com.hyperion.css
Class CSSAPIImpl

java.lang.Object
  com.hyperion.css.CSSAPIImpl

All Implemented Interfaces:

CSSAPIIF

public class CSSAPIImpl

extends java.lang.Object

implements CSSAPIIF

Since:

CSSv2.0

Author:

gkhanna

Field Summary

protected javax.crypto.Cipher	decryptionCipher
protected javax.crypto.Cipher	encryptionCipher
static java.lang.String	INIT_METHOD
static java.lang.String	INVALID_PRINCIPAL_KEY
protected CSSMigrationAPIIF	migrationAPIImpl

Fields inherited from interface com.hyperion.css.CSSAPIIF

ACCESS_TYPE_MANAGE, ACCESS_TYPE_VIEW, DELEGATEDMODE_SHOW_ALL, DIRECT_ROLE_ONLY, ENTITY_DEACTIVATE, ENTRY_TYPE_GROUP, ENTRY_TYPE_OTHER, ENTRY_TYPE_ROLE, ENTRY_TYPE_USER, ESCAPE_AUTH_FILTER, FORCE_DEPENDENCY_CHECK, HOST_INFO, HTTP_SERVLET_REQUEST, HUB_ADMINISTRATOR_IDENTITY, HUB_APP_NAME, HUB_APPLICATION_ID, HUB_PROJECT, HUB_PROJECT_NAME, IDENTITY_USER, IE_DELEGATED_MODE, KERBEROS_LOGIN_NAME, LOCALE, LOG_PREPEND_TEXT, LOGIN_NAME, OBJECT_ID, PASSWORD, PREFIX_TO_APP_LOGGER, PROVIDER_NAME, PROVIDER_REQUEST, PROVIDER_TYPE, PROVIDER_TYPE_CUSTOM, PROVIDER_TYPE_DATABASE, PROVIDER_TYPE_LDAP, PROVIDER_TYPE_MSAD, PROVIDER_TYPE_NATIVE, PROVIDER_TYPE_NTLM, PROVIDER_TYPE_SAP, PRP_CACHE_SCHEME_ABORTCACHING, PRP_CACHE_SCHEME_CACHE_PATH, PRP_CACHE_SCHEME_LOCK_PORT, PRP_NATIVE_PROVIDER_TRANSPORT_COMPRESSION, PRP_NATIVE_PROVIDER_TRANSPORT_ENABLE, QUERY_LIMIT, RETURN_HIERARCHY, ROLE_ADMINISTRATOR_IDENTITY, ROLE_ANALYTIC_SERVICES_APPLICATION_CREATOR_IDENTITY, ROLE_APPLICATION_CREATOR_IDENTITY, ROLE_CALCULATION_MANAGER_ADMINISTRATOR_IDENTITY, ROLE_CREATE_INTEGRATIONS_IDENTITY, ROLE_DIMENSION_EDITOR_IDENTITY, ROLE_DIRECTORY_MANAGER_IDENTITY, ROLE_FINANCIAL_MANAGEMENT_APPLICATION_CREATOR_IDENTITY, ROLE_FINANCIAL_MANAGEMENT_CALCULATION_MANAGER_ADMINISTRATOR_IDENTITY, ROLE_LCM_ADMINISTRATOR_IDENTITY, ROLE_MANAGE_MODELS_UNIQUE_ID, ROLE_PLANNING_APPLICATION_CREATOR_IDENTITY, ROLE_PLANNING_CALCULATION_MANAGER_ADMINISTRATOR_IDENTITY, ROLE_PROFITABILITY_APPLICATION_CREATOR_IDENTITY, ROLE_PROJECT_MANAGER_IDENTITY, ROLE_PROVISIONING_MANAGER_IDENTITY, ROLE_RUN_INTEGRATIONS_IDENTITY, SAP_TICKET, SECURITY_AGENT_LOGIN_NAME, SPECIFY_ALL, SPECIFY_CONTAINER, SPECIFY_NONE, STATUS, THROW_COMMUNICATION_EXCEPTION, TOKEN, USE_LOCAL_HUB, VALIDATE_ROLE, WORLD_GROUP_DESCRIPTION, WORLD_GROUP_IDENTITY, WORLD_GROUP_NAME

Constructor Summary

CSSAPIImpl()
Deprecated.

CSSAPIImpl(com.hyperion.css.spi.CSSManager cssManager)
Constructor for CSSAPIImpl.

