| 
 | ||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Objectcom.sun.identity.authentication.AuthContext
The AuthContext provides the implementation for
 authenticating users.
 
 A typical caller instantiates this class and starts the login process.
 The caller then obtains an array of Callback objects,
 which contains the information required by the authentication plug-in
 module. The caller requests information from the user. On receiving
 the information from the user, the caller submits the same to this class.
 While more information is required, the above process continues until all
 the information required by the plug-ins/authentication modules, has
 been supplied. The caller then checks if the user has successfully
 been authenticated. If successfully authenticated, the caller can
 then get the Subject and SSOToken for the user;
 if not successfully authenticated, the caller obtains the AuthLoginException.
 
The implementation supports authenticating users either locally i.e., in process with all authentication modules configured or remotely to an authentication service/framework. (See documentation to configure in either of the modes).
| Nested Class Summary | |
| static class | AuthContext.IndexTypeThe class IndexTypedefines the possible
 kinds of "objects" or "resources" for which an
 authentication can be performed. | 
| static class | AuthContext.StatusThe class Statusdefines the possible
 authentication states during the login process. | 
| Constructor Summary | |
| AuthContext(SSOToken ssoToken)Constructs an instance of AuthContextfor a given
 organization name, or sub organization name contained in the
 single sign on token. | |
| AuthContext(java.lang.String orgName)Constructs an instance of AuthContextfor a given
 organization name or sub organization name. | |
| AuthContext(java.lang.String orgName,
            java.lang.String nickName)Constructs an instance of AuthContextfor a given
 organization name, or sub organization name and a nick name
 for the certificate to be used in SSL handshake if client authentication
 is turn on in the server side. | |
| AuthContext(java.lang.String orgName,
            java.lang.String nickName,
            java.net.URL url)Constructs an instance of AuthContextfor a given
 organization name, or sub organization name, a nick name
 for the certificate to be used in SSL handshake if client authentication
 is turn on in the server side and the Access Manager URL. | |
| AuthContext(java.lang.String orgName,
            java.net.URL url)Constructs an instance of AuthContextfor a given
 organization name, or sub organization name and the Access Manager URL. | |
| Method Summary | |
|  void | abort()Terminates an ongoing logincall that has not yet completed. | 
|  AuthLoginException | getLoginException()Returns login exception, if any, during the authentication process. | 
|  java.util.Set | getModuleInstanceNames()Returns authentication module/s instances (or plugins) configured for a organization, or sub-organization name that was set during the AuthContextconstructor. | 
|  java.lang.String | getOrganizationName()Returns the the organization name that was set during the AuthContextconstructor. | 
|  javax.security.auth.callback.Callback[] | getRequirements()Returns an array of Callbackobjects that
 must be populated by the user and returned back. | 
|  SSOToken | getSSOToken()Returns the Single-Sign-On (SSO) Token for the authenticated user. | 
|  AuthContext.Status | getStatus()Returns the current status of the authentication process as AuthContext.Status. | 
|  javax.security.auth.Subject | getSubject()Returns the set of Principals or Subject the user has been authenticated as. | 
|  boolean | hasMoreRequirements()Checks if the login process requires more information from the user to complete the authentication. | 
|  void | login()Starts the login process for the given AuthContextobject. | 
|  void | login(AuthContext.IndexType type,
      java.lang.String indexName)Starts the login process for the given AuthContextobject
 identified by the index type and index name. | 
|  void | logout()Logs out the user and also invalidates the SSO Token associated with this AuthContext. | 
| static void | setCertDBPassword(java.lang.String password)Sets the password for the certificate database. | 
|  void | submitRequirements(javax.security.auth.callback.Callback[] info)Submit the populated Callbackobjects
 to the authentication plug-in modules. | 
| Methods inherited from class java.lang.Object | 
| equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait | 
| Constructor Detail | 
public AuthContext(java.lang.String orgName)
            throws AuthLoginException
AuthContext for a given
 organization name or sub organization name. This organization or
 sub-organization name must be either "/" separated
 ( where it starts with "/" ) , DN , Domain name or DNS Alias Name.
 Caller would then use login to start the
 authentication process and use getRequirements() and
 submitRequirements() to pass the credentials
 needed for authentication by the plugin authentication modules.
 The method getStatus() returns the
 authentication status.
orgName - name of the user's organization
AuthLoginException - if AuthContext creation fails.
public AuthContext(java.lang.String orgName,
                   java.net.URL url)
            throws AuthLoginException
AuthContext for a given
 organization name, or sub organization name and the Access Manager URL.
 This organization or sub-organization name must be either "/" separated
 ( where it starts with "/" ) , DN , Domain name or DNS Alias Name.
 And the url should specify the Access Manager protocol,
 host name, port to talk to.
 for example : http://daye.red.iplanet.com:58080
 Caller would then use login to start the
 authentication process and use getRequirements() and
 submitRequirements() to pass the credentials
 needed for authentication by the plugin authentication modules.
 The method getStatus() returns the
 authentication status.
orgName - name of the user's organizationurl - URL of the Access Manager to talk to
AuthLoginException - if AuthContext creation fails.
public AuthContext(java.lang.String orgName,
                   java.lang.String nickName)
            throws AuthLoginException
AuthContext for a given
 organization name, or sub organization name and a nick name
 for the certificate to be used in SSL handshake if client authentication
 is turn on in the server side.
 This organization or sub-organization name must be either "/" separated
 ( where it starts with "/" ) , DN , Domain name or DNS Alias Name.
 This constructor would be mainly used for the Certificate based
 authentication. If the certificate database contains multiple matching
 certificates for SSL, this constructor must be called in order for the
 desired certificate to be used for the Certificate based authentication.
 Caller would then use login to start the
 authentication process and use getRequirements() and
 submitRequirements() to pass the credentials
 needed for authentication by the plugin authentication modules.
 The method getStatus() returns the
 authentication status.
orgName - name of the user's organizationnickName - nick name for the certificate to be used
AuthLoginException - if AuthContext creation fails.
public AuthContext(java.lang.String orgName,
                   java.lang.String nickName,
                   java.net.URL url)
            throws AuthLoginException
AuthContext for a given
 organization name, or sub organization name, a nick name
 for the certificate to be used in SSL handshake if client authentication
 is turn on in the server side and the Access Manager URL.
 This organization or sub-organization name must be either "/" separated
 ( where it starts with "/" ) ,  DN , Domain name or a DNS Alias Name.
 And the url should specify the Access Manager protocol,
 host name, port to talk to.
 for example : http://daye.red.iplanet.com:58080
 This constructor would be mainly used for the Certificate based
 authentication. If the certificate database contains multiple matching
 certificates for SSL, this constructor must be called in order for the
 desired certificate to be used for the Certificate based authentication.
 Caller would then use login to start the
 authentication process and use getRequirements() and
 submitRequirements() to pass the credentials
 needed for authentication by the plugin authentication modules.
 The method getStatus() returns the
 authentication status.
orgName - name of the user's organizationnickName - nick name for the certificate to be usedurl - URL of the Access Manager to talk to
AuthLoginException - if AuthContext creation fails.
public AuthContext(SSOToken ssoToken)
            throws AuthLoginException
AuthContext for a given
 organization name, or sub organization name contained in the
 single sign on token.
 This constructor should be called for re-authentication of an
 authenticated user. single sign on token is the authenticated resource's
 Single-Sign-On Token. If the session properties based on
 the login method used matches those in the user's new
 authenticated  session then session upgrade will be done.
 A new session containing properties from both old single sign on token
 and new session shall be returned and old session will be
 destroyed if authentication  passes.
 Caller would then use login to start the
 authentication process and use getRequirements() and
 submitRequirements() to pass the credentials
 needed for authentication by the plugin authentication modules.
 The method getStatus() returns the
 authentication status.
ssoToken - single sign on token representing the resource's previous
        authenticated session.
AuthLoginException - if AuthContext creation fails.| Method Detail | 
public void login()
           throws AuthLoginException
AuthContext object.
AuthLoginException - if an error occurred during login
public void login(AuthContext.IndexType type,
                  java.lang.String indexName)
           throws AuthLoginException
AuthContext object
 identified by the index type and index name.
 The IndexType defines the possible kinds of "objects"
 or "resources" for which an authentication can
 be performed. Currently supported index types are
 users, roles, services (or application), levels and
 mechanism / authentication modules.
type - authentication index typeindexName - authentication index name
AuthLoginException - if an error occurred during loginpublic javax.security.auth.Subject getSubject()
Subject for the authenticated User.
 If the authentication fails or the authentication is in process,
 this will return null.public boolean hasMoreRequirements()
true if more credentials are required
 from the user; false otherwisepublic javax.security.auth.callback.Callback[] getRequirements()
Callback objects that
 must be populated by the user and returned back.
 These objects are requested by the authentication plug-ins,
 and these are usually displayed to the user. The user then provides
 the requested information for it to be authenticated.
Callback objects requesting credentials
 from userpublic void submitRequirements(javax.security.auth.callback.Callback[] info)
Callback objects
 to the authentication plug-in modules. Called after
 getRequirements method and obtaining
 user's response to these requests.
info - array of Callback objects
public void logout()
            throws AuthLoginException
AuthContext.
AuthLoginException - if an error occurred during logoutpublic AuthLoginException getLoginException()
public SSOToken getSSOToken()
                     throws java.lang.Exception
Exception will be thrown.
 single sign token can be used as the authenticated token.
java.lang.Exception - if the user is not authenticated or an error is
 encountered in retrieving the user's single sign on token.public AuthContext.Status getStatus()
AuthContext.Status.
Status of the authentication processpublic java.lang.String getOrganizationName()
AuthContext constructor.
AuthContextpublic java.util.Set getModuleInstanceNames()
AuthContext constructor.
public void abort()
           throws AuthLoginException
login call that has not yet completed.
AuthLoginException - if an error occurred during abortpublic static void setCertDBPassword(java.lang.String password)
com.iplanet.am.admin.cli.certdb.passfile
 in AMConfig.properties). If both are set, this method will
 overwrite the value in certificate password file.
password - Password for the certificate database| 
 | ||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||