planetj.dataengine.security.http
Class HttpSecurityManager

java.lang.Object
  |
  +--planetj.dataengine.security.http.HttpSecurityManager

public class HttpSecurityManager

extends Object

Manages security for SignonableApplicatons. This is done by delagating security operations to the correct application-specific class

Author:

PlanetJ Corp.

Field Summary

static String

RECEIPT_KEY

Method Summary

Set	getAllSignOnReceipts(javax.servlet.http.HttpServletRequest req) Gets the Set of all SignOnReceipts which the user currently has
String	getFailureMessage(String userid, ISecured secured, javax.servlet.http.HttpServletRequest req) Gets the message to display when a sign on fails
SignOnReceipt	getGlobalSignOnReceipt(String pGlobalSignOnReceiptKey, javax.servlet.http.HttpServletRequest pReq) Gets the Global SignOnReceipt (if one exists) for the current system alias or operation id (which ever is the key ->pGlobalSignOnReceiptKey)
int	getOwnerId(javax.servlet.http.HttpServletRequest req) Gets the owner id from the current sign on receipt.
ISignOn	getSignOn(ISecured pSecuredApplication, boolean pCreate, javax.servlet.http.HttpServletRequest pReq) Gets the SignOn object for the user and Secured App, optionally creating a new instance if one doesn't already exist.
ISignOn	getSignOn(ISecured pSecuredApplication, javax.servlet.http.HttpServletRequest pReq) Gets the SignOn object for the user and ISecured App, creating a new instance if one doesn't already exist.
int	getSignOnFailures(String user, ISecured secured, javax.servlet.http.HttpServletRequest req) Gets the number of times the user has attempted to sign on but failed
SignOnReceipt	getSignOnReceipt(ISecured pSecuredApplication, javax.servlet.http.HttpServletRequest pReq) Gets the SignOnReceipt (if one exists) for the current user and ISecured application
String	getSignOnURI(ISecured secured, javax.servlet.http.HttpServletRequest request) Gets the SignOnReceipt (if one exists) for the current user and ISecured application
boolean	isAdditionalSignOnRequired(String user, String password, ISecured secured, javax.servlet.http.HttpServletRequest req) Tests if an additional signon step is necessary.
boolean	isAlreadySignedOn(String pUserId, ISecured pSecuredApplication, javax.servlet.http.HttpServletRequest pRequest) Tests if the user has signed on to the secured application already.
boolean	isSignOnAvailable(ISecured secured, javax.servlet.http.HttpServletRequest request) Tests if the given secured object can possible have a sign on.
boolean	isUserPromptRequired(ISecured pSecuredApplication, javax.servlet.http.HttpServletRequest pReq) Tests if the user should be prompted for user id, password, etc
void	prepareForSignOn(ISecured secured, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
void	removeSignOnReceipt(SignOnReceipt pReceipt, javax.servlet.http.HttpServletRequest pReq) Removes the SignOnReceipt for the current user and application from the session
void	resetSignOnFailures(String user, ISecured secured, javax.servlet.http.HttpServletRequest req) Resets the number of times the user has attempted to sign on but failed
void	setSignOnReceipt(ISecured pSecuredApplication, SignOnReceipt pReceipt, javax.servlet.http.HttpServletRequest pReq) Sets the SignOnReceipt for the current user and secured application
void	signOff(ISecured pSecuredApplication, javax.servlet.http.HttpServletRequest pReq) Signs the user off of the secured application.
void	signOff(String pUserId, ISecured pSecuredApplication, javax.servlet.http.HttpServletRequest pReq) Signs the user off of the secured application.
boolean	signOn(String pUserId, String pPassword, ISecured pSecuredApplication, javax.servlet.http.HttpServletRequest pReq) Signs on to a Secured Application.
static HttpSecurityManager	singleton() Gets the singleton instance of this class

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

RECEIPT_KEY

public static final String RECEIPT_KEY

See Also:

Constant Field Values

Method Detail

getAllSignOnReceipts

public Set getAllSignOnReceipts(javax.servlet.http.HttpServletRequest req)

Gets the Set of all SignOnReceipts which the user currently has

getFailureMessage

public String getFailureMessage(String userid,
                                ISecured secured,
                                javax.servlet.http.HttpServletRequest req)
                         throws CMException

Gets the message to display when a sign on fails

CMException

getGlobalSignOnReceipt

public SignOnReceipt getGlobalSignOnReceipt(String pGlobalSignOnReceiptKey,
                                            javax.servlet.http.HttpServletRequest pReq)

Gets the Global SignOnReceipt (if one exists) for the current system alias or operation id (which ever is the key ->pGlobalSignOnReceiptKey)

getOwnerId

public int getOwnerId(javax.servlet.http.HttpServletRequest req)
               throws DataEngineException

Gets the owner id from the current sign on receipt.

DataEngineException

getSignOn

public ISignOn getSignOn(ISecured pSecuredApplication,
                         javax.servlet.http.HttpServletRequest pReq)

Gets the SignOn object for the user and ISecured App, creating a new instance if one doesn't already exist. This may be null if no sign on class has been specified for the ISecured Application

getSignOn

public ISignOn getSignOn(ISecured pSecuredApplication,
                         boolean pCreate,
                         javax.servlet.http.HttpServletRequest pReq)

Gets the SignOn object for the user and Secured App, optionally creating a new instance if one doesn't already exist. This may return null if no sign on class has been specified for the SecuredApp.

getSignOnFailures

public int getSignOnFailures(String user,
                             ISecured secured,
                             javax.servlet.http.HttpServletRequest req)

Gets the number of times the user has attempted to sign on but failed

getSignOnReceipt

public SignOnReceipt getSignOnReceipt(ISecured pSecuredApplication,
                                      javax.servlet.http.HttpServletRequest pReq)

Gets the SignOnReceipt (if one exists) for the current user and ISecured application

getSignOnURI

public String getSignOnURI(ISecured secured,
                           javax.servlet.http.HttpServletRequest request)
                    throws CMException

Gets the SignOnReceipt (if one exists) for the current user and ISecured application

CMException

isAdditionalSignOnRequired

public boolean isAdditionalSignOnRequired(String user,
                                          String password,
                                          ISecured secured,
                                          javax.servlet.http.HttpServletRequest req)
                                   throws CMException

Tests if an additional signon step is necessary. This method is only invoked after the user has submitted signon information. If they are required to submit aditional info, this method should return true

CMException

isAlreadySignedOn

public boolean isAlreadySignedOn(String pUserId,
                                 ISecured pSecuredApplication,
                                 javax.servlet.http.HttpServletRequest pRequest)
                          throws CMException

Tests if the user has signed on to the secured application already.

Parameters:

pUserId - The user id that the user may or may not be signed on as. If this parameter is null, then this method should return true if the user is signed on to the application with any user id. If this parameter is not null, this method should return true only if the user is signed on with this specific user id.

pSecuredApplication - The secured application to which the user may or may not be signed on

pRequest - The http request

CMException

isSignOnAvailable

public boolean isSignOnAvailable(ISecured secured,
                                 javax.servlet.http.HttpServletRequest request)

Tests if the given secured object can possible have a sign on.

Parameters:

secured - the secured ojbect to test if sign on is available

request - the HttpServletRequest from client

Returns:

true if secured object can have a sign on

isUserPromptRequired

public boolean isUserPromptRequired(ISecured pSecuredApplication,
                                    javax.servlet.http.HttpServletRequest pReq)
                             throws CMException

Tests if the user should be prompted for user id, password, etc

CMException

prepareForSignOn

public void prepareForSignOn(ISecured secured,
                             javax.servlet.http.HttpServletRequest request,
                             javax.servlet.http.HttpServletResponse response)
                      throws CMException

CMException

removeSignOnReceipt

public void removeSignOnReceipt(SignOnReceipt pReceipt,
                                javax.servlet.http.HttpServletRequest pReq)
                         throws CMException

Removes the SignOnReceipt for the current user and application from the session

CMException

resetSignOnFailures

public void resetSignOnFailures(String user,
                                ISecured secured,
                                javax.servlet.http.HttpServletRequest req)

Resets the number of times the user has attempted to sign on but failed

setSignOnReceipt

public void setSignOnReceipt(ISecured pSecuredApplication,
                             SignOnReceipt pReceipt,
                             javax.servlet.http.HttpServletRequest pReq)
                      throws CMException

Sets the SignOnReceipt for the current user and secured application

CMException

signOff

public void signOff(String pUserId,
                    ISecured pSecuredApplication,
                    javax.servlet.http.HttpServletRequest pReq)
             throws CMException

Signs the user off of the secured application.

CMException

signOff

public void signOff(ISecured pSecuredApplication,
                    javax.servlet.http.HttpServletRequest pReq)
             throws CMException

Signs the user off of the secured application.

CMException

signOn

public boolean signOn(String pUserId,
                      String pPassword,
                      ISecured pSecuredApplication,
                      javax.servlet.http.HttpServletRequest pReq)
               throws CMException

Signs on to a Secured Application.

Returns:

true if the sign on was successful, false otherwise

CMException

singleton

public static HttpSecurityManager singleton()

Gets the singleton instance of this class