|
xmlBlaster 2.2.0 API | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.xmlBlaster.authentication.plugins.htpasswd.Session
public class Session
This implements the session AND the subject interface in the same class and supports simple authorization.
Example password configuration:
guest:yZ24stvIel1j6:connect,disconnect,publish(tennis;sailing) admin:yZ24stvIel1j6:!erase other:yZ24stvIel1j6:! subscribe,unSubscribe all:yZ24stvIel1j6::[userName] : [cryptedPassword] : [optional authorization]
HtPasswd
,
The security.htpasswd requirementField Summary | |
---|---|
protected boolean |
authenticated
|
protected ConnectQosServer |
connectQosServer
|
private Global |
glob
|
protected HtPasswd |
htpasswd
|
private static java.util.logging.Logger |
log
|
protected java.lang.String |
loginName
|
private java.lang.String |
ME
|
protected java.lang.String |
passwd
|
protected Manager |
secMgr
|
protected java.lang.String |
secretSessionId
|
Constructor Summary | |
---|---|
Session(Manager sm,
java.lang.String sessionId)
|
Method Summary | |
---|---|
void |
changeSecretSessionId(java.lang.String sessionId)
The current implementation of the user session handling (especially Authenticate.connect(org.xmlBlaster.engine.qos.ConnectQosServer, String) )
cannot provide a real sessionId when this object is created. |
MsgUnitRaw |
exportMessage(CryptDataHolder dataHolder)
Encrypt, sign, seal an outgoing message. |
I_Manager |
getManager()
How controls this session? |
java.lang.String |
getName()
Get the subjects login-name. |
java.lang.String |
getSecretSessionId()
Return the id of this session. |
I_Subject |
getSubject()
Get the owner of this session. |
MsgUnitRaw |
importMessage(CryptDataHolder dataHolder)
Decrypt, check, unseal etc an incomming message. |
ConnectQosServer |
init(ConnectQosServer connectQos,
java.util.Map map)
Initialize the session with useful information. |
java.lang.String |
init(I_SecurityQos securityQos)
Initialize the Session for a login or connect call. |
java.lang.String |
interceptExeptionByAuthorizer(java.lang.Throwable throwable,
SessionHolder sessionHolder,
DataHolder dataHolder)
If an exception occurrs after successful authorization the security framework has the chance to suppress the exception by returning a return QOS |
boolean |
isAuthorized(SessionHolder sessionHolder,
DataHolder dataHolder)
Check if this subject instance is permitted to do something |
boolean |
verify(I_SecurityQos securityQos)
Allows to check the given securityQos again. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
private java.lang.String ME
private final Global glob
private static java.util.logging.Logger log
protected Manager secMgr
protected java.lang.String secretSessionId
protected boolean authenticated
protected HtPasswd htpasswd
protected java.lang.String loginName
protected java.lang.String passwd
protected ConnectQosServer connectQosServer
Constructor Detail |
---|
public Session(Manager sm, java.lang.String sessionId) throws XmlBlasterException
XmlBlasterException
Method Detail |
---|
public ConnectQosServer init(ConnectQosServer connectQos, java.util.Map map) throws XmlBlasterException
I_Session
Is called before I_Session.init(I_SecurityQos)
which does the authentication
init
in interface I_Session
connectQos
- The current login informationmap
- Additional information, is currently null
XmlBlasterException
public java.lang.String init(I_SecurityQos securityQos) throws XmlBlasterException
init
in interface I_Session
String
- The SecurityQos object containing the credentials, e.g. loginName/passwd
XmlBlasterException
- Thrown (in this case) if the user doesn't
exist or the passwd is incorrect.#init(String)
public boolean verify(I_SecurityQos securityQos)
I_Session
Note:
verify
in interface I_Session
I_Session.verify(I_SecurityQos)
public java.lang.String getName()
I_Subject
getName
in interface I_Subject
public boolean isAuthorized(SessionHolder sessionHolder, DataHolder dataHolder)
I_Session
isAuthorized
in interface I_Session
sessionHolder
- Holding information about the subject which requires rightsdataHolder
- Holding information about the data which shall be accessed
EXAMPLE:
isAuthorized("publish", "thisIsAMessageKey");
The above line checks if this subject is permitted to >>publish<<
a message under the key >>thisIsAMessageKey<<
Known action keys:
publish, subscribe, get, erase, ...public void changeSecretSessionId(java.lang.String sessionId) throws XmlBlasterException
I_Session
Authenticate.connect(org.xmlBlaster.engine.qos.ConnectQosServer, String)
)
cannot provide a real sessionId when this object is created. Thus, it
uses a temporary id first and changes it to the real in a later step.The purpose of this method is to enable this functionality.
changeSecretSessionId
in interface I_Session
XmlBlasterException
- Thrown if the new sessionId is already in use.public java.lang.String getSecretSessionId()
I_Session
getSecretSessionId
in interface I_Session
public I_Subject getSubject()
I_Session
getSubject
in interface I_Session
public I_Manager getManager()
I_Session
getManager
in interface I_Session
public MsgUnitRaw importMessage(CryptDataHolder dataHolder) throws XmlBlasterException
I_MsgSecurityInterceptor
importMessage
in interface I_MsgSecurityInterceptor
dataHolder
- A container holding the MsgUnitRaw and some additional informations
XmlBlasterException
- Thrown i.e. if the message has been modifiedI_MsgSecurityInterceptor.exportMessage(CryptDataHolder)
public MsgUnitRaw exportMessage(CryptDataHolder dataHolder) throws XmlBlasterException
I_MsgSecurityInterceptor
exportMessage
in interface I_MsgSecurityInterceptor
dataHolder
- A container holding the MsgUnitRaw and some additional informations
XmlBlasterException
- Thrown if the message cannot be processedI_MsgSecurityInterceptor.importMessage(CryptDataHolder)
public java.lang.String interceptExeptionByAuthorizer(java.lang.Throwable throwable, SessionHolder sessionHolder, DataHolder dataHolder)
I_Session
A dummy implementation should always return null!
A dead message can be produced like this:
SessionInfo sessionInfo = sessionHolder.getSessionInfo(); try { return sessionInfo.getMsgErrorHandler().handleErrorSync(new MsgErrorInfo(glob, sessionInfo.getSessionName(), dataHolder.getMsgUnit(), throwable)); } catch (XmlBlasterException e) { e.printStackTrace(); return null; }
interceptExeptionByAuthorizer
in interface I_Session
|
xmlBlaster 2.2.0 API | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |