTPSession associated with the current authentication context
String	getLockoutMsg() Returns the account lockout message.
AuthLoginException	getLoginException() Returns login exception, if any, during the authentication process.
LoginState	getLoginState() Returns the login state
Set	getModuleInstanceNames() Returns authentication module/s instances(or) plugin(s) configured for an organization, or sub-organization that was set during the AuthContext constructor.
String	getOrganizationName() Returns the the organization name that was set during the AuthContextLocal constructor.
String	getOrgDN() Returns the Organization DN
Callback[]	getRequirements() Returns an array of Callback objects that must be populated by the user and returned back.
Callback[]	getRequirements(boolean noFilter) Returns an array of Callback objects that must be populated by the user and returned back.
SSOToken	getSSOToken() Returns the Single-Sign-On (SSO) Token for the authenticated user.Single-Sign-On token can be used as the authenticated token.
AuthContext.Status	getStatus() Returns the current status of the authentication process.
Subject	getSubject() Returns the set of Principals the user has been authenticated as.
String	getSuccessURL() Returns the Successful Login URL for the authenticated user.
boolean	hasMoreRequirements() Checks if the login process requires more information from the user to complete the authentication.
boolean	hasMoreRequirements(boolean noFilter) Checks if the login process requires more information from the user to complete the authentication
boolean	isLockedOut() Checks the account is locked out
void	login() Starts the login process for the given AuthContextLocal object.
void	login(AuthContext.IndexType type, String indexName) Start the login process for the AuthContextLocal object identified by the index type and index name.
void	login(AuthContext.IndexType type, String indexName, Map envMap, String locale) Starts the login process for the given AuthContextLocal object identified by the index type and index name.
protected void	login(AuthContext.IndexType type, String indexName, Principal principal, char[] password, Subject subject) Performs the Login for the given AuthContext
protected void	login(AuthContext.IndexType type, String indexName, Principal principal, char[] password, Subject subject, Map envMap, String locale) Performs the Login for the given AuthContext
void	login(AuthContext.IndexType type, String indexName, String locale) Starts the login process for the given AuthContextLocal object identified by the index type and index name.
void	login(Principal principal, char[] password) Starts the login process for the given AuthContextLocals object for the given Principal and the user's password.
void	login(Subject subject) Starts the login process for the given AuthContextLocal object for the given Subject.
void	logout() Logs out the user and also invalidates the SSOToken associated with this AuthContextLocal.
void	reset() Resets this instance of AuthContextLocal object, so that a new login process can be initiated.
void	setClientHostName(String hostname) Sets the client's host name , this method is used in case of remote authentication,to set the client's hostname or IP address.
void	setHttpSession(javax.servlet.http.HttpSession session) Sets the HttpSession that will be used by the SSO component to store the session information.
void	setLoginException(AuthLoginException exception) Sets the login exception that represents errors during the authentication process.
void	setLoginState(LoginState state) Sets the Login State
protected void	setLoginStatus(AuthContext.Status status) Sets the login status.
void	setOrgDN(String orgDN) Sets the Organization DN
void	submitRequirements(Callback[] info) Submit the populated Callback objects to the authentication plug-in modules.
boolean	submittedRequirements()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

authDebug

protected static Debug authDebug

Hold the debug instance

bundle

protected static ResourceBundle bundle

Holds the locale-specific information

organizationName

protected String organizationName

Holds organizationName

moduleInstanceNames

protected Set moduleInstanceNames

Holds the set of module instance names

loginStatus

protected AuthContext.Status loginStatus

hostName

protected String hostName

Holds the host name

httpSession

protected javax.servlet.http.HttpSession httpSession

Holds the http session

ssoToken

protected SSOToken ssoToken

Holds Single Sign on Token

loginException

protected volatile AuthLoginException loginException

AuthLoginException

informationRequired

protected Callback[] informationRequired

Holds call back information

amlc

public AMLoginContext amlc

AuthLoginContext

ls

public LoginStatus ls

Holds LoginStatus

subject

protected Subject subject

Holds subject

password

protected char[] password

character array for password

LDAP_AUTH_URL

public static final String LDAP_AUTH_URL

Holds LDAP URL

See Also:

Constant Field Values

PRINCIPAL

public static final String PRINCIPAL

Holds principal name to be authenticated

See Also:

Constant Field Values

PASSWORD

public static final String PASSWORD

Holds Password for the user

See Also:

Constant Field Values

SUBJECT

public static final String SUBJECT

authentication subject

See Also:

Constant Field Values

INDEX_TYPE

public static final String INDEX_TYPE

authentication index type

See Also:

Constant Field Values

INDEX_NAME

public static final String INDEX_NAME

authentication index name

See Also:

Constant Field Values

LOCALE

public static final String LOCALE

locale setting

See Also:

Constant Field Values

REDIRECT_URL

public static final String REDIRECT_URL

Redirection URL

See Also:

Constant Field Values

Constructor Detail

AuthContextLocal

public AuthContextLocal(String orgName)

Creates AuthContextLocal instance is obtained for a given organization name, or sub organization name. login method is then used to start the authentication process.

Parameters:

orgName - name of the user's organization.

Method Detail

getModuleInstanceNames

public Set getModuleInstanceNames()

Returns authentication module/s instances(or) plugin(s) configured for an organization, or sub-organization that was set during the AuthContext constructor.

Returns:

authentication module/s instances (or plugins).

Throws:

UnsupportedOperationException - if an error occurred.

login

public void login()
           throws AuthLoginException

Starts the login process for the given AuthContextLocal object.

Throws:

AuthLoginException - if an error occurred during login.

login

public void login(Principal principal,
                  char[] password)
           throws AuthLoginException

Starts the login process for the given AuthContextLocals object for the given Principal and the user's password. This method should be called primarily when the authenticator knows there would no other credentials needed to complete the authentication process.

Parameters:

principal - Principal of the user to be authenticated.

password - password for the user.

Throws:

AuthLoginException - if an error occurred during login.

login

public void login(AuthContext.IndexType type,
                  String indexName)
           throws AuthLoginException

Start the login process for the AuthContextLocal object identified by the index type and index name. The IndexType defines the possible kinds of "objects" or "resources" for which an authentication can be performed. Currently supported index types are users, roles, services (or application), levels and mechanism.

Parameters:

type - authentication index type.

indexName - authentication index name.

Throws:

AuthLoginException - if an error occurred during login.

login

public void login(Subject subject)
           throws AuthLoginException

Starts the login process for the given AuthContextLocal object for the given Subject. Refer to JAAS for description on Subject.

Parameters:

subject - Subject of the user to be authenticated.

Throws:

AuthLoginException - if an error occurred during login.

login

public void login(AuthContext.IndexType type,
                  String indexName,
                  String locale)
           throws AuthLoginException

Starts the login process for the given AuthContextLocal object identified by the index type and index name. The IndexType defines the possible kinds of "objects" or "resources" for which an authentication can be performed.Currently supported index types are users, roles, services (or application), levels and mechanism. The locale specifies the user preferred locale setting.

Parameters:

type - authentication index type.

indexName - authentication index name.

locale - locale setting.

Throws:

AuthLoginException - if an error occurred during login process.

login

public void login(AuthContext.IndexType type,
                  String indexName,
                  Map envMap,
                  String locale)
           throws AuthLoginException

Starts the login process for the given AuthContextLocal object identified by the index type and index name. The IndexType defines the possible kinds of "objects" or "resources" for which an authentication can be performed.Currently supported index types are users, roles, services (or application), levels and mechanism. The locale specifies the user preferred locale setting.

Parameters:

type - authentication index type.

indexName - authentication index name.

envMap - Environment Map, key is String, value is set of string. this is applicable only when the type is AuthContext.IndexType.RESOURCE

locale - locale setting.

Throws:

AuthLoginException - if an error occurred during login process.

login

protected void login(AuthContext.IndexType type,
                     String indexName,
                     Principal principal,
                     char[] password,
                     Subject subject)
              throws AuthLoginException

Performs the Login for the given AuthContext

Parameters:

type - authentication index type

indexName - authentication index name

principal - principal name of the user to be authenticated

password - password for the user

subject - authentication subject

Throws:

AuthLoginException - if error occurs during login

login

protected void login(AuthContext.IndexType type,
                     String indexName,
                     Principal principal,
                     char[] password,
                     Subject subject,
                     Map envMap,
                     String locale)
              throws AuthLoginException

Performs the Login for the given AuthContext

Parameters:

type - authentication index type

indexName - authentication index name

principal - principal name of the user to be authenticated

password - password for the user

subject - authentication subject

envMap - Environment map, this is applicable only when the type is AuthContext.IndexType.RESOURCE

locale - locale setting

Throws:

AuthLoginException - if error occurs during login

reset

public void reset()

Resets this instance of AuthContextLocal object, so that a new login process can be initiated. A new authentication process can started using any one of the login methods.

getSubject

public Subject getSubject()

Returns the set of Principals the user has been authenticated as. This should be invoked only after successful authentication. If the authentication fails or the authentication is in process, this will return null.

Returns:

The set of Principals the user has been authenticated as.

hasMoreRequirements

public boolean hasMoreRequirements()

Checks if the login process requires more information from the user to complete the authentication.

Returns:

true if more credentials are required from the user.

hasMoreRequirements

public boolean hasMoreRequirements(boolean noFilter)

Checks if the login process requires more information from the user to complete the authentication

Parameters:

noFilter - falg to indicate if there is a Filter

Returns:

true if more credentials are required from the user.

getRequirements

public Callback[] getRequirements()

Returns an array of Callback objects that must be populated by the user and returned back. These objects are requested by the authentication plug-ins, and these are usually displayed to the user. The user then provides the requested information for it to be authenticated.

Returns:

an array of Callback objects requesting credentials from user.

getRequirements

public Callback[] getRequirements(boolean noFilter)

Returns an array of Callback objects that must be populated by the user and returned back. These objects are requested by the authentication plug-ins, and these are usually displayed to the user. The user then provides the requested information for it to be authenticated.

Parameters:

noFilter - flag to indicate if there is a Filter

Returns:

an array of Callback objects requesting credentials from user.

submitRequirements

public void submitRequirements(Callback[] info)

Submit the populated Callback objects to the authentication plug-in modules. Called after getRequirements method and obtaining user's response to these requests.

Parameters:

info - array of Callback objects

logout

public void logout()
            throws AuthLoginException

Logs out the user and also invalidates the SSOToken associated with this AuthContextLocal.

Throws:

AuthLoginException - if an error occurred during logout

getLoginException

public AuthLoginException getLoginException()

Returns login exception, if any, during the authentication process. Typically set when the login fails.

Returns:

login exception.

setLoginException

public void setLoginException(AuthLoginException exception)

Sets the login exception that represents errors during the authentication process.

Parameters:

exception - AuthLoginException to be set.

getStatus

public AuthContext.Status getStatus()

Returns the current status of the authentication process.

Returns:

the current status of the authentication process.

setLoginStatus

protected void setLoginStatus(AuthContext.Status status)

Sets the login status. Used internally and not visible outside this package.

Parameters:

status - login status

getSSOToken

public SSOToken getSSOToken()

Returns the Single-Sign-On (SSO) Token for the authenticated user.Single-Sign-On token can be used as the authenticated token.

Returns:

single-sign-on token

getSuccessURL

public String getSuccessURL()

Returns the Successful Login URL for the authenticated user.

Returns:

the Successful Login URL for the authenticated user.

getFailureURL

public String getFailureURL()

Returns the Failure Login URL for the authenticating user.

Returns:

the Failure Login URL for the authenticating user.

getOrganizationName

public String getOrganizationName()

Returns the the organization name that was set during the AuthContextLocal constructor.

Returns:

Organization name.

abort

public void abort()
           throws AuthLoginException

Terminates an ongoing login call that has not yet completed.

Throws:

AuthLoginException - if an error occurred during abort.

getErrorTemplate

public String getErrorTemplate()

Returns the error template.

Returns:

the error template.

getErrorMessage

public String getErrorMessage()

Returns the error message.

Returns:

the error message.

getErrorCode

public String getErrorCode()

Returns the error code.

Returns:

error code.

getAuthIdentifier

public String getAuthIdentifier()

Returns the current 'authIdentifier' of the authentication process as String Session ID.

Returns:

authIdentifier of the authentication process

getLockoutMsg

public String getLockoutMsg()

Returns the account lockout message. This can be either a dynamic message indicating the number of tries left or the the account deactivated message.

Returns:

account lockout message.

isLockedOut

public boolean isLockedOut()

Checks the account is locked out

Returns:

true if the account is locked, false otherwise

setClientHostName

public void setClientHostName(String hostname)

Sets the client's host name , this method is used in case of remote authentication,to set the client's hostname or IP address. This could be used by the policy component to restrict access to resources.

Parameters:

hostname - Host name.

getClientHostName

protected String getClientHostName()

Returns the clients host name

Returns:

hostname

submittedRequirements

public boolean submittedRequirements()

setHttpSession

public void setHttpSession(javax.servlet.http.HttpSession session)

Sets the HttpSession that will be used by the SSO component to store the session information. In the absence of HttpSession the information is stored in HashMap and will have issues with fail-over. With session fail-over turned on HttpSession would be provide persistance storage mechanism for SSO.

Parameters:

session - HttpSession

getHttpSession

protected javax.servlet.http.HttpSession getHttpSession()

Returns the HTTPSession associated with the current authentication context

Returns:

httpSession

getCallbacks

protected static Callback[] getCallbacks(Callback[] recdCallbacks,
                                         boolean noFilter)

Returns the array of Callback requirements objects

Parameters:

recdCallbacks - callbacks requirements

noFilter - boolean to indicate if filter exists

Returns:

an array of Callback objects

setLoginState

public void setLoginState(LoginState state)

Sets the Login State

Parameters:

state - login state

getLoginState

public LoginState getLoginState()

Returns the login state

Returns:

loginState

setOrgDN

public void setOrgDN(String orgDN)

Sets the Organization DN

Parameters:

orgDN - Organization DN

getOrgDN

public String getOrgDN()

Returns the Organization DN

Returns:

the Organization DN