|
Oracle Fusion Middleware Access SDK Java API Reference for Oracle Access Management Access Manager 11g Release 2 (11.1.2) E27136-01 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object
oracle.security.am.asdk.BaseUserSession
oracle.security.am.asdk.UserSession
public final class UserSession
Represents a session for an authenticated user.
UserSession object represents an authenticated user. A user session object is initially created through a constructor that authenticates the user. This constructor takes an ResourceRequest object and an Hashtable of credentials. The Resource Request determines the authentication scheme that is to be applied to the credentials to authenticate the user. The Resource Request also determines other aspects of authentication policy: success or failure actions A session token string is a serialized representation of the user session. A user session object can be constructed from a valid session token, and a session token can be generated from a user session object.
Elements of a user session object are
- the user identity, for example, the DN of the user's profile entry in a directory,
- the level of the authentication scheme used to authenticate the user,
- the location (IP address) of the user's client,
- a session start time set when the user authenticated,
- a last use time set each time a user request is authorized,
- actions set during authentication and authorization according to OAM policies; each resource type defines a set of action types, for example, "cookie" and "headerVar" for http resources.
- the status of session (logged in, logged out, login failed, or expired),
- an error number from the most recent authentication or authorization.
The isAuthorized() method determines if the user is authorized to request an operation against a resource. Results of the authorization can be obtained through UserSession methods: an error number if the authorization failed, and authorization success or failure policy actions (name-value pairs).
Field Summary | |
---|---|
static java.lang.String |
REQUESTOR_TOKEN |
static java.lang.String |
TARGET_AGENT_CTX |
static java.lang.String |
TARGET_RESOURCE |
Constructor Summary | |
---|---|
UserSession() Default Constructor for UserSesion Object |
|
UserSession(AccessClient aClient) Constructs a UserSession object |
|
UserSession(AccessClient aClient, ResourceRequest resReq, java.util.Hashtable credentials) Constructs a UserSession object by calling the authenticate method using specified AccessClient object. |
|
UserSession(AccessClient aClient, ResourceRequest resReq, java.util.Hashtable credentials, java.lang.String location) Constructs a UserSession object by calling the authenticate method using specified AccessClient object. |
|
UserSession(AccessClient aClient, java.lang.String sessionToken) Constructs a UserSession object with specified token and AccessClient object |
|
UserSession(AccessClient aClient, java.lang.String sessionToken, boolean lazyload) Constructs a UserSession object by calling the authenticate method using the specified AccessClient object. |
|
UserSession(AccessClient aClient, java.lang.String sessionToken, boolean lazyload, boolean updateToken) Constructs a UserSession object with specified token on demand with AccessClient object. |
|
UserSession(ResourceRequest resReq, java.util.Hashtable credentials) Constructs a UserSession object by calling the authenticate method |
|
UserSession(ResourceRequest resReq, java.util.Hashtable credentials, java.lang.String location) Constructs a UserSession object by calling the authenticate method |
|
UserSession(java.lang.String sessionToken) Constructs a UserSession object with specified token |
|
UserSession(java.lang.String sessionToken, boolean lazyload) Constructs a UserSession object by calling the authenticate method. |
|
UserSession(java.lang.String sessionToken, boolean lazyload, boolean updateToken) Constructs a UserSession object with specified token on demand. |
Method Summary | |
---|---|
java.lang.Object |
clone() Used to clone UserSession Objects. |
int |
getLastUseTime() Returns the time in seconds from Jan 1, 1970 till the most recent user request was authorized. |
int |
getLevel() Returns authentication scheme level at which user is authenticated. |
java.lang.String |
getLocation() Returns the IP address of the user's client |
static java.lang.String |
getScopedSessionToken(AccessClient aClient, java.lang.String userIdentityAssertion, java.util.Map<java.lang.String,java.lang.String> scopeDescriptor) Returns String object representing the scoped session token |
java.lang.String |
getScopedSessionToken(java.util.Map<java.lang.String,java.lang.String> scopeDescriptor) Returns String object representing the scoped session token. |
java.util.Hashtable |
getSessionAttributes() Get the attributes of current user session. |
java.util.Hashtable |
getSessionAttributes(AccessClient aClient) Get the attributes of current user session. |
static java.util.Hashtable |
