Skip navigation links

Oracle Access Manager Access SDK Java API Reference
11g Release 1 (11.1.1)

E22472-01


oracle.security.am.asdk
Class UserSession

java.lang.Object
  extended by oracle.security.am.asdk.BaseUserSession
      extended by oracle.security.am.asdk.UserSession

All Implemented Interfaces:
java.lang.Cloneable

public final class UserSession
extends BaseUserSession
implements java.lang.Cloneable

Represents a session for an authenticated user.

UserSession object represents an authenticated user. A user session object is initially created through a constructor that authenticates the user. This constructor takes an ResourceRequest object and an Hashtable of credentials. The Resource Request determines the authentication scheme that is to be applied to the credentials to authenticate the user. The Resource Request also determines other aspects of authentication policy: success or failure actions A session token string is a serialized representation of the user session. A user session object can be constructed from a valid session token, and a session token can be generated from a user session object.

Elements of a user session object are
- the user identity, for example, the DN of the user's profile entry in a directory,
- the level of the authentication scheme used to authenticate the user,
- the location (IP address) of the user's client,
- a session start time set when the user authenticated,
- a last use time set each time a user request is authorized,
- actions set during authentication and authorization according to OAM policies; each resource type defines a set of action types, for example, "cookie" and "headerVar" for http resources.
- the status of session (logged in, logged out, login failed, or expired),
- an error number from the most recent authentication or authorization.

The isAuthorized() method determines if the user is authorized to request an operation against a resource. Results of the authorization can be obtained through UserSession methods: an error number if the authorization failed, and authorization success or failure policy actions (name-value pairs).


Field Summary

 

Fields inherited from class oracle.security.am.asdk.BaseUserSession
AWAITINGLOGIN, ERR_AUTHN_PLUGIN_DENIED, ERR_DENY, ERR_IDLE_TIMEOUT, ERR_INCONCLUSIVE, ERR_INSUFFICIENT_LEVEL, ERR_INVALID_CERTIFICATE, ERR_MOD_USER_FAILED, ERR_NEED_MORE_DATA, ERR_NO_USER, ERR_NOT_LOGGED_IN, ERR_PASSWORD_CHANGE_ON_RESET, ERR_PASSWORD_EXPIRED, ERR_SESSION_TIMEOUT, ERR_UNKNOWN, ERR_USER_LOCKED_OUT, ERR_USER_REVOKED, ERR_WRONG_PASSWORD, EXPIRED, LOGGED_OUT_SESSION_TOKEN, LOGGEDIN, LOGGEDOUT, LOGINFAILED, OK

 

Constructor Summary
UserSession()
          Default Constructor for UserSesion Object
UserSession(AccessClient aClient)
          Constructs a UserSession object
UserSession(AccessClient aClient, ResourceRequest resReq, java.util.Hashtable credentials)
          Constructs a UserSession object by calling the authenticate method using specified AccessClient object.
UserSession(AccessClient aClient, ResourceRequest resReq, java.util.Hashtable credentials, java.lang.String location)
          Constructs a UserSession object by calling the authenticate method using specified AccessClient object.
UserSession(AccessClient aClient, java.lang.String sessionToken)
          Constructs a UserSession object with specified token and AccessClient object
UserSession(AccessClient aClient, java.lang.String sessionToken, boolean lazyload)
          Constructs a UserSession object by calling the authenticate method using the specified AccessClient object.
UserSession(AccessClient aClient, java.lang.String sessionToken, boolean lazyload, boolean updateToken)
          Constructs a UserSession object with specified token on demand with AccessClient object.
UserSession(ResourceRequest resReq, java.util.Hashtable credentials)
          Constructs a UserSession object by calling the authenticate method
UserSession(ResourceRequest resReq, java.util.Hashtable credentials, java.lang.String location)
          Constructs a UserSession object by calling the authenticate method
UserSession(java.lang.String sessionToken)
          Constructs a UserSession object with specified token
UserSession(java.lang.String sessionToken, boolean lazyload)
          Constructs a UserSession object by calling the authenticate method
UserSession(java.lang.String sessionToken, boolean lazyload, boolean updateToken)
          Constructs a UserSession object with specified token on demand

 

Method Summary
 java.lang.Object clone()
          Used to clone UserSession Objects.
 int getLastUseTime()
          Returns the time in seconds from Jan 1 1970 till the most recent user request was authorized.
 int getLevel()
          Returns authentication scheme level used to authenticate the user.
 java.lang.String getLocation()
          Returns the IP address of the user's client
static java.util.Hashtable getSessionAttributes(AccessClient aClient, java.lang.String sessionId)
          To get the attributes for the given sessionId using the specified AccessClient object.
static java.util.Hashtable getSessionAttributes(java.lang.String sessionId)
          To get the attributes for the given sessionId
static java.util.Set getSessionIds(AccessClient aClient, java.lang.String userId)
          To get the SessionIds of the given LDAP userid using the specified AccessClient object.
static java.util.Set getSessionIds(java.lang.String userId)
          To get the SessionIds for the given LDAP userid.
 java.lang.String getSessionToken()
          Returns the saved, encrypted ASCII string representing the user session.
 int getStartTime()
          Returns time in seconds from Jan 1 1970 till authenticated user session was started.
 int getStatus()
          Provides integer value representing the current status of the session.
 java.lang.String getUserIdentity()
          Returns the DN of the user's profile entry in the user directory.
 void logoff()
          Logs off the authenticated user and terminates the session.
static boolean setSessionAttributes(AccessClient aClient, java.lang.String sessionId, java.util.Hashtable sessionDetails)
          To update the details for the given sessionId using the specified AccessClient object.
static boolean setSessionAttributes(java.lang.String sessionId, java.util.Hashtable sessionDetails)
          To update the details for the given sessionId
static void terminateSession(AccessClient aClient, java.lang.String sessionId)
          To terminate the Session of the given sessionId using the specified AccessClient object.
static void terminateSession(java.lang.String sessionId)
          To terminate the Session for the given sessionId

 

Methods inherited from class oracle.security.am.asdk.BaseUserSession
clearActions, getAction, getActions, getActionTypes, getError, getErrorMessage, getNumberOfActions, isAuthorized, isAuthorized, setLocation

 

Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

 

Constructor Detail

UserSession

public UserSession()
            throws AccessException
Default Constructor for UserSesion Object
Throws:
AccessException - In case of failure to create the object.

UserSession

public UserSession(AccessClient aClient)
            throws AccessException
Constructs a UserSession object
Parameters:
aClient - object to be used for performing operations.
Throws:
AccessException - In case of failure to create the object.

UserSession

public UserSession(java.lang.String sessionToken)
            throws AccessException
Constructs a UserSession object with specified token
Parameters:
sessionToken - serailized user session object representation
Throws:
AccessException - In case of errors if sessionToken is null.

UserSession

public UserSession(AccessClient aClient,
                   java.lang.String sessionToken)
            throws AccessException
Constructs a UserSession object with specified token and AccessClient object
Parameters:
aClient - AccessClient object to be used for perfoming operations.
sessionToken - an ASCII text string that indicates user session token.
Throws:
AccessException - In case of errors if sessionToken is null.

UserSession

public UserSession(java.lang.String sessionToken,
                   boolean lazyload,
                   boolean updateToken)
            throws AccessException
Constructs a UserSession object with specified token on demand
Parameters:
sessionToken - ASCII text string that is parsed to obtain the result of authentication.
lazyload - if true, indicates that the session token is not to be loaded immediately. Relies on getUserIdentity(),getLocation(), getLevel(), getStartTime(), and getEndTime() functions to make calls if the session token information is invalid, and lazyload loads the token on demand.
updateToken - if true, the token is updated
Throws:
AccessException - In case of errors if sessionToken is null

UserSession

public UserSession(AccessClient aClient,
                   java.lang.String sessionToken,
                   boolean lazyload,
                   boolean updateToken)
            throws AccessException
Constructs a UserSession object with specified token on demand with AccessClient object.
Parameters:
aClient - AccessClient object to be used for perfoming operations.
sessionToken - ASCII text string that is parsed to obtain the result of authentication.
lazyload - if true, indicates that the session token is not to be loaded immediately. Relies on getUserIdentity(),getLocation(), getLevel(), getStartTime(), and getEndTime() functions to make calls if the session token information is invalid, and lazyload loads the token on demand.
updateToken - If true, the token is updated
Throws:
AccessException - In case of errors if sessionToken is null.

UserSession

public UserSession(ResourceRequest resReq,
                   java.util.Hashtable credentials)
            throws AccessException
Constructs a UserSession object by calling the authenticate method
Parameters:
resReq - ResourceRequest object representing a requested resource.
credentials - Hashtable containing the key/value pairs of String type.
  • username : Required for Basic and Form AuthenticationScheme
  • password : Required for Basic and Form AuthenticationScheme
    In case of Form AuthenticationScheme username and password are challenge parameters of AuthenticationScheme.
    For Basic AuthenticationScheme username and password are "userid" and "password"
  • certificate : Required for Certificate AuthenticationScheme. The value for this certificate key should be Base64 Encoded string which represent a valid X.509 certificate.
  • ip (Optional) : IP address, in dotted notation, of the client accessing the resource
  • operation (Optional) : Operation attempted on the resource. For HTTP resources, one of GET,POST,PUT,HEAD,DELETE, TRACE,OPTIONS,CONNECT,OTHER.
  • resource (Optional) : The requested resource identifier. For HTTP resources, the full URL.
  • targethost (Optional) : The host (host:port) to which resource request is sent.
    One or more of the optional parameters above may be required by certain authentication schemes, modules, or plugins as configured in the OAM server. Refer to your OAM server configuration and documentation to determine which parameters to supply.
Throws:
AccessException - In case of errors if sessionToken is null

UserSession

public UserSession(AccessClient aClient,
                   ResourceRequest resReq,
                   java.util.Hashtable credentials)
            throws AccessException
Constructs a UserSession object by calling the authenticate method using specified AccessClient object.
Parameters:
aClient - AccessClient object to be used for perfoming operations.
resReq - ResourceRequest object representing a requested resource.
credentials - Hashtable containing the key/value pairs of String type.
  • userid : Required for Basic and Form AuthenticationScheme
  • password : Required for Basic and Form AuthenticationScheme
    In case of Form AuthenticationScheme username and password are challenge parameters of AuthenticationScheme.
    For Basic AuthenticationScheme username and password are "userid" and "password"
  • certificate : Required for Certificate AuthenticationScheme. The value for this certificate key should be Base64 Encoded string which represent a valid X.509 certificate.
  • ip (Optional) : IP address, in dotted notation, of the client accessing the resource
  • operation (Optional) : Operation attempted on the resource. For HTTP resources, one of GET,POST,PUT,HEAD,DELETE, TRACE,OPTIONS,CONNECT,OTHER.
  • resource (Optional) : The requested resource identifier. For HTTP resources, the full URL.
  • targethost (Optional) : The host (host:port) to which resource request is sent.
    One or more of the optional parameters above may be required by certain authentication schemes, modules, or plugins as configured in the OAM server. Refer to your OAM server configuration and documentation to determine which parameters to supply.
Throws:
AccessException - In case of errors if sessionToken is null

UserSession

public UserSession(ResourceRequest resReq,
                   java.util.Hashtable credentials,
                   java.lang.String location)
            throws AccessException
Constructs a UserSession object by calling the authenticate method
Parameters:
resReq - ResourceRequest object representing a requested resource.
credentials - Hashtable containing the key/value pairs of String type.
  • userid : Required for Basic and Form AuthenticationScheme
  • password : Required for Basic and Form AuthenticationScheme
    In case of Form AuthenticationScheme username and password are challenge parameters of AuthenticationScheme.
    For Basic AuthenticationScheme username and password are "userid" and "password"
  • certificate : Required for Certificate AuthenticationScheme. The value for this certificate key should be Base64 Encoded string which represent a valid X.509 certificate.
  • ip (Optional) : IP address, in dotted notation, of the client accessing the resource
  • operation (Optional) : Operation attempted on the resource. For HTTP resources, one of GET,POST,PUT,HEAD,DELETE, TRACE,OPTIONS,CONNECT,OTHER.
  • resource (Optional) : The requested resource identifier. For HTTP resources, the full URL.
  • targethost (Optional) : The host (host:port) to which resource request is sent.
    One or more of the optional parameters above may be required by certain authentication schemes, modules, or plugins as configured in the OAM server. Refer to your OAM server configuration and documentation to determine which parameters to supply.
location - IP address of the client as specified by the application.
Throws:
AccessException - In case of errors if sessionToken is null

UserSession

public UserSession(AccessClient aClient,
                   ResourceRequest resReq,
                   java.util.Hashtable credentials,
                   java.lang.String location)
            throws AccessException
Constructs a UserSession object by calling the authenticate method using specified AccessClient object.
Parameters:
aClient - AccessClient object to be used for perfoming operations.
resReq - ResourceRequest object representing a requested resource.
credentials - Hashtable containing the key/value pairs of String type.
  • userid : Required for Basic and Form AuthenticationScheme
  • password : Required for Basic and Form AuthenticationScheme
    In case of Form AuthenticationScheme username and password are challenge parameters of AuthenticationScheme.
    For Basic AuthenticationScheme username and password are "userid" and "password"
  • certificate : Required for Certificate AuthenticationScheme. The value for this certificate key should be Base64 Encoded string which represent a valid X.509 certificate.
  • ip (Optional) : IP address, in dotted notation, of the client accessing the resource
  • operation (Optional) : Operation attempted on the resource. For HTTP resources, one of GET,POST,PUT,HEAD,DELETE, TRACE,OPTIONS,CONNECT,OTHER.
  • resource (Optional) : The requested resource identifier. For HTTP resources, the full URL.
  • targethost (Optional) : The host (host:port) to which resource request is sent.
    One or more of the optional parameters above may be required by certain authentication schemes, modules, or plugins as configured in the OAM server. Refer to your OAM server configuration and documentation to determine which parameters to supply.
location - IP address of the client as specified by the application.
Throws:
AccessException - In case of errors if sessionToken or resource object is null

UserSession

public UserSession(java.lang.String sessionToken,
                   boolean lazyload)
            throws AccessException
Constructs a UserSession object by calling the authenticate method
Parameters:
sessionToken - ASCII text string that is parsed to obtain the result of authentication
lazyload - if true, indicates that the session token is not to be loaded immediately. Relies on getUserIdentity(),getLocation(), getLevel(), getStartTime(), and getEndTime() functions to make calls if the session token information is invalid, and lazyload loads the token on demand.
Throws:
AccessException - In case of errors if sessionToken is null

UserSession

public UserSession(AccessClient aClient,
                   java.lang.String sessionToken,
                   boolean lazyload)
            throws AccessException
Constructs a UserSession object by calling the authenticate method using the specified AccessClient object.
Parameters:
aClient - AccessClient object to be used for perfoming operations.
sessionToken - ASCII text string that is parsed to obtain the result of authentication
lazyload - if true, indicates that the session token is not to be loaded immediately. Relies on getUserIdentity(),getLocation(), getLevel(), getStartTime(), and getEndTime() functions to make calls if the session token information is invalid, and lazyload loads the token on demand.
Throws:
AccessException - In case of errors if sessionToken is null

Method Detail

getStartTime

public int getStartTime()
                 throws AccessException
Returns time in seconds from Jan 1 1970 till authenticated user session was started. This value is used to determine when a session expires.
Returns:
Time in seconds from Jan 1 1970 till authenticated user session was started.
Throws:
AccessException - If failed to retrieve session information

getSessionToken

public java.lang.String getSessionToken()
                                 throws AccessException
Returns the saved, encrypted ASCII string representing the user session.
Returns:
String representing user session.
Throws:
AccessException - If ASDK is not initialized or fails to initialize.

getLastUseTime

public int getLastUseTime()
Returns the time in seconds from Jan 1 1970 till the most recent user request was authorized. This value is used to determine when an idle session expires.
Returns:
Time in seconds from Jan 1 1970 till the most recent user request was authorized.

getStatus

public int getStatus()
              throws AccessException
Provides integer value representing the current status of the session. The return value of this function can be checked against below constants exposed by this class.
Overrides:
getStatus in class BaseUserSession
Returns:
Status information of this user session.
Throws:
AccessException - In case if it fails to create user session.

logoff

public void logoff()
            throws AccessException
Logs off the authenticated user and terminates the session.
Throws:
AccessException - If error occurs during operation

clone

public java.lang.Object clone()
                       throws java.lang.CloneNotSupportedException
Used to clone UserSession Objects. When using this function care must be taken to use finalize() to clean up any unused old references
Overrides:
clone in class java.lang.Object
Throws:
java.lang.CloneNotSupportedException

getSessionIds

public static java.util.Set getSessionIds(java.lang.String userId)
                                   throws AccessException,
                                          OperationNotPermittedException
To get the SessionIds for the given LDAP userid.
Parameters:
userId - LDAP userid of the user whose session ids are to be retrieved
Returns:
Set list of sessionIds.
Throws:
AccessException - If userId is null
OperationNotPermittedException - Insufficient privileges to perform this operation.

