planetj.dataengine.security.http
Interface ISignOn

All Known Implementing Classes:

GenericSignOn

public interface ISignOn

A Class must implement this interface to be used as the signon mechanism for a DataEngine application. Implementors will be instantiated with their default constructor.

Only a single instance of each implementing class will be created. That instance will be stored in the ApplicationSecurityManager class and will be used to validate all users signing on to all Applications which have that sign on class.

Field Summary

static byte	GLOBAL_SIGNON_KEY_OPERATION_ID
static byte	GLOBAL_SIGNON_KEY_SYSTEM_ALIAS
static String	TIMEOUT_SECONDS

Method Summary

String	getFailureMessage(String userid, ISecured secured, javax.servlet.http.HttpServletRequest req) Gets the message to display when a sign on fails
int	getMaximumSignOnFailures(String pUserId, ISecured pSecuredApp, javax.servlet.http.HttpServletRequest pReq) Gets the maximum number of consecutive signon failures a user is allowed.
String	getSignOnURI(ISecured secured, javax.servlet.http.HttpServletRequest request) Get the URI to call for signing on to the secured object.
boolean	isAdditionalSignOnRequired(String user, String password, ISecured secured, javax.servlet.http.HttpServletRequest req) Tests if an additional signon step is necessary.
boolean	isAlreadySignedOn(String pUserId, ISecured pSecuredApplication, javax.servlet.http.HttpServletRequest pReq) Tests if the user has signed on to the secured application already.
boolean	isUserPromptRequired(ISecured pSecuredApplication, javax.servlet.http.HttpServletRequest pReq) Tests if the user should be prompted for user id, password, etc when this class is used to sign on.
void	prepareForSignOn(ISecured secured, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
void	processSignOnAttemptsExhausted(ISecured secured, DataEngineServlet servlet, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res) This method is invoked when the user has failed the signon the maximum allowable times.
void	sessionExpired(SignOnReceipt pReceipt) This method is invoked when the session in which a SignOnReceipt is stored expires.
void	signOff(String pUserId, ISecured pSecuredApp, javax.servlet.http.HttpServletRequest pReq) Signs the user off of the application.
boolean	signOn(String pUserId, String pPassword, ISecured pSecuredApplication, javax.servlet.http.HttpServletRequest pReq) Signs on to a Secured Application.

Field Detail

TIMEOUT_SECONDS

public static final String TIMEOUT_SECONDS

See Also:

Constant Field Values

GLOBAL_SIGNON_KEY_SYSTEM_ALIAS

public static final byte GLOBAL_SIGNON_KEY_SYSTEM_ALIAS

See Also:

Constant Field Values

GLOBAL_SIGNON_KEY_OPERATION_ID

public static final byte GLOBAL_SIGNON_KEY_OPERATION_ID

See Also:

Constant Field Values

Method Detail

getFailureMessage

public String getFailureMessage(String userid,
                                ISecured secured,
                                javax.servlet.http.HttpServletRequest req)
                         throws CMException

Gets the message to display when a sign on fails

CMException

getMaximumSignOnFailures

public int getMaximumSignOnFailures(String pUserId,
                                    ISecured pSecuredApp,
                                    javax.servlet.http.HttpServletRequest pReq)
                             throws CMException

Gets the maximum number of consecutive signon failures a user is allowed. A negative number indicates that there is no maximum

CMException

getSignOnURI

public String getSignOnURI(ISecured secured,
                           javax.servlet.http.HttpServletRequest request)
                    throws CMException

Get the URI to call for signing on to the secured object.

Parameters:

secured - ISecured object being signed into

request - HttpServletRequest

CMException

isAdditionalSignOnRequired

public boolean isAdditionalSignOnRequired(String user,
                                          String password,
                                          ISecured secured,
                                          javax.servlet.http.HttpServletRequest req)
                                   throws CMException

Tests if an additional signon step is necessary. This method is only invoked after the user has submitted signon information. If they are required to submit aditional info, this method should return true

CMException

isAlreadySignedOn

public boolean isAlreadySignedOn(String pUserId,
                                 ISecured pSecuredApplication,
                                 javax.servlet.http.HttpServletRequest pReq)
                          throws CMException

Tests if the user has signed on to the secured application already.

Parameters:

pUserId - The user id that the user may or may not be signed on as. If this parameter is null, then this method should return true if the user is signed on to the application with any user id. If this parameter is not null, this method should return true only if the user is signed on with this specific user id.

pSecuredApplication - The application to which the user may or may not be signed on

CMException

isUserPromptRequired

public boolean isUserPromptRequired(ISecured pSecuredApplication,
                                    javax.servlet.http.HttpServletRequest pReq)
                             throws CMException

Tests if the user should be prompted for user id, password, etc when this class is used to sign on. If this method returns false, then the signOn() method will be invoked with a null user id and password (since the user was not prompted for them).

CMException

prepareForSignOn

public void prepareForSignOn(ISecured secured,
                             javax.servlet.http.HttpServletRequest request,
                             javax.servlet.http.HttpServletResponse response)
                      throws CMException,
                             DataEngineException

CMException

DataEngineException

processSignOnAttemptsExhausted

public void processSignOnAttemptsExhausted(ISecured secured,
                                           DataEngineServlet servlet,
                                           javax.servlet.http.HttpServletRequest req,
                                           javax.servlet.http.HttpServletResponse res)
                                    throws IOException,
                                           javax.servlet.ServletException,
                                           CMException

This method is invoked when the user has failed the signon the maximum allowable times. This method is responsible for forwarding the response to the user.

IOException

javax.servlet.ServletException

CMException

sessionExpired

public void sessionExpired(SignOnReceipt pReceipt)

This method is invoked when the session in which a SignOnReceipt is stored expires. Any resources that would not otherwise be freed by an expiring session should be freed in this method. Since the session has expired (or is in the process of expiring) any information stored in the session cannot be accessed.

signOff

public void signOff(String pUserId,
                    ISecured pSecuredApp,
                    javax.servlet.http.HttpServletRequest pReq)
             throws CMException

Signs the user off of the application. This is an optional method - it is okay to provide an empty implementation. Keep in mind that this method may never be invoked since the user may stop using the application without logging off.

CMException

signOn

public boolean signOn(String pUserId,
                      String pPassword,
                      ISecured pSecuredApplication,
                      javax.servlet.http.HttpServletRequest pReq)
               throws CMException

Signs on to a Secured Application. This method is only invoked if the user has not already signed on. As part of a successful sign on, a SignOnReceipt object should be created and stored in the session using the setSignOnReceipt() method.
In addition, this method should initialize any connection pools that will be used by the secured application.

Parameters:

pUserId - The user id identifying the user signing on to the application. If the isUserPromptRequired() method returned false, then pUserId will be null

pPassword - The password for signing on to the application. If the isUserPromptRequired() method returned false, then pPassword will be null

pSecuredApplication - The Secured Application object representing the application which is being signed on to.

pReq - The HttpServletRequest representing the http request of the user. Additional sign on information can be stored as attributes in the request

Returns:

If the sign on was successful true should be returned. A return value of false or a thrown CMException indicates that the sign on failed.

CMException