org.xmlBlaster.authentication.plugins
Interface I_Session

All Superinterfaces:

I_MsgSecurityInterceptor

All Known Implementing Classes:

Session, Session, Session, Session

public interface I_Session
extends I_MsgSecurityInterceptor

Author:

W. Kleinertz

Method Summary

void	changeSecretSessionId(java.lang.String sessionId) The current implementation of the user session handling (especially Authenticate.connect(org.xmlBlaster.engine.qos.ConnectQosServer, String)) cannot provide a real sessionId when this object is created.
I_Manager	getManager() How controls this session?
java.lang.String	getSecretSessionId() Return the id of this session.
I_Subject	getSubject() Get the owner of this session.
ConnectQosServer	init(ConnectQosServer connectQos, java.util.Map map) Initialize the session with useful information.
java.lang.String	init(I_SecurityQos securityQos) Initialize a new session and do the credential check.
java.lang.String	interceptExeptionByAuthorizer(java.lang.Throwable throwable, SessionHolder sessionHolder, DataHolder dataHolder) If an exception occurrs after successful authorization the security framework has the chance to suppress the exception by returning a return QOS
boolean	isAuthorized(SessionHolder sessionHolder, DataHolder dataHolder) Check if this subject instance is permitted to do something
boolean	verify(I_SecurityQos securityQos) Allows to check the given securityQos again.

Methods inherited from interface org.xmlBlaster.authentication.plugins.I_MsgSecurityInterceptor

exportMessage, importMessage

Method Detail

init

ConnectQosServer init(ConnectQosServer connectQos,
                      java.util.Map map)
                      throws XmlBlasterException

Initialize the session with useful information.

Is called before init(I_SecurityQos) which does the authentication

Parameters:

connectQos - The current login information

map - Additional information, is currently null

Returns:

the connectQos we got, can be manipulated

Throws:

XmlBlasterException

init

java.lang.String init(I_SecurityQos securityQos)
                      throws XmlBlasterException

Initialize a new session and do the credential check.
E.g.: An implementation could include authentication etc.

Parameters:

String - The already parsed QoS. The meaning will be defined by the real implementation.

Returns:

String Like the securityQos param, but the other direction.

Throws:

XmlBlasterException - The initialization failed (key exchange, authentication ... failed)

See Also:

#init(String)

verify

boolean verify(I_SecurityQos securityQos)
               throws XmlBlasterException

Allows to check the given securityQos again.

Note:

• This call does not modify anything in the I_Session implementation.
• The init() method must have been invoked before, otherwise we return false

Parameters:

String - The already parsed QoS. The meaning will be defined by the real implementation.

Returns:

true If the credentials are OK
false If access is denied

Throws:

XmlBlasterException

getSubject

I_Subject getSubject()

Get the owner of this session.

Parameters:

I_Subject - The owner.

getManager

I_Manager getManager()

How controls this session?

Returns:

I_Manager

changeSecretSessionId

void changeSecretSessionId(java.lang.String sessionId)
                           throws XmlBlasterException

The current implementation of the user session handling (especially Authenticate.connect(org.xmlBlaster.engine.qos.ConnectQosServer, String)) cannot provide a real sessionId when this object is created. Thus, it uses a temporary id first and changes it to the real in a later step.

The purpose of this method is to enable this functionality.

Parameters:

String - The new sessionId.

Throws:

XmlBlasterException - Thrown if the new sessionId is already in use.

getSecretSessionId

java.lang.String getSecretSessionId()

Return the id of this session.

Parameters:

String - The sessionId.

isAuthorized

boolean isAuthorized(SessionHolder sessionHolder,
                     DataHolder dataHolder)

Check if this subject instance is permitted to do something

Parameters:

sessionHolder - Holding information about the subject which requires rights

dataHolder - Holding information about the data which shall be accessed EXAMPLE: isAuthorized("publish", "thisIsAMessageKey"); The above line checks if this subject is permitted to >>publish<< a message under the key >>thisIsAMessageKey<< Known action keys: publish, subscribe, get, erase, ...

interceptExeptionByAuthorizer

java.lang.String interceptExeptionByAuthorizer(java.lang.Throwable throwable,
                                               SessionHolder sessionHolder,
                                               DataHolder dataHolder)

If an exception occurrs after successful authorization the security framework has the chance to suppress the exception by returning a return QOS

A dummy implementation should always return null!

A dead message can be produced like this:

 SessionInfo sessionInfo = sessionHolder.getSessionInfo();
        try {
                return sessionInfo.getMsgErrorHandler().handleErrorSync(new MsgErrorInfo(glob, sessionInfo.getSessionName(), dataHolder.getMsgUnit(), throwable));
        } catch (XmlBlasterException e) {
                e.printStackTrace();
                return null;
        }
 

Parameters:

sessionHolder -

dataHolder -

throwable -

Returns:

if null, this call has no influence, usually the exception is thrown back to the client. if not null the string is returned to the client. Can be useful for dumb clients which don't know what to do with the exception. In this case the security framework should handle the message itself, e.g. send it as dead message or forward it to another place.