planetj.dataengine.security.http
Class HttpSecurityManager

java.lang.Object
  |
  +--planetj.dataengine.security.http.HttpSecurityManager

public class HttpSecurityManager
extends Object

Manages security for SignonableApplicatons. This is done by delagating security operations to the correct application-specific class

Author:
PlanetJ Corp.

Field Summary
static String RECEIPT_KEY
           
 
Method Summary
 Set getAllSignOnReceipts(javax.servlet.http.HttpServletRequest req)
          Gets the Set of all SignOnReceipts which the user currently has
 String getFailureMessage(String userid, ISecured secured, javax.servlet.http.HttpServletRequest req)
          Gets the message to display when a sign on fails
 SignOnReceipt getGlobalSignOnReceipt(String pGlobalSignOnReceiptKey, javax.servlet.http.HttpServletRequest pReq)
          Gets the Global SignOnReceipt (if one exists) for the current system alias or operation id (which ever is the key ->pGlobalSignOnReceiptKey)
 int getOwnerId(javax.servlet.http.HttpServletRequest req)
          Gets the owner id from the current sign on receipt.
 ISignOn getSignOn(ISecured pSecuredApplication, boolean pCreate, javax.servlet.http.HttpServletRequest pReq)
          Gets the SignOn object for the user and Secured App, optionally creating a new instance if one doesn't already exist.
 ISignOn getSignOn(ISecured pSecuredApplication, javax.servlet.http.HttpServletRequest pReq)
          Gets the SignOn object for the user and ISecured App, creating a new instance if one doesn't already exist.
 int getSignOnFailures(String user, ISecured secured, javax.servlet.http.HttpServletRequest req)
          Gets the number of times the user has attempted to sign on but failed
 SignOnReceipt getSignOnReceipt(ISecured pSecuredApplication, javax.servlet.http.HttpServletRequest pReq)
          Gets the SignOnReceipt (if one exists) for the current user and ISecured application
 String getSignOnURI(ISecured secured, javax.servlet.http.HttpServletRequest request)
          Gets the SignOnReceipt (if one exists) for the current user and ISecured application
 boolean isAdditionalSignOnRequired(String user, String password, ISecured secured, javax.servlet.http.HttpServletRequest req)
          Tests if an additional signon step is necessary.
 boolean isAlreadySignedOn(String pUserId, ISecured pSecuredApplication, javax.servlet.http.HttpServletRequest pRequest)
          Tests if the user has signed on to the secured application already.
 boolean isSignOnAvailable(ISecured secured, javax.servlet.http.HttpServletRequest request)
          Tests if the given secured object can possible have a sign on.
 boolean isUserPromptRequired(ISecured pSecuredApplication, javax.servlet.http.HttpServletRequest pReq)
          Tests if the user should be prompted for user id, password, etc
 void prepareForSignOn(ISecured secured, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
           
 void removeSignOnReceipt(SignOnReceipt pReceipt, javax.servlet.http.HttpServletRequest pReq)
          Removes the SignOnReceipt for the current user and application from the session
 void resetSignOnFailures(String user, ISecured secured, javax.servlet.http.HttpServletRequest req)
          Resets the number of times the user has attempted to sign on but failed
 void setSignOnReceipt(ISecured pSecuredApplication, SignOnReceipt pReceipt, javax.servlet.http.HttpServletRequest pReq)
          Sets the SignOnReceipt for the current user and secured application
 void signOff(ISecured pSecuredApplication, javax.servlet.http.HttpServletRequest pReq)
          Signs the user off of the secured application.
 void signOff(String pUserId, ISecured pSecuredApplication, javax.servlet.http.HttpServletRequest pReq)
          Signs the user off of the secured application.
 boolean signOn(String pUserId, String pPassword, ISecured pSecuredApplication, javax.servlet.http.HttpServletRequest pReq)
          Signs on to a Secured Application.
static HttpSecurityManager singleton()
          Gets the singleton instance of this class
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

RECEIPT_KEY

public static final String RECEIPT_KEY
See Also:
Constant Field Values
Method Detail

getAllSignOnReceipts

public Set getAllSignOnReceipts(javax.servlet.http.HttpServletRequest req)
Gets the Set of all SignOnReceipts which the user currently has


getFailureMessage

public String getFailureMessage(String userid,
                                ISecured secured,
                                javax.servlet.http.HttpServletRequest req)
                         throws CMException
Gets the message to display when a sign on fails

CMException

getGlobalSignOnReceipt

public SignOnReceipt getGlobalSignOnReceipt(String pGlobalSignOnReceiptKey,
                                            javax.servlet.http.HttpServletRequest pReq)
Gets the Global SignOnReceipt (if one exists) for the current system alias or operation id (which ever is the key ->pGlobalSignOnReceiptKey)


getOwnerId

public int getOwnerId(javax.servlet.http.HttpServletRequest req)
               throws DataEngineException
Gets the owner id from the current sign on receipt.

DataEngineException

getSignOn

public ISignOn getSignOn(ISecured pSecuredApplication,
                         javax.servlet.http.HttpServletRequest pReq)
Gets the SignOn object for the user and ISecured App, creating a new instance if one doesn't already exist. This may be null if no sign on class has been specified for the ISecured Application


getSignOn

public ISignOn getSignOn(ISecured pSecuredApplication,
                         boolean pCreate,
                         javax.servlet.http.HttpServletRequest pReq)
Gets the SignOn object for the user and Secured App, optionally creating a new instance if one doesn't already exist. This may return null if no sign on class has been specified for the SecuredApp.


getSignOnFailures

public int getSignOnFailures(String user,
                             ISecured secured,
                             javax.servlet.http.HttpServletRequest req)
Gets the number of times the user has attempted to sign on but failed


getSignOnReceipt

public SignOnReceipt getSignOnReceipt(ISecured pSecuredApplication,
                                      javax.servlet.http.HttpServletRequest pReq)
Gets the SignOnReceipt (if one exists) for the current user and ISecured application


getSignOnURI

public String getSignOnURI(ISecured secured,
                           javax.servlet.http.HttpServletRequest request)
                    throws CMException
Gets the SignOnReceipt (if one exists) for the current user and ISecured application

CMException

isAdditionalSignOnRequired

public boolean isAdditionalSignOnRequired(String user,
                                          String password,
                                          ISecured secured,
                                          javax.servlet.http.HttpServletRequest req)
                                   throws CMException
Tests if an additional signon step is necessary. This method is only invoked after the user has submitted signon information. If they are required to submit aditional info, this method should return true

CMException

isAlreadySignedOn

public boolean isAlreadySignedOn(String pUserId,
                                 ISecured pSecuredApplication,
                                 javax.servlet.http.HttpServletRequest pRequest)
                          throws CMException
Tests if the user has signed on to the secured application already.

Parameters:
pUserId - The user id that the user may or may not be signed on as. If this parameter is null, then this method should return true if the user is signed on to the application with any user id. If this parameter is not null, this method should return true only if the user is signed on with this specific user id.
pSecuredApplication - The secured application to which the user may or may not be signed on
pRequest - The http request
CMException

isSignOnAvailable

public boolean isSignOnAvailable(ISecured secured,
                                 javax.servlet.http.HttpServletRequest request)
Tests if the given secured object can possible have a sign on.

Parameters:
secured - the secured ojbect to test if sign on is available
request - the HttpServletRequest from client
Returns:
true if secured object can have a sign on

isUserPromptRequired

public boolean isUserPromptRequired(ISecured pSecuredApplication,
                                    javax.servlet.http.HttpServletRequest pReq)
                             throws CMException
Tests if the user should be prompted for user id, password, etc

CMException

prepareForSignOn

public void prepareForSignOn(ISecured secured,
                             javax.servlet.http.HttpServletRequest request,
                             javax.servlet.http.HttpServletResponse response)
                      throws CMException
CMException

removeSignOnReceipt

public void removeSignOnReceipt(SignOnReceipt pReceipt,
                                javax.servlet.http.HttpServletRequest pReq)
                         throws CMException
Removes the SignOnReceipt for the current user and application from the session

CMException

resetSignOnFailures

public void resetSignOnFailures(String user,
                                ISecured secured,
                                javax.servlet.http.HttpServletRequest req)
Resets the number of times the user has attempted to sign on but failed


setSignOnReceipt

public void setSignOnReceipt(ISecured pSecuredApplication,
                             SignOnReceipt pReceipt,
                             javax.servlet.http.HttpServletRequest pReq)
                      throws CMException
Sets the SignOnReceipt for the current user and secured application

CMException

signOff

public void signOff(String pUserId,
                    ISecured pSecuredApplication,
                    javax.servlet.http.HttpServletRequest pReq)
             throws CMException
Signs the user off of the secured application.

CMException

signOff

public void signOff(ISecured pSecuredApplication,
                    javax.servlet.http.HttpServletRequest pReq)
             throws CMException
Signs the user off of the secured application.

CMException

signOn

public boolean signOn(String pUserId,
                      String pPassword,
                      ISecured pSecuredApplication,
                      javax.servlet.http.HttpServletRequest pReq)
               throws CMException
Signs on to a Secured Application.

Returns:
true if the sign on was successful, false otherwise
CMException

singleton

public static HttpSecurityManager singleton()
Gets the singleton instance of this class