Package com.sun.identity.authentication.service

Class LoginState

  • public class LoginState
extends Object
    This class maintains the User's login state information from the time user requests for authentication till the time the user either logs out of the OpenAM system or the session is destroyed by any privileged application of the OpenAM system.

    • Field Detail

      • INTERNAL_USERS

        public static final Set<String> INTERNAL_USERS

      • stateless

        public boolean stateless

    • Constructor Detail

      • LoginState

        public LoginState()

    • Method Detail

      • getHttpServletRequest

        public jakarta.servlet.http.HttpServletRequest getHttpServletRequest()
        Returns servlet request object.
        Returns:
        servlet request object.

      • setHttpServletRequest

        public void setHttpServletRequest​(jakarta.servlet.http.HttpServletRequest servletRequest)
        Sets servlet request.
        Parameters:
        servletRequest - Servlet request.

      • getSession

        public InternalSession getSession()
        Returns session, Returns null if session state is INACTIVE or DESTROYED.
        Returns:
        session;

      • setSession

        public void setSession​(InternalSession sess)
        Sets the internal session for the request.
        Parameters:
        sess - Internal session for the request.

      • setReceivedCallback_NoThread

        public void setReceivedCallback_NoThread​(Callback[] callback)
        Sets the callbacks recieved and notify waiting thread. Used in non-jaas thread mode only.
        Parameters:
        callback -

      • getReceivedInfo

        public Callback[] getReceivedInfo()
        Returns recieved callback info from loginmodule.
        Returns:
        recieved callback info from loginmodule.

      • getSubmittedInfo

        public Callback[] getSubmittedInfo()
        Returns callbacks submitted by client.
        Returns:
        callbacks submitted by client.

      • getOrgDN

        public String getOrgDN()
        Returns the organization DN example o=iplanet.com,o=isp.
        Returns:
        the organization DN example o=iplanet.com,o=isp.

      • getOrgName

        public String getOrgName()
        Returns the organization name.
        Returns:
        the organization name.

      • getLoginStatus

        public int getLoginStatus()
        Returns the authentication login status.
        Returns:
        the authentication login status.

      • setLoginStatus

        public void setLoginStatus​(int loginStatus)
        Sets the authentication login status.
        Parameters:
        loginStatus - authentication login status.

      • setParamHash

        public void setParamHash​(Map<String,​String> requestHash)
        Sets the request parameters hash. Side Effect: Also updates the requestMap at the same time.
        Parameters:
        requestHash - Request parameters hash.

      • isDynamicProfileCreationEnabled

        public boolean isDynamicProfileCreationEnabled()
        Returns true if dynamic profile is enabled.
        Returns:
        true if dynamic profile is enabled.

      • getActivatedSessionTrackingId

        public String getActivatedSessionTrackingId()
        Gets the external ID of the activated session. See Constants.AM_CTX_ID
        Returns:
        the external session ID string.

      • getSubject

        public Subject getSubject()
        Returns the authenticated subject.
        Returns:
        Authenticated subject

      • setSubject

        public void setSubject​(Subject subject)
        Sets the authenticated subject.
        Parameters:
        subject - Authenticated subject.

      • getIdleTime

        public int getIdleTime()
        Returns session idle time.
        Returns:
        session idle time.

      • getMaxSession

        public int getMaxSession()

      • getCacheTime

        public int getCacheTime()
        Returns session cache time.
        Returns:
        session cache time.

      • getUserDN

        public String getUserDN()
        Returns user DN.
        Returns:
        user DN.

      • getAuthLevel

        public int getAuthLevel()
        Returns authentication level.
        Returns:
        authentication level.

      • setAuthLevel

        public void setAuthLevel​(String authLevel)
        Sets the authentication level. checks if moduleAuthLevel is set and if it is greater then the authentications level then moduleAuthLevel will be the set level.
        Parameters:
        authLevel - Authentication Level.

      • getClient

        public String getClient()
        Returns the client address.
        Returns:
        the client address.

      • setClient

        public void setClient​(String remoteAddr)
        Sets the client address.
        Parameters:
        remoteAddr - Client address.

      • getClientType

        public String getClientType()
        Returns the client type.
        Returns:
        the client type.

      • activateSession

        public boolean activateSession​(Subject subject)
                        throws AuthException
        Activates session on successful authentication.

        Unless the noSession query parameter was set on the request and then in that case no new permanent session is activated and true.

        Parameters:
        subject -
        Returns:
        true if user session is activated successfully, false if failed to activated or true if the noSession parameter is set to true.
        Throws:
        AuthException

      • getInetDomainStatus

        public boolean getInetDomainStatus()
        Returns the inetDomainStatus.
        Returns:
        inetDomainStatus.

      • getLocale

        public String getLocale()
        Returns locale.
        Returns:
        locale.

      • setLocale

        public void setLocale​(String locale)
        Sets locale
        Parameters:
        locale - locale setting

      • getSid

        public SessionID getSid()
        Returns Session ID.
        Returns:
        Session ID.

      • getForceFlag

        public boolean getForceFlag()

      • setForceAuth

        public void setForceAuth​(boolean force)

      • enableCookieTimeToLive

        public void enableCookieTimeToLive​(boolean flag)
        Enables AM session cookie time to live
        Parameters:
        flag - if true enables AM session cookie time to live, otherwise disables AM session cookie time to live

      • isCookieTimeToLiveEnabled

        public boolean isCookieTimeToLiveEnabled()
        Checks whether AM session cookie time to live is enabled
        Returns:
        true if AM session cookie time to live is enabled, otherwise returns false

      • getCookieTimeToLive

        public int getCookieTimeToLive()
        Returns AM session cookie time to live
        Returns:
        AM session cookie time to live in seconds

      • setCookieTimeToLive

        public void setCookieTimeToLive​(int timeToLive)
        Sets AM session cookie time to live
        Parameters:
        timeToLive - AM session cookie time to live in seconds

      • getSSOToken

        public SSOToken getSSOToken()
                     throws SSOException
        Returns the single sign on token associated with the session.
        Returns:
        the single sign on token associated with the session.
        Throws:
        SSOException

      • encodeURL

        public String encodeURL​(String url)
        Returns URL with the cookie value in the URL.
        Parameters:
        url - URL.
        Returns:
        Encoded URL.

      • encodeURL

        public String encodeURL​(String url,
                        boolean useAMCookie)
        Returns URL with the cookie value in the URL. The cookie in the rewritten url will have the AM cookie if session is active/inactive and auth cookie if cookie is invalid
        Returns:
        the encoded URL

      • getFileName

        public String getFileName​(String fileName)
        Returns the filename . This method uses ResourceLookup API to locate the resource/file. The resource/file search path is 
         fileRoot_locale/orgPath/filePath/filename
 fileRoot/orgPath/filePath/filename
 default_locale/orgPath/filePath/filename
 default/orgPath/filePath/filename
 where filePath =
            clientPath (html/wml etc) + serviceName
 eg. if orgDN = o=solaris.eng,o=eng.com,o=sun.com,dc=iplanet,dc=com
    clientPath = html
    service name = paycheck
    locale=en
    filename=Login.jsp
        then the search will be as follows : 
         iplanet_en/sun.com/eng.com/solaris.eng/html/paycheck/Login.jsp
 iplanet_en/sun.com/eng.com/solaris.eng/html/Login.jsp
 iplanet_en/sun.com/eng.com/solaris.eng/Login.jsp
 iplanet_en/sun.com/eng.com/html/paycheck/Login.jsp
 iplanet_en/sun.com/eng.com/html/Login.jsp
 iplanet_en/sun.com/eng.com/Login.jsp
 iplanet_en/sun.com/html/paycheck/Login.jsp
 iplanet_en/sun.com/html/Login.jsp
 iplanet_en/sun.com/Login.jsp
 iplanet_en/html/paycheck/Login.jsp
 iplanet_en/html/Login.jsp
 iplanet_en/Login.jsp

 iplanet/sun.com/eng.com/solaris.eng/html/paycheck/Login.jsp
 iplanet/sun.com/eng.com/solaris.eng/html/Login.jsp
 iplanet/sun.com/eng.com/solaris.eng/Login.jsp
 iplanet/sun.com/eng.com/html/paycheck/Login.jsp
 iplanet/sun.com/eng.com/html/Login.jsp
 iplanet/sun.com/eng.com/Login.jsp
 iplanet/sun.com/html/paycheck/Login.jsp
 iplanet/sun.com/html/Login.jsp
 iplanet/sun.com/Login.jsp
 iplanet/html/paycheck/Login.jsp
 iplanet/html/Login.jsp
 iplanet/Login.jsp

