Package org.forgerock.openam.sso.providers.stateless

Class StatelessAdminRestriction

java.lang.Object

org.forgerock.openam.sso.providers.stateless.StatelessAdminRestriction

public class StatelessAdminRestriction
extends Object

Centralised logic to coordinate the decision around Stateless Sessions. In particular it has been decided that administrator users will not use Stateless Sessions.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static interface	StatelessAdminRestriction.SuperUserDelegate	Responsible for answering the question of whether some token represents an administrator user.

Constructor Summary

Constructors

Constructor	Description
StatelessAdminRestriction(StatelessAdminRestriction.SuperUserDelegate delegate, StatelessSessionManager factory)

Method Summary

Modifier and Type	Method	Description
static StatelessAdminRestriction.SuperUserDelegate	createAuthDDelegate()	Used to generate a singleton SuperUserDelegate whose AuthD instance is lazily loaded and which is used to verify the administrative nature of users passed in.
boolean	isRestricted(SSOToken token)	Indicates if a given SSOToken should be restricted when used in the context of a Stateless Session.
boolean	isRestricted(String userDN)	Indicates if the given User DN should be restricted when used in the context of Stateless Sessions.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

StatelessAdminRestriction

@Inject
public StatelessAdminRestriction(StatelessAdminRestriction.SuperUserDelegate delegate,
                                 StatelessSessionManager factory)

Method Detail

isRestricted

public boolean isRestricted(SSOToken token)
                     throws SessionException

Indicates if a given SSOToken should be restricted when used in the context of a Stateless Session.

Parameters:

token - Non null SSOToken.

Returns:

True if the the SSOToken should be restricted in the context of Stateless Sessions.

Throws:

SessionException - If there was an error whilst attempting to verify if the SSOToken represented a Stateless Session then this exception will be thrown.

isRestricted

public boolean isRestricted(String userDN)

Indicates if the given User DN should be restricted when used in the context of Stateless Sessions.

Parameters:

userDN - Non null user DN.

Returns:

True if the userDN should be restricted.

See Also:

SSOToken.getPrincipal(), Principal.getName()

createAuthDDelegate

public static StatelessAdminRestriction.SuperUserDelegate createAuthDDelegate()

Used to generate a singleton SuperUserDelegate whose AuthD instance is lazily loaded and which is used to verify the administrative nature of users passed in.

Returns:

A new SuperUserDelegate, ready for use.