Skip navigation links

com.oblix.access
Interface ObUserSessionInterface

All Known Implementing Classes:

ObUserSession

Deprecated. Defines an Interface for the class that represents an authenticated user.

public interface ObUserSessionInterface

ObUserSession object represents an authenticated user. A user session object is initially created through a constructor that authenticates the user. This constructor takes an ObResourceRequest object and an ObMap of credentials. The resource request determines the authentication scheme that is to be applied to the credentials to authenticate the user. The resource request also determines other aspects of authentication policy: success or failure actions and audit rules.

A session token string is a serialized representation of the user session. An user session object can be constructed from a valid session token, and a session token can be generated from a user session object.

Elements of a user session object are

• the user identity, for example, the DN of the user's profile entry in a directory,
• the level of the authentication scheme used to authenticate the user,
• the location (IP address) of the user's client,
• a session start time set when the user authenticated,
• a last use time set each time a user request is authorized,
• actions set during authentication and authorization according to policies,
• the status of session (logged in, logged out, login
• failed, or expired), and
• an error number from the most recent authentication or authorization.

The isAuthorized() method determines if the user is authorized to request an operation against a resource. Results of the authorization can be obtained through ObUserSession methods: an error number if the authorization failed, and authorization success or failure policy actions (name-value pairs). For simplicity, a redirection URL action is returned with the name redirectionUrl). An authorization audit record may be generated as specified by the audit rule associated with the resource request.

Method Summary

void	clearActions() Deprecated. Clears all information pertaining to actions that was retrieved as part of previous authentication or authorization operation.
void	finalize() Deprecated. Cleans up native ObUserSession objects.
java.lang.String	getAction(java.lang.String actionType, java.lang.String actionName) Deprecated. Returns action corresponding to the action name and type specified.
java.util.Hashtable	getActions(java.lang.String actionType) Deprecated. Returns hashtable containing actions in the form of name/value pairs of String type for specified actionType.
java.lang.String[]	getActionTypes() Deprecated. Returns string array of all the action types returned by the OAM server as part of authentication or authorization.
int	getError() Deprecated. Returns the error number from the most recent authentication or authorization failure Error
java.lang.String	getErrorMessage() Deprecated. Returns the detailed error message for the authentication or authorization failure
int	getLastUseTime() Deprecated. Returns the time in seconds from Jan 1 1970 till the most recent user request was authorized.
int	getLevel() Deprecated. Returns the level of authentication scheme used to authenticate the user
java.lang.String	getLocation() Deprecated. Returns the IP address of the user's client
int	getNumberOfActions(java.lang.String actionType) Deprecated. Returns number of actions of the specified type that are returned by OAM server as part of authentication or authorization.
java.lang.String	getSessionToken() Deprecated. Returns the serialized representation of user session
int	getStartTime() Deprecated. Returns time in seconds from Jan 1 1970 till authenticated user session was started.
int	getStatus() Deprecated. Provides integer value representing the current status of the session.
java.lang.String	getUserIdentity() Deprecated. Returns the DN of the user's profile entry in the user directory.
boolean	isAuthorized(ObResourceRequest res) Deprecated. Checks if the user is authorized to request an operation for a particular resource
boolean	isAuthorized(ObResourceRequest res, java.util.Hashtable parameters) Deprecated. Checks if the user is authorized to request an operation for a particular resource
void	logoff() Deprecated. Logs off the authenticated user and terminates the session
void	setLocation(java.lang.String location) Deprecated. Sets the IP address of the user's client

Method Detail

getUserIdentity

java.lang.String getUserIdentity()
                                 throws ObAccessException

Deprecated.

Returns the DN of the user's profile entry in the user directory.

Returns:

DN of the user's profile entry

Throws:

ObAccessException - If error occurs during operation

getLevel

int getLevel()
             throws ObAccessException

Deprecated.

Returns the level of authentication scheme used to authenticate the user

Returns:

Authentication scheme level

Throws:

ObAccessException - If error occurs during operation

getLocation

java.lang.String getLocation()
                             throws ObAccessException

Deprecated.

Returns the IP address of the user's client

Returns:

IP address of the user's client

Throws:

ObAccessException - If error occurs during operation

setLocation

void setLocation(java.lang.String location)

Deprecated.

Sets the IP address of the user's client

getStartTime

int getStartTime()
                 throws ObAccessException

Deprecated.

Returns time in seconds from Jan 1 1970 till authenticated user session was started. This value is used to determine when a session expires.

Returns:

Time in seconds from Jan 1 1970 till authenticated user session was started.

Throws:

ObAccessException - If failed to retrieve session information

getLastUseTime

int getLastUseTime()
                   throws ObAccessException

Deprecated.

Returns the time in seconds from Jan 1 1970 till the most recent user request was authorized. This value is used to determine when an idle session expires.

Returns:

Time in seconds from Jan 1 1970 till the most recent user request was authorized.

Throws:

ObAccessException - In case if operation fails.

getNumberOfActions

int getNumberOfActions(java.lang.String actionType)

Deprecated.

Returns number of actions of the specified type that are returned by OAM server as part of authentication or authorization. The actions are the responses that OAM server returns after authentication and authorization. The actions that are returned during authentication or authorization depends on policies configured in the OAM server.

Each resource type defines the following set of action types: cookie, headervar and redirecturl for http resources.

Parameters:

actionType - type of action to be retrieved. If this is left NULL, the default is headervar.

Returns:

Number of actions of the specified type that are associated with the specified user session

getActions

java.util.Hashtable getActions(java.lang.String actionType)

Deprecated.

Returns hashtable containing actions in the form of name/value pairs of String type for specified actionType. The actions are the responses that OAM server returns after authentication and authorization. The actions that are returned during authentication or authorization depends on policies configured in the OAM server.

Each resource type defines the following set of action types: cookie, headervar and redirecturl for http resources. The redirecturl action type indicates the url where the user should be redirected to for successful or failed authentication or authorization. To retrieve the redirection url set action type to "redirecturl".

Parameters:

actionType - type of action to be retrieved. If this is left NULL, the default is "headervar".

Returns:

Hashtable containing actions in the form of name/value pairs of String type.

getAction

java.lang.String getAction(java.lang.String actionType,
                           java.lang.String actionName)

Deprecated.

Returns action corresponding to the action name and type specified. The actions are the responses that OAM server returns after authentication and authorization. The actions that are returned during authentication or authorization depends on policies configured in the OAM server.

Each resource type defines the following set of action types: cookie, headervar and redirecturl for http resources. The redirecturl action type indicates the url where the user should be redirected to for successful or failed authentication or authorization. To retrieve the redirection url set action type to "redirecturl" and name to "HTTP_REDIRECT".

Parameters:

actionType - type of action to be retrieved. If this is left NULL, the default is headervar.

actionName - name of the action to be retrieved.

Returns:

Action corresponding to the action name and type specified.

getActionTypes

java.lang.String[] getActionTypes()

Deprecated.

Returns string array of all the action types returned by the OAM server as part of authentication or authorization. The actions are the responses that OAM server returns after authentication and authorization. The actions that are returned during authentication or authorization depends on policies configured in the OAM server.

Each resource type defines the following set of action types: cookie, headervar and redirecturl for http resources.

Returns:

String array of all the action types returned by the OAM server as part of authentication or authorization.

clearActions

void clearActions()

Deprecated.

Clears all information pertaining to actions that was retrieved as part of previous authentication or authorization operation. The actions are the responses that OAM server returns after authentication and authorization. The actions that are returned during authentication or authorization depends on policies configured in the OAM server.

getStatus

int getStatus()

Deprecated.

Provides integer value representing the current status of the session. The return value of this function can be checked against below constants exposed by this class.

• 0 for AWAITINGLOGIN
• 1 for LOGGEDIN
• 2 for LOGGEDOUT
• 3 for LOGINFAILED
• 4 for EXPIRED

Returns:

Status information of this user session

getError

int getError()

Deprecated.

Returns the error number from the most recent authentication or authorization failure Error

Returns:

Error number for error condition.

getErrorMessage

java.lang.String getErrorMessage()

Deprecated.

Returns the detailed error message for the authentication or authorization failure

Returns:

Error message describing error condition.

isAuthorized

boolean isAuthorized(ObResourceRequest res)
                     throws ObAccessException

Deprecated.

Checks if the user is authorized to request an operation for a particular resource

Parameters:

res - resource object being checked for authorization

Returns:

Boolean true if authorization succeeds.

Throws:

ObAccessException - In case a failure occurs during the operation

isAuthorized

boolean isAuthorized(ObResourceRequest res,
                     java.util.Hashtable parameters)
                     throws ObAccessException

Deprecated.

Checks if the user is authorized to request an operation for a particular resource

Parameters:

res - resource object being checked for authorization

parameters - Hashtable of name-value pairs of String type required by These parameters are required if the authorization policy requires additional information to perform authorization. The parameters that are required for authorization can be obtained by using getAuthorizationParameters method of ObResourceRequest

Returns:

Boolean true if authorization succeeds.

Throws:

ObAccessException - In case a failure occurs during the operation

getSessionToken

java.lang.String getSessionToken()

Deprecated.

Returns the serialized representation of user session

Returns:

String representing user session.

logoff

void logoff()

Deprecated.

Logs off the authenticated user and terminates the session

finalize

void finalize()

Deprecated.

Cleans up native ObUserSession objects. It is recommended that applications using Access Server API use finalize() methods for the resources that are no longer in use, instead of relying on Java Garbage Collection.

Skip navigation links