Method Summary

protected void	addToken(java.util.Map context, CSSUserIF user, java.lang.String password)
CSSUserIF	authenticate(java.util.Map context) Authenticate method
CSSUserIF	authenticate(java.util.Map context, java.lang.String username, java.lang.String password) Authenticates the specified username against the specified password with the providers configured in the security system.
CSSUserIF	authenticateProxyUser(java.util.Map context, java.lang.String username, java.lang.String trustedServiceKey) Authenticates the specified username using proxy, after validating the trusted service key.
protected CSSUserIF	authenticateSapTicket(java.util.Map context)
CSSUserIF	authenticateSapTicket(java.util.Map context, java.lang.String ticket) Authenticates the specified sap ticket against the providers configured in the security system.
protected CSSUserIF	authenticateSecurityAgent(java.util.Map context)
CSSUserIF	authenticateSecurityAgent(java.util.Map context, javax.servlet.http.HttpServletRequest request) Authenticates by parsing the username and password if available from the specified HTTP Servlet Request.
protected CSSUserIF	authenticateToken(java.util.Map context)
CSSUserIF	authenticateToken(java.util.Map context, java.lang.String token) Authenticates the specified sso_token against the providers configured in the security system.
CSSUserIF	authenticateUserFromSecurityAgent(java.util.Map context, java.lang.String username, java.lang.String trustedServiceKey) Authenticates the specified username , after validating the trusted service key.
protected static com.hyperion.css.spi.CSSManager	getCSSManager()
CSSDirectoryManagementAPIIF	getDirectoryManagementAPI(java.util.Map context) Returns an interface to CRUD of Hyperion Shared Services User Directory.
CSSGroupIF	getGroupByIdentity(java.util.Map context, CSSPrincipalIF principal, java.lang.String identity) Get a group based on the identity of the group.
CSSGroupIF	getGroupByIdentity(java.util.Map context, java.lang.String identity)
CSSGroupIF[]	getGroups(java.util.Map context, CSSPrincipalIF principal, GroupSearchFilter groupSrchFilter) Get a group specified by group search filter passed in The group search filter contains group filter attributes and values like, GROUPNAME, DESCRIPTION.
CSSGroupIF[]	getGroups(java.util.Map context, CSSPrincipalIF principal, java.lang.String groupname) Get a group based on the name.
CSSGroupIF[]	getGroups(java.util.Map context, java.lang.String groupName)
CSSGroupIF[]	getGroupsByIdentities(java.util.Map context, java.lang.String[] identities) Return an Array for a CSSGroupIF objects for an array of group identities.
java.lang.String[]	getHeaderNamesFromSecurityAgent(java.util.Map context) This method returns the HTTP headers that would carry the login name of the user.
static java.lang.String	getHubLocation()
CSSMigrationAPIIF	getMigrationAPI(java.util.Map context) Provides handle to the Migration Interface.
static com.hyperion.css.spi.impl.nv.NativeProvider	getNativeProvider()
static java.util.List	getProvider(java.lang.String providerType)
protected java.util.List	getProviderByName(java.lang.String providerName)
java.util.Map	getProviderMap(java.util.Map context) Gets the names and types of the providers that are registered with the security platform.
java.lang.String[]	getProviderNames(java.util.Map context)
java.lang.String	getSAPLoginTicketFromToken(java.util.Map context, java.lang.String cSSToken)
CSSUserIF	getUserByEmail(java.util.Map context, CSSPrincipalIF principal, java.lang.String email) Get a user based on an email match.
CSSUserIF	getUserByEmail(java.util.Map context, java.lang.String email)
CSSUserIF	getUserByIdentity(java.util.Map context, CSSPrincipalIF principal, java.lang.String identity) Get a user based on the identity of the user.
CSSUserIF	getUserByIdentity(java.util.Map context, java.lang.String identity)
CSSUserProvisioningAPIIF	getUserProvisioningAPI(java.util.Map context) Returns the User and Group Provisioning Interface.
CSSUserIF[]	getUsers(java.util.Map context, CSSPrincipalIF principal, java.lang.String username) Gets the user specified by userName.
CSSUserIF[]	getUsers(java.util.Map context, CSSPrincipalIF principal, java.lang.String userName, java.lang.String firstName, java.lang.String lastName) Get a user based on a user name , firstName and lastName match.
CSSUserIF[]	getUsers(java.util.Map context, CSSPrincipalIF principal, UserSearchFilter userSrchFilter) Gets the user specified by user search filter passed in The user search filter contains user filter attributes and values like, USERNAME,FIRSTNAME,LASTNAME,EMAIL,DESCRIPTION (Also ACTIVE, INACTIVE and ALL for native) Etc.
CSSUserIF[]	getUsers(java.util.Map context, java.lang.String username)
CSSUserIF[]	getUsers(java.util.Map context, java.lang.String userName, java.lang.String firstName, java.lang.String lastName)
CSSUserIF[]	getUsersByName(java.util.Map context, CSSPrincipalIF principal, java.lang.String firstName, java.lang.String lastName) Get a user based on a firstName and lastName match.
CSSUserIF[]	getUsersByName(java.util.Map context, java.lang.String firstName, java.lang.String lastName)
void	initialize(java.util.Map context, CSSApplicationIF appCallback) Initializes the security platform by specifying the callback into the application.
static boolean	isDelegatedModeON()
boolean	isNativeProviderActive(java.util.Map context) Return the status of the Native Provider after CSS has intialized.
boolean	isSecurityAgentProtected(java.util.Map context) This method is invoked to determine if the access to a resource might be protected by a Security Agent.
boolean	isValidCSSToken(java.util.Map context, java.lang.String token) Determines if the token is valid.
CSSLoginUserIF	login(java.util.Map context, java.lang.String applicationId, boolean indirect) Convenience API to authenticate the user and get the groups and roles list of the user for the specified application id.
CSSLoginUserIF	login(java.util.Map context, java.lang.String username, java.lang.String password, java.lang.String[] applicationIds) Authenticates the specified username against the specified password with the providers configured in the security system.
CSSLoginUserIF	loginSapTicket(java.util.Map context, java.lang.String sapTicket, java.lang.String[] applicationIds) Authenticates the specified sap ticket against the providers configured in the security system.
CSSLoginUserIF	loginSecurityAgent(java.util.Map context, javax.servlet.http.HttpServletRequest request, java.lang.String[] applicationIds) Authenticates by parsing the username and password if available from the specified HTTP Servlet Request.
CSSLoginUserIF	loginToken(java.util.Map context, java.lang.String token, java.lang.String[] applicationIds) Authenticates the specified sso_token against the providers configured in the security system.
java.lang.String	restoreToken(java.util.Map context, java.lang.String token)
protected CSSUserIF	returnAuthenticatedUser(CSSUserIF user, java.util.Map context)
protected void	storeTicket(java.lang.String key, java.lang.String ticket) Write the ticket into the store.
protected void	throwAuthException(java.util.Map context, java.lang.String username)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

INIT_METHOD

public static java.lang.String INIT_METHOD

encryptionCipher

protected javax.crypto.Cipher encryptionCipher

decryptionCipher

protected javax.crypto.Cipher decryptionCipher

migrationAPIImpl

protected CSSMigrationAPIIF migrationAPIImpl

INVALID_PRINCIPAL_KEY

public static final java.lang.String INVALID_PRINCIPAL_KEY

See Also:

Constant Field Values

Constructor Detail

CSSAPIImpl

public CSSAPIImpl()

Deprecated.

Constructor for CSSAPIImpl.

CSSAPIImpl

public CSSAPIImpl(com.hyperion.css.spi.CSSManager cssManager)

Constructor for CSSAPIImpl.

Method Detail

authenticate

public CSSUserIF authenticate(java.util.Map context,
                              java.lang.String username,
                              java.lang.String password)
                       throws CSSException

Description copied from interface: CSSAPIIF

Authenticates the specified username against the specified password with the providers configured in the security system.

The context can specify the following:

1. Host info
2. locale

These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

The host info (ip-address/hostname) is required for auditing purposes.

Specified by:

authenticate in interface CSSAPIIF

Parameters:

context - - Map structure holding key-value information about locale, host info

username - - name of the user to be authenticated.

password - - password for the user to be authenticated.

Returns:

CSSUserIF - this contains the token string that can be used to single-sign-on.

Throws:

CSSException - - one of the following exception will be thrown.

CSSNoProviderException - if no provider exists with the name specified.

CSSIllegalArgumentException - if there is an argument that is inappropriate.

CSSAuthenticationException - If there was a match for the user but the credentials were incorrect.

CSSConfigurationException - if the configuration specified is not valid.

CSSPasswordExpiryWarning - if the users password is expiring in a few days (Native User only).

CSSPasswordExpiredException - if the users password has expired (Native User only).

CSSException - if there was any other abnormality.

authenticateSecurityAgent

public CSSUserIF authenticateSecurityAgent(java.util.Map context,
                                           javax.servlet.http.HttpServletRequest request)
                                    throws CSSException

Description copied from interface: CSSAPIIF

Authenticates by parsing the username and password if available from the specified HTTP Servlet Request. If password is not present the providers will be treated as trusted and will check only for the validity of the username derived from the HTTP request..

The context can specify the following:

1. Host info
2. locale

These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

The host info (ip-address/hostname) is required for auditing purposes.

Specified by:

authenticateSecurityAgent in interface CSSAPIIF

Parameters:

context - - Map structure holding key-value information about locale, host info

request - - The HTTP Servlet Request containing information about the username and password.

Returns:

CSSUserIF - this contains the token string that can be used to single-sign-on.

Throws:

CSSException - - one of the following exception will be thrown.

CSSNoProviderException - if no provider exists with the name specified.

CSSIllegalArgumentException - if there is an argument that is inappropriate.

CSSAuthenticationException - If there was a match for the user but the credentials were incorrect.

CSSConfigurationException - if the configuration specified is not valid.

CSSPasswordExpiryWarning - if the users password is expiring in a few days (Native User only).

CSSPasswordExpiredException - if the users password has expired (Native User only).