getSessionAttributes(AccessClient aClient, java.lang.String sessionId) Get the attributes for the given sessionId using the specified AccessClient object. |
static java.util.Hashtable |
getSessionAttributes(java.lang.String sessionId) Get the attributes for the given sessionId |
static java.util.Set |
getSessionIds(AccessClient aClient, java.lang.String userId) Get the SessionIds of the given LDAP userid using the specified AccessClient object. |
static java.util.Set |
getSessionIds(java.lang.String userId) Get the SessionIds for the given LDAP userid. |
java.lang.String |
getSessionToken() Returns the saved, encrypted ASCII string representing the user session. |
int |
getStartTime() Returns time in seconds from Jan 1, 1970 till authenticated user session was started. |
int |
getStatus() Provides integer value representing the current status of the session. |
java.lang.String |
getUserIdentity() Returns the DN of the user's profile entry in the user directory. |
void |
logoff() Logs off the authenticated user and terminates the session. |
boolean |
setSessionAttributes(AccessClient aClient, java.util.Hashtable sessionDetails) Sets attributes for current user session. |
static boolean |
setSessionAttributes(AccessClient aClient, java.lang.String sessionId, java.util.Hashtable sessionDetails) Set the session attributes for the given sessionId using the specified AccessClient. |
boolean |
setSessionAttributes(java.util.Hashtable sessionDetails) Set attributes for current user session. |
static boolean |
setSessionAttributes(java.lang.String sessionId, java.util.Hashtable sessionDetails) Set the session details for the given sessionId |
static void |
terminateSession(AccessClient aClient, java.lang.String sessionId) Terminate the session of the given sessionId using the specified AccessClient object. |
static void |
terminateSession(java.lang.String sessionId) Terminate the session for the given sessionId |
Methods inherited from class oracle.security.am.asdk.BaseUserSession |
---|
clearActions, getAction, getActions, getActionTypes, getError, getErrorMessage, getNumberOfActions, isAuthorized, isAuthorized, setLocation |
Methods inherited from class java.lang.Object |
---|
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final java.lang.String TARGET_RESOURCE
public static final java.lang.String TARGET_AGENT_CTX
public static final java.lang.String REQUESTOR_TOKEN
Constructor Detail |
---|
public UserSession() throws AccessException
AccessException
- In case of failure to create the object.public UserSession(AccessClient aClient) throws AccessException
aClient
- AccessClient object to be used for performing operations.AccessException
- In case of failure to create the object.public UserSession(java.lang.String sessionToken) throws AccessException
sessionToken
- serialized user session object representation, holds session token for NAP 3, and authn token for NAP 4AccessException
- In case of errors if sessionToken is null.public UserSession(AccessClient aClient, java.lang.String sessionToken) throws AccessException
aClient
- AccessClient object to be used for perfoming operations.sessionToken
- an ASCII text string that indicates user session token, holds session token for NAP 3, and authn token for NAP 4AccessException
- In case of errors if sessionToken is null.public UserSession(java.lang.String sessionToken, boolean lazyload, boolean updateToken) throws AccessException
sessionToken
- ASCII text string that is parsed to obtain the result of authentication. Holds session token for NAP 3, and authn token for NAP 4.lazyload
- if true, indicates that the session token is not to be loaded immediately. Relies on getUserIdentity(),getLocation(), getLevel(), getStartTime(), and getEndTime() functions to make calls if the session token information is invalid, and lazyload loads the token on demand.updateToken
- if true, the token is updated (only applies to NAP 3, will be ignored in NAP 4)AccessException
- In case of errors if sessionToken is nullpublic UserSession(AccessClient aClient, java.lang.String sessionToken, boolean lazyload, boolean updateToken) throws AccessException
aClient
- AccessClient object to be used for perfoming operations.sessionToken
- ASCII text string that is parsed to obtain the result of authentication. Holds session token for NAP 3, and authn token for NAP 4.lazyload
- if true, indicates that the session token is not to be loaded immediately. Relies on getUserIdentity(),getLocation(), getLevel(), getStartTime(), and getEndTime() functions to make calls if the session token information is invalid, and lazyload loads the token on demand.updateToken
- If true, the token is updated (only applies to NAP 3, will be ignored in NAP 4)AccessException
- In case of errors if sessionToken is null.public UserSession(ResourceRequest resReq, java.util.Hashtable credentials) throws AccessException
resReq
- ResourceRequest object representing a requested resource.credentials
- Hashtable containing the key/value pairs of String type.
AuthenticationScheme
AuthenticationScheme
AuthenticationScheme
. The value for this certificate key should be Base64 Encoded string which represent a valid X.509 certificate.AccessException
- In case of errors if sessionToken is nullpublic UserSession(AccessClient aClient, ResourceRequest resReq, java.util.Hashtable credentials) throws AccessException
aClient
- AccessClient object to be used for perfoming operations.resReq
- ResourceRequest object representing a requested resource.credentials
- Hashtable containing the key/value pairs of String type.
AuthenticationScheme
AuthenticationScheme
AuthenticationScheme
. The value for this certificate key should be Base64 Encoded string which represent a valid X.509 certificate.AccessException
- In case of errors if sessionToken is nullpublic UserSession(ResourceRequest resReq, java.util.Hashtable credentials, java.lang.String location) throws AccessException
resReq
- ResourceRequest object representing a requested resource.credentials
- Hashtable containing the key/value pairs of String type.
AuthenticationScheme
AuthenticationScheme
AuthenticationScheme
. The value for this certificate key should be Base64 Encoded string which represent a valid X.509 certificate.location
- IP address of the client as specified by the application.AccessException
- In case of errors if sessionToken is nullpublic UserSession(AccessClient aClient, ResourceRequest resReq, java.util.Hashtable credentials, java.lang.String location) throws AccessException
aClient
- AccessClient object to be used for perfoming operations.resReq
- ResourceRequest object representing a requested resource.credentials
- Hashtable containing the key/value pairs of String type.
AuthenticationScheme
AuthenticationScheme
AuthenticationScheme
. The value for this certificate key should be Base64 Encoded string which represent a valid X.509 certificate.location
- IP address of the client as specified by the application.AccessException
- In case of errors if sessionToken or resource object is nullpublic UserSession(java.lang.String sessionToken, boolean lazyload) throws AccessException
sessionToken
- ASCII text string that is parsed to obtain the result of authentication, holds session token for NAP 3, and authn token for NAP 4lazyload
- if true, indicates that the session token is not to be loaded immediately. Relies on getUserIdentity(), getLocation(), getLevel(), getStartTime(), and getLastUseTime() functions to make calls if the session token information is invalid, and lazyload loads the token on demand.AccessException
- In case of errors if sessionToken is nullpublic UserSession(AccessClient aClient, java.lang.String sessionToken, boolean lazyload) throws AccessException
aClient
- AccessClient object to be used for perfoming operations.sessionToken
- ASCII text string that is parsed to obtain the result of authentication, holds session token for NAP 3, and authn token for NAP 4lazyload
- if true, indicates that the session token is not to be loaded immediately. Relies on getUserIdentity(), getLocation(), getLevel(), getStartTime(), and getLastUseTime() functions to make calls if the session token information is invalid, and lazyload loads the token on demand.AccessException
- In case of errors if sessionToken is nullMethod Detail |
---|
public int getStartTime() throws AccessException
AccessException
- If failed to retrieve session informationpublic java.lang.String getSessionToken() throws AccessException
AccessException
- If ASDK is not initialized or fails to initialize.public java.lang.String getScopedSessionToken(java.util.Map<java.lang.String,java.lang.String> scopeDescriptor) throws AccessException, OperationNotPermittedException
The session token contained in this object is scoped to a different agent. This API can be leveraged to obtain a token that can be used by a different (target) agent. The invoker agent should have sufficient privileges to use this API.
