oracle.security.am.asdk

Class PseudoUserSession

java.lang.Object

oracle.security.am.asdk.BaseUserSession

oracle.security.am.asdk.PseudoUserSession

All Implemented Interfaces:

java.lang.Cloneable

public final class PseudoUserSession
extends BaseUserSession
implements java.lang.Cloneable

PseudoUserSession provides a way to authenticate and authorize without establishing and maintaining a specific corresponding user session in the OAM 11g Server. It supports similar operations that one can perform with user session and has similar constructs but does not actually establish any session at the server.

PseudoUserSession could be used when a requirement is to just validate the credentials of the user or get user authorized for a given resource without really establishing the sesion.
It also can be used to prevent accumulation of multiple sessions for a single user.

The class provides a constructor that allows either to perform a one time authentication or a one-time authentication and authorization. This constructor takes a ResourceRequest object, a Hashtable of credentials, and a flag to indicate whether a one time authentication or authentication plus authorization is required. The ResourceRequest object determines the authentication scheme that is to be applied to the credentials to authenticate the user. The ResourceRequest object also determines other aspects of authentication policy such as success or failure action

Field Summary

Fields inherited from class oracle.security.am.asdk.BaseUserSession

AGID, AWAITINGLOGIN, ERR_AUTHN_PLUGIN_DENIED, ERR_AUTHN_TOKEN_EXPIRED, ERR_DENY, ERR_IDLE_TIMEOUT, ERR_INCONCLUSIVE, ERR_INSUFFICIENT_LEVEL, ERR_INVALID_CERTIFICATE, ERR_MOD_USER_FAILED, ERR_NEED_MORE_DATA, ERR_NO_USER, ERR_NOT_LOGGED_IN, ERR_PASSWORD_CHANGE_ON_RESET, ERR_PASSWORD_EXPIRED, ERR_SESSION_TIMEOUT, ERR_UNKNOWN, ERR_USER_LOCKED_OUT, ERR_USER_REVOKED, ERR_WRONG_PASSWORD, EXPIRED, LOGGED_OUT_SESSION_TOKEN, LOGGEDIN, LOGGEDOUT, LOGINFAILED, m_accessClient, m_actionsArray, m_actionTypes, m_authUser, m_error, m_errString, m_getActionTypeReturn, m_lastUseTime, m_lazyload, m_level, m_localAccessClient, m_location, m_logger, m_sessionId, m_sessionValid, m_startTime, m_status, m_tokenLongestIdleTime, m_tokenMaxIdleTime, m_userIdentity, OK, p_error

Constructor Summary

Constructors

Constructor and Description
PseudoUserSession(AccessClient aClient, ResourceRequest resReq, java.util.Hashtable credentials, boolean authorize) Constructs a PseudoUserSession object with specified parameters.
PseudoUserSession(AccessClient aClient, ResourceRequest resReq, java.util.Hashtable credentials, boolean authorize, java.lang.String location) Constructs a PseudoUserSession object with specified parameters.
PseudoUserSession(LocalAccessClient aClient, ResourceRequest resReq, java.util.Hashtable credentials, boolean authorize) Constructs a PseudoUserSession object with specified parameters.
PseudoUserSession(ResourceRequest resReq, java.util.Hashtable credentials, boolean authorize) Constructs a PseudoUserSession object with specified parameters.
PseudoUserSession(ResourceRequest resReq, java.util.Hashtable credentials, boolean authorize, java.lang.String location) Constructs a PseudoUserSession object with specified parameters.

Method Summary

Modifier and Type	Method and Description
protected boolean	isAuthorized(ResourceRequest resReq, ValNameList pRActions, boolean allrActions, ObAAAStatus opStatus)

Methods inherited from class oracle.security.am.asdk.BaseUserSession

clearActions, getAction, getActions, getActionTypes, getCustomError, getError, getErrorMessage, getLevel, getLocation, getNumberOfActions, getStatus, getUserIdentity, isAuthorized, isAuthorized, setActions, setLocation, validateIPAddress

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PseudoUserSession

public PseudoUserSession(ResourceRequest resReq,
                         java.util.Hashtable credentials,
                         boolean authorize,
                         java.lang.String location)
                  throws AccessException

Constructs a PseudoUserSession object with specified parameters.

