Overview  Package   Class  Tree  Deprecated  Index  Help 

SAP J2EE Engine

Version 6.40
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD

com.sap.engine.interfaces.security.auth
Class AbstractLoginModule

java.lang.Object
  |
  +--com.sap.engine.interfaces.security.auth.AbstractLoginModule
All Implemented Interfaces:
javax.security.auth.spi.LoginModule
public abstract class AbstractLoginModule
extends java.lang.Object
implements javax.security.auth.spi.LoginModule

Does login module common work. Here is an example how it can be used:

public class TemplateLoginModule extends com.sap.engine.interfaces.security.auth.AbstractLoginModule { public void initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options) { super.initialize (subject, callbackHandler, sharedState, options); ... } public boolean login() throws javax.security.auth.login.LoginException { ... < Retrieve the user credentials via the callback handler. > ... // After the user name is known, an update of the user info from the persistance should be made. // The operation must be done before the user credentils checks. // This method also checks the user name so that if user with such name does not exist in // the active user store, a java.lang.SecurityException is thrown. refreshUserInfo(); ... try { < check the user credentials > } catch (Exception e) { throwUserLoginException(e); } // Only one and exactly one login module from the stack must put the user name in the shared // state. This user name is considered to represent the authenticated user. For example if the // login is successful, method getRemoteUser() of the HTTP request will retrieve exactly this name. if (sharedState.get(AbstractLoginModule.NAME) == null) { sharedState.put(AbstractLoginModule.NAME, ); nameSet = true; } successful = true; return true; } public boolean commit() throws javax.security.auth.login.LoginException { ... if (successful) { // The principals that are added to the subject should implement java.security.Principal. // You can use the class com.sap.engine.lib.security.Principal for this purpose. < add principals and credentials to the subject > ... // If the login is successful, then the principal corresponding to the ( the // same user name that has been added to shared state ) must be added in the shared state // too. This principal is considered to be the main principal representing the user. For // example, this principal will be retrieved from method getUserPrincipal() of HTTP request. if (nameSet) { sharedState.put(AbstractLoginModule.PRINCIPAL, ); } } ... } public boolean abort() throws javax.security.auth.login.LoginException { ... } public boolean logout() throws javax.security.auth.login.LoginException { ... < remove principals and credentials from subject > ... }

Version:
6.30

Field Summary
protected static java.lang.String NAME
           
static java.lang.String PRINCIPAL
           
 
Constructor Summary
AbstractLoginModule()
           
 
Method Summary
abstract  boolean abort()
           
 boolean changePasswordIfNeeded(java.lang.String userName, javax.security.auth.callback.CallbackHandler callbackHandler)
          Deprecated. This functionality is moved to the login context.
 boolean changePasswordIfNeeded(com.sap.engine.interfaces.security.userstore.context.UserContext userContext, com.sap.engine.interfaces.security.userstore.context.UserInfo userInfo, javax.security.auth.callback.CallbackHandler callbackHandler)
          Deprecated. This functionality is moved to the login context.
 boolean changePasswordIfNeeded(java.security.cert.X509Certificate certificate, javax.security.auth.callback.CallbackHandler callbackHandler)
          Deprecated. This functionality is moved to the login context.
protected  void checkUserLockStatus(java.lang.String userName)
          Deprecated. This functionality is moved to the login context.
protected  void checkUserLockStatus(com.sap.engine.interfaces.security.userstore.context.UserContext userContext, com.sap.engine.interfaces.security.userstore.context.UserInfo userInfo)
          Deprecated. This functionality is moved to the login context.
protected  void checkUserLockStatus(java.security.cert.X509Certificate certificate)
          Deprecated. This functionality is moved to the login context.
abstract  boolean commit()
           
 void initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options)
          Initialises its shared state.
 boolean isUserAccountExpired(java.lang.String userName)
          Deprecated. This functionality is moved to the login context.
 boolean isUserAccountExpired(com.sap.engine.interfaces.security.userstore.context.UserInfo userInfo, com.sap.engine.interfaces.security.userstore.context.UserContext userContext)
          Deprecated. This functionality is moved to the login context.
abstract  boolean login()
           