 default_en/sun.com/eng.com/solaris.eng/html/paycheck/Login.jsp
 default_en/sun.com/eng.com/solaris.eng/html/Login.jsp
 default_en/sun.com/eng.com/solaris.eng/Login.jsp
 default_en/sun.com/eng.com/html/paycheck/Login.jsp
 default_en/sun.com/eng.com/html/Login.jsp
 default_en/sun.com/eng.com/Login.jsp
 default_en/sun.com/html/paycheck/Login.jsp
 default_en/sun.com/html/Login.jsp
 default_en/sun.com/Login.jsp
 default_en/html/paycheck/Login.jsp
 default_en/html/Login.jsp
 default_en/Login.jsp

 default/sun.com/eng.com/solaris.eng/html/paycheck/Login.jsp
 default/sun.com/eng.com/solaris.eng/html/Login.jsp
 default/sun.com/eng.com/solaris.eng/Login.jsp
 default/sun.com/eng.com/html/paycheck/Login.jsp
 default/sun.com/eng.com/html/Login.jsp
 default/sun.com/eng.com/Login.jsp
 default/sun.com/html/paycheck/Login.jsp
 default/sun.com/html/Login.jsp
 default/sun.com/Login.jsp
 default/html/paycheck/Login.jsp
 default/html/Login.jsp
 default/Login.jsp
        In case of non-HTML client, it will try to find Login_<charset>.jsp. If not found, it then try Login.jsp.
        Returns:
        configured jsp file name

      • populateDefaultUserAttributes

        public void populateDefaultUserAttributes()
                                   throws AMException
        Populate all the default user attribute for profile
        Throws:
        AMException - if it fails to populate default user attributes

      • getAuthModuleNames

        public String getAuthModuleNames()
        Get the auth module name(s).
        Returns:
        The list of auth module names in a pipe separated string.

      • getZeroPageLoginConfig

        public ZeroPageLoginConfig getZeroPageLoginConfig()
        Returns the configuration for whether Zero Page Login (ZPL) should be allowed or not.
        Returns:
        the ZPL configuration

      • getRequestParamHash

        public Map<String,​String> getRequestParamHash()
        Return saved request parameters in Hashtable
        Returns:
        saved request parameters in Hashtable

      • getIndexType

        public AuthContext.IndexType getIndexType()
        Returns the current index type.
        Returns:
        the current index type.

      • getSuccessLoginURL

        public String getSuccessLoginURL()
        Returns success login URL.
        Returns:
        success login URL.

      • setSuccessLoginURL

        public void setSuccessLoginURL​(String url)
        Sets success login URL.
        Parameters:
        url - success login URL.

      • getFailureLoginURL

        public String getFailureLoginURL()
        Returns failure login URL.
        Returns:
        failure login URL.

      • setFailureLoginURL

        public void setFailureLoginURL​(String url)
        Sets failure login URL.
        Parameters:
        url - failure login URL.

      • getHttpServletResponse

        public jakarta.servlet.http.HttpServletResponse getHttpServletResponse()
        Returns servlet response object.
        Returns:
        servlet response object.

      • setHttpServletResponse

        public void setHttpServletResponse​(jakarta.servlet.http.HttpServletResponse servletResponse)
        Sets servlet response.
        Parameters:
        servletResponse - servletResponse object to be set

      • isNoSession

        public boolean isNoSession()
        Returns:
        true if noSession mode was enabled in the request.

      • getUserToken

        protected String getUserToken()

      • getLoginFailureLockoutMode

        public boolean getLoginFailureLockoutMode()

      • getLoginFailureLockoutStoreInDS

        public boolean getLoginFailureLockoutStoreInDS()

      • getLoginFailureLockoutTime

        public long getLoginFailureLockoutTime()
        Default max time for loginFailureLockout.

      • getLoginFailureLockoutCount

        public int getLoginFailureLockoutCount()
        Default count for loginFailureLockout.

      • getLoginLockoutNotification

        public String getLoginLockoutNotification()
        Default notification for loginFailureLockout.

      • incrementFailCount

        public void incrementFailCount​(String failedUserId)

      • isAccountLocked

        public boolean isAccountLocked​(String username)

      • getLoginLockoutUserWarning

        public int getLoginLockoutUserWarning()
        Returns lockout warning message.
        Returns:
        lockout warning message.

      • getErrorCode

        public String getErrorCode()
        Returns the error code .
        Returns:
        the error code .

      • setErrorCode

        public void setErrorCode​(String errorCode)
        Sets the error code.
        Parameters:
        errorCode - Error code.

      • getErrorMessage

        public String getErrorMessage()
        Returns the error message.
        Returns:
        the error message.

      • setErrorMessage

        public void setErrorMessage​(String errorMessage)
        Sets the error message.
        Parameters:
        errorMessage - Error message.

      • getErrorTemplate

        public String getErrorTemplate()
        Returns the error template generated by framework.
        Returns:
        the error template generated by framework.

