com.sun.identity.authentication
Class AuthContext

java.lang.Object
  |
  +--com.sun.identity.authentication.AuthContext

public class AuthContext

extends java.lang.Object

The AuthContext provides the implementation for authenticating users.

A typical caller instantiates this class and starts the login process. The caller then obtains an array of Callback objects, which contains the information required by the authentication plug-in module. The caller requests information from the user. On receiving the information from the user, the caller submits the same to this class. If more information is required, the above process continues until all the information required by the plug-ins/authentication modules, has been supplied. The caller then checks if the user has successfully been authenticated. If successfully authenticated, the caller can then get the Subject and SSOToken for the user; if not successfully authenticated, the caller obtains the LoginException.

The implementation supports authenticating users either locally i.e., in process with all authentication modules configured or remotely to an authentication service/framework. (See documentation to configure in either of the modes).

Inner Class Summary

static class	AuthContext.IndexType The class IndexType defines the possible kinds of "objects" or "resources" for which an authentication can be performed.
static class	AuthContext.Status The class Status defines the possible authentication states during the login process.

Constructor Summary

AuthContext(SSOToken ssoToken)
To obtain an instance of AuthContext for a given organization name, or sub organization name contained in the SSOToken.

AuthContext(java.lang.String orgName)
To obtain an instance of AuthContext for a given organization name, or sub organization name.

AuthContext(java.lang.String orgName, java.lang.String nickName)
To obtain an instance of AuthContext for a given organization name, or sub organization name and a nick name for the certificate to be used in SSL handshake if client auth is turn on in the server side.

AuthContext(java.lang.String orgName, java.lang.String nickName, java.net.URL url)
To obtain an instance of AuthContext for a given organization name, or sub organization name, a nick name for the certificate to be used in SSL handshake if client auth is turn on in the server side and the Identity Server URL.

AuthContext(java.lang.String orgName, java.net.URL url)
To obtain an instance of AuthContext for a given organization name, or sub organization name and the Identity Server URL.

Method Summary

void	abort() Terminates an ongoing login call that has not yet completed.
javax.security.auth.login.LoginException	getLoginException() Returns login exception, if any, during the authentication process.
java.util.Set	getModuleInstanceNames() Returns authentication module/s instances (or plugins) configured for a organization, or sub-organization name that was set during the AuthContext constructor.
java.lang.String	getOrganizationName() Returns the the organization name that was set during the AuthContext constructor.
javax.security.auth.callback.Callback[]	getRequirements() Returns an array of Callback objects that must be populated by the user and returned back.
SSOToken	getSSOToken() Returns the Single-Sign-On (SSO) Token for the authenticated user.
AuthContext.Status	getStatus() Returns the current status of the authentication process as AuthContext.Status.
javax.security.auth.Subject	getSubject() Returns the set of Principals or Subject the user has been authenticated as.
boolean	hasMoreRequirements() Checks if the login process requires more information from the user to complete the authentication.
void	login() Starts the login process for the given AuthContext object.
void	login(AuthContext.IndexType type, java.lang.String indexName) Start the login process for the given AuthContext object identified by the index type and index name.
void	logout() Logs out the user and also invalidates the SSO Token associated with this AuthContext.
static void	setCertDBPassword(java.lang.String password) This method sets the password for the certificate db.
void	submitRequirements(javax.security.auth.callback.Callback[] info) Submit the populated Callback objects to the authentication plug-in modules.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthContext

public AuthContext(java.lang.String orgName)
            throws javax.security.auth.login.LoginException

To obtain an instance of AuthContext for a given organization name, or sub organization name. This organization or sub-organization name must be either "/" separated ( where it starts with "/" ) or a DN. Caller would then use login to start the authentication process and use getRequirements() and submitRequirements() to pass the credentials needed for authentication by the plugin authentication modules. The method getStatus() returns the authentication status.

Parameters:

orgName - name of the user's organization

AuthContext

public AuthContext(java.lang.String orgName,
                   java.net.URL url)
            throws javax.security.auth.login.LoginException

To obtain an instance of AuthContext for a given organization name, or sub organization name and the Identity Server URL. This organization or sub-organization name must be either "/" separated ( where it starts with "/" ) or a DN. And this "url" should specify the Identity Server protocol, host name, port to talk to. for example : "http://daye.red.iplanet.com:58080" Caller would then use login to start the authentication process and use getRequirements() and submitRequirements() to pass the credentials needed for authentication by the plugin authentication modules. The method getStatus() returns the authentication status.

Parameters:

orgName - name of the user's organization

url - URL of the Identity Server to talk to

AuthContext

public AuthContext(java.lang.String orgName,
                   java.lang.String nickName)
            throws javax.security.auth.login.LoginException

To obtain an instance of AuthContext for a given organization name, or sub organization name and a nick name for the certificate to be used in SSL handshake if client auth is turn on in the server side. This organization or sub-organization name must be either "/" separated ( where it starts with "/" ) or a DN. This constructor would be mainly used for the Certificate based authentication. If the certificate db contains multiple matching certificates for SSL, this constructor must be called in order for the desired certificate to be used for the Certificate based authentication. Caller would then use login to start the authentication process and use getRequirements() and submitRequirements() to pass the credentials needed for authentication by the plugin authentication modules. The method getStatus() returns the authentication status.

Parameters:

orgName - name of the user's organization

nickName - nick name for the certificate to be used

AuthContext

public AuthContext(java.lang.String orgName,
                   java.lang.String nickName,
                   java.net.URL url)
            throws javax.security.auth.login.LoginException

To obtain an instance of AuthContext for a given organization name, or sub organization name, a nick name for the certificate to be used in SSL handshake if client auth is turn on in the server side and the Identity Server URL. This organization or sub-organization name must be either "/" separated ( where it starts with "/" ) or a DN. And this "url" should specify the Identity Server protocol, host name, port to talk to. for example : "http://daye.red.iplanet.com:58080" This constructor would be mainly used for the Certificate based authentication. If the certificate db contains multiple matching certificates for SSL, this constructor must be called in order for the desired certificate to be used for the Certificate based authentication. Caller would then use login to start the authentication process and use getRequirements() and submitRequirements() to pass the credentials needed for authentication by the plugin authentication modules. The method getStatus() returns the authentication status.

Parameters:

orgName - name of the user's organization

nickName - nick name for the certificate to be used

url - URL of the Identity Server to talk to

AuthContext

public AuthContext(SSOToken ssoToken)
            throws javax.security.auth.login.LoginException

To obtain an instance of AuthContext for a given organization name, or sub organization name contained in the SSOToken. This constructor should be called for reauthentication of an authenticated user. SSOToken is the authenticated resource's Single-Sign-On Token. If the session properties based on the login method used matches those in the user's new authenticated session then session upgrade will be done. A new session containing properties from both old SSOToken and new session shall be returned and old session will be destroyed if authentication passes. Caller would then use login to start the authentication process and use getRequirements() and submitRequirements() to pass the credentials needed for authentication by the plugin authentication modules. The method getStatus() returns the authentication status.

Parameters:

SSOToken - ssoToken representing the resource's previous authenticated session.

Method Detail

login

public void login()
           throws javax.security.auth.login.LoginException

Starts the login process for the given AuthContext object.

Throws:

javax.security.auth.login.LoginException - if an error occured during login

login

public void login(AuthContext.IndexType type,
                  java.lang.String indexName)
           throws javax.security.auth.login.LoginException

Start the login process for the given AuthContext object identified by the index type and index name. The IndexType defines the possible kinds of "objects" or "resources" for which an authentication can be performed. Currently supported index types are users, roles, services (or application), levels and mechanism / authentication modules.

Parameters:

type - authentication index type

indexName - authentication index name

Throws:

javax.security.auth.login.LoginException - if an error occured during login

getSubject

public javax.security.auth.Subject getSubject()

Returns the set of Principals or Subject the user has been authenticated as. This should be invoked only after successful authentication. If the authentication fails or the authentication is in process, this will return null.

hasMoreRequirements

public boolean hasMoreRequirements()

Checks if the login process requires more information from the user to complete the authentication.

Returns:

true if more credentials are required from the user; false otherwise

getRequirements

public javax.security.auth.callback.Callback[] getRequirements()

Returns an array of Callback objects that must be populated by the user and returned back. These objects are requested by the authentication plug-ins, and these are usually displayed to the user. The user then provides the requested information for it to be authenticated.

Returns:

an array of callback objects requesting credentials from user

submitRequirements

public void submitRequirements(javax.security.auth.callback.Callback[] info)

Submit the populated Callback objects to the authentication plug-in modules. Called after getRequirements method and obtaining user's response to these requests.

Parameters:

info - array of Callback objects

logout

public void logout()
            throws javax.security.auth.login.LoginException

Logs out the user and also invalidates the SSO Token associated with this AuthContext.

Throws:

javax.security.auth.login.LoginException - if an error occured during logout

getLoginException

public javax.security.auth.login.LoginException getLoginException()

Returns login exception, if any, during the authentication process. Typically set when the login fails.

getSSOToken

public SSOToken getSSOToken()
                     throws java.lang.Exception

Returns the Single-Sign-On (SSO) Token for the authenticated user. If the user has not successfully authenticated Exception will be thrown. SSOToken can be used as the authenticated token.

Returns:

single-sign-on token

getStatus

public AuthContext.Status getStatus()

Returns the current status of the authentication process as AuthContext.Status.

getOrganizationName

public java.lang.String getOrganizationName()

Returns the the organization name that was set during the AuthContext constructor.

Returns:

String organizationName ( Organization Name )

getModuleInstanceNames

public java.util.Set getModuleInstanceNames()

Returns authentication module/s instances (or plugins) configured for a organization, or sub-organization name that was set during the AuthContext constructor.

Returns:

Set of Module instance names

abort

public void abort()
           throws javax.security.auth.login.LoginException

Terminates an ongoing login call that has not yet completed.

Throws:

javax.security.auth.login.LoginException - if an error occured during abort

setCertDBPassword

public static void setCertDBPassword(java.lang.String password)

This method sets the password for the certificate db. It is required to call only once to initialize certificate db if the password is not set in the password file (specified as the value for "com.iplanet.am.admin.cli.certdb.passfile" in AMConfig.properties). If both are set, this method will overwrite the value in certificate password file.

Parameters:

password - Password for the certificate db