Parameters:

resReq - Resource Request object representing a requested resource.

credentials - Hashtable containing the key/value pairs of String type.

• userid : Required for Basic and Form AuthenticationScheme
• password : Required for Basic and Form AuthenticationScheme
  In case of Form AuthenticationScheme username and password are challenge parameters of AuthenticationScheme.
  For Basic AuthenticationScheme username and password are "userid" and "password"
• certificate : Required for Certificate AuthenticationScheme. The value for this certificate key should be Base64 Encoded string which represent a valid X.509 certificate.
• ip (Optional) : IP address, in dotted notation, of the client accessing the resource
• operation (Optional) : Operation attempted on the resource. For HTTP resources, one of GET,POST,PUT,HEAD,DELETE, TRACE,OPTIONS,CONNECT,OTHER.
• resource (Optional) : The requested resource identifier. For HTTP resources, the full URL.
• targethost (Optional) : The host (host:port) to which resource request is sent.
  One or more of the optional parameters above may be required by certain authentication schemes, modules, or plugins as configured in the OAM server. Refer to your OAM server configuration and documentation to determine which parameters to supply.

authorize - indicates whether one time authentication is required or authenticate and authorize

location - IP address of the client as specified by the application.

Throws:

AccessException - If errors occur during object creation

PseudoUserSession

public PseudoUserSession(AccessClient aClient,
                         ResourceRequest resReq,
                         java.util.Hashtable credentials,
                         boolean authorize,
                         java.lang.String location)
                  throws AccessException

Constructs a PseudoUserSession object with specified parameters.

Parameters:

aClient - AccessClient object to be used for perfoming operations.

resReq - Resource Request object representing a requested resource.

credentials - Hashtable containing the key/value pairs of String type.

• userid : Required for Basic and Form AuthenticationScheme
• password : Required for Basic and Form AuthenticationScheme
  In case of Form AuthenticationScheme username and password are challenge parameters of AuthenticationScheme.
  For Basic AuthenticationScheme username and password are "userid" and "password"
• certificate : Required for Certificate AuthenticationScheme. The value for this certificate key should be Base64 Encoded string which represent a valid X.509 certificate.
• ip (Optional) : IP address, in dotted notation, of the client accessing the resource
• operation (Optional) : Operation attempted on the resource. For HTTP resources, one of GET,POST,PUT,HEAD,DELETE, TRACE,OPTIONS,CONNECT,OTHER.
• resource (Optional) : The requested resource identifier. For HTTP resources, the full URL.
• targethost (Optional) : The host (host:port) to which resource request is sent.
  One or more of the optional parameters above may be required by certain authentication schemes, modules, or plugins as configured in the OAM server. Refer to your OAM server configuration and documentation to determine which parameters to supply.

authorize - indicates whether one time authentication is required or authenticate and authorize

location - IP address of the client as specified by the application.

Throws:

AccessException - If errors occur during object creation

PseudoUserSession

public PseudoUserSession(ResourceRequest resReq,
                         java.util.Hashtable credentials,
                         boolean authorize)
                  throws AccessException

Constructs a PseudoUserSession object with specified parameters.

Parameters:

resReq - Resource Request object representing a requested resource.

credentials - Hashtable containing the key/value pairs of String type.

• userid : Required for Basic and Form AuthenticationScheme
• password : Required for Basic and Form AuthenticationScheme
  In case of Form AuthenticationScheme username and password are challenge parameters of AuthenticationScheme.
  For Basic AuthenticationScheme username and password are "userid" and "password"
• certificate : Required for Certificate AuthenticationScheme. The value for this certificate key should be Base64 Encoded string which represent a valid X.509 certificate.
• ip (Optional) : IP address, in dotted notation, of the client accessing the resource
• operation (Optional) : Operation attempted on the resource. For HTTP resources, one of GET,POST,PUT,HEAD,DELETE, TRACE,OPTIONS,CONNECT,OTHER.
• resource (Optional) : The requested resource identifier. For HTTP resources, the full URL.
• targethost (Optional) : The host (host:port) to which resource request is sent.
  One or more of the optional parameters above may be required by certain authentication schemes, modules, or plugins as configured in the OAM server. Refer to your OAM server configuration and documentation to determine which parameters to supply.

authorize - indicates whether one time authentication is required or authenticate and authorize

Throws:

AccessException - If errors occur during object creation

PseudoUserSession

public PseudoUserSession(AccessClient aClient,
                         ResourceRequest resReq,
                         java.util.Hashtable credentials,
                         boolean authorize)
                  throws AccessException

Constructs a PseudoUserSession object with specified parameters.

Parameters:

aClient - AccessClient object to be used for perfoming operations.

resReq - Resource Request object representing a requested resource.

credentials - Hashtable containing the key/value pairs of String type.

• userid : Required for Basic and Form AuthenticationScheme
• password : Required for Basic and Form AuthenticationScheme
  In case of Form AuthenticationScheme username and password are challenge parameters of AuthenticationScheme.
  For Basic AuthenticationScheme username and password are "userid" and "password"
• certificate : Required for Certificate AuthenticationScheme. The value for this certificate key should be Base64 Encoded string which represent a valid X.509 certificate.
• ip (Optional) : IP address, in dotted notation, of the client accessing the resource
• operation (Optional) : Operation attempted on the resource. For HTTP resources, one of GET,POST,PUT,HEAD,DELETE, TRACE,OPTIONS,CONNECT,OTHER.
• resource (Optional) : The requested resource identifier. For HTTP resources, the full URL.
• targethost (Optional) : The host (host:port) to which resource request is sent.
  One or more of the optional parameters above may be required by certain authentication schemes, modules, or plugins as configured in the OAM server. Refer to your OAM server configuration and documentation to determine which parameters to supply.

authorize - indicates whether one time authentication is required or authenticate and authorize

Throws:

AccessException - If errors occur during object creation

PseudoUserSession

public PseudoUserSession(LocalAccessClient aClient,
                         ResourceRequest resReq,
                         java.util.Hashtable credentials,
                         boolean authorize)
                  throws AccessException

Constructs a PseudoUserSession object with specified parameters.

Parameters:

aClient - AccessClient object to be used for perfoming operations.

resReq - Resource Request object representing a requested resource.

credentials - Hashtable containing the key/value pairs of String type.

• userid : Required for Basic and Form AuthenticationScheme
• password : Required for Basic and Form AuthenticationScheme
  In case of Form AuthenticationScheme username and password are challenge parameters of AuthenticationScheme.
  For Basic AuthenticationScheme username and password are "userid" and "password"
• certificate : Required for Certificate AuthenticationScheme. The value for this certificate key should be Base64 Encoded string which represent a valid X.509 certificate.
• ip (Optional) : IP address, in dotted notation, of the client accessing the resource
• operation (Optional) : Operation attempted on the resource. For HTTP resources, one of GET,POST,PUT,HEAD,DELETE, TRACE,OPTIONS,CONNECT,OTHER.
• resource (Optional) : The requested resource identifier. For HTTP resources, the full URL.
• targethost (Optional) : The host (host:port) to which resource request is sent.
  One or more of the optional parameters above may be required by certain authentication schemes, modules, or plugins as configured in the OAM server. Refer to your OAM server configuration and documentation to determine which parameters to supply.

authorize - indicates whether one time authentication is required or authenticate and authorize

Throws:

AccessException - If errors occur during object creation

Method Detail

isAuthorized

protected boolean isAuthorized(ResourceRequest resReq,
                               ValNameList pRActions,
                               boolean allrActions,
                               ObAAAStatus opStatus)
                        throws AccessException

Overrides:

isAuthorized in class BaseUserSession

Throws:

AccessException