scopeDescriptor
- A map containing these key-value pairs of String typeAccessException
- In case of errorsOperationNotPermittedException
- Invoker agent has insufficient privileges to perform this operation.public int getLastUseTime()
public int getStatus() throws AccessException
getStatus
in class BaseUserSession
AccessException
- In case if it fails to create user session.public void logoff() throws AccessException
AccessException
- If error occurs during operationpublic java.lang.Object clone() throws java.lang.CloneNotSupportedException
clone
in class java.lang.Object
java.lang.CloneNotSupportedException
public static java.util.Set getSessionIds(java.lang.String userId) throws AccessException, OperationNotPermittedException
userId
- LDAP userid of the user whose session ids are to be retrievedAccessException
- If userId is nullOperationNotPermittedException
- Insufficient privileges to perform this operation.public static java.util.Set getSessionIds(AccessClient aClient, java.lang.String userId) throws AccessException, OperationNotPermittedException
aClient
- AccessClient object to be used for perfoming operations.userId
- LDAP userid of the user whose session ids are to be retrievedAccessException
- If userId is nullOperationNotPermittedException
- Insufficient privileges to perform this operation.public static void terminateSession(java.lang.String sessionId) throws AccessException, OperationNotPermittedException
sessionId
- id of session which needs to be terminatedAccessException
- If session id is nullOperationNotPermittedException
- Insufficient privileges to perform this operation.public static void terminateSession(AccessClient aClient, java.lang.String sessionId) throws AccessException, OperationNotPermittedException
aClient
- AccessClient object to be used for perfoming operations.sessionId
- id of session which needs to be terminatedAccessException
- If session id is nullOperationNotPermittedException
- Insufficient privileges to perform this operation.public static boolean setSessionAttributes(java.lang.String sessionId, java.util.Hashtable sessionDetails) throws AccessException, OperationNotPermittedException
sessionId
- id of session which needs to be updated with the new attributessessionDetails
- Hashtable containing the attribute name(String) and the attribute value(String) to be updated in the session.AccessException
- If session id is null or session details are nullOperationNotPermittedException
- Insufficient privileges to perform this operation.public boolean setSessionAttributes(java.util.Hashtable sessionDetails) throws AccessException
sessionDetails
- Hashtable containing the attribute name(String) and the attribute value(String) to be updated in the session.AccessException
- If session id is null or session details are nullOperationNotPermittedException
- Insufficient privileges to perform this operation.public boolean setSessionAttributes(AccessClient aClient, java.util.Hashtable sessionDetails) throws AccessException
aClient
- AccessClient object to be used for perfoming operations.sessionDetails
- Hashtable containing the attribute name(String) and the attribute value(String) to be updated in the session.AccessException
- If session id is null or session details are nullOperationNotPermittedException
- Insufficient privileges to perform this operation.public static boolean setSessionAttributes(AccessClient aClient, java.lang.String sessionId, java.util.Hashtable sessionDetails) throws AccessException, OperationNotPermittedException
aClient
- AccessClient object to be used for perfoming operations.sessionId
- id of session which needs to be updated with the new attributessessionDetails
- Hashtable containing the attribute name(String) and the attribute value(String) to be updated in the session, for example, attribute name is email-id.AccessException
- If session id is null or session details are nullOperationNotPermittedException
- Insufficient privileges to perform this operation.public static java.util.Hashtable getSessionAttributes(java.lang.String sessionId) throws AccessException, OperationNotPermittedException
sessionId
- id of sessiodn whose attributes are requiredAccessException
- If session id is nullOperationNotPermittedException
- Insufficient privileges to perform this operation.public java.util.Hashtable getSessionAttributes() throws AccessException
AccessException
- If session id is nullOperationNotPermittedException
- Insufficient privileges to perform this operation.public java.util.Hashtable getSessionAttributes(AccessClient aClient) throws AccessException
aClient
- AccessClient object to be used for perfoming operations.AccessException
- If session id is nullOperationNotPermittedException
- Insufficient privileges to perform this operation.public static java.util.Hashtable getSessionAttributes(AccessClient aClient, java.lang.String sessionId) throws AccessException, OperationNotPermittedException
aClient
- AccessClient object to be used for perfoming operations.sessionId
- id of sessiodn whose attributes are requiredAccessException
- If session id is nullOperationNotPermittedException
- Insufficient privileges to perform this operation.public static java.lang.String getScopedSessionToken(AccessClient aClient, java.lang.String userIdentityAssertion, java.util.Map<java.lang.String,java.lang.String> scopeDescriptor) throws AccessException, OperationNotPermittedException
The session information present in the identity assertion is used to create a new token. This API can be leveraged to obtain a token that can be used by a different (target) agent based on identity assertion. The invoker agent should have sufficient privileges to use this API. Additionally, the requesting application should also be authorized to issue tokens for the target resource.
aClient
- AccessClient object to be used for performing operationsuserIdentityAssertion
- propagated user identity (This can be a SAML assertion)scopeDescriptor
- a map containing these key-value pairs of String typeAccessException
- In case of errorsOperationNotPermittedException
- Invoker agent has insufficient privileges to perform this operation.public int getLevel() throws AccessException
getLevel
in class BaseUserSession
AccessException
- If failed to retreive session information.public java.lang.String getUserIdentity() throws AccessException
getUserIdentity
in class BaseUserSession
AccessException
- If failed to retreive session information.public java.lang.String getLocation() throws AccessException
getLocation
in class BaseUserSession
AccessException
- If error occurs during operation
|
Oracle Fusion Middleware Access SDK Java API Reference for Oracle Access Management Access Manager 11g Release 2 (11.1.2) E27136-01 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |