Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
SAP NetWeaver 2004S SPS 09
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
com.sap.engine.interfaces.security.auth

Class AbstractLoginModule

java.lang.Object
  extended bycom.sap.engine.interfaces.security.auth.AbstractLoginModule
All Implemented Interfaces:
LoginModule
public abstract class AbstractLoginModule
extends Object
implements LoginModule

Does login module common work. Here is an example how it can be used:

public class TemplateLoginModule extends com.sap.engine.interfaces.security.auth.AbstractLoginModule { public void initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options) { super.initialize (subject, callbackHandler, sharedState, options); ... } public boolean login() throws javax.security.auth.login.LoginException { ... < Retrieve the user credentials via the callback handler. > ... // After the user name is known, an update of the user info from the persistance should be made. // The operation must be done before the user credentils checks. // This method also checks the user name so that if user with such name does not exist in // the active user store, a java.lang.SecurityException is thrown. refreshUserInfo(); ... try { < check the user credentials > } catch (Exception e) { throwUserLoginException(e); } // Only one and exactly one login module from the stack must put the user name in the shared // state. This user name is considered to represent the authenticated user. For example if the // login is successful, method getRemoteUser() of the HTTP request will retrieve exactly this name. if (sharedState.get(AbstractLoginModule.NAME) == null) { sharedState.put(AbstractLoginModule.NAME, ); nameSet = true; } successful = true; return true; } public boolean commit() throws javax.security.auth.login.LoginException { ... if (successful) { // The principals that are added to the subject should implement java.security.Principal. // You can use the class com.sap.engine.lib.security.Principal for this purpose. < add principals and credentials to the subject > ... // If the login is successful, then the principal corresponding to the ( the // same user name that has been added to shared state ) must be added in the shared state // too. This principal is considered to be the main principal representing the user. For // example, this principal will be retrieved from method getUserPrincipal() of HTTP request. if (nameSet) { sharedState.put(AbstractLoginModule.PRINCIPAL, ); } } ... } public boolean abort() throws javax.security.auth.login.LoginException { ... } public boolean logout() throws javax.security.auth.login.LoginException { ... < remove principals and credentials from subject > ... }

Field Summary
protected static String NAME
           
static String PRINCIPAL
           
 
Constructor Summary
AbstractLoginModule()
           
 
Method Summary
abstract  boolean abort()
           
 boolean changePasswordIfNeeded(String userName, CallbackHandler callbackHandler)
          Deprecated. This functionality is moved to the login context.
 boolean changePasswordIfNeeded(UserContext userContext, UserInfo userInfo, CallbackHandler callbackHandler)
          Deprecated. This functionality is moved to the login context.
 boolean changePasswordIfNeeded(X509Certificate certificate, CallbackHandler callbackHandler)
          Deprecated. This functionality is moved to the login context.
protected  void checkUserLockStatus(String userName)
          Deprecated. This functionality is moved to the login context.
protected  void checkUserLockStatus(UserContext userContext, UserInfo userInfo)
          Deprecated. This functionality is moved to the login context.
protected  void checkUserLockStatus(X509Certificate certificate)
          Deprecated. This functionality is moved to the login context.
abstract  boolean commit()
           
 void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
          Initialises its shared state.
 boolean isUserAccountExpired(String userName)
          Deprecated. This functionality is moved to the login context.
 boolean isUserAccountExpired(UserInfo userInfo, UserContext userContext)
          Deprecated. This functionality is moved to the login context.
abstract  boolean login()
           
protected  void logMessage(byte severity, String message)
          Writes a message to the log sistem, using the category and location, specified in security service.
abstract  boolean logout()
           
protected  void logThrowable(byte severity, Throwable throwable)
          Logs an exception, using the category and location, specified in security service.
 void refreshUserInfo(String userName)
          Refresh the specified user's entry in the user store cache.
static void setLoginModuleHelper(LoginModuleHelper helper)
          Inicialization method that is used only in security service.
protected  void throwNewLoginException(String message)
          This method is for throwing exceptions if the user credentials are not correct.
protected  void throwNewLoginException(String message, byte cause)
          This method is for throwing exceptions if the user credentials are not correct.
protected  void throwUserLoginException(Exception exception)
          This method is for exceptions caused by the caller.
protected  void throwUserLoginException(Exception exception, byte cause)
          This method is for exceptions caused by the caller.
protected  void writeLogonStatistics(boolean successful, String userName, long timeStamp, Map sharedState)
          Deprecated. This functionality is moved to the login context.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

PRINCIPAL

public static final String PRINCIPAL
See Also:
Constant Field Values

NAME

protected static final String NAME
See Also:
Constant Field Values
Constructor Detail

AbstractLoginModule

public AbstractLoginModule()
Method Detail

setLoginModuleHelper

public static void setLoginModuleHelper(LoginModuleHelper helper)
Inicialization method that is used only in security service.

Parameters:
helper - - helping class that provides the functionality of the other methods.

checkUserLockStatus

protected void checkUserLockStatus(String userName)
                            throws LoginException
Deprecated. This functionality is moved to the login context.

Checks user lock status. If user is not locked, returns silently, otherwise throws LoginException.

Parameters:
userName - - the name of the user whose lock status is being chacked
Throws:
LoginException - - if the user is locked. The exception is always with message "User is locked."

checkUserLockStatus

protected void checkUserLockStatus(X509Certificate certificate)
                            throws LoginException
Deprecated. This functionality is moved to the login context.

Checks user lock status. If user is not locked, returns silently, otherwise throws LoginException.

Parameters:
certificate - - the certificate that identifies the user whose lock status is being chacked
Throws:
LoginException - - if the user is locked. The exception is always with message "User is locked."

checkUserLockStatus

protected void checkUserLockStatus(UserContext userContext,
                                   UserInfo userInfo)
                            throws LoginException
Deprecated. This functionality is moved to the login context.

Checks user lock status. If user is not locked, returns silently, otherwise throws LoginException.

Parameters:
userContext - - the user context of the active user store
userInfo - - the user info of the user whose lock status is being chacked
Throws:
LoginException - - if the user is locked. The exception is always with message "User is locked."

changePasswordIfNeeded

public boolean changePasswordIfNeeded(String userName,
                                      CallbackHandler callbackHandler)
                               throws LoginException
Deprecated. This functionality is moved to the login context.

Checks if a password change is required and if so, requests the client to provide a new password.

Parameters:
userName - - the name of the user whose password validity is being chacked
callbackHandler - - the callback handler to handle the callbacks
Returns:
- true if the user password is not expired, false - otherwise
Throws:
LoginException - - if the supplied new password is not acceptable.

changePasswordIfNeeded

public boolean changePasswordIfNeeded(X509Certificate certificate,
                                      CallbackHandler callbackHandler)
                               throws LoginException
Deprecated. This functionality is moved to the login context.

Checks if a password change is required and if so, requests the client to provide a new password.

Parameters:
certificate - - the certificate of the user whose password validity is being chacked
callbackHandler - - the callback handler to handle the callbacks
Returns:
- true if the user password is not expired, false - otherwise
Throws:
LoginException - - if the supplied new password is not acceptable.

changePasswordIfNeeded

public boolean changePasswordIfNeeded(UserContext userContext,
                                      UserInfo userInfo,
                                      CallbackHandler callbackHandler)
                               throws LoginException
Deprecated. This functionality is moved to the login context.

Checks if a password change is required and if so, requests the client to provide a new password.

Parameters:
userContext - - the user context of the active user store
userInfo - - the user info of the user whose password validity is being chacked
callbackHandler - - the callback handler to handle the callbacks
Returns:
- true if the user password is not expired, false - otherwise
Throws:
LoginException - - if the supplied new password is not acceptable.

isUserAccountExpired

public boolean isUserAccountExpired(String userName)
                             throws LoginException
Deprecated. This functionality is moved to the login context.

Checks if the user account is valid according to the values of its VALID_FROM and VALID_TO parameters.

Parameters:
userName - - the name of the user.
Returns:
true if the account is not valid, false otherwise.
Throws:
LoginException - - if some exception occurs in the process of verification.

isUserAccountExpired

public boolean isUserAccountExpired(UserInfo userInfo,
                                    UserContext userContext)
                             throws LoginException
Deprecated. This functionality is moved to the login context.

Checks if the user account is valid according to the values of its VALID_FROM and VALID_TO parameters.

Parameters:
userInfo - - the name of the user.
userContext - - the user context of the active user store
Returns:
true if the account is not valid, false otherwise.
Throws:
LoginException - - if some exception occurs in the process of verification.

refreshUserInfo

public void refreshUserInfo(String userName)
                     throws LoginException
Refresh the specified user's entry in the user store cache.

Parameters:
userName - the name of the user.
Throws:
LoginException - if the refresh failed.

writeLogonStatistics

protected void writeLogonStatistics(boolean successful,
                                    String userName,
                                    long timeStamp,
                                    Map sharedState)
Deprecated. This functionality is moved to the login context.

Writes user logon statistics, such as logon date and logon count, to the database.

Parameters:
successful - - specifies if the login is successful
userName - - the name of the user who has attempred to login himself.
timeStamp - - the time when the user has attempted to login written in milliseconds
sharedState - - the shared state map of the login module which has procesed the login

logMessage

protected void logMessage(byte severity,
                          String message)
Writes a message to the log sistem, using the category and location, specified in security service.

Parameters:
severity - - the log level of the message
message - - the message to be logged

logThrowable

protected void logThrowable(byte severity,
                            Throwable throwable)
Logs an exception, using the category and location, specified in security service.

Parameters:
severity - - the log level
throwable - - the exception to be logged

throwNewLoginException

protected void throwNewLoginException(String message)
                               throws LoginException
This method is for throwing exceptions if the user credentials are not correct. The method logs a message and then throws a new javax.security.auth.login.LoginException with message "Access Denied!".

Parameters:
message - - the message to be logged.
Throws:
LoginException - - always throws LoginException with message "Access Denied!"

throwNewLoginException

protected void throwNewLoginException(String message,
                                      byte cause)
                               throws LoginException
This method is for throwing exceptions if the user credentials are not correct. The method logs a message and then throws a new javax.security.auth.login.LoginException with message "Access Denied!".

Parameters:
message - - the message to be logged.
Throws:
LoginException - - always throws LoginException with message "Access Denied!"

throwUserLoginException

protected void throwUserLoginException(Exception exception)
                                throws LoginException
This method is for exceptions caused by the caller. The method logs the exception and then throws a new javax.security.auth.login.LoginException with message "Access Denied!".

Parameters:
exception - - the exception to be logged.
Throws:
LoginException - - always throws LoginException with message "Access Denied!"

throwUserLoginException

protected void throwUserLoginException(Exception exception,
                                       byte cause)
                                throws LoginException
This method is for exceptions caused by the caller. The method logs the exception and then throws a new javax.security.auth.login.LoginException with message "Access Denied!".

Parameters:
exception - - the exception to be logged.
Throws:
LoginException - - always throws LoginException with message "Access Denied!"

initialize

public void initialize(Subject subject,
                       CallbackHandler callbackHandler,
                       Map sharedState,
                       Map options)
Initialises its shared state.

Specified by:
initialize in interface LoginModule

login

public abstract boolean login()
                       throws LoginException
Specified by:
login in interface LoginModule
Throws:
LoginException

commit

public abstract boolean commit()
                        throws LoginException
Specified by:
commit in interface LoginModule
Throws:
LoginException

abort

public abstract boolean abort()
                       throws LoginException
Specified by:
abort in interface LoginModule
Throws:
LoginException

logout

public abstract boolean logout()
                        throws LoginException
Specified by:
logout in interface LoginModule
Throws:
LoginException
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
SAP NetWeaver 2004S SPS 09
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright 2006 SAP AG Complete Copyright Notice