      • setErrorTemplate

        public void setErrorTemplate​(String errorTemplate)
        Sets the error template generated by framework.
        Parameters:
        errorTemplate - Error template.

      • setModuleErrorTemplate

        public void setModuleErrorTemplate​(String moduleErrorTemplate)
        Sets the error module template sent by login module.
        Parameters:
        moduleErrorTemplate - Module error template.

      • isTimedOut

        public boolean isTimedOut()
        Returns true if page times out.
        Returns:
        true if page times out.

      • getLockoutMsg

        public String getLockoutMsg()
        Returns the lockout message.
        Returns:
        the lockout message.

      • setLockoutMsg

        public void setLockoutMsg​(String lockoutMsg)
        Sets the lockout message.
        Parameters:
        lockoutMsg - the lockout message.

      • getIndexName

        public String getIndexName()
        Returns the index name.
        Returns:
        the index name.

      • setIndexName

        public void setIndexName​(String indexName)
        Set index name
        Parameters:
        indexName - indexName to be set

      • setModuleAuthLevel

        public boolean setModuleAuthLevel​(int authLevel)
        Sets the module AuthLevel. The authentication level being set cannot be downgraded below that set by the module configuration.This method is called by AMLoginModule SPI
        Parameters:
        authLevel - authentication level string to be set
        Returns:
        true if setting is successful, false otherwise

      • getX509Certificate

        public X509Certificate getX509Certificate​(jakarta.servlet.http.HttpServletRequest servletrequest)
        Returns the X509 certificate.
        Returns:
        the X509 certificate.

      • logSuccess

        public void logSuccess​(String msgId,
                       String logId)
        Adds log message to authentication access log.
        Parameters:
        msgId - I18n key of the localized message.
        logId - Logging message Id

      • logFailed

        public void logFailed​(String str,
                      String logId,
                      boolean appendAuthType,
                      String error)
        Adds log message to authentication error log.
        Parameters:
        str - localized message to be logged.
        logId - logging message Id.
        appendAuthType - if true, append authentication type to the logId to form new logging message Id. for example: "LOGIN_FAILED_LEVEL".
        error - error Id to be append to logId to form new logging message Id. for example : "LOGIN_FAILED_LEVEL_INVALIDPASSWORD"

      • getLoginLockoutAttrName

        public String getLoginLockoutAttrName()
        Return attribute name for LoginLockout
        Returns:
        attribute name for LoginLockout

      • getLoginLockoutAttrValue

        public String getLoginLockoutAttrValue()
        Return attribute value for LoginLockout
        Returns:
        attribute value for LoginLockout

      • getInvalidAttemptsDataAttrName

        public String getInvalidAttemptsDataAttrName()
        Return attribute name for storing invalid attempts data
        Returns:
        attribute name for storing invalid attempts data

      • getLoginFailureLockoutDuration

        public long getLoginFailureLockoutDuration()
        Return LoginLockout duration
        Returns:
        LoginLockout duration

      • getLoginFailureLockoutMultiplier

        public int getLoginFailureLockoutMultiplier()
        Return multiplier for Memory Lockout
        Returns:
        LoginLockout multiplier

      • getOldSession

        public InternalSession getOldSession()
        Returns old Session
        Returns:
        old Session

      • setOldSession

        public void setOldSession​(InternalSession oldSession)
        Sets old Session
        Parameters:
        oldSession - Old InternalSession Object

      • isSessionUpgrade

        public boolean isSessionUpgrade()
        Returns session upgrade.
        Returns:
        session upgrade.

      • setSessionUpgrade

        public void setSessionUpgrade​(boolean sessionUpgrade)
        Sets session upgrade.
        Parameters:
        sessionUpgrade - true if session upgrade.

      • getLoginURL

        public String getLoginURL()
        Returns the Login URL user input.
        Returns:
        the Login URL user input.

      • setPageTimeOut

        public void setPageTimeOut​(long pageTimeOut)
        Sets the page timeout.
        Parameters:
        pageTimeOut - Page timeout.

      • ignoreProfile

        public boolean ignoreProfile()
        Return ignoreUserProfile
        Returns:
        ignoreUserProfile

      • setFailedUserId

        public void setFailedUserId​(String userID)
        Sets the failureTokenId - set by modules if this is set the logs will show the user id.
        Parameters:
        userID - User ID.

      • getAllReceivedCallbacks

        public Map<String,​Callback[]> getAllReceivedCallbacks()
        Get all the received Callbacks.
        Returns:
        The received Callbacks.

      • setCallbacksPerState

        public void setCallbacksPerState​(String pageState,
                                 Callback[] callbacks)
        Sets Callbacks per Page state.

      • isCookieDetect

        public boolean isCookieDetect()
        Returns true if cookie detected.
        Returns:
        true if cookie detected.

      • setCookieDetect

        public void setCookieDetect​(boolean cookieDetect)
        Sets the cookie detection value - true if cookieSupport is null.
        Parameters:
        cookieDetect - Cookie Detect flag.

      • setUserCreationAttributes

        public void setUserCreationAttributes​(Map attributeValuePairs)
        Sets a Map of attribute value pairs to be used when the authentication service is configured to dynamically create a user.
        Parameters:
        attributeValuePairs - Map of attribute name to a set of values.

      • setSuccessModuleName

        public void setSuccessModuleName​(String moduleName)
        Sets the module name of successful LoginModule. This module name will be populated in the session property AuthType.
        Parameters:
        moduleName - Name of module.

      • setFailureModuleName

        public void setFailureModuleName​(String moduleName)
        Adds the failed module name to a set.
        Parameters:
        moduleName - Failed module name.

      • getFailureModuleNames

        public String getFailureModuleNames()
        Gets the failure module names.
        Returns:
        The list of failure auth module names in a pipe separated string.

      • getModuleName

        protected String getModuleName​(String localizedModuleName)
        Returns the key for the localized module name.
        Parameters:
        localizedModuleName - , the localized module name
        Returns:
        a string, the module name

      • setRemoteLocale

        public void setRemoteLocale​(String localeStr)
        Sets remote locale passed by client
        Parameters:
        localeStr - remote client locale string.

      • getUserDN

        public String getUserDN​(AMIdentity amIdentityUser)
        Returns user DN of an Identity.
        Parameters:
        amIdentityUser - AMIdentity object.
        Returns:
        Identity user DN.

      • createUserIdentity

        public AMIdentity createUserIdentity​(String userName,
                                     Map userAttributes,
                                     Set userRoles)
                              throws IdRepoException,
                                     SSOException
        Creates AMIdentity in the repository.
        Parameters:
        userName - name of user to be created.
        userAttributes - Map of default attributes.
        userRoles - Set of default roles.
        Returns:
        AMIdentity object of created user.
        Throws:
        IdRepoException - if it fails to create AMIdentity
        SSOException - if SSOToken for admin is not valid

      • getUserUniversalId

        public String getUserUniversalId​(String userName)
        Returns the universal id associated with a user name.
        Parameters:
        userName - name of user to be created.
        Returns:
        universal identifier of the user.

      • getCompositeAdvice

        public String getCompositeAdvice()
        Returns the Composite Advice for this Authentication request.
        Returns:
        String of Composite Advice.

      • setUserName

        public void setUserName​(String username)
        Sets userDN - called by AMLoginContext.

      • restoreOldSession

        public void restoreOldSession()
        Restores the old session (if one exists). Used in the case of a failed session upgrade or successful force-auth to restore the original session object. If no old session exists then this method does nothing.

      • isUserIDGeneratorEnabled

        public boolean isUserIDGeneratorEnabled()
        Indicates userID generate mode is enabled

      • getUserIDGeneratorClassName

        public String getUserIDGeneratorClassName()
        Indicates provider class name for userIDGenerator

      • getFailureTokenId

        public String getFailureTokenId()
        SSOToken ID for login failed

      • is2faMandatory

        public boolean is2faMandatory()

      • setSharedState

        public void setSharedState​(Map sharedState)
        Sets a shared state map from the AMLoginModule.
        Parameters:
        sharedState -

      • getSharedState

        public Map getSharedState()
        The shared state map.
        Returns:
        sharedState

      • saveSharedStateAttributes

        public void saveSharedStateAttributes()
        Saves the attributes specified by the sharedStateAttributes into requestMap.

      • saveAuthenticatedPrincipal

        public void saveAuthenticatedPrincipal​(String principalName)
        Saves the principals successfully created in the authentication process whether all modules or identity searches are successful or not. This differs from the principalList which is generated by the logincontext as that is only generated when all modules have been completed successfully.
        Parameters:
        principalName -

      • getAuthenticatedPrincipals

        public Set<String> getAuthenticatedPrincipals()
        Returns a list of the authenticated principals in the current authentication process.
        Returns:
        authenticatedPrincipals

      • getPostLoginClassSet

        public Set<String> getPostLoginClassSet()
        get orgPostLoginClassSet