getSessionIds

public static java.util.Set getSessionIds(AccessClient aClient,
                                          java.lang.String userId)
                                   throws AccessException,
                                          OperationNotPermittedException
To get the SessionIds of the given LDAP userid using the specified AccessClient object.
Parameters:
aClient - AccessClient object to be used for perfoming operations.
userId - LDAP userid of the user whose session ids are to be retrieved
Returns:
Set list of sessionIds.
Throws:
AccessException - If userId is null
OperationNotPermittedException - Insufficient privileges to perform this operation.

terminateSession

public static void terminateSession(java.lang.String sessionId)
                             throws AccessException,
                                    OperationNotPermittedException
To terminate the Session for the given sessionId
Parameters:
sessionId - id of session which needs to be terminated
Throws:
AccessException - If session id is null
OperationNotPermittedException - Insufficient privileges to perform this operation.

terminateSession

public static void terminateSession(AccessClient aClient,
                                    java.lang.String sessionId)
                             throws AccessException,
                                    OperationNotPermittedException
To terminate the Session of the given sessionId using the specified AccessClient object.
Parameters:
aClient - AccessClient object to be used for perfoming operations.
sessionId - id of session which needs to be terminated
Throws:
AccessException - If session id is null
OperationNotPermittedException - Insufficient privileges to perform this operation.

setSessionAttributes

public static boolean setSessionAttributes(java.lang.String sessionId,
                                           java.util.Hashtable sessionDetails)
                                    throws AccessException,
                                           OperationNotPermittedException
To update the details for the given sessionId
Parameters:
sessionId - id of session which needs to be updated with the new attributes
sessionDetails - Hashtable containing the attribute name(String) and the attribute value(String) to be updated in the session.
Returns:
Boolean true if operation is successful
Throws:
AccessException - If session id is null or session details are null
OperationNotPermittedException - Insufficient privileges to perform this operation.

setSessionAttributes

public static boolean setSessionAttributes(AccessClient aClient,
                                           java.lang.String sessionId,
                                           java.util.Hashtable sessionDetails)
                                    throws AccessException,
                                           OperationNotPermittedException
To update the details for the given sessionId using the specified AccessClient object.
Parameters:
aClient - AccessClient object to be used for perfoming operations.
sessionId - id of session which needs to be updated with the new attributes
sessionDetails - Hashtable containing the attribute name(String) and the attribute value(String) to be updated in the session, for example, attribute name is email-id.
Returns:
Boolean true if operation is successful
Throws:
AccessException - If session id is null or session details are null
OperationNotPermittedException - Insufficient privileges to perform this operation.

getSessionAttributes

public static java.util.Hashtable getSessionAttributes(java.lang.String sessionId)
                                                throws AccessException,
                                                       OperationNotPermittedException
To get the attributes for the given sessionId
Parameters:
sessionId - id of sessiodn whose attributes are required
Returns:
Hashtable containing the attribute names and attribute values of String type.
Throws:
AccessException - If session id is null
OperationNotPermittedException - Insufficient privileges to perform this operation.

getSessionAttributes

public static java.util.Hashtable getSessionAttributes(AccessClient aClient,
                                                       java.lang.String sessionId)
                                                throws AccessException,
                                                       OperationNotPermittedException
To get the attributes for the given sessionId using the specified AccessClient object.
Parameters:
aClient - AccessClient object to be used for perfoming operations.
sessionId - id of sessiodn whose attributes are required
Returns:
Hashtable containing the attribute names and attribute values of String type.
Throws:
AccessException - If session id is null
OperationNotPermittedException - Insufficient privileges to perform this operation.

getLevel

public int getLevel()
             throws AccessException
Returns authentication scheme level used to authenticate the user.
Overrides:
getLevel in class BaseUserSession
Returns:
Authentication scheme level
Throws:
AccessException - If failed to retreive session information.

getUserIdentity

public java.lang.String getUserIdentity()
                                 throws AccessException
Returns the DN of the user's profile entry in the user directory.
Overrides:
getUserIdentity in class BaseUserSession
Returns:
DN of the user's profile entry in the user directory.
Throws:
AccessException - If failed to retreive session information.

getLocation

public java.lang.String getLocation()
                             throws AccessException
Returns the IP address of the user's client
Overrides:
getLocation in class BaseUserSession
Returns:
IP address of the user's client
Throws:
AccessException - If error occurs during operation

Skip navigation links

Oracle Access Manager Access SDK Java API Reference
11g Release 1 (11.1.1)

E22472-01


Copyright © 2000,2011, Oracle® and/or its affiliates. All rights reserved.