planetj.dataengine.security.http
Class GenericSignOn

java.lang.Object
  |
  +--planetj.dataengine.security.http.GenericSignOn

All Implemented Interfaces:

ISignOn, Serializable

Direct Known Subclasses:

DBCommonConnectionPoolSignOn, DBPersonalConnectionPoolSignOn, DXApplicationSignOn, OSPlusOperationSignOn, SignOnAndRegistrationSignOn, SQLOperationSignOn, TableAuthenticationSignOn, UnsecuredSignOn, UserListSignOn

public abstract class GenericSignOn

extends Object

implements ISignOn, Serializable

Provides a partial implementation of the SignOn interface. The signOff(), sessionExpired(), and isAlreadySignedOn() methods are given minimal implementations which should be sufficient for most sign on techniques which do not hold open resources during the time a user is signed on.

Author:

PlanetJ Corp.

See Also:

Serialized Form

Field Summary

Fields inherited from interface planetj.dataengine.security.http.ISignOn

GLOBAL_SIGNON_KEY_OPERATION_ID, GLOBAL_SIGNON_KEY_SYSTEM_ALIAS, TIMEOUT_SECONDS

Method Summary

String	getFailureMessage(String userid, ISecured secured, javax.servlet.http.HttpServletRequest req) Gets the message to display when a sign on fails
int	getMaximumSignOnFailures(String pUserId, ISecured pSecuredApp, javax.servlet.http.HttpServletRequest pReq) Gets the maximum number of consecutive signon failures a user is allowed.
String	getSignOnURI(ISecured secured, javax.servlet.http.HttpServletRequest request) Get the URI to call for signing on to the secured object.
boolean	isAdditionalSignOnRequired(String user, String password, ISecured secured, javax.servlet.http.HttpServletRequest req) Tests if an additional signon step is necessary.
boolean	isAlreadySignedOn(String pUserId, ISecured pSecuredApplication, javax.servlet.http.HttpServletRequest pReq) Tests if the user has signed on to the secured application already.
boolean	isUserPromptRequired(ISecured pSecuredApplication, javax.servlet.http.HttpServletRequest pReq) Tests if the user should be prompted for user id, password, etc when this class is used to sign on
void	prepareForSignOn(ISecured secured, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) If any subclasses need to do anything special before sign on, they can override this method and call it accordingly.
void	processSignOnAttemptsExhausted(ISecured secured, DataEngineServlet servlet, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res) This method is invoked when the user has failed the signon the maximum allowable times.
void	sessionExpired(SignOnReceipt pReceipt) This method is invoked when the session in which a SignOnReceipt is stored expires.
void	signOff(String pUserId, ISecured pSecuredApp, javax.servlet.http.HttpServletRequest pReq) Signs the user off of the securedapplication.
static LayoutDisplayPropertyGroup	updateProperties(LayoutDisplayPropertyGroup current, LayoutDisplayPropertyGroup newProps, javax.servlet.http.HttpServletRequest request) Deprecated. Just invoked LayoutDisplayPropertyGroup.updateProperties() instead

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface planetj.dataengine.security.http.ISignOn

signOn

Method Detail

getFailureMessage

public String getFailureMessage(String userid,
                                ISecured secured,
                                javax.servlet.http.HttpServletRequest req)
                         throws CMException

Gets the message to display when a sign on fails

Specified by:

getFailureMessage in interface ISignOn

CMException

getMaximumSignOnFailures

public int getMaximumSignOnFailures(String pUserId,
                                    ISecured pSecuredApp,
                                    javax.servlet.http.HttpServletRequest pReq)
                             throws CMException

Gets the maximum number of consecutive signon failures a user is allowed. A negative number indicates that there is no maximum

Specified by:

getMaximumSignOnFailures in interface ISignOn

CMException

getSignOnURI

public String getSignOnURI(ISecured secured,
                           javax.servlet.http.HttpServletRequest request)
                    throws CMException

Description copied from interface: ISignOn

Get the URI to call for signing on to the secured object.

Specified by:

getSignOnURI in interface ISignOn

Parameters:

secured - ISecured object being signed into

request - HttpServletRequest

CMException

isAdditionalSignOnRequired

public boolean isAdditionalSignOnRequired(String user,
                                          String password,
                                          ISecured secured,
                                          javax.servlet.http.HttpServletRequest req)
                                   throws CMException

Tests if an additional signon step is necessary. This method is only invoked after the user has submitted signon information. If they are required to submit aditional info, this method should return true

Specified by:

isAdditionalSignOnRequired in interface ISignOn

CMException

isAlreadySignedOn

public boolean isAlreadySignedOn(String pUserId,
                                 ISecured pSecuredApplication,
                                 javax.servlet.http.HttpServletRequest pReq)
                          throws CMException

Tests if the user has signed on to the secured application already.

Specified by:

isAlreadySignedOn in interface ISignOn

Parameters:

pUserId - The user id that the user may or may not be signed on as. If this parameter is null, then this method should return true if the user is signed on to the secured application with any user id. If this parameter is not null, this method should return true only if the user is signed on with this specific user id.

pSecuredApplication - The secured application to which the user may or may not be signed on

CMException

isUserPromptRequired

public boolean isUserPromptRequired(ISecured pSecuredApplication,
                                    javax.servlet.http.HttpServletRequest pReq)
                             throws CMException

Tests if the user should be prompted for user id, password, etc when this class is used to sign on

Specified by:

isUserPromptRequired in interface ISignOn

CMException

prepareForSignOn

public void prepareForSignOn(ISecured secured,
                             javax.servlet.http.HttpServletRequest request,
                             javax.servlet.http.HttpServletResponse response)
                      throws CMException

If any subclasses need to do anything special before sign on, they can override this method and call it accordingly.

Specified by:

prepareForSignOn in interface ISignOn

CMException

processSignOnAttemptsExhausted

public void processSignOnAttemptsExhausted(ISecured secured,
                                           DataEngineServlet servlet,
                                           javax.servlet.http.HttpServletRequest req,
                                           javax.servlet.http.HttpServletResponse res)
                                    throws IOException,
                                           javax.servlet.ServletException,
                                           CMException

This method is invoked when the user has failed the signon the maximum allowable times. This method is responsible for forwarding the response to the user.

Specified by:

processSignOnAttemptsExhausted in interface ISignOn

IOException

javax.servlet.ServletException

CMException

sessionExpired

public void sessionExpired(SignOnReceipt pReceipt)

This method is invoked when the session in which a SignOnReceipt is stored expires.

Specified by:

sessionExpired in interface ISignOn

signOff

public void signOff(String pUserId,
                    ISecured pSecuredApp,
                    javax.servlet.http.HttpServletRequest pReq)
             throws CMException

Signs the user off of the securedapplication. This is an optional method - it is okay to provide an empty implementation. Keep in mind that this method may never be invoked since the user may stop using the application without logging off.

Specified by:

signOff in interface ISignOn

CMException

updateProperties

public static LayoutDisplayPropertyGroup updateProperties(LayoutDisplayPropertyGroup current,
                                                          LayoutDisplayPropertyGroup newProps,
                                                          javax.servlet.http.HttpServletRequest request)

Deprecated. Just invoked LayoutDisplayPropertyGroup.updateProperties() instead