com.hyperion.css
Class CSSAPIImpl

java.lang.Object
  extended bycom.hyperion.css.CSSAPIImpl
All Implemented Interfaces:
CSSAPIIF

public class CSSAPIImpl
extends java.lang.Object
implements CSSAPIIF

Since:
CSSv2.0
Author:
gkhanna

Field Summary
protected  javax.crypto.Cipher decryptionCipher
           
protected  javax.crypto.Cipher encryptionCipher
           
static java.lang.String INIT_METHOD
           
static java.lang.String INVALID_PRINCIPAL_KEY
           
protected  CSSMigrationAPIIF migrationAPIImpl
           
 
Fields inherited from interface com.hyperion.css.CSSAPIIF
ACCESS_TYPE_MANAGE, ACCESS_TYPE_VIEW, DELEGATEDMODE_SHOW_ALL, DIRECT_ROLE_ONLY, ENTITY_DEACTIVATE, ENTRY_TYPE_GROUP, ENTRY_TYPE_OTHER, ENTRY_TYPE_ROLE, ENTRY_TYPE_USER, ESCAPE_AUTH_FILTER, FORCE_DEPENDENCY_CHECK, HOST_INFO, HTTP_SERVLET_REQUEST, HUB_ADMINISTRATOR_IDENTITY, HUB_APP_NAME, HUB_APPLICATION_ID, HUB_PROJECT, HUB_PROJECT_NAME, IDENTITY_USER, IE_DELEGATED_MODE, KERBEROS_LOGIN_NAME, LOCALE, LOG_PREPEND_TEXT, LOGIN_NAME, OBJECT_ID, PASSWORD, PREFIX_TO_APP_LOGGER, PROVIDER_NAME, PROVIDER_REQUEST, PROVIDER_TYPE, PROVIDER_TYPE_CUSTOM, PROVIDER_TYPE_DATABASE, PROVIDER_TYPE_LDAP, PROVIDER_TYPE_MSAD, PROVIDER_TYPE_NATIVE, PROVIDER_TYPE_NTLM, PROVIDER_TYPE_SAP, PRP_CACHE_SCHEME_ABORTCACHING, PRP_CACHE_SCHEME_CACHE_PATH, PRP_CACHE_SCHEME_LOCK_PORT, PRP_NATIVE_PROVIDER_TRANSPORT_COMPRESSION, PRP_NATIVE_PROVIDER_TRANSPORT_ENABLE, QUERY_LIMIT, RETURN_HIERARCHY, ROLE_ADMINISTRATOR_IDENTITY, ROLE_ANALYTIC_SERVICES_APPLICATION_CREATOR_IDENTITY, ROLE_APPLICATION_CREATOR_IDENTITY, ROLE_CALCULATION_MANAGER_ADMINISTRATOR_IDENTITY, ROLE_CREATE_INTEGRATIONS_IDENTITY, ROLE_DIMENSION_EDITOR_IDENTITY, ROLE_DIRECTORY_MANAGER_IDENTITY, ROLE_FINANCIAL_MANAGEMENT_APPLICATION_CREATOR_IDENTITY, ROLE_FINANCIAL_MANAGEMENT_CALCULATION_MANAGER_ADMINISTRATOR_IDENTITY, ROLE_LCM_ADMINISTRATOR_IDENTITY, ROLE_MANAGE_MODELS_UNIQUE_ID, ROLE_PLANNING_APPLICATION_CREATOR_IDENTITY, ROLE_PLANNING_CALCULATION_MANAGER_ADMINISTRATOR_IDENTITY, ROLE_PROFITABILITY_APPLICATION_CREATOR_IDENTITY, ROLE_PROJECT_MANAGER_IDENTITY, ROLE_PROVISIONING_MANAGER_IDENTITY, ROLE_RUN_INTEGRATIONS_IDENTITY, SAP_TICKET, SECURITY_AGENT_LOGIN_NAME, SPECIFY_ALL, SPECIFY_CONTAINER, SPECIFY_NONE, STATUS, THROW_COMMUNICATION_EXCEPTION, TOKEN, USE_LOCAL_HUB, VALIDATE_ROLE, WORLD_GROUP_DESCRIPTION, WORLD_GROUP_IDENTITY, WORLD_GROUP_NAME
 
Constructor Summary
CSSAPIImpl()
          Deprecated.  
CSSAPIImpl(com.hyperion.css.spi.CSSManager cssManager)
          Constructor for CSSAPIImpl.
 
Method Summary
protected  void addToken(java.util.Map context, CSSUserIF user, java.lang.String password)
           
 CSSUserIF authenticate(java.util.Map context)
          Authenticate method
 CSSUserIF authenticate(java.util.Map context, java.lang.String username, java.lang.String password)
          Authenticates the specified username against the specified password with the providers configured in the security system.
 CSSUserIF authenticateProxyUser(java.util.Map context, java.lang.String username, java.lang.String trustedServiceKey)
          Authenticates the specified username using proxy, after validating the trusted service key.
protected  CSSUserIF authenticateSapTicket(java.util.Map context)
           
 CSSUserIF authenticateSapTicket(java.util.Map context, java.lang.String ticket)
          Authenticates the specified sap ticket against the providers configured in the security system.
protected  CSSUserIF authenticateSecurityAgent(java.util.Map context)
           
 CSSUserIF authenticateSecurityAgent(java.util.Map context, javax.servlet.http.HttpServletRequest request)
          Authenticates by parsing the username and password if available from the specified HTTP Servlet Request.
protected  CSSUserIF authenticateToken(java.util.Map context)
           
 CSSUserIF authenticateToken(java.util.Map context, java.lang.String token)
          Authenticates the specified sso_token against the providers configured in the security system.
 CSSUserIF authenticateUserFromSecurityAgent(java.util.Map context, java.lang.String username, java.lang.String trustedServiceKey)
          Authenticates the specified username , after validating the trusted service key.
protected static com.hyperion.css.spi.CSSManager getCSSManager()
           
 CSSDirectoryManagementAPIIF getDirectoryManagementAPI(java.util.Map context)
          Returns an interface to CRUD of Hyperion Shared Services User Directory.
 CSSGroupIF getGroupByIdentity(java.util.Map context, CSSPrincipalIF principal, java.lang.String identity)
          Get a group based on the identity of the group.
 CSSGroupIF getGroupByIdentity(java.util.Map context, java.lang.String identity)
           
 CSSGroupIF[] getGroups(java.util.Map context, CSSPrincipalIF principal, GroupSearchFilter groupSrchFilter)
          Get a group specified by group search filter passed in The group search filter contains group filter attributes and values like, GROUPNAME, DESCRIPTION.
 CSSGroupIF[] getGroups(java.util.Map context, CSSPrincipalIF principal, java.lang.String groupname)
          Get a group based on the name.
 CSSGroupIF[] getGroups(java.util.Map context, java.lang.String groupName)
           
 CSSGroupIF[] getGroupsByIdentities(java.util.Map context, java.lang.String[] identities)
          Return an Array for a CSSGroupIF objects for an array of group identities.
 java.lang.String[] getHeaderNamesFromSecurityAgent(java.util.Map context)
          This method returns the HTTP headers that would carry the login name of the user.
static java.lang.String getHubLocation()
           
 CSSMigrationAPIIF getMigrationAPI(java.util.Map context)
           Provides handle to the Migration Interface.
static com.hyperion.css.spi.impl.nv.NativeProvider getNativeProvider()
           
static java.util.List getProvider(java.lang.String providerType)
           
protected  java.util.List getProviderByName(java.lang.String providerName)
           
 java.util.Map getProviderMap(java.util.Map context)
          Gets the names and types of the providers that are registered with the security platform.
 java.lang.String[] getProviderNames(java.util.Map context)
           
 java.lang.String getSAPLoginTicketFromToken(java.util.Map context, java.lang.String cSSToken)
           
 CSSUserIF getUserByEmail(java.util.Map context, CSSPrincipalIF principal, java.lang.String email)
          Get a user based on an email match.
 CSSUserIF getUserByEmail(java.util.Map context, java.lang.String email)
           
 CSSUserIF getUserByIdentity(java.util.Map context, CSSPrincipalIF principal, java.lang.String identity)
          Get a user based on the identity of the user.
 CSSUserIF getUserByIdentity(java.util.Map context, java.lang.String identity)
           
 CSSUserProvisioningAPIIF getUserProvisioningAPI(java.util.Map context)
          Returns the User and Group Provisioning Interface.
 CSSUserIF[] getUsers(java.util.Map context, CSSPrincipalIF principal, java.lang.String username)
          Gets the user specified by userName.
 CSSUserIF[] getUsers(java.util.Map context, CSSPrincipalIF principal, java.lang.String userName, java.lang.String firstName, java.lang.String lastName)
          Get a user based on a user name , firstName and lastName match.
 CSSUserIF[] getUsers(java.util.Map context, CSSPrincipalIF principal, UserSearchFilter userSrchFilter)
          Gets the user specified by user search filter passed in The user search filter contains user filter attributes and values like, USERNAME,FIRSTNAME,LASTNAME,EMAIL,DESCRIPTION (Also ACTIVE, INACTIVE and ALL for native) Etc.
 CSSUserIF[] getUsers(java.util.Map context, java.lang.String username)
           
 CSSUserIF[] getUsers(java.util.Map context, java.lang.String userName, java.lang.String firstName, java.lang.String lastName)
           
 CSSUserIF[] getUsersByName(java.util.Map context, CSSPrincipalIF principal, java.lang.String firstName, java.lang.String lastName)
          Get a user based on a firstName and lastName match.
 CSSUserIF[] getUsersByName(java.util.Map context, java.lang.String firstName, java.lang.String lastName)
           
 void initialize(java.util.Map context, CSSApplicationIF appCallback)
          Initializes the security platform by specifying the callback into the application.
static boolean isDelegatedModeON()
           
 boolean isNativeProviderActive(java.util.Map context)
           Return the status of the Native Provider after CSS has intialized.
 boolean isSecurityAgentProtected(java.util.Map context)
          This method is invoked to determine if the access to a resource might be protected by a Security Agent.
 boolean isValidCSSToken(java.util.Map context, java.lang.String token)
          Determines if the token is valid.
 CSSLoginUserIF login(java.util.Map context, java.lang.String applicationId, boolean indirect)
          Convenience API to authenticate the user and get the groups and roles list of the user for the specified application id.
 CSSLoginUserIF login(java.util.Map context, java.lang.String username, java.lang.String password, java.lang.String[] applicationIds)
          Authenticates the specified username against the specified password with the providers configured in the security system.
 CSSLoginUserIF loginSapTicket(java.util.Map context, java.lang.String sapTicket, java.lang.String[] applicationIds)
          Authenticates the specified sap ticket against the providers configured in the security system.
 CSSLoginUserIF loginSecurityAgent(java.util.Map context, javax.servlet.http.HttpServletRequest request, java.lang.String[] applicationIds)
          Authenticates by parsing the username and password if available from the specified HTTP Servlet Request.
 CSSLoginUserIF loginToken(java.util.Map context, java.lang.String token, java.lang.String[] applicationIds)
          Authenticates the specified sso_token against the providers configured in the security system.
 java.lang.String restoreToken(java.util.Map context, java.lang.String token)
           
protected  CSSUserIF returnAuthenticatedUser(CSSUserIF user, java.util.Map context)
           
protected  void storeTicket(java.lang.String key, java.lang.String ticket)
          Write the ticket into the store.
protected  void throwAuthException(java.util.Map context, java.lang.String username)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

INIT_METHOD

public static java.lang.String INIT_METHOD

encryptionCipher

protected javax.crypto.Cipher encryptionCipher

decryptionCipher

protected javax.crypto.Cipher decryptionCipher

migrationAPIImpl

protected CSSMigrationAPIIF migrationAPIImpl

INVALID_PRINCIPAL_KEY

public static final java.lang.String INVALID_PRINCIPAL_KEY
See Also:
Constant Field Values
Constructor Detail

CSSAPIImpl

public CSSAPIImpl()
Deprecated.  

Constructor for CSSAPIImpl.


CSSAPIImpl

public CSSAPIImpl(com.hyperion.css.spi.CSSManager cssManager)
Constructor for CSSAPIImpl.

Method Detail

authenticate

public CSSUserIF authenticate(java.util.Map context,
                              java.lang.String username,
                              java.lang.String password)
                       throws CSSException
Description copied from interface: CSSAPIIF
Authenticates the specified username against the specified password with the providers configured in the security system.

The context can specify the following:

  1. Host info
  2. locale

These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

The host info (ip-address/hostname) is required for auditing purposes.

Specified by:
authenticate in interface CSSAPIIF
Parameters:
context - - Map structure holding key-value information about locale, host info
username - - name of the user to be authenticated.
password - - password for the user to be authenticated.
Returns:
CSSUserIF - this contains the token string that can be used to single-sign-on.
Throws:
CSSException - - one of the following exception will be thrown.
  • CSSNoProviderException - if no provider exists with the name specified.
  • CSSIllegalArgumentException - if there is an argument that is inappropriate.
  • CSSAuthenticationException - If there was a match for the user but the credentials were incorrect.
  • CSSConfigurationException - if the configuration specified is not valid.
  • CSSPasswordExpiryWarning - if the users password is expiring in a few days (Native User only).
  • CSSPasswordExpiredException - if the users password has expired (Native User only).
  • CSSException - if there was any other abnormality.

  • authenticateSecurityAgent

    public CSSUserIF authenticateSecurityAgent(java.util.Map context,
                                               javax.servlet.http.HttpServletRequest request)
                                        throws CSSException
    Description copied from interface: CSSAPIIF
    Authenticates by parsing the username and password if available from the specified HTTP Servlet Request. If password is not present the providers will be treated as trusted and will check only for the validity of the username derived from the HTTP request..

    The context can specify the following:

    1. Host info
    2. locale

    These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

    The host info (ip-address/hostname) is required for auditing purposes.

    Specified by:
    authenticateSecurityAgent in interface CSSAPIIF
    Parameters:
    context - - Map structure holding key-value information about locale, host info
    request - - The HTTP Servlet Request containing information about the username and password.
    Returns:
    CSSUserIF - this contains the token string that can be used to single-sign-on.
    Throws:
    CSSException - - one of the following exception will be thrown.
  • CSSNoProviderException - if no provider exists with the name specified.
  • CSSIllegalArgumentException - if there is an argument that is inappropriate.
  • CSSAuthenticationException - If there was a match for the user but the credentials were incorrect.
  • CSSConfigurationException - if the configuration specified is not valid.
  • CSSPasswordExpiryWarning - if the users password is expiring in a few days (Native User only).
  • CSSPasswordExpiredException - if the users password has expired (Native User only).
  • CSSException - if there was any other abnormality.

  • authenticate

    public CSSUserIF authenticate(java.util.Map context)
                           throws CSSException
    Authenticate method

    Specified by:
    authenticate in interface CSSAPIIF
    Parameters:
    context - - Map structure holding key-value information about login name, password, token, and locale.
    Returns:
    CSSUserIF - this contains the token string that can be used to single-sign-on.
    Throws:
    CSSException - - if there was any other abnormality.
    See Also:
    CSSUserIF

    returnAuthenticatedUser

    protected CSSUserIF returnAuthenticatedUser(CSSUserIF user,
                                                java.util.Map context)

    authenticateSapTicket

    protected CSSUserIF authenticateSapTicket(java.util.Map context)
                                       throws CSSException
    Throws:
    CSSException

    authenticateSapTicket

    public CSSUserIF authenticateSapTicket(java.util.Map context,
                                           java.lang.String ticket)
                                    throws CSSException
    Description copied from interface: CSSAPIIF
    Authenticates the specified sap ticket against the providers configured in the security system.

    The context can specify the following:

    1. Host info
    2. locale

    These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

    The host info (ip-address/hostname) is required for auditing purposes.

    Specified by:
    authenticateSapTicket in interface CSSAPIIF
    Parameters:
    context - - Map structure holding key-value information about locale, host info
    ticket - - SAP ticket that will be used for authentication.
    Returns:
    CSSUserIF - this contains the token string that can be used to single-sign-on.
    Throws:
    CSSException - - one of the following exception will be thrown.
  • CSSNoProviderException - if no provider exists with the name specified.
  • CSSIllegalArgumentException - if there is an argument that is inappropriate.
  • CSSAuthenticationException - If there was a match for the user but the credentials were incorrect.
  • CSSConfigurationException - if the configuration specified is not valid.
  • CSSException - if there was any other abnormality.

  • authenticateToken

    protected CSSUserIF authenticateToken(java.util.Map context)
                                   throws CSSException
    Throws:
    CSSException

    authenticateToken

    public CSSUserIF authenticateToken(java.util.Map context,
                                       java.lang.String token)
                                throws CSSException
    Description copied from interface: CSSAPIIF
    Authenticates the specified sso_token against the providers configured in the security system.

    The context can specify the following:

    1. Host info
    2. locale

    These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

    The host info (ip-address/hostname) is required for auditing purposes.

    Specified by:
    authenticateToken in interface CSSAPIIF
    Parameters:
    context - - Map structure holding key-value information about locale, host info
    token - - CSS token to be used for authentication
    Returns:
    CSSUserIF - this contains the token string that can be used to single-sign-on.
    Throws:
    CSSException - - one of the following exception will be thrown.
  • CSSNoProviderException - if no provider exists with the name specified.
  • CSSIllegalArgumentException - if there is an argument that is inappropriate.
  • CSSAuthenticationException - If there was a match for the user but the credentials were incorrect.
  • CSSTokenNotAcceptedException - if the token was not based on a provider for this application.
  • CSSTokenNotAvailableException - if the token could not be contructed.
  • CSSInvalidIdentityException - if the identity encapsulated in the token was invalid.
  • CSSConfigurationException - if the configuration specified is not valid.
  • CSSPasswordExpiryWarning - if the users password is expiring in a few days (Native User only).
  • CSSPasswordExpiredException - if the users password has expired (Native User only).
  • CSSException - if there was any other abnormality.

  • authenticateSecurityAgent

    protected CSSUserIF authenticateSecurityAgent(java.util.Map context)
                                           throws CSSException
    Throws:
    CSSException

    authenticateUserFromSecurityAgent

    public CSSUserIF authenticateUserFromSecurityAgent(java.util.Map context,
                                                       java.lang.String username,
                                                       java.lang.String trustedServiceKey)
                                                throws CSSException
    Description copied from interface: CSSAPIIF
    Authenticates the specified username , after validating the trusted service key. This key is known only to trusted services and is required for successful authentication of the user. Note that this user should belong to a trusted provider.

    The context can specify the following:

    1. Host info
    2. locale

    These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

    The host info (ip-address/hostname) is required for auditing purposes.

    Specified by:
    authenticateUserFromSecurityAgent in interface CSSAPIIF
    Parameters:
    context - - Map structure holding key-value information about locale, host info
    username - - name of the user to be authenticated.
    trustedServiceKey - - value of the trusted services key.
    Returns:
    CSSUserIF - this contains the token string that can be used to single-sign-on.
    Throws:
    CSSException - - one of the following exception will be thrown.
  • CSSNoProviderException - if no provider exists with the name specified.
  • CSSIllegalArgumentException - if there is an argument that is inappropriate.
  • CSSAuthorizationException - If specified trusted services key is incorrect.
  • CSSAuthenticationException - If there was no match for the user.
  • CSSConfigurationException - if the configuration specified is not valid.
  • CSSException - if there was any other abnormality.

  • authenticateProxyUser

    public CSSUserIF authenticateProxyUser(java.util.Map context,
                                           java.lang.String username,
                                           java.lang.String trustedServiceKey)
                                    throws CSSException
    Authenticates the specified username using proxy, after validating the trusted service key. This key is known only to trusted services and is required for successful authentication of the user. Note that this user should belong to a trusted provider.

    The context can specify the following:

    1. Host info
    2. locale

    These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

    The host info (ip-address/hostname) is required for auditing purposes.

    Note: If a SAP user name is specified the CSS token generated will not contain any SAP ticket. In other words this token cannot be used to Single Sign On into any SAP application.

    Specified by:
    authenticateProxyUser in interface CSSAPIIF
    Parameters:
    context - - Map structure holding key-value information about locale, host info
    username - - name of the user to be authenticated.
    trustedServiceKey - - value of the trusted services key.
    Returns:
    CSSUserIF - this contains the token string that can be used to single-sign-on.
    Throws:
    CSSException - - one of the following exception will be thrown.
  • CSSNoProviderException - if no provider exists with the name specified.
  • CSSIllegalArgumentException - if there is an argument that is inappropriate.
  • CSSAuthorizationException - If specified trusted services key is incorrect.
  • CSSAuthenticationException - If there was no match for the user.
  • CSSConfigurationException - if the configuration specified is not valid.
  • CSSException - if there was any other abnormality.

  • throwAuthException

    protected void throwAuthException(java.util.Map context,
                                      java.lang.String username)
                               throws CSSException
    Throws:
    CSSException

    addToken

    protected void addToken(java.util.Map context,
                            CSSUserIF user,
                            java.lang.String password)
                     throws CSSException
    Throws:
    CSSException

    getProviderByName

    protected java.util.List getProviderByName(java.lang.String providerName)
                                        throws CSSException
    Throws:
    CSSException

    getSAPLoginTicketFromToken

    public java.lang.String getSAPLoginTicketFromToken(java.util.Map context,
                                                       java.lang.String cSSToken)
                                                throws CSSTokenNotAcceptedException,
                                                       CSSIllegalArgumentException
    Throws:
    CSSTokenNotAcceptedException
    CSSIllegalArgumentException

    restoreToken

    public java.lang.String restoreToken(java.util.Map context,
                                         java.lang.String token)
                                  throws CSSException
    Throws:
    CSSException

    isValidCSSToken

    public boolean isValidCSSToken(java.util.Map context,
                                   java.lang.String token)
                            throws CSSIllegalArgumentException,
                                   CSSException
    Description copied from interface: CSSAPIIF

    Determines if the token is valid.

    The context can specify the following:

    1. provider request - the provider to use. If this property is specified then token is also validated for this provider. This implies that the token in order to be valid should have this provider as the "server of reference".
    2. Locale

    These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

    Specified by:
    isValidCSSToken in interface CSSAPIIF
    Parameters:
    context - Map structure holding provider and/or locale information.
    token - Encrypted string that holds information for a user.
    Returns:
    boolean - true if it is valid. False otherwise.
    Throws:
    CSSIllegalArgumentException - - if there is an argument that is inappropriate.
    CSSException - - if there was any other abnormality.
    See Also:
    CSSAPIIF.isValidCSSToken(Map, String)

    getProviderNames

    public java.lang.String[] getProviderNames(java.util.Map context)
                                        throws CSSIllegalArgumentException
    Specified by:
    getProviderNames in interface CSSAPIIF
    Throws:
    CSSIllegalArgumentException
    See Also:
    CSSAPIIF.getProviderNames(Map)

    isSecurityAgentProtected

    public boolean isSecurityAgentProtected(java.util.Map context)
                                     throws CSSIllegalArgumentException
    Description copied from interface: CSSAPIIF

    This method is invoked to determine if the access to a resource might be protected by a Security Agent.

    The Security Agent could be Netegrity Siteminder. If this method returns true then the caller should attempt to locate the appropriate header; for instance, for Netegrity: CSSAPIIF.SECURITY_AGENT_LOGIN_NAME; in the HTTP headers. If the header exists then the value for that should be passed into the (@link #authenticate(Map)} method.

    The context can specify the following:

    1. locale

    These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

    Specified by:
    isSecurityAgentProtected in interface CSSAPIIF
    Parameters:
    context - Map structure holding locale information.
    Returns:
    boolean - true if the configuration specifies a Security Agent is used to protect the resources.
    Throws:
    CSSIllegalArgumentException - - if there is an argument that is inappropriate.

    getHeaderNamesFromSecurityAgent

    public java.lang.String[] getHeaderNamesFromSecurityAgent(java.util.Map context)
                                                       throws CSSIllegalArgumentException
    Description copied from interface: CSSAPIIF

    This method returns the HTTP headers that would carry the login name of the user.

    The header names are populated by the Security Agent. The Security Agent could be Netegrity SiteMinder.

    The array returned could be of length > 0. If that is the case then the calling application needs to compare the headers from the HTTP REQUEST with the names from this array one by one starting from index 0. This comparison should be case insensitive.

    There could be more than one header because different application/web servers map headers to different names. For instance, some might prepend HTTP to the header name.

    It is the reponsibility of the product team to invoke this method and use the header names returned by it to retrieve the login name from the HTTP REQUEST.

    The context can specify the following:

    1. locale

    These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

    Specified by:
    getHeaderNamesFromSecurityAgent in interface CSSAPIIF
    Parameters:
    context - Map structure holding locale information.
    Returns:
    String[] - the header names that are used to specify the login name. This is empty if there is no match.
    Throws:
    CSSIllegalArgumentException - - if there is an argument that is inappropriate.
    See Also:
    CSSAPIIF.getHeaderNamesFromSecurityAgent(Map)

    getUserProvisioningAPI

    public CSSUserProvisioningAPIIF getUserProvisioningAPI(java.util.Map context)
    Description copied from interface: CSSAPIIF

    Returns the User and Group Provisioning Interface.

    Some of the functionality provided by the interface is as follows:

    1. Provisioning user and groups
    2. Delegated Administration
    3. Access Control

    Specified by:
    getUserProvisioningAPI in interface CSSAPIIF
    Parameters:
    context - - Map structure holding locale information.
    Returns:
    CSSUserProvisioningAPIIF

    getProviderMap

    public java.util.Map getProviderMap(java.util.Map context)
                                 throws CSSIllegalArgumentException
    Description copied from interface: CSSAPIIF

    Gets the names and types of the providers that are registered with the security platform.

    The context can specify the following:

    1. locale

    These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

    The keys of the returned Map instance hold the provider type names, one for each type. The value associated with each type key is an ArrayList that contains a list of provider names as Strings.

    Specified by:
    getProviderMap in interface CSSAPIIF
    Parameters:
    context - Map structure holding locale information.
    Returns:
    A Map of provider types where each type is a collection of provider names. If there are no providers an empty Map is returned, null is never returned. If there are no providers for a given type the type will not appear in the Map. Modification by reference of the CSS type map is not allowed so a new deep clone is returned with each call.
    Throws:
    CSSIllegalArgumentException - - if there is an argument that is inappropriate.
    See Also:
    CSSAPIIF.getProviderMap(java.util.Map)

    getDirectoryManagementAPI

    public CSSDirectoryManagementAPIIF getDirectoryManagementAPI(java.util.Map context)
    Description copied from interface: CSSAPIIF

    Returns an interface to CRUD of Hyperion Shared Services User Directory.

    Some of the functionality provided by the interface is as follows:

    1. Native user and group creation and management.
    2. Roles Creation and Management

    Specified by:
    getDirectoryManagementAPI in interface CSSAPIIF
    Parameters:
    context - - Map structure holding locale information.
    Returns:
    CSSDirectoryManagementAPIIF

    getNativeProvider

    public static com.hyperion.css.spi.impl.nv.NativeProvider getNativeProvider()

    getProvider

    public static java.util.List getProvider(java.lang.String providerType)

    isNativeProviderActive

    public boolean isNativeProviderActive(java.util.Map context)
    Description copied from interface: CSSAPIIF

    Return the status of the Native Provider after CSS has intialized.

    A true will be returned if the Native Directory (open LDAP) is active for connections.

    Specified by:
    isNativeProviderActive in interface CSSAPIIF
    Parameters:
    context - = Map structure holding locale information.
    Returns:
    boolean - true if active, false otherwise

    getCSSManager

    protected static com.hyperion.css.spi.CSSManager getCSSManager()

    getMigrationAPI

    public CSSMigrationAPIIF getMigrationAPI(java.util.Map context)
    Description copied from interface: CSSAPIIF

    Provides handle to the Migration Interface.

    The migration interface provides functionality like:

    1. Checking to see if a migration is required.
    2. Validating CSS identities for the status(UPDATED, DELETED, AMBIGOUOUS, IGNORED, DELETED) against external providers.

    Specified by:
    getMigrationAPI in interface CSSAPIIF
    Parameters:
    context - - Map structure holding locale information.
    Returns:
    CSSMigrationAPIIF

    login

    public CSSLoginUserIF login(java.util.Map context,
                                java.lang.String applicationId,
                                boolean indirect)
                         throws CSSNoProviderException,
                                CSSTokenNotAvailableException,
                                CSSIllegalArgumentException,
                                CSSAuthenticationException,
                                CSSAuthorizationException,
                                CSSTokenNotAcceptedException,
                                CSSInvalidIdentityException,
                                com.hyperion.css.common.configuration.CSSConfigurationException,
                                CSSCommunicationException,
                                CSSException
    Description copied from interface: CSSAPIIF

    Convenience API to authenticate the user and get the groups and roles list of the user for the specified application id.

    The login API would perform the following CSS API calls

  • CSSAPIIF.authenticate(Map)
  • CSSUserIF.getGroupsList(com.hyperion.css.common.CSSPrincipalIF, String, boolean)getGroups
  • CSSUserIF.getRolesList(com.hyperion.css.common.CSSPrincipalIF, String, boolean)

    The CSSUserIF returned by this API will have the groups list and roles list pre-populated.

    Specified by:
    login in interface CSSAPIIF
    Parameters:
    context - - Map structure holding key-value information about login name, password, token, locale and hostinfo.
    applicationId - - the application id to which the user is logging in to.
    indirect - - boolean value for whether to return direct group user belongs to or return all the groups in hierarchy.
    Returns:
    CSSLoginUserIF - this contains user object(CSSUserIF) and groups and roles lists belong to the user.
    Throws:
    CSSAuthenticationException - - If there was a match for the user but the credentials were incorrect.
    CSSInvalidIdentityException - - if the identity encapsulated in the token was invalid.
    CSSTokenNotAcceptedException - - if the token was not based on a provider for this application.
    CSSIllegalArgumentException - - if there is an argument that is inappropriate.
    com.hyperion.css.common.configuration.CSSConfigurationException - - if the configuration specified is not valid.
    CSSAuthorizationException - - if the principal is not the provisioning manager of the destination application
    CSSException - - if there was any other abnormality.
    CSSNoProviderException - - if no provider exists with the name specified.
    CSSTokenNotAvailableException - - if the token could not be constructed.
    CSSCommunicationException
    See Also:
    CSSUserIF

  • getGroupByIdentity

    public CSSGroupIF getGroupByIdentity(java.util.Map context,
                                         CSSPrincipalIF principal,
                                         java.lang.String identity)
                                  throws CSSNoProviderException,
                                         CSSInvalidIdentityException,
                                         CSSInvalidGroupException,
                                         com.hyperion.css.common.configuration.CSSConfigurationException,
                                         CSSCommunicationException,
                                         CSSAuthorizationException,
                                         CSSException
    Description copied from interface: CSSAPIIF

    Get a group based on the identity of the group. The identity is stored by the application and is generated by the security platform.

    The context can specify the following:

    1. locale

    These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

    Also, reserved characters for different directory servers are not directly supported.The caller needs to escape them in the appropriate way for the underlying directory store.

    Specified by:
    getGroupByIdentity in interface CSSAPIIF
    Parameters:
    context - Map structure holding locale information.
    principal - CSSPrincipal identifying the user requesting information. Cannot be null.
    identity - String returned from the group object that uniquely identifies one group on a provider.
    Returns:
    CSSGroupIF
    Throws:
    CSSInvalidIdentityException - - if the identity is invalid.
    CSSException - - if there was any other abnormality.
    CSSInvalidGroupException - - if the group specified by the identity does not exist. The group might have been deleted.
    CSSNoProviderException - - if no provider exists with the name specified.
    com.hyperion.css.common.configuration.CSSConfigurationException - - if the configuration specified is not valid.
    CSSCommunicationException
    CSSAuthorizationException
    See Also:
    CSSAPIIF.getGroupByIdentity(Map, CSSPrincipalIF, String)

    getGroups

    public CSSGroupIF[] getGroups(java.util.Map context,
                                  CSSPrincipalIF principal,
                                  java.lang.String groupname)
                           throws CSSIllegalArgumentException,
                                  com.hyperion.css.common.configuration.CSSConfigurationException,
                                  CSSCommunicationException,
                                  CSSException
    Description copied from interface: CSSAPIIF

    Get a group based on the name. The name could be mapped to a particular attribute in a directory through the configuration. The search for groups based on *name* should be based on getting all groups who have name as a part of the value of the attribute specified. For instance: the search is on "*name*".
    However, the NTLM provider does not support * as a prefix to the name.

    Passing in null as the groupName is equivalent to the * wildcard character.

    The method can be called with the wildcard * for groupName to get all the groups from the first provider in the search order. In this case it would go by the search order.

    To get all groups from a particular provider, specify "*@providerName"

    .

    This follows the "groupName@providerName" syntax. You can also have wildcards such as "GA*@providerName" for the groupName parameter.

    The context can specify the following:

    1. locale

    These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

    The entryName@ProviderName syntax is supported by this method. This is used in the name parameter.

    Also, reserved characters for different directory servers are not directly supported.The caller needs to escape them in the appropriate way for the underlying directory store.

    Only the groups matching the filter AND are authorized for view by the specified principal will be returned. An empty array will be returned if there are no groups matching the filter OR principal is not authorized to view them.

    Specified by:
    getGroups in interface CSSAPIIF
    Parameters:
    context - Map structure holding locale information.
    principal - CSSPrincipal identifying the user requesting information. Cannot be null.
    groupname - Name of the group.
    Returns:
    CSSGroupIF[] - empty if there is no match
    Throws:
    CSSCommunicationException - - if provider is specified with the name of the group viz. in the groupName argument but is not reachable. For instance: "groupName@providerName". If this provider cannot be contacted then the exception is thrown.
    com.hyperion.css.common.configuration.CSSConfigurationException - - if the configuration specified is not valid.
    CSSIllegalArgumentException - - if there is an argument that is inappropriate.
    CSSException - - if there was any other abnormality.
    See Also:
    CSSAPIIF.getGroups(Map, CSSPrincipalIF, String)

    getGroups

    public CSSGroupIF[] getGroups(java.util.Map context,
                                  CSSPrincipalIF principal,
                                  GroupSearchFilter groupSrchFilter)
                           throws CSSCommunicationException,
                                  CSSException
    Description copied from interface: CSSAPIIF

    Get a group specified by group search filter passed in The group search filter contains group filter attributes and values like, GROUPNAME, DESCRIPTION. The name could be mapped to a particular attribute in a directory through the Configuration. The search for groups based on *name* should be based on getting all groups who have name as a part of the value of the attribute specified.

    The attribute could contain a wildcard such as "*". This implies that all the groups in the directory need to be returned.The query can be based on any one of the above attributes.

    Specified by:
    getGroups in interface CSSAPIIF
    Parameters:
    context - Map structure holding key-value information about locale.
    principal - - identity of the caller. Can not be null.
    groupSrchFilter - - contains the group filter attributes and values.
    Returns:
    CSSGroupIF[] - empty if there is no match.Returns null incase groupSrchFilter is null.
    Throws:
    CSSCommunicationException - - The provider could not connect to the directory.
    CSSException - - Any other abnormality.

    getUserByEmail

    public CSSUserIF getUserByEmail(java.util.Map context,
                                    CSSPrincipalIF principal,
                                    java.lang.String email)
                             throws CSSIllegalArgumentException,
                                    CSSAuthorizationException,
                                    com.hyperion.css.common.configuration.CSSConfigurationException,
                                    CSSCommunicationException,
                                    CSSException
    Description copied from interface: CSSAPIIF

    Get a user based on an email match. The email could be mapped to a particular attribute in a directory through the configuration. The search for users based on email should be absolute.

    The context can specify the following:

    1. locale

    These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

    This method is not supported by the NTLM provider.

    Wildcards should not be used in the arguments of this method. No guarantee is made for the behavior of this method if wildcards are part of the arguments.

    Also, reserved characters for different directory servers are not directly supported.The caller needs to escape them in the appropriate way for the underlying directory store.

    Specified by:
    getUserByEmail in interface CSSAPIIF
    Parameters:
    context - Map structure holding key-value information about locale.
    principal - CSSPrincipal identifying the user requesting information. Cannot be null.
    email - The complete e-mail address string for the user.
    Returns:
    CSSUserIF
    Throws:
    CSSException - - if there was any other abnormality.
    com.hyperion.css.common.configuration.CSSConfigurationException - - if the configuration specified is not valid.
    CSSIllegalArgumentException - - if there is an argument that is inappropriate.
    CSSAuthorizationException
    CSSCommunicationException

    getUsers

    public CSSUserIF[] getUsers(java.util.Map context,
                                CSSPrincipalIF principal,
                                java.lang.String username)
                         throws CSSIllegalArgumentException,
                                com.hyperion.css.common.configuration.CSSConfigurationException,
                                CSSCommunicationException,
                                CSSException
    Description copied from interface: CSSAPIIF

    Gets the user specified by userName. The userName could be mapped to a particular attribute in a directory through the Configuration. The search for users based on *userName* should be based on getting all users who have userName as a part of the value of the attribute specified.

    The userName could contain a wildcard such as "*". This implies that all the matching users in the directory need to be returned. However, the NTLM provider does not support * as a prefix to the userName.

    Passing null as the userName parameter is not accepted and does not return all the users. You can use wildcards such as '*' for the userName parameter. In this case, users are returned in the order of directories that are specified by the search order.

    You can retreive all users on a provider by specifying "*@providerName"

    Passing a groupName to this call is not supported and no guarantees are made on the validity of the results.

    The context can specify the following:

    1. locale

    These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

    The entryName@ProviderName syntax is supported by this method as a part of the user name.

    Also, reserved characters for different directory servers are not directly supported.The caller needs to escape them in the appropriate way for the underlying directory store.

    Only the users matching the filter AND are authorized for view by the specified principal will be returned. An empty array will be returned if there are no users matching the filter OR principal is not authorized to view them.

    Specified by:
    getUsers in interface CSSAPIIF
    Parameters:
    context - - Map structure holding key-value information about locale.
    principal - CSSPrincipal identifying the user requesting information. Cannot be null.
    username - String argument representing the user login name.
    Returns:
    CSSUserIF[] - Returns an empty array if there are no matches.
    Throws:
    com.hyperion.css.common.configuration.CSSConfigurationException - - if the configuration specified is not valid.
    CSSException - - if there was any other abnormality.
    CSSIllegalArgumentException - - if there is an argument that is inappropriate.
    CSSCommunicationException - - if provider is specified with the name of the user viz. in the userName argument but is not reachable. For instance: "userName@providerName". If this provider cannot be contacted then the exception is thrown.

    getUsers

    public CSSUserIF[] getUsers(java.util.Map context,
                                CSSPrincipalIF principal,
                                UserSearchFilter userSrchFilter)
                         throws CSSCommunicationException,
                                CSSException
    Description copied from interface: CSSAPIIF

    Gets the user specified by user search filter passed in The user search filter contains user filter attributes and values like, USERNAME,FIRSTNAME,LASTNAME,EMAIL,DESCRIPTION (Also ACTIVE, INACTIVE and ALL for native) Etc. This supports wild card search. Eg. The search for users based on *userName* should return all users matching this pattern.

    when the attribute value is specified as "*" This implies that all the users in the directory need to be returned.The query can be based on any one of the above attributes. For native if the filter attribute can be set to ACTIVE, INACTIVE or ALL to return active, inactive and all users respectively. There may be a performence hit for NTLM because in case no group is passed as search criteria for NTLM and search is made on FIRSTNAME or LASTNAME. In this case first all the users are obtained and then they are filtered out based on FIRSTNAME or LASTNAME Etc.

    Specified by:
    getUsers in interface CSSAPIIF
    Parameters:
    context - - Map structure holding key-value information about locale and other parameters.
    principal - - identity of the caller. Can not be null.
    userSrchFilter - - contains the search filter attributes and values.
    Returns:
    CSSUserIF[] - Returns null if there is no match. Returns null incase userSrchFilter is null.
    Throws:
    CSSException - - Any other abnormality.
    CSSCommunicationException - - The provider could not connect to the directory server.

    getUsersByName

    public CSSUserIF[] getUsersByName(java.util.Map context,
                                      CSSPrincipalIF principal,
                                      java.lang.String firstName,
                                      java.lang.String lastName)
                               throws CSSIllegalArgumentException,
                                      com.hyperion.css.common.configuration.CSSConfigurationException,
                                      CSSCommunicationException,
                                      CSSException
    Description copied from interface: CSSAPIIF

    Get a user based on a firstName and lastName match. The firstName and lastName could be mapped to a particular set of attribute/s in a directory through the configuration. If there are two attributes, one each for firstName and lastName , then the search would be absolute and an AND would be performed.

    If one of the parameters (for example, firstName) is not specified, then results for the other (for example, lastName are returned.

    Wildcards should not be used in the arguments of this method. No guarantee is made for the behavior of this method if wildcards are part of the arguments.

    The context can specify the following:

    1. locale

    These properties are discussed in the field description.

    Please note that if the locale is not specified, the default locale set for the system is used.

    This method is not supported by the NTLM provider.

    Also, reserved characters for different directory servers are not directly supported.The caller needs to escape them in the appropriate way for the underlying directory store.

    Only the users matching the filter AND are authorized for view by the specified principal will be returned. An empty array will be returned if there are no users matching the filter OR principal is not authorized to view them.

    Specified by:
    getUsersByName in interface CSSAPIIF
    Parameters:
    context - Map structure holding key-value information about locale.
    principal - CSSPrincipal identifying the user requesting information. Cannot be null.
    firstName - The user's first name, with appended middle name if one exists.
    lastName - The user's last name.
    Returns:
    CSSUserIF[]
    Throws:
    com.hyperion.css.common.configuration.CSSConfigurationException - - if the configuration specified is not valid.
    CSSException - - if there was any other abnormality.
    CSSIllegalArgumentException - - if there is an argument that is inappropriate.
    CSSCommunicationException
    See Also:
    CSSAPIIF.getUsersByName(Map, CSSPrincipalIF, String, String)

    getUserByIdentity

    public CSSUserIF getUserByIdentity(java.util.Map context,
                                       CSSPrincipalIF principal,
                                       java.lang.String identity)
                                throws CSSNoProviderException,
                                       CSSInvalidIdentityException,
                                       CSSAuthorizationException,
                                       CSSInvalidUserException,
                                       CSSIllegalArgumentException,
                                       com.hyperion.css.common.configuration.CSSConfigurationException,
                                       CSSCommunicationException,
                                       CSSException
    Description copied from interface: CSSAPIIF

    Get a user based on the identity of the user. The identity is stored by the application and is generated by the security platform.

    The context can specify the following:

    1. locale
    2. flag that required a Communication Exception be thrown to the caller (throw Communication Exception)

    These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

    Also, reserved characters for different directory servers are not directly supported.The caller needs to escape them in the appropriate way for the underlying directory store.

    Specified by:
    getUserByIdentity in interface CSSAPIIF
    Parameters:
    context - Map structure holding information about the locale.
    principal - CSSPrincipal identifying the user requesting information. Cannot be null.
    identity - String returned from the user object that uniquely identifies one user on a provider.
    Returns:
    CSSUserIF
    Throws:
    CSSInvalidIdentityException - - if the identity is invalid.
    CSSCommunicationException - - if the caller has specified interest in consuming this and a provider of the type specified by the identity is not reachable. If any one of the providers of this type cannot be contacted and the user specified by the identity passed in cannot be found then the exception is thrown.
    CSSIllegalArgumentException - - if there is an argument that is inappropriate.
    CSSNoProviderException - - if no provider exists with the name specified.
    com.hyperion.css.common.configuration.CSSConfigurationException - - if the configuration specified is not valid.
    CSSInvalidUserException - - if the user specified by the identity does not exist. The user might have been deleted.
    CSSException - - if there was any other abnormality.
    CSSAuthorizationException
    See Also:
    CSSAPIIF.getUserByIdentity(Map, CSSPrincipalIF, String)

    getUsers

    public CSSUserIF[] getUsers(java.util.Map context,
                                CSSPrincipalIF principal,
                                java.lang.String userName,
                                java.lang.String firstName,
                                java.lang.String lastName)
                         throws CSSIllegalArgumentException,
                                com.hyperion.css.common.configuration.CSSConfigurationException,
                                CSSCommunicationException,
                                CSSException
    Description copied from interface: CSSAPIIF

    Get a user based on a user name , firstName and lastName match. All the attributes are absolute and required. The way this is evaluated is as follows (in LDAP parlance):

     (&(userName="gkhanna")(firstName="Gaurav")(lastName="khanna") )
     

    This can be explained as simply the AND of all the arguments.

    The context can specify the following:

    1. locale

    These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

    Wildcards should not be used in the arguments of this method. No guarantee is made for the behavior of this method if wildcards are part of the arguments.

    Also, reserved characters for different directory servers are not directly supported.The caller needs to escape them in the appropriate way for the underlying directory store.

    Only the users matching the filter AND are authorized for view by the specified principal will be returned. An empty array will be returned if there are no users matching the filter OR principal is not authorized to view them.

    Specified by:
    getUsers in interface CSSAPIIF
    Parameters:
    context - Map structure holding key-value information about locale.
    principal - CSSPrincipal identifying the user requesting information. Cannot be null.
    userName - String argument representing the user login name.
    firstName - The user's first name, with appended middle name if one exists.
    lastName - The user's last name.
    Returns:
    CSSUserIF[] - empty if there is no match
    Throws:
    CSSException - - if there was any other abnormality.
    com.hyperion.css.common.configuration.CSSConfigurationException - - if the configuration specified is not valid.
    CSSIllegalArgumentException - - if there is an argument that is inappropriate.
    CSSCommunicationException
    See Also:
    CSSAPIIF.getUsersByName(Map, String, String), CSSAPIIF.getUsers(Map, String)

    isDelegatedModeON

    public static boolean isDelegatedModeON()

    getHubLocation

    public static java.lang.String getHubLocation()

    storeTicket

    protected void storeTicket(java.lang.String key,
                               java.lang.String ticket)
                        throws CSSException
    Write the ticket into the store. This needs to be encrypted before writing.

    Throws:
    CSSException

    login

    public CSSLoginUserIF login(java.util.Map context,
                                java.lang.String username,
                                java.lang.String password,
                                java.lang.String[] applicationIds)
                         throws CSSException
    Description copied from interface: CSSAPIIF
    Authenticates the specified username against the specified password with the providers configured in the security system. This method return a composite login user object that returns pre-computed list of groups and roles for the specified applications. The implementation of this method has been tuned for login performance and is recommended to be used for login use case.

    The context can specify the following:

    1. Host info
    2. locale

    These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

    The host info (ip-address/hostname) is required for auditing purposes.

    An empty or null value for applicationId will return empty results for group and roles listing.

    Specified by:
    login in interface CSSAPIIF
    Parameters:
    context - - Map structure holding key-value information about locale, host info
    username - - name of the user to be authenticated.
    password - - password for the user to be authenticated.
    applicationIds - - array of application ids to check the roles and group info on.
    Returns:
    CSSUserIF - this contains the token string that can be used to single-sign-on.
    Throws:
    CSSException - - one of the following exception will be thrown.
  • CSSNoProviderException - if no provider exists with the name specified.
  • CSSIllegalArgumentException - if there is an argument that is inappropriate.
  • CSSAuthenticationException - If there was a match for the user but the credentials were incorrect.
  • CSSConfigurationException - if the configuration specified is not valid.
  • CSSPasswordExpiryWarning - if the users password is expiring in a few days (Native User only).
  • CSSPasswordExpiredException - if the users password has expired (Native User only).
  • CSSException - if there was any other abnormality.

  • loginSapTicket

    public CSSLoginUserIF loginSapTicket(java.util.Map context,
                                         java.lang.String sapTicket,
                                         java.lang.String[] applicationIds)
                                  throws CSSException
    Description copied from interface: CSSAPIIF
    Authenticates the specified sap ticket against the providers configured in the security system.

    This method return a composite login user object that returns pre-computed list of groups and roles for the specified applications. The implementation of this method has been tuned for login performance and is recommended to be used for login use case.

    The context can specify the following:

    1. Host info
    2. locale

    These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

    The host info (ip-address/hostname) is required for auditing purposes.

    An empty or null value for applicationId will return empty results for group and roles listing.

    Specified by:
    loginSapTicket in interface CSSAPIIF
    Parameters:
    context - - Map structure holding key-value information about locale, host info
    sapTicket - - SAP ticket that will be used for authentication.
    applicationIds - - array of application ids to check the roles and group info on.
    Returns:
    CSSUserIF - this contains the token string that can be used to single-sign-on.
    Throws:
    CSSException - - one of the following exception will be thrown.
  • CSSNoProviderException - if no provider exists with the name specified.
  • CSSIllegalArgumentException - if there is an argument that is inappropriate.
  • CSSAuthenticationException - If there was a match for the user but the credentials were incorrect.
  • CSSConfigurationException - if the configuration specified is not valid.
  • CSSException - if there was any other abnormality.

  • loginSecurityAgent

    public CSSLoginUserIF loginSecurityAgent(java.util.Map context,
                                             javax.servlet.http.HttpServletRequest request,
                                             java.lang.String[] applicationIds)
                                      throws CSSException
    Description copied from interface: CSSAPIIF
    Authenticates by parsing the username and password if available from the specified HTTP Servlet Request. If password is not present the providers will be treated as trusted and will check only for the validity of the username derived from the HTTP request.

    This method return a composite login user object that returns pre-computed list of groups and roles for the specified applications. The implementation of this method has been tuned for login performance and is recommended to be used for login use case.

    The context can specify the following:

    1. Host info
    2. locale

    These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

    The host info (ip-address/hostname) is required for auditing purposes.

    An empty or null value for applicationId will return empty results for group and roles listing.

    Specified by:
    loginSecurityAgent in interface CSSAPIIF
    Parameters:
    context - - Map structure holding key-value information about locale, host info
    request - - The HTTP Servlet Request containing information about the username and password.
    applicationIds - - array of application ids to check the roles and group info on.
    Returns:
    CSSUserIF - this contains the token string that can be used to single-sign-on.
    Throws:
    CSSException - - one of the following exception will be thrown.
  • CSSNoProviderException - if no provider exists with the name specified.
  • CSSIllegalArgumentException - if there is an argument that is inappropriate.
  • CSSAuthenticationException - If there was a match for the user but the credentials were incorrect.
  • CSSConfigurationException - if the configuration specified is not valid.
  • CSSPasswordExpiryWarning - if the users password is expiring in a few days (Native User only).
  • CSSPasswordExpiredException - if the users password has expired (Native User only).
  • CSSException - if there was any other abnormality.

  • loginToken

    public CSSLoginUserIF loginToken(java.util.Map context,
                                     java.lang.String token,
                                     java.lang.String[] applicationIds)
                              throws CSSException
    Description copied from interface: CSSAPIIF
    Authenticates the specified sso_token against the providers configured in the security system. This method return a composite login user object that returns pre-computed list of groups and roles for the specified applications. The implementation of this method has been tuned for login performance and is recommended to be used for login use case.

    The context can specify the following:

    1. Host info
    2. locale

    These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

    The host info (ip-address/hostname) is required for auditing purposes.

    An empty or null value for applicationId will return empty results for group and roles listing.

    Specified by:
    loginToken in interface CSSAPIIF
    Parameters:
    context - - Map structure holding key-value information about locale, host info
    token - - CSS token to be used for authentication.
    applicationIds - - array of application ids to check the roles and group info on.
    Returns:
    CSSUserIF - this contains the token string that can be used to single-sign-on.
    Throws:
    CSSException - - one of the following exception will be thrown.
  • CSSNoProviderException - if no provider exists with the name specified.
  • CSSIllegalArgumentException - if there is an argument that is inappropriate.
  • CSSAuthenticationException - If there was a match for the user but the credentials were incorrect.
  • CSSTokenNotAcceptedException - if the token was not based on a provider for this application.
  • CSSTokenNotAvailableException - if the token could not be contructed.
  • CSSInvalidIdentityException - if the identity encapsulated in the token was invalid.
  • CSSConfigurationException - if the configuration specified is not valid.
  • CSSPasswordExpiryWarning - if the users password is expiring in a few days (Native User only).
  • CSSPasswordExpiredException - if the users password has expired (Native User only).
  • CSSException - if there was any other abnormality.

  • getGroupsByIdentities

    public CSSGroupIF[] getGroupsByIdentities(java.util.Map context,
                                              java.lang.String[] identities)
    Description copied from interface: CSSAPIIF
    Return an Array for a CSSGroupIF objects for an array of group identities.

    Note: This method does not refine the list if the delegated mode is on, this method is to get CSSGroupIF objects for given entries.

    Specified by:
    getGroupsByIdentities in interface CSSAPIIF
    Parameters:
    context - A map object that holds the context information.
    identities - An array of non null string identities.
    Returns:
    An Array of CSSGroupIF objects for every identity that could be sucessfully resolved.

    initialize

    public void initialize(java.util.Map context,
                           CSSApplicationIF appCallback)
                    throws com.hyperion.css.common.configuration.CSSConfigurationException,
                           CSSIllegalArgumentException,
                           CSSCommunicationException,
                           CSSException
    Deprecated. (non-Javadoc)

    Description copied from interface: CSSAPIIF

    Initializes the security platform by specifying the callback into the application.

    The context can specify the following:

    1. Locale
    2. The text that is prepended to the log messages
    3. Configuration cache behavior settings(e.g., PRP_CACHE_SCHEME_CACHE_PATH)
    4. The specification whether the Hub Server is local or not.
    5. CSSAPIIF.FORCE_DEPENDENCY_CHECK flag forcing the dependency check.

    These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used. Also, the Hub Server is assumed to be remote by default.

    There are two types of tests on the configuration performed by this method:

    1. Static Configuration Tests: This implies tests on the structure and validity of the configuration file.
    2. Dynamic Configuration Tests: This implies tests on the correct execution of the providers based on the configuration provided. For instance: a test connection would be created to the underlying data store to determine the validity of the configuration. If a connection cannot be made to the directory store then the validity of the configuration cannot be confirmed and no exception is thrown.

    Specified by:
    initialize in interface CSSAPIIF
    Parameters:
    appCallback - Handle passed by the application implementation to the security platform, providing a way for the security platform to send information back to the calling application.
    Returns:
    void
    Throws:
    CSSIllegalArgumentException - - if there is an argument that is inappropriate.
    com.hyperion.css.common.configuration.CSSConfigurationException - - if the configuration specified is not valid in terms of static tests or the configuration is not valid in terms of dynamic tests.
    CSSException - - if there was any other abnormality
    CSSCommunicationException
    See Also:
    CSSAPIIF.initialize(java.util.Map, com.hyperion.css.application.CSSApplicationIF)

    getGroupByIdentity

    public CSSGroupIF getGroupByIdentity(java.util.Map context,
                                         java.lang.String identity)
                                  throws CSSNoProviderException,
                                         CSSIllegalArgumentException,
                                         CSSInvalidIdentityException,
                                         CSSInvalidGroupException,
                                         com.hyperion.css.common.configuration.CSSConfigurationException,
                                         CSSCommunicationException,
                                         CSSException
    Specified by:
    getGroupByIdentity in interface CSSAPIIF
    Throws:
    CSSNoProviderException
    CSSIllegalArgumentException
    CSSInvalidIdentityException
    CSSInvalidGroupException
    com.hyperion.css.common.configuration.CSSConfigurationException
    CSSCommunicationException
    CSSException

    getGroups

    public CSSGroupIF[] getGroups(java.util.Map context,
                                  java.lang.String groupName)
                           throws CSSIllegalArgumentException,
                                  com.hyperion.css.common.configuration.CSSConfigurationException,
                                  CSSCommunicationException,
                                  CSSException
    Specified by:
    getGroups in interface CSSAPIIF
    Throws:
    CSSIllegalArgumentException
    com.hyperion.css.common.configuration.CSSConfigurationException
    CSSCommunicationException
    CSSException

    getUserByEmail

    public CSSUserIF getUserByEmail(java.util.Map context,
                                    java.lang.String email)
                             throws CSSIllegalArgumentException,
                                    com.hyperion.css.common.configuration.CSSConfigurationException,
                                    CSSCommunicationException,
                                    CSSException
    Specified by:
    getUserByEmail in interface CSSAPIIF
    Throws:
    CSSIllegalArgumentException
    com.hyperion.css.common.configuration.CSSConfigurationException
    CSSCommunicationException
    CSSException

    getUserByIdentity

    public CSSUserIF getUserByIdentity(java.util.Map context,
                                       java.lang.String identity)
                                throws CSSNoProviderException,
                                       CSSInvalidIdentityException,
                                       CSSInvalidUserException,
                                       CSSIllegalArgumentException,
                                       com.hyperion.css.common.configuration.CSSConfigurationException,
                                       CSSCommunicationException,
                                       CSSException
    Specified by:
    getUserByIdentity in interface CSSAPIIF
    Throws:
    CSSNoProviderException
    CSSInvalidIdentityException
    CSSInvalidUserException
    CSSIllegalArgumentException
    com.hyperion.css.common.configuration.CSSConfigurationException
    CSSCommunicationException
    CSSException

    getUsers

    public CSSUserIF[] getUsers(java.util.Map context,
                                java.lang.String username)
                         throws CSSIllegalArgumentException,
                                com.hyperion.css.common.configuration.CSSConfigurationException,
                                CSSCommunicationException,
                                CSSException
    Specified by:
    getUsers in interface CSSAPIIF
    Throws:
    CSSIllegalArgumentException
    com.hyperion.css.common.configuration.CSSConfigurationException
    CSSCommunicationException
    CSSException

    getUsers

    public CSSUserIF[] getUsers(java.util.Map context,
                                java.lang.String userName,
                                java.lang.String firstName,
                                java.lang.String lastName)
                         throws CSSIllegalArgumentException,
                                com.hyperion.css.common.configuration.CSSConfigurationException,
                                CSSCommunicationException,
                                CSSException
    Specified by:
    getUsers in interface CSSAPIIF
    Throws:
    CSSIllegalArgumentException
    com.hyperion.css.common.configuration.CSSConfigurationException
    CSSCommunicationException
    CSSException

    getUsersByName

    public CSSUserIF[] getUsersByName(java.util.Map context,
                                      java.lang.String firstName,
                                      java.lang.String lastName)
                               throws CSSIllegalArgumentException,
                                      com.hyperion.css.common.configuration.CSSConfigurationException,
                                      CSSCommunicationException,
                                      CSSException
    Specified by:
    getUsersByName in interface CSSAPIIF
    Throws:
    CSSIllegalArgumentException
    com.hyperion.css.common.configuration.CSSConfigurationException
    CSSCommunicationException
    CSSException


    Copyright 2005-2009 Oracle Corporation.