Skip navigation links

Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.fatwire.wem.sso
Class SSOSession

java.lang.Object
  extended by com.fatwire.wem.sso.SSOSession

public class SSOSession
extends java.lang.Object

Single Sign session. This class is the single entry point for the Single Sign On functionality in WEM. It exposes numerous methods are used in different deployment scenarios to perform login request or to retrieve current assertion (object describing current user). See documentation for individual method for details.

Method Summary
 SSOAssertion getAssertion()
          If the current application is protected by SSO filter, this method will return the assertion object describing the current logged in user.
 java.lang.String getMultiTicket()
          If the current application is protected by SSO filter, use this method to get a ticket, which could be used to perform REST calls from Java code.
 java.lang.String getMultiTicket(java.lang.String username, java.lang.String password)
          Use this method when the current application is not protected by SSO filter and the authenticated REST call should be performed.
 com.fatwire.wem.sso.SSOValidator getMultiticketValidator()
          Get the interface address for the multi-ticket validator.
 java.lang.String getProviderType()
          If the current application is protected by SSO filter, this method will return the identifier for the provider so client code can recognize and implement provider code variations.
 com.fatwire.wem.sso.SSOValidator getProxyTicketValidator(javax.servlet.http.HttpServletRequest request, java.lang.Object pgt)
           
 java.lang.String getSignoutUrl()
          Returns URL, which could be used to perform Single Sign Out.
 java.lang.String getSignoutUrl(java.lang.String callbackUrl)
          Returns URL, which could be used to perform Single Sign Out.
 java.lang.String getTicket(java.lang.String service)
          If the current application is protected by SSO filter, use this method to generate a ticket, which could be used to perform REST calls from Java code.
 java.lang.String getTicket(java.lang.String service, java.lang.String username, java.lang.String password)
          Use this method when the current application is not protected by SSO filter and the authenticated REST call should be performed.
 com.fatwire.wem.sso.SSOValidator getTicketValidator()
          Get the interface address for the ticket validator.
 void invalidate(java.lang.String ticket, java.lang.String service)
          Given a validator interface address, invalidate the ticket for the related service.
 boolean isProxyTickets()
          Determines whether proxying feature is turned on or off.
 boolean isUseMultiTickets()
          Determines whether support for multi tickets is enabled.
 SSOAssertion validate(com.fatwire.wem.sso.SSOValidator validator, java.lang.String ticket, java.lang.String service)
          Given a validator interface address, validate the ticket for the related service.

 

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

 

Method Detail

getAssertion

public SSOAssertion getAssertion()
                          throws SSOException
If the current application is protected by SSO filter, this method will return the assertion object describing the current logged in user. If the application is not using SSO filter, then null value is returned.
Returns:
assertion object if present or null otherwise.
Throws:
SSOException - if processing error occurs.

getProviderType

public java.lang.String getProviderType()
If the current application is protected by SSO filter, this method will return the identifier for the provider so client code can recognize and implement provider code variations. If the application is not using SSO filter, then null value is returned. Supported providers are "cas" and "oam".
Returns:
provider type if present or null otherwise.

getTicket

public java.lang.String getTicket(java.lang.String service)
                           throws SSOException
If the current application is protected by SSO filter, use this method to generate a ticket, which could be used to perform REST calls from Java code. This method performs the 'proxying' of a ticket, received by a client browser to be used in Java code. If this application was accessed using not using 'ticket', but 'multiticket' parameter (usually happens only programmatically), then SSOException is thrown. In such a case SSOSession.getMultiTicket() method should be used instead. The resulting ticket must be acquired per each REST resource URL and could only be used once. It's up to an application developer to decide to use either 'ticket' or 'multiticket' parameter, when calling REST resource URL.
Parameters:
service - REST resource URL for which to generate a ticket.
Returns:
ticket string.
Throws:
SSOException - if any error occurs during the ticket generation phase.

getMultiTicket

public java.lang.String getMultiTicket()
                                throws SSOException
If the current application is protected by SSO filter, use this method to get a ticket, which could be used to perform REST calls from Java code. Proxying mechanism doesn't allow to generate multi tickets from security considerations. If this application was accessed not using 'ticket', but 'multiticket' parameter (usually happens only programmatically), then the stored multi ticket will be returned, otherwise an exception will be thrown. The resulting multi ticket could be used to perform numerous REST calls till it expires (HTTP 403 error is returned, which results to an exception to be thrown in the API). After that multi ticket must be re-acquired. It's up to an application developer to decide to use either 'ticket' or 'multiticket' parameter, when calling REST resource URL.
Returns:
ticket string.
Throws:
SSOException - if any error occurs during the ticket generation phase.

getTicket

public java.lang.String getTicket(java.lang.String service,
                                  java.lang.String username,
                                  java.lang.String password)
                           throws SSOException
Use this method when the current application is not protected by SSO filter and the authenticated REST call should be performed. This method returns a ticket per REST resource, which could only be used once. It's up to an application developer to decide to use either 'ticket' or 'multiticket' parameter, when calling REST resource URL.
Parameters:
service - REST resource URL for which to generate a ticket.
username - user name.
password - password.
Returns:
ticket string.
Throws:
SSOException - if any error occurs during the ticket generation phase.

getMultiTicket

public java.lang.String getMultiTicket(java.lang.String username,
                                       java.lang.String password)
                                throws SSOException
Use this method when the current application is not protected by SSO filter and the authenticated REST call should be performed. This method acquires a multi ticket, which could be used to perform numerous REST calls till it expires (HTTP 403 error is returned, which results to an assertion to be thrown in the API). After that multi ticket must be re-acquired. It's up to an application developer to decide to use either 'ticket' or 'multiticket' parameter, when calling REST resource URL.
Parameters:
username - user name.
password - password.
Returns:
multi ticket string.
Throws:
SSOException - if any error occurs during the ticket generation phase.

getSignoutUrl

public java.lang.String getSignoutUrl()
                               throws SSOException
Returns URL, which could be used to perform Single Sign Out.
Returns:
single sign out URL
Throws:
SSOException

getSignoutUrl

public java.lang.String getSignoutUrl(java.lang.String callbackUrl)
                               throws SSOException
Returns URL, which could be used to perform Single Sign Out. Upon the sign out operation completion, the HTTP redirect will performed to the supplied URL.
Parameters:
callbackUrl - URL where to redirect to upon sign out completion.
Returns:
single sign out URL
Throws:
SSOException

isUseMultiTickets

public boolean isUseMultiTickets()
                          throws SSOException
Determines whether support for multi tickets is enabled.
Returns:
true if multi tickets are supported or false otherwise.
Throws:
SSOException

isProxyTickets

public boolean isProxyTickets()
                       throws SSOException
Determines whether proxying feature is turned on or off. Proxying should be set off for the last servers in the call chain to prevent making unnecessary network calls.
Returns:
'true' if proxying is enabled or 'false' otherwise.
Throws:
SSOException

getProxyTicketValidator

public com.fatwire.wem.sso.SSOValidator getProxyTicketValidator(javax.servlet.http.HttpServletRequest request,
                                                                java.lang.Object pgt)
                                                         throws SSOException
Returns:
Throws:
SSOException

getTicketValidator

public com.fatwire.wem.sso.SSOValidator getTicketValidator()
                                                    throws SSOException
Get the interface address for the ticket validator. The ticket validator is used to perform validation of a service ticket.
Returns:
Throws:
SSOException

getMultiticketValidator

public com.fatwire.wem.sso.SSOValidator getMultiticketValidator()
                                                         throws SSOException
Get the interface address for the multi-ticket validator. The multi-ticket validator is used to perform validation of a service ticket that is used multiple times.
Returns:
Throws:
SSOException

validate

public SSOAssertion validate(com.fatwire.wem.sso.SSOValidator validator,
                             java.lang.String ticket,
                             java.lang.String service)
                      throws SSOException
Given a validator interface address, validate the ticket for the related service. If the ticket is valid then a SSOAssertion object is returned. Otherwise the SSOException is thrown.
Returns:
Throws:
SSOException

invalidate

public void invalidate(java.lang.String ticket,
                       java.lang.String service)
                throws SSOException
Given a validator interface address, invalidate the ticket for the related service. If the ticket is valid then nothing is returned. Otherwise the SSOException is thrown.
Throws:
SSOException

Skip navigation links

Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.