CSSException - if there was any other abnormality.

authenticate

public CSSUserIF authenticate(java.util.Map context)
                       throws CSSException

Authenticate method

Specified by:

authenticate in interface CSSAPIIF

Parameters:

context - - Map structure holding key-value information about login name, password, token, and locale.

Returns:

CSSUserIF - this contains the token string that can be used to single-sign-on.

Throws:

CSSException - - if there was any other abnormality.

See Also:

CSSUserIF

returnAuthenticatedUser

protected CSSUserIF returnAuthenticatedUser(CSSUserIF user,
                                            java.util.Map context)

authenticateSapTicket

protected CSSUserIF authenticateSapTicket(java.util.Map context)
                                   throws CSSException

Throws:

CSSException

authenticateSapTicket

public CSSUserIF authenticateSapTicket(java.util.Map context,
                                       java.lang.String ticket)
                                throws CSSException

Description copied from interface: CSSAPIIF

Authenticates the specified sap ticket against the providers configured in the security system.

The context can specify the following:

1. Host info
2. locale

These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

The host info (ip-address/hostname) is required for auditing purposes.

Specified by:

authenticateSapTicket in interface CSSAPIIF

Parameters:

context - - Map structure holding key-value information about locale, host info

ticket - - SAP ticket that will be used for authentication.

Returns:

CSSUserIF - this contains the token string that can be used to single-sign-on.

Throws:

CSSException - - one of the following exception will be thrown.

CSSNoProviderException - if no provider exists with the name specified.

CSSIllegalArgumentException - if there is an argument that is inappropriate.

CSSAuthenticationException - If there was a match for the user but the credentials were incorrect.

CSSConfigurationException - if the configuration specified is not valid.

CSSException - if there was any other abnormality.

authenticateToken

protected CSSUserIF authenticateToken(java.util.Map context)
                               throws CSSException

Throws:

CSSException

authenticateToken

public CSSUserIF authenticateToken(java.util.Map context,
                                   java.lang.String token)
                            throws CSSException

Description copied from interface: CSSAPIIF

Authenticates the specified sso_token against the providers configured in the security system.

The context can specify the following:

1. Host info
2. locale

These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

The host info (ip-address/hostname) is required for auditing purposes.

Specified by:

authenticateToken in interface CSSAPIIF

Parameters:

context - - Map structure holding key-value information about locale, host info

token - - CSS token to be used for authentication

Returns:

CSSUserIF - this contains the token string that can be used to single-sign-on.

Throws:

CSSException - - one of the following exception will be thrown.

CSSNoProviderException - if no provider exists with the name specified.

CSSIllegalArgumentException - if there is an argument that is inappropriate.

CSSAuthenticationException - If there was a match for the user but the credentials were incorrect.

CSSTokenNotAcceptedException - if the token was not based on a provider for this application.

CSSTokenNotAvailableException - if the token could not be contructed.

CSSInvalidIdentityException - if the identity encapsulated in the token was invalid.

CSSConfigurationException - if the configuration specified is not valid.

CSSPasswordExpiryWarning - if the users password is expiring in a few days (Native User only).

CSSPasswordExpiredException - if the users password has expired (Native User only).

CSSException - if there was any other abnormality.

authenticateSecurityAgent

protected CSSUserIF authenticateSecurityAgent(java.util.Map context)
                                       throws CSSException

Throws:

CSSException

authenticateUserFromSecurityAgent

public CSSUserIF authenticateUserFromSecurityAgent(java.util.Map context,
                                                   java.lang.String username,
                                                   java.lang.String trustedServiceKey)
                                            throws CSSException

Description copied from interface: CSSAPIIF

Authenticates the specified username , after validating the trusted service key. This key is known only to trusted services and is required for successful authentication of the user. Note that this user should belong to a trusted provider.

The context can specify the following:

1. Host info
2. locale

These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

The host info (ip-address/hostname) is required for auditing purposes.

Specified by:

authenticateUserFromSecurityAgent in interface CSSAPIIF

Parameters:

context - - Map structure holding key-value information about locale, host info

username - - name of the user to be authenticated.

trustedServiceKey - - value of the trusted services key.

Returns:

CSSUserIF - this contains the token string that can be used to single-sign-on.

Throws:

CSSException - - one of the following exception will be thrown.

CSSNoProviderException - if no provider exists with the name specified.

CSSIllegalArgumentException - if there is an argument that is inappropriate.

CSSAuthorizationException - If specified trusted services key is incorrect.

CSSAuthenticationException - If there was no match for the user.

CSSConfigurationException - if the configuration specified is not valid.

CSSException - if there was any other abnormality.

authenticateProxyUser

public CSSUserIF authenticateProxyUser(java.util.Map context,
                                       java.lang.String username,
                                       java.lang.String trustedServiceKey)
                                throws CSSException

Authenticates the specified username using proxy, after validating the trusted service key. This key is known only to trusted services and is required for successful authentication of the user. Note that this user should belong to a trusted provider.

The context can specify the following:

1. Host info
2. locale

These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

The host info (ip-address/hostname) is required for auditing purposes.

Note: If a SAP user name is specified the CSS token generated will not contain any SAP ticket. In other words this token cannot be used to Single Sign On into any SAP application.

Specified by:

authenticateProxyUser in interface CSSAPIIF

Parameters:

context - - Map structure holding key-value information about locale, host info

username - - name of the user to be authenticated.

trustedServiceKey - - value of the trusted services key.

Returns:

CSSUserIF - this contains the token string that can be used to single-sign-on.

Throws:

CSSException - - one of the following exception will be thrown.

CSSNoProviderException - if no provider exists with the name specified.

CSSIllegalArgumentException - if there is an argument that is inappropriate.

CSSAuthorizationException - If specified trusted services key is incorrect.

CSSAuthenticationException - If there was no match for the user.

CSSConfigurationException - if the configuration specified is not valid.

CSSException - if there was any other abnormality.

throwAuthException

protected void throwAuthException(java.util.Map context,
                                  java.lang.String username)
                           throws CSSException

Throws:

CSSException

addToken

protected void addToken(java.util.Map context,
                        CSSUserIF user,
                        java.lang.String password)
                 throws CSSException

Throws:

CSSException

getProviderByName

protected java.util.List getProviderByName(java.lang.String providerName)
                                    throws CSSException

Throws:

CSSException

getSAPLoginTicketFromToken

public java.lang.String getSAPLoginTicketFromToken(java.util.Map context,
                                                   java.lang.String cSSToken)
                                            throws CSSTokenNotAcceptedException,
                                                   CSSIllegalArgumentException

Throws:

CSSTokenNotAcceptedException

CSSIllegalArgumentException

restoreToken

public java.lang.String restoreToken(java.util.Map context,
                                     java.lang.String token)
                              throws CSSException

Throws:

CSSException

isValidCSSToken

public boolean isValidCSSToken(java.util.Map context,
                               java.lang.String token)
                        throws CSSIllegalArgumentException,
                               CSSException

Description copied from interface: CSSAPIIF

Determines if the token is valid.

The context can specify the following:

1. provider request - the provider to use. If this property is specified then token is also validated for this provider. This implies that the token in order to be valid should have this provider as the "server of reference".
2. Locale

These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

Specified by:

isValidCSSToken in interface CSSAPIIF

Parameters:

context - Map structure holding provider and/or locale information.

token - Encrypted string that holds information for a user.

Returns:

boolean - true if it is valid. False otherwise.

Throws:

CSSIllegalArgumentException - - if there is an argument that is inappropriate.

CSSException - - if there was any other abnormality.

See Also:

CSSAPIIF.isValidCSSToken(Map, String)

getProviderNames

public java.lang.String[] getProviderNames(java.util.Map context)
                                    throws CSSIllegalArgumentException

Specified by:

getProviderNames in interface CSSAPIIF

Throws:

CSSIllegalArgumentException

See Also:

CSSAPIIF.getProviderNames(Map)

isSecurityAgentProtected

public boolean isSecurityAgentProtected(java.util.Map context)
                                 throws CSSIllegalArgumentException

Description copied from interface: CSSAPIIF

This method is invoked to determine if the access to a resource might be protected by a Security Agent.

The Security Agent could be Netegrity Siteminder. If this method returns true then the caller should attempt to locate the appropriate header; for instance, for Netegrity: CSSAPIIF.SECURITY_AGENT_LOGIN_NAME; in the HTTP headers. If the header exists then the value for that should be passed into the (@link #authenticate(Map)} method.

The context can specify the following:

1. locale

These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

Specified by:

isSecurityAgentProtected in interface CSSAPIIF

Parameters:

context - Map structure holding locale information.

Returns:

boolean - true if the configuration specifies a Security Agent is used to protect the resources.

Throws:

CSSIllegalArgumentException - - if there is an argument that is inappropriate.

getHeaderNamesFromSecurityAgent

public java.lang.String[] getHeaderNamesFromSecurityAgent(java.util.Map context)
                                                   throws CSSIllegalArgumentException

Description copied from interface: CSSAPIIF

This method returns the HTTP headers that would carry the login name of the user.

The header names are populated by the Security Agent. The Security Agent could be Netegrity SiteMinder.

The array returned could be of length > 0. If that is the case then the calling application needs to compare the headers from the HTTP REQUEST with the names from this array one by one starting from index 0. This comparison should be case insensitive.

There could be more than one header because different application/web servers map headers to different names. For instance, some might prepend HTTP to the header name.

It is the reponsibility of the product team to invoke this method and use the header names returned by it to retrieve the login name from the HTTP REQUEST.

The context can specify the following:

1. locale

These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

Specified by:

getHeaderNamesFromSecurityAgent in interface CSSAPIIF

Parameters:

context - Map structure holding locale information.

Returns:

String[] - the header names that are used to specify the login name. This is empty if there is no match.

Throws:

CSSIllegalArgumentException - - if there is an argument that is inappropriate.

See Also:

CSSAPIIF.getHeaderNamesFromSecurityAgent(Map)

getUserProvisioningAPI

public CSSUserProvisioningAPIIF getUserProvisioningAPI(java.util.Map context)

Description copied from interface: CSSAPIIF

Returns the User and Group Provisioning Interface.

Some of the functionality provided by the interface is as follows:

1. Provisioning user and groups
2. Delegated Administration
3. Access Control

Specified by:

getUserProvisioningAPI in interface CSSAPIIF

Parameters:

context - - Map structure holding locale information.

Returns:

CSSUserProvisioningAPIIF

getProviderMap

public java.util.Map getProviderMap(java.util.Map context)
                             throws CSSIllegalArgumentException

Description copied from interface: CSSAPIIF

Gets the names and types of the providers that are registered with the security platform.

The context can specify the following:

1. locale

These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

The keys of the returned Map instance hold the provider type names, one for each type. The value associated with each type key is an ArrayList that contains a list of provider names as Strings.

Specified by:

getProviderMap in interface CSSAPIIF

Parameters:

context - Map structure holding locale information.

Returns:

A Map of provider types where each type is a collection of provider names. If there are no providers an empty Map is returned, null is never returned. If there are no providers for a given type the type will not appear in the Map. Modification by reference of the CSS type map is not allowed so a new deep clone is returned with each call.

Throws:

CSSIllegalArgumentException - - if there is an argument that is inappropriate.

See Also:

CSSAPIIF.getProviderMap(java.util.Map)

getDirectoryManagementAPI

public CSSDirectoryManagementAPIIF getDirectoryManagementAPI(java.util.Map context)

Description copied from interface: CSSAPIIF

Returns an interface to CRUD of Hyperion Shared Services User Directory.

Some of the functionality provided by the interface is as follows:

1. Native user and group creation and management.
2. Roles Creation and Management

Specified by:

getDirectoryManagementAPI in interface CSSAPIIF

Parameters:

context - - Map structure holding locale information.

Returns:

CSSDirectoryManagementAPIIF

getNativeProvider

public static com.hyperion.css.spi.impl.nv.NativeProvider getNativeProvider()

getProvider

public static java.util.List getProvider(java.lang.String providerType)

isNativeProviderActive

public boolean isNativeProviderActive(java.util.Map context)

Description copied from interface: CSSAPIIF

Return the status of the Native Provider after CSS has intialized.

A true will be returned if the Native Directory (open LDAP) is active for connections.

Specified by:

isNativeProviderActive in interface CSSAPIIF

Parameters:

context - = Map structure holding locale information.

Returns:

boolean - true if active, false otherwise

getCSSManager

protected static com.hyperion.css.spi.CSSManager getCSSManager()

getMigrationAPI

public CSSMigrationAPIIF getMigrationAPI(java.util.Map context)

Description copied from interface: CSSAPIIF

Provides handle to the Migration Interface.

The migration interface provides functionality like:

1. Checking to see if a migration is required.
2. Validating CSS identities for the status(UPDATED, DELETED, AMBIGOUOUS, IGNORED, DELETED) against external providers.

Specified by:

getMigrationAPI in interface CSSAPIIF

Parameters:

context - - Map structure holding locale information.

Returns:

CSSMigrationAPIIF

login

public CSSLoginUserIF login(java.util.Map context,
                            java.lang.String applicationId,
                            boolean indirect)
                     throws CSSNoProviderException,
                            CSSTokenNotAvailableException,
                            CSSIllegalArgumentException,
                            CSSAuthenticationException,
                            CSSAuthorizationException,
                            CSSTokenNotAcceptedException,
                            CSSInvalidIdentityException,
                            com.hyperion.css.common.configuration.CSSConfigurationException,
                            CSSCommunicationException,
                            CSSException

Description copied from interface: CSSAPIIF

Convenience API to authenticate the user and get the groups and roles list of the user for the specified application id.

The login API would perform the following CSS API calls

CSSAPIIF.authenticate(Map)

CSSUserIF.getGroupsList(com.hyperion.css.common.CSSPrincipalIF, String, boolean)getGroups

CSSUserIF.getRolesList(com.hyperion.css.common.CSSPrincipalIF, String, boolean)

The CSSUserIF returned by this API will have the groups list and roles list pre-populated.

Specified by:

login in interface CSSAPIIF

Parameters:

context - - Map structure holding key-value information about login name, password, token, locale and hostinfo.

applicationId - - the application id to which the user is logging in to.

indirect - - boolean value for whether to return direct group user belongs to or return all the groups in hierarchy.

Returns:

CSSLoginUserIF - this contains user object(CSSUserIF) and groups and roles lists belong to the user.

Throws:

CSSAuthenticationException - - If there was a match for the user but the credentials were incorrect.

CSSInvalidIdentityException - - if the identity encapsulated in the token was invalid.

CSSTokenNotAcceptedException - - if the token was not based on a provider for this application.

CSSIllegalArgumentException - - if there is an argument that is inappropriate.

com.hyperion.css.common.configuration.CSSConfigurationException - - if the configuration specified is not valid.

CSSAuthorizationException - - if the principal is not the provisioning manager of the destination application

CSSException - - if there was any other abnormality.

CSSNoProviderException - - if no provider exists with the name specified.

CSSTokenNotAvailableException - - if the token could not be constructed.

CSSCommunicationException

See Also:

CSSUserIF

getGroupByIdentity

public CSSGroupIF getGroupByIdentity(java.util.Map context,
                                     CSSPrincipalIF principal,
                                     java.lang.String identity)
                              throws CSSNoProviderException,
                                     CSSInvalidIdentityException,
                                     CSSInvalidGroupException,
                                     com.hyperion.css.common.configuration.CSSConfigurationException,
                                     CSSCommunicationException,
                                     CSSAuthorizationException,
                                     CSSException

Description copied from interface: CSSAPIIF

Get a group based on the identity of the group. The identity is stored by the application and is generated by the security platform.

The context can specify the following:

1. locale

These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

Also, reserved characters for different directory servers are not directly supported.The caller needs to escape them in the appropriate way for the underlying directory store.

Specified by:

getGroupByIdentity in interface CSSAPIIF

Parameters:

context - Map structure holding locale information.

principal - CSSPrincipal identifying the user requesting information. Cannot be null.

identity - String returned from the group object that uniquely identifies one group on a provider.

Returns:

CSSGroupIF

Throws:

CSSInvalidIdentityException - - if the identity is invalid.

CSSException - - if there was any other abnormality.

CSSInvalidGroupException - - if the group specified by the identity does not exist. The group might have been deleted.

CSSNoProviderException - - if no provider exists with the name specified.

com.hyperion.css.common.configuration.CSSConfigurationException - - if the configuration specified is not valid.

CSSCommunicationException

CSSAuthorizationException

See Also:

CSSAPIIF.getGroupByIdentity(Map, CSSPrincipalIF, String)

getGroups

public CSSGroupIF[] getGroups(java.util.Map context,
                              CSSPrincipalIF principal,
                              java.lang.String groupname)
                       throws CSSIllegalArgumentException,
                              com.hyperion.css.common.configuration.CSSConfigurationException,
                              CSSCommunicationException,
                              CSSException

Description copied from interface: CSSAPIIF

Get a group based on the name. The name could be mapped to a particular attribute in a directory through the configuration. The search for groups based on *name* should be based on getting all groups who have name as a part of the value of the attribute specified. For instance: the search is on "*name*".
However, the NTLM provider does not support * as a prefix to the name.

Passing in null as the groupName is equivalent to the * wildcard character.

The method can be called with the wildcard * for groupName to get all the groups from the first provider in the search order. In this case it would go by the search order.

To get all groups from a particular provider, specify "*@providerName"

.

This follows the "groupName@providerName" syntax. You can also have wildcards such as "GA*@providerName" for the groupName parameter.

The context can specify the following:

1. locale

These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

The entryName@ProviderName syntax is supported by this method. This is used in the name parameter.

Also, reserved characters for different directory servers are not directly supported.The caller needs to escape them in the appropriate way for the underlying directory store.

Only the groups matching the filter AND are authorized for view by the specified principal will be returned. An empty array will be returned if there are no groups matching the filter OR principal is not authorized to view them.

Specified by:

getGroups in interface CSSAPIIF

Parameters:

context - Map structure holding locale information.

principal - CSSPrincipal identifying the user requesting information. Cannot be null.

groupname - Name of the group.

Returns:

CSSGroupIF[] - empty if there is no match

Throws:

CSSCommunicationException - - if provider is specified with the name of the group viz. in the groupName argument but is not reachable. For instance: "groupName@providerName". If this provider cannot be contacted then the exception is thrown.

com.hyperion.css.common.configuration.CSSConfigurationException - - if the configuration specified is not valid.

CSSIllegalArgumentException - - if there is an argument that is inappropriate.

CSSException - - if there was any other abnormality.

See Also:

CSSAPIIF.getGroups(Map, CSSPrincipalIF, String)

getGroups

public CSSGroupIF[] getGroups(java.util.Map context,
                              CSSPrincipalIF principal,
                              GroupSearchFilter groupSrchFilter)
                       throws CSSCommunicationException,
                              CSSException

Description copied from interface: CSSAPIIF

Get a group specified by group search filter passed in The group search filter contains group filter attributes and values like, GROUPNAME, DESCRIPTION. The name could be mapped to a particular attribute in a directory through the Configuration. The search for groups based on *name* should be based on getting all groups who have name as a part of the value of the attribute specified.

The attribute could contain a wildcard such as "*". This implies that all the groups in the directory need to be returned.The query can be based on any one of the above attributes.

Specified by:

getGroups in interface CSSAPIIF

Parameters:

context - Map structure holding key-value information about locale.

principal - - identity of the caller. Can not be null.

groupSrchFilter - - contains the group filter attributes and values.

Returns:

CSSGroupIF[] - empty if there is no match.Returns null incase groupSrchFilter is null.

Throws:

CSSCommunicationException - - The provider could not connect to the directory.

CSSException - - Any other abnormality.

getUserByEmail

public CSSUserIF getUserByEmail(java.util.Map context,
                                CSSPrincipalIF principal,
                                java.lang.String email)
                         throws CSSIllegalArgumentException,
                                CSSAuthorizationException,
                                com.hyperion.css.common.configuration.CSSConfigurationException,
                                CSSCommunicationException,
                                CSSException

Description copied from interface: CSSAPIIF

Get a user based on an email match. The email could be mapped to a particular attribute in a directory through the configuration. The search for users based on email should be absolute.

The context can specify the following:

1. locale

These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

This method is not supported by the NTLM provider.

Wildcards should not be used in the arguments of this method. No guarantee is made for the behavior of this method if wildcards are part of the arguments.

Also, reserved characters for different directory servers are not directly supported.The caller needs to escape them in the appropriate way for the underlying directory store.

Specified by:

getUserByEmail in interface CSSAPIIF

Parameters:

context - Map structure holding key-value information about locale.

principal - CSSPrincipal identifying the user requesting information. Cannot be null.

email - The complete e-mail address string for the user.

Returns:

CSSUserIF

Throws:

CSSException - - if there was any other abnormality.

com.hyperion.css.common.configuration.CSSConfigurationException - - if the configuration specified is not valid.

CSSIllegalArgumentException - - if there is an argument that is inappropriate.

CSSAuthorizationException

CSSCommunicationException

getUsers

public CSSUserIF[] getUsers(java.util.Map context,
                            CSSPrincipalIF principal,
                            java.lang.String username)
                     throws CSSIllegalArgumentException,
                            com.hyperion.css.common.configuration.CSSConfigurationException,
                            CSSCommunicationException,
                            CSSException

Description copied from interface: CSSAPIIF

Gets the user specified by userName. The userName could be mapped to a particular attribute in a directory through the Configuration. The search for users based on *userName* should be based on getting all users who have userName as a part of the value of the attribute specified.

The userName could contain a wildcard such as "*". This implies that all the matching users in the directory need to be returned. However, the NTLM provider does not support * as a prefix to the userName.

Passing null as the userName parameter is not accepted and does not return all the users. You can use wildcards such as '*' for the userName parameter. In this case, users are returned in the order of directories that are specified by the search order.

You can retreive all users on a provider by specifying "*@providerName"

Passing a groupName to this call is not supported and no guarantees are made on the validity of the results.

The context can specify the following:

1. locale

These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

The entryName@ProviderName syntax is supported by this method as a part of the user name.

Also, reserved characters for different directory servers are not directly supported.The caller needs to escape them in the appropriate way for the underlying directory store.

Only the users matching the filter AND are authorized for view by the specified principal will be returned. An empty array will be returned if there are no users matching the filter OR principal is not authorized to view them.

Specified by:

getUsers in interface CSSAPIIF

Parameters:

context - - Map structure holding key-value information about locale.

principal - CSSPrincipal identifying the user requesting information. Cannot be null.

username - String argument representing the user login name.

Returns:

CSSUserIF[] - Returns an empty array if there are no matches.

Throws:

com.hyperion.css.common.configuration.CSSConfigurationException - - if the configuration specified is not valid.

CSSException - - if there was any other abnormality.

CSSIllegalArgumentException - - if there is an argument that is inappropriate.

CSSCommunicationException - - if provider is specified with the name of the user viz. in the userName argument but is not reachable. For instance: "userName@providerName". If this provider cannot be contacted then the exception is thrown.

getUsers

public CSSUserIF[] getUsers(java.util.Map context,
                            CSSPrincipalIF principal,
                            UserSearchFilter userSrchFilter)
                     throws CSSCommunicationException,
                            CSSException

Description copied from interface: CSSAPIIF

Gets the user specified by user search filter passed in The user search filter contains user filter attributes and values like, USERNAME,FIRSTNAME,LASTNAME,EMAIL,DESCRIPTION (Also ACTIVE, INACTIVE and ALL for native) Etc. This supports wild card search. Eg. The search for users based on *userName* should return all users matching this pattern.

when the attribute value is specified as "*" This implies that all the users in the directory need to be returned.The query can be based on any one of the above attributes. For native if the filter attribute can be set to ACTIVE, INACTIVE or ALL to return active, inactive and all users respectively. There may be a performence hit for NTLM because in case no group is passed as search criteria for NTLM and search is made on FIRSTNAME or LASTNAME. In this case first all the users are obtained and then they are filtered out based on FIRSTNAME or LASTNAME Etc.

Specified by:

getUsers in interface CSSAPIIF

Parameters:

context - - Map structure holding key-value information about locale and other parameters.

principal - - identity of the caller. Can not be null.

userSrchFilter - - contains the search filter attributes and values.

Returns:

CSSUserIF[] - Returns null if there is no match. Returns null incase userSrchFilter is null.

Throws:

CSSException - - Any other abnormality.

CSSCommunicationException - - The provider could not connect to the directory server.

getUsersByName

public CSSUserIF[] getUsersByName(java.util.Map context,
                                  CSSPrincipalIF principal,
                                  java.lang.String firstName,
                                  java.lang.String lastName)
                           throws CSSIllegalArgumentException,
                                  com.hyperion.css.common.configuration.CSSConfigurationException,
                                  CSSCommunicationException,
                                  CSSException

Description copied from interface: CSSAPIIF

Get a user based on a firstName and lastName match. The firstName and lastName could be mapped to a particular set of attribute/s in a directory through the configuration. If there are two attributes, one each for firstName and lastName , then the search would be absolute and an AND would be performed.

If one of the parameters (for example, firstName) is not specified, then results for the other (for example, lastName are returned.

Wildcards should not be used in the arguments of this method. No guarantee is made for the behavior of this method if wildcards are part of the arguments.

The context can specify the following:

1. locale

These properties are discussed in the field description.

Please note that if the locale is not specified, the default locale set for the system is used.

This method is not supported by the NTLM provider.

Also, reserved characters for different directory servers are not directly supported.The caller needs to escape them in the appropriate way for the underlying directory store.

Only the users matching the filter AND are authorized for view by the specified principal will be returned. An empty array will be returned if there are no users matching the filter OR principal is not authorized to view them.

Specified by:

getUsersByName in interface CSSAPIIF

Parameters:

context - Map structure holding key-value information about locale.

principal - CSSPrincipal identifying the user requesting information. Cannot be null.

firstName - The user's first name, with appended middle name if one exists.

lastName - The user's last name.

Returns:

CSSUserIF[]

Throws:

com.hyperion.css.common.configuration.CSSConfigurationException - - if the configuration specified is not valid.

CSSException - - if there was any other abnormality.

CSSIllegalArgumentException - - if there is an argument that is inappropriate.

CSSCommunicationException

See Also:

CSSAPIIF.getUsersByName(Map, CSSPrincipalIF, String, String)

getUserByIdentity

public CSSUserIF getUserByIdentity(java.util.Map context,
                                   CSSPrincipalIF principal,
                                   java.lang.String identity)
                            throws CSSNoProviderException,
                                   CSSInvalidIdentityException,
                                   CSSAuthorizationException,
                                   CSSInvalidUserException,
                                   CSSIllegalArgumentException,
                                   com.hyperion.css.common.configuration.CSSConfigurationException,
                                   CSSCommunicationException,
                                   CSSException

Description copied from interface: CSSAPIIF

Get a user based on the identity of the user. The identity is stored by the application and is generated by the security platform.

The context can specify the following:

1. locale
2. flag that required a Communication Exception be thrown to the caller (throw Communication Exception)

These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

Also, reserved characters for different directory servers are not directly supported.The caller needs to escape them in the appropriate way for the underlying directory store.

Specified by:

getUserByIdentity in interface CSSAPIIF

Parameters:

context - Map structure holding information about the locale.

principal - CSSPrincipal identifying the user requesting information. Cannot be null.

identity - String returned from the user object that uniquely identifies one user on a provider.

Returns:

CSSUserIF

Throws:

CSSInvalidIdentityException - - if the identity is invalid.

CSSCommunicationException - - if the caller has specified interest in consuming this and a provider of the type specified by the identity is not reachable. If any one of the providers of this type cannot be contacted and the user specified by the identity passed in cannot be found then the exception is thrown.

CSSIllegalArgumentException - - if there is an argument that is inappropriate.

CSSNoProviderException - - if no provider exists with the name specified.

com.hyperion.css.common.configuration.CSSConfigurationException - - if the configuration specified is not valid.

CSSInvalidUserException - - if the user specified by the identity does not exist. The user might have been deleted.

CSSException - - if there was any other abnormality.

CSSAuthorizationException

See Also:

CSSAPIIF.getUserByIdentity(Map, CSSPrincipalIF, String)

getUsers

public CSSUserIF[] getUsers(java.util.Map context,
                            CSSPrincipalIF principal,
                            java.lang.String userName,
                            java.lang.String firstName,
                            java.lang.String lastName)
                     throws CSSIllegalArgumentException,
                            com.hyperion.css.common.configuration.CSSConfigurationException,
                            CSSCommunicationException,
                            CSSException

Description copied from interface: CSSAPIIF

Get a user based on a user name , firstName and lastName match. All the attributes are absolute and required. The way this is evaluated is as follows (in LDAP parlance):

 (&(userName="gkhanna")(firstName="Gaurav")(lastName="khanna") )
 

This can be explained as simply the AND of all the arguments.

The context can specify the following:

1. locale

These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

Wildcards should not be used in the arguments of this method. No guarantee is made for the behavior of this method if wildcards are part of the arguments.

Also, reserved characters for different directory servers are not directly supported.The caller needs to escape them in the appropriate way for the underlying directory store.

Only the users matching the filter AND are authorized for view by the specified principal will be returned. An empty array will be returned if there are no users matching the filter OR principal is not authorized to view them.

Specified by:

getUsers in interface CSSAPIIF

Parameters:

context - Map structure holding key-value information about locale.

principal - CSSPrincipal identifying the user requesting information. Cannot be null.

userName - String argument representing the user login name.

firstName - The user's first name, with appended middle name if one exists.

lastName - The user's last name.

Returns:

CSSUserIF[] - empty if there is no match

Throws:

CSSException - - if there was any other abnormality.

com.hyperion.css.common.configuration.CSSConfigurationException - - if the configuration specified is not valid.

CSSIllegalArgumentException - - if there is an argument that is inappropriate.

CSSCommunicationException

See Also:

CSSAPIIF.getUsersByName(Map, String, String), CSSAPIIF.getUsers(Map, String)

isDelegatedModeON

public static boolean isDelegatedModeON()

getHubLocation

public static java.lang.String getHubLocation()

storeTicket

protected void storeTicket(java.lang.String key,
                           java.lang.String ticket)
                    throws CSSException

Write the ticket into the store. This needs to be encrypted before writing.

Throws:

CSSException

login

public CSSLoginUserIF login(java.util.Map context,
                            java.lang.String username,
                            java.lang.String password,
                            java.lang.String[] applicationIds)
                     throws CSSException

Description copied from interface: CSSAPIIF

Authenticates the specified username against the specified password with the providers configured in the security system. This method return a composite login user object that returns pre-computed list of groups and roles for the specified applications. The implementation of this method has been tuned for login performance and is recommended to be used for login use case.

The context can specify the following:

1. Host info
2. locale

These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

The host info (ip-address/hostname) is required for auditing purposes.

An empty or null value for applicationId will return empty results for group and roles listing.

Specified by:

login in interface CSSAPIIF

Parameters:

context - - Map structure holding key-value information about locale, host info

username - - name of the user to be authenticated.

password - - password for the user to be authenticated.

applicationIds - - array of application ids to check the roles and group info on.

Returns:

CSSUserIF - this contains the token string that can be used to single-sign-on.

Throws:

CSSException - - one of the following exception will be thrown.

CSSNoProviderException - if no provider exists with the name specified.

CSSIllegalArgumentException - if there is an argument that is inappropriate.

CSSAuthenticationException - If there was a match for the user but the credentials were incorrect.

CSSConfigurationException - if the configuration specified is not valid.

CSSPasswordExpiryWarning - if the users password is expiring in a few days (Native User only).

CSSPasswordExpiredException - if the users password has expired (Native User only).

CSSException - if there was any other abnormality.

loginSapTicket

public CSSLoginUserIF loginSapTicket(java.util.Map context,
                                     java.lang.String sapTicket,
                                     java.lang.String[] applicationIds)
                              throws CSSException

Description copied from interface: CSSAPIIF

Authenticates the specified sap ticket against the providers configured in the security system.

This method return a composite login user object that returns pre-computed list of groups and roles for the specified applications. The implementation of this method has been tuned for login performance and is recommended to be used for login use case.

The context can specify the following:

1. Host info
2. locale

These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

The host info (ip-address/hostname) is required for auditing purposes.

An empty or null value for applicationId will return empty results for group and roles listing.

Specified by:

loginSapTicket in interface CSSAPIIF

Parameters:

context - - Map structure holding key-value information about locale, host info

sapTicket - - SAP ticket that will be used for authentication.

applicationIds - - array of application ids to check the roles and group info on.

Returns:

CSSUserIF - this contains the token string that can be used to single-sign-on.

Throws:

CSSException - - one of the following exception will be thrown.

CSSNoProviderException - if no provider exists with the name specified.

CSSIllegalArgumentException - if there is an argument that is inappropriate.

CSSAuthenticationException - If there was a match for the user but the credentials were incorrect.

CSSConfigurationException - if the configuration specified is not valid.

CSSException - if there was any other abnormality.

loginSecurityAgent

public CSSLoginUserIF loginSecurityAgent(java.util.Map context,
                                         javax.servlet.http.HttpServletRequest request,
                                         java.lang.String[] applicationIds)
                                  throws CSSException

Description copied from interface: CSSAPIIF

Authenticates by parsing the username and password if available from the specified HTTP Servlet Request. If password is not present the providers will be treated as trusted and will check only for the validity of the username derived from the HTTP request.

This method return a composite login user object that returns pre-computed list of groups and roles for the specified applications. The implementation of this method has been tuned for login performance and is recommended to be used for login use case.

The context can specify the following:

1. Host info
2. locale

These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

The host info (ip-address/hostname) is required for auditing purposes.

An empty or null value for applicationId will return empty results for group and roles listing.

Specified by:

loginSecurityAgent in interface CSSAPIIF

Parameters:

context - - Map structure holding key-value information about locale, host info

request - - The HTTP Servlet Request containing information about the username and password.

applicationIds - - array of application ids to check the roles and group info on.

Returns:

CSSUserIF - this contains the token string that can be used to single-sign-on.

Throws:

CSSException - - one of the following exception will be thrown.

CSSNoProviderException - if no provider exists with the name specified.

CSSIllegalArgumentException - if there is an argument that is inappropriate.

CSSAuthenticationException - If there was a match for the user but the credentials were incorrect.

CSSConfigurationException - if the configuration specified is not valid.

CSSPasswordExpiryWarning - if the users password is expiring in a few days (Native User only).

CSSPasswordExpiredException - if the users password has expired (Native User only).

CSSException - if there was any other abnormality.

loginToken

public CSSLoginUserIF loginToken(java.util.Map context,
                                 java.lang.String token,
                                 java.lang.String[] applicationIds)
                          throws CSSException

Description copied from interface: CSSAPIIF

Authenticates the specified sso_token against the providers configured in the security system. This method return a composite login user object that returns pre-computed list of groups and roles for the specified applications. The implementation of this method has been tuned for login performance and is recommended to be used for login use case.

The context can specify the following:

1. Host info
2. locale

These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used.

The host info (ip-address/hostname) is required for auditing purposes.

An empty or null value for applicationId will return empty results for group and roles listing.

Specified by:

loginToken in interface CSSAPIIF

Parameters:

context - - Map structure holding key-value information about locale, host info

token - - CSS token to be used for authentication.

applicationIds - - array of application ids to check the roles and group info on.

Returns:

CSSUserIF - this contains the token string that can be used to single-sign-on.

Throws:

CSSException - - one of the following exception will be thrown.

CSSNoProviderException - if no provider exists with the name specified.

CSSIllegalArgumentException - if there is an argument that is inappropriate.

CSSAuthenticationException - If there was a match for the user but the credentials were incorrect.

CSSTokenNotAcceptedException - if the token was not based on a provider for this application.

CSSTokenNotAvailableException - if the token could not be contructed.

CSSInvalidIdentityException - if the identity encapsulated in the token was invalid.

CSSConfigurationException - if the configuration specified is not valid.

CSSPasswordExpiryWarning - if the users password is expiring in a few days (Native User only).

CSSPasswordExpiredException - if the users password has expired (Native User only).

CSSException - if there was any other abnormality.

getGroupsByIdentities

public CSSGroupIF[] getGroupsByIdentities(java.util.Map context,
                                          java.lang.String[] identities)

Description copied from interface: CSSAPIIF

Return an Array for a CSSGroupIF objects for an array of group identities.

Note: This method does not refine the list if the delegated mode is on, this method is to get CSSGroupIF objects for given entries.

Specified by:

getGroupsByIdentities in interface CSSAPIIF

Parameters:

context - A map object that holds the context information.

identities - An array of non null string identities.

Returns:

An Array of CSSGroupIF objects for every identity that could be sucessfully resolved.

initialize

public void initialize(java.util.Map context,
                       CSSApplicationIF appCallback)
                throws com.hyperion.css.common.configuration.CSSConfigurationException,
                       CSSIllegalArgumentException,
                       CSSCommunicationException,
                       CSSException

Deprecated. (non-Javadoc)

Description copied from interface: CSSAPIIF

Initializes the security platform by specifying the callback into the application.

The context can specify the following:

1. Locale
2. The text that is prepended to the log messages
3. Configuration cache behavior settings(e.g., PRP_CACHE_SCHEME_CACHE_PATH)
4. The specification whether the Hub Server is local or not.
5. CSSAPIIF.FORCE_DEPENDENCY_CHECK flag forcing the dependency check.

These properties are discussed in the field description. Please note that if the locale is not specified, the default locale set for the system is used. Also, the Hub Server is assumed to be remote by default.

There are two types of tests on the configuration performed by this method:

1. Static Configuration Tests: This implies tests on the structure and validity of the configuration file.
2. Dynamic Configuration Tests: This implies tests on the correct execution of the providers based on the configuration provided. For instance: a test connection would be created to the underlying data store to determine the validity of the configuration. If a connection cannot be made to the directory store then the validity of the configuration cannot be confirmed and no exception is thrown.

Specified by:

initialize in interface CSSAPIIF

Parameters:

appCallback - Handle passed by the application implementation to the security platform, providing a way for the security platform to send information back to the calling application.

Returns:

void

Throws:

CSSIllegalArgumentException - - if there is an argument that is inappropriate.

com.hyperion.css.common.configuration.CSSConfigurationException - - if the configuration specified is not valid in terms of static tests or the configuration is not valid in terms of dynamic tests.

CSSException - - if there was any other abnormality

CSSCommunicationException

See Also:

CSSAPIIF.initialize(java.util.Map, com.hyperion.css.application.CSSApplicationIF)

getGroupByIdentity

public CSSGroupIF getGroupByIdentity(java.util.Map context,
                                     java.lang.String identity)
                              throws CSSNoProviderException,
                                     CSSIllegalArgumentException,
                                     CSSInvalidIdentityException,
                                     CSSInvalidGroupException,
                                     com.hyperion.css.common.configuration.CSSConfigurationException,
                                     CSSCommunicationException,
                                     CSSException

Specified by:

getGroupByIdentity in interface CSSAPIIF

Throws:

CSSNoProviderException

CSSIllegalArgumentException

CSSInvalidIdentityException

CSSInvalidGroupException

com.hyperion.css.common.configuration.CSSConfigurationException

CSSCommunicationException

CSSException

getGroups

public CSSGroupIF[] getGroups(java.util.Map context,
                              java.lang.String groupName)
                       throws CSSIllegalArgumentException,
                              com.hyperion.css.common.configuration.CSSConfigurationException,
                              CSSCommunicationException,
                              CSSException

Specified by:

getGroups in interface CSSAPIIF

Throws:

CSSIllegalArgumentException

com.hyperion.css.common.configuration.CSSConfigurationException

CSSCommunicationException

CSSException

getUserByEmail

public CSSUserIF getUserByEmail(java.util.Map context,
                                java.lang.String email)
                         throws CSSIllegalArgumentException,
                                com.hyperion.css.common.configuration.CSSConfigurationException,
                                CSSCommunicationException,
                                CSSException

Specified by:

getUserByEmail in interface CSSAPIIF

Throws:

CSSIllegalArgumentException

com.hyperion.css.common.configuration.CSSConfigurationException

CSSCommunicationException

CSSException

getUserByIdentity

public CSSUserIF getUserByIdentity(java.util.Map context,
                                   java.lang.String identity)
                            throws CSSNoProviderException,
                                   CSSInvalidIdentityException,
                                   CSSInvalidUserException,
                                   CSSIllegalArgumentException,
                                   com.hyperion.css.common.configuration.CSSConfigurationException,
                                   CSSCommunicationException,
                                   CSSException

Specified by:

getUserByIdentity in interface CSSAPIIF

Throws:

CSSNoProviderException

CSSInvalidIdentityException

CSSInvalidUserException

CSSIllegalArgumentException

com.hyperion.css.common.configuration.CSSConfigurationException

CSSCommunicationException

CSSException

getUsers

public CSSUserIF[] getUsers(java.util.Map context,
                            java.lang.String username)
                     throws CSSIllegalArgumentException,
                            com.hyperion.css.common.configuration.CSSConfigurationException,
                            CSSCommunicationException,
                            CSSException

Specified by:

getUsers in interface CSSAPIIF

Throws:

CSSIllegalArgumentException

com.hyperion.css.common.configuration.CSSConfigurationException

CSSCommunicationException

CSSException

getUsers

public CSSUserIF[] getUsers(java.util.Map context,
                            java.lang.String userName,
                            java.lang.String firstName,
                            java.lang.String lastName)
                     throws CSSIllegalArgumentException,
                            com.hyperion.css.common.configuration.CSSConfigurationException,
                            CSSCommunicationException,
                            CSSException

Specified by:

getUsers in interface CSSAPIIF

Throws:

CSSIllegalArgumentException

com.hyperion.css.common.configuration.CSSConfigurationException

CSSCommunicationException

CSSException

getUsersByName

public CSSUserIF[] getUsersByName(java.util.Map context,
                                  java.lang.String firstName,
                                  java.lang.String lastName)
                           throws CSSIllegalArgumentException,
                                  com.hyperion.css.common.configuration.CSSConfigurationException,
                                  CSSCommunicationException,
                                  CSSException

Specified by:

getUsersByName in interface CSSAPIIF

Throws:

CSSIllegalArgumentException

com.hyperion.css.common.configuration.CSSConfigurationException

CSSCommunicationException

CSSException