protected  void logMessage(byte severity, java.lang.String message)
          Writes a message to the log sistem, using the category and location, specified in security service.
abstract  boolean logout()
           
protected  void logThrowable(byte severity, java.lang.Throwable throwable)
          Logs an exception, using the category and location, specified in security service.
 void refreshUserInfo(java.lang.String userName)
          Refresh the specified user's entry in the user store cache.
static void setLoginModuleHelper(com.sap.engine.interfaces.security.auth.LoginModuleHelper helper)
          Inicialization method that is used only in security service.
protected  void throwNewLoginException(java.lang.String message)
          This method is for throwing exceptions if the user credentials are not correct.
protected  void throwNewLoginException(java.lang.String message, byte cause)
          This method is for throwing exceptions if the user credentials are not correct.
protected  void throwUserLoginException(java.lang.Exception exception)
          This method is for exceptions caused by the caller.
protected  void throwUserLoginException(java.lang.Exception exception, byte cause)
          This method is for exceptions caused by the caller.
protected  void writeLogonStatistics(boolean successful, java.lang.String userName, long timeStamp, java.util.Map sharedState)
          Deprecated. This functionality is moved to the login context.
 void writeLogonStatistics(boolean successful, com.sap.engine.interfaces.security.userstore.context.UserInfo userInfo, long timeStamp, java.util.Map sharedState)
          Deprecated. This functionality is moved to the login context.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

PRINCIPAL

public static final java.lang.String PRINCIPAL

NAME

protected static final java.lang.String NAME
Constructor Detail

AbstractLoginModule

public AbstractLoginModule()
Method Detail

setLoginModuleHelper

public static void setLoginModuleHelper(com.sap.engine.interfaces.security.auth.LoginModuleHelper helper)
Inicialization method that is used only in security service.
Parameters:
helper - - helping class that provides the functionality of the other methods.

checkUserLockStatus

protected void checkUserLockStatus(java.lang.String userName)
                            throws javax.security.auth.login.LoginException
Deprecated. This functionality is moved to the login context.

Checks user lock status. If user is not locked, returns silently, otherwise throws LoginException.
Parameters:
userName - - the name of the user whose lock status is being chacked
Throws:
javax.security.auth.login.LoginException - - if the user is locked. The exception is always with message "User is locked."

checkUserLockStatus

protected void checkUserLockStatus(java.security.cert.X509Certificate certificate)
                            throws javax.security.auth.login.LoginException
Deprecated. This functionality is moved to the login context.

Checks user lock status. If user is not locked, returns silently, otherwise throws LoginException.
Parameters:
certificate - - the certificate that identifies the user whose lock status is being chacked
Throws:
javax.security.auth.login.LoginException - - if the user is locked. The exception is always with message "User is locked."

checkUserLockStatus

protected void checkUserLockStatus(com.sap.engine.interfaces.security.userstore.context.UserContext userContext,
                                   com.sap.engine.interfaces.security.userstore.context.UserInfo userInfo)
                            throws javax.security.auth.login.LoginException
Deprecated. This functionality is moved to the login context.

Checks user lock status. If user is not locked, returns silently, otherwise throws LoginException.
Parameters:
userContext - - the user context of the active user store
userInfo - - the user info of the user whose lock status is being chacked
Throws:
javax.security.auth.login.LoginException - - if the user is locked. The exception is always with message "User is locked."

changePasswordIfNeeded

public boolean changePasswordIfNeeded(java.lang.String userName,
                                      javax.security.auth.callback.CallbackHandler callbackHandler)
                               throws javax.security.auth.login.LoginException
Deprecated. This functionality is moved to the login context.

Checks if a password change is required and if so, requests the client to provide a new password.
Parameters:
userName - - the name of the user whose password validity is being chacked
callbackHandler - - the callback handler to handle the callbacks
Returns:
- true if the user password is not expired, false - otherwise
Throws:
javax.security.auth.login.LoginException - - if the supplied new password is not acceptable.

changePasswordIfNeeded

public boolean changePasswordIfNeeded(java.security.cert.X509Certificate certificate,
                                      javax.security.auth.callback.CallbackHandler callbackHandler)
                               throws javax.security.auth.login.LoginException
Deprecated. This functionality is moved to the login context.

Checks if a password change is required and if so, requests the client to provide a new password.
Parameters:
certificate - - the certificate of the user whose password validity is being chacked
callbackHandler - - the callback handler to handle the callbacks
Returns:
- true if the user password is not expired, false - otherwise
Throws:
javax.security.auth.login.LoginException - - if the supplied new password is not acceptable.

changePasswordIfNeeded

public boolean changePasswordIfNeeded(com.sap.engine.interfaces.security.userstore.context.UserContext userContext,
                                      com.sap.engine.interfaces.security.userstore.context.UserInfo userInfo,
                                      javax.security.auth.callback.CallbackHandler callbackHandler)
                               throws javax.security.auth.login.LoginException
Deprecated. This functionality is moved to the login context.

Checks if a password change is required and if so, requests the client to provide a new password.
Parameters:
userContext - - the user context of the active user store
userInfo - - the user info of the user whose password validity is being chacked
callbackHandler - - the callback handler to handle the callbacks
Returns:
- true if the user password is not expired, false - otherwise
Throws:
javax.security.auth.login.LoginException - - if the supplied new password is not acceptable.

isUserAccountExpired

public boolean isUserAccountExpired(java.lang.String userName)
                             throws javax.security.auth.login.LoginException
Deprecated. This functionality is moved to the login context.

Checks if the user account is valid according to the values of its VALID_FROM and VALID_TO parameters.
Parameters:
userName - - the name of the user.
Returns:
true if the account is not valid, false otherwise.
Throws:
javax.security.auth.login.LoginException - - if some exception occurs in the process of verification.

isUserAccountExpired

public boolean isUserAccountExpired(com.sap.engine.interfaces.security.userstore.context.UserInfo userInfo,
                                    com.sap.engine.interfaces.security.userstore.context.UserContext userContext)
                             throws javax.security.auth.login.LoginException
Deprecated. This functionality is moved to the login context.

Checks if the user account is valid according to the values of its VALID_FROM and VALID_TO parameters.
Parameters:
userInfo - - the name of the user.
userContext - - the user context of the active user store
Returns:
true if the account is not valid, false otherwise.
Throws:
javax.security.auth.login.LoginException - - if some exception occurs in the process of verification.

refreshUserInfo

public void refreshUserInfo(java.lang.String userName)
                     throws javax.security.auth.login.LoginException
Refresh the specified user's entry in the user store cache.
Parameters:
userName - the name of the user.
Throws:
javax.security.auth.login.LoginException - if the refresh failed.

writeLogonStatistics

protected void writeLogonStatistics(boolean successful,
                                    java.lang.String userName,
                                    long timeStamp,
                                    java.util.Map sharedState)
Deprecated. This functionality is moved to the login context.

Writes user logon statistics, such as logon date and logon count, to the database.
Parameters:
successful - - specifies if the login is successful
userName - - the name of the user who has attempred to login himself.
timeStamp - - the time when the user has attempted to login written in milliseconds
sharedState - - the shared state map of the login module which has procesed the login

writeLogonStatistics

public void writeLogonStatistics(boolean successful,
                                 com.sap.engine.interfaces.security.userstore.context.UserInfo userInfo,
                                 long timeStamp,
                                 java.util.Map sharedState)
Deprecated. This functionality is moved to the login context.

Writes user logon statistics, such as logon date and logon count, to the database.
Parameters:
successful - - specifies if the login is successful
userInfo - - the user info of the user who has attempred to login himself.
timeStamp - - the time when the user has attempted to login written in milliseconds
sharedState - - the shared state map of the login module which has procesed the login

logMessage

protected void logMessage(byte severity,
                          java.lang.String message)
Writes a message to the log sistem, using the category and location, specified in security service.
Parameters:
severity - - the log level of the message
message - - the message to be logged

logThrowable

protected void logThrowable(byte severity,
                            java.lang.Throwable throwable)
Logs an exception, using the category and location, specified in security service.
Parameters:
severity - - the log level
throwable - - the exception to be logged

throwNewLoginException

protected void throwNