|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.sun.identity.authentication.AuthContext
The AuthContext
provides the implementation for
authenticating users.
A typical caller instantiates this class and starts the login process.
The caller then obtains an array of Callback
objects,
which contains the information required by the authentication plug-in
module. The caller requests information from the user. On receiving
the information from the user, the caller submits the same to this class.
While more information is required, the above process continues until all
the information required by the plug-ins/authentication modules, has
been supplied. The caller then checks if the user has successfully
been authenticated. If successfully authenticated, the caller can
then get the Subject
and SSOToken
for the user;
if not successfully authenticated, the caller obtains the AuthLoginException.
The implementation supports authenticating users either locally i.e., in process with all authentication modules configured or remotely to an authentication service/framework. (See documentation to configure in either of the modes).
Inner Class Summary | |
static class |
AuthContext.IndexType
The class IndexType defines the possible
kinds of "objects" or "resources" for which an
authentication can be performed. |
static class |
AuthContext.Status
The class Status defines the possible
authentication states during the login process. |
Constructor Summary | |
AuthContext(SSOToken ssoToken)
Constructs an instance of AuthContext for a given
organization name, or sub organization name contained in the
single sign on token. |
|
AuthContext(java.lang.String orgName)
Constructs an instance of AuthContext for a given
organization name or sub organization name. |
|
AuthContext(java.lang.String orgName,
java.lang.String nickName)
Constructs an instance of AuthContext for a given
organization name, or sub organization name and a nick name
for the certificate to be used in SSL handshake if client authentication
is turn on in the server side. |
|
AuthContext(java.lang.String orgName,
java.lang.String nickName,
java.net.URL url)
Constructs an instance of AuthContext for a given
organization name, or sub organization name, a nick name
for the certificate to be used in SSL handshake if client authentication
is turn on in the server side and the Access Manager URL. |
|
AuthContext(java.lang.String orgName,
java.net.URL url)
Constructs an instance of AuthContext for a given
organization name, or sub organization name and the Access Manager URL. |
Method Summary | |
void |
abort()
Terminates an ongoing login call that has not yet completed. |
AuthLoginException |
getLoginException()
Returns login exception, if any, during the authentication process. |
java.util.Set |
getModuleInstanceNames()
Returns authentication module/s instances (or plugins) configured for a organization, or sub-organization name that was set during the AuthContext constructor. |
java.lang.String |
getOrganizationName()
Returns the the organization name that was set during the AuthContext constructor. |
javax.security.auth.callback.Callback[] |
getRequirements()
Returns an array of Callback objects that
must be populated by the user and returned back. |
javax.security.auth.callback.Callback[] |
getRequirements(boolean noFilter)
Returns an array of Callback objects that
must be populated by the user and returned back. |
SSOToken |
getSSOToken()
Returns the Single-Sign-On (SSO) Token for the authenticated user. |
AuthContext.Status |
getStatus()
Returns the current status of the authentication process as AuthContext.Status . |
javax.security.auth.Subject |
getSubject()
Returns the set of Principals or Subject the user has been authenticated as. |
boolean |
hasMoreRequirements()
Checks if the login process requires more information from the user to complete the authentication. |
boolean |
hasMoreRequirements(boolean noFilter)
Checks if the login process requires more information from the user to complete the authentication. |
void |
login()
Starts the login process for the given AuthContext object. |
void |
login(AuthContext.IndexType type,
java.lang.String indexName)
Starts the login process for the given AuthContext object
identified by the index type and index name. |
void |
logout()
Logs out the user and also invalidates the SSO Token associated with this AuthContext . |
static void |
setCertDBPassword(java.lang.String password)
Sets the password for the certificate database. |
void |
submitRequirements(javax.security.auth.callback.Callback[] info)
Submit the populated Callback objects
to the authentication plug-in modules. |
Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
public AuthContext(java.lang.String orgName) throws AuthLoginException
AuthContext
for a given
organization name or sub organization name. This organization or
sub-organization name must be either "/" separated
( where it starts with "/" ) , DN , Domain name or DNS Alias Name.
Caller would then use login
to start the
authentication process and use getRequirements()
and
submitRequirements()
to pass the credentials
needed for authentication by the plugin authentication modules.
The method getStatus()
returns the
authentication status.orgName
- name of the user's organizationAuthLoginException
- if AuthContext
creation fails.public AuthContext(java.lang.String orgName, java.net.URL url) throws AuthLoginException
AuthContext
for a given
organization name, or sub organization name and the Access Manager URL.
This organization or sub-organization name must be either "/" separated
( where it starts with "/" ) , DN , Domain name or DNS Alias Name.
And the url
should specify the Access Manager protocol,
host name, port to talk to.
for example : http://daye.red.iplanet.com:58080
Caller would then use login
to start the
authentication process and use getRequirements()
and
submitRequirements()
to pass the credentials
needed for authentication by the plugin authentication modules.
The method getStatus()
returns the
authentication status.orgName
- name of the user's organizationurl
- URL of the Access Manager to talk toAuthLoginException
- if AuthContext
creation fails.public AuthContext(java.lang.String orgName, java.lang.String nickName) throws AuthLoginException
AuthContext
for a given
organization name, or sub organization name and a nick name
for the certificate to be used in SSL handshake if client authentication
is turn on in the server side.
This organization or sub-organization name must be either "/" separated
( where it starts with "/" ) , DN , Domain name or DNS Alias Name.
This constructor would be mainly used for the Certificate based
authentication. If the certificate database contains multiple matching
certificates for SSL, this constructor must be called in order for the
desired certificate to be used for the Certificate based authentication.
Caller would then use login
to start the
authentication process and use getRequirements()
and
submitRequirements()
to pass the credentials
needed for authentication by the plugin authentication modules.
The method getStatus()
returns the
authentication status.orgName
- name of the user's organizationnickName
- nick name for the certificate to be usedAuthLoginException
- if AuthContext
creation fails.public AuthContext(java.lang.String orgName, java.lang.String nickName, java.net.URL url) throws AuthLoginException
AuthContext
for a given
organization name, or sub organization name, a nick name
for the certificate to be used in SSL handshake if client authentication
is turn on in the server side and the Access Manager URL.
This organization or sub-organization name must be either "/" separated
( where it starts with "/" ) , DN , Domain name or a DNS Alias Name.
And the url
should specify the Access Manager protocol,
host name, port to talk to.
for example : http://daye.red.iplanet.com:58080
This constructor would be mainly used for the Certificate based
authentication. If the certificate database contains multiple matching
certificates for SSL, this constructor must be called in order for the
desired certificate to be used for the Certificate based authentication.
Caller would then use login
to start the
authentication process and use getRequirements()
and
submitRequirements()
to pass the credentials
needed for authentication by the plugin authentication modules.
The method getStatus()
returns the
authentication status.orgName
- name of the user's organizationnickName
- nick name for the certificate to be usedurl
- URL of the Access Manager to talk toAuthLoginException
- if AuthContext
creation fails.public AuthContext(SSOToken ssoToken) throws AuthLoginException
AuthContext
for a given
organization name, or sub organization name contained in the
single sign on token.
This constructor should be called for re-authentication of an
authenticated user. single sign on token is the authenticated resource's
Single-Sign-On Token. If the session properties based on
the login method used matches those in the user's new
authenticated session then session upgrade will be done.
A new session containing properties from both old single sign on token
and new session shall be returned and old session will be
destroyed if authentication passes.
Caller would then use login
to start the
authentication process and use getRequirements()
and
submitRequirements()
to pass the credentials
needed for authentication by the plugin authentication modules.
The method getStatus()
returns the
authentication status.ssoToken
- single sign on token representing the resource's previous
authenticated session.AuthLoginException
- if AuthContext
creation fails.Method Detail |
public void login() throws AuthLoginException
AuthContext
object.AuthLoginException
- if an error occurred during loginpublic void login(AuthContext.IndexType type, java.lang.String indexName) throws AuthLoginException
AuthContext
object
identified by the index type and index name.
The IndexType
defines the possible kinds of "objects"
or "resources" for which an authentication can
be performed. Currently supported index types are
users, roles, services (or application), levels and
mechanism / authentication modules.type
- authentication index typeindexName
- authentication index nameAuthLoginException
- if an error occurred during loginpublic javax.security.auth.Subject getSubject()
Subject
for the authenticated User.
If the authentication fails or the authentication is in process,
this will return null
.public boolean hasMoreRequirements()
Status
after submitting the requirements.true
if more credentials are required
from the user; false
otherwisepublic boolean hasMoreRequirements(boolean noFilter)
Status
after submitting the requirements.noFilter
- boolean flag indicating whether to filter
PagePropertiesCallback
or not. Value true
will
not filter PagePropertiesCallback
.true
if more credentials are required
from the user; false
otherwisepublic javax.security.auth.callback.Callback[] getRequirements()
Callback
objects that
must be populated by the user and returned back.
These objects are requested by the authentication plug-ins,
and these are usually displayed to the user. The user then provides
the requested information for it to be authenticated.Callback
objects requesting credentials
from userpublic javax.security.auth.callback.Callback[] getRequirements(boolean noFilter)
Callback
objects that
must be populated by the user and returned back.
These objects are requested by the authentication plug-ins,
and these are usually displayed to the user. The user then provides
the requested information for it to be authenticated.noFilter
- boolean flag indicating whether to filter
PagePropertiesCallback
or not. Value true
will
not filter PagePropertiesCallback
.Callback
objects requesting credentials
from userpublic void submitRequirements(javax.security.auth.callback.Callback[] info)
Callback
objects
to the authentication plug-in modules. Called after
getRequirements
method and obtaining
user's response to these requests.info
- array of Callback
objectspublic void logout() throws AuthLoginException
AuthContext
.AuthLoginException
- if an error occurred during logoutpublic AuthLoginException getLoginException()
public SSOToken getSSOToken() throws java.lang.Exception
Exception
will be thrown.
single sign token can be used as the authenticated token.java.lang.Exception
- if the user is not authenticated or an error is
encountered in retrieving the user's single sign on token.public AuthContext.Status getStatus()
AuthContext.Status
.Status
of the authentication processpublic java.lang.String getOrganizationName()
AuthContext
constructor.AuthContext
public java.util.Set getModuleInstanceNames()
AuthContext
constructor.public void abort() throws AuthLoginException
login
call that has not yet completed.AuthLoginException
- if an error occurred during abortpublic static void setCertDBPassword(java.lang.String password)
com.iplanet.am.admin.cli.certdb.passfile
in AMConfig.properties
). If both are set, this method will
overwrite the value in certificate password file.password
- Password for the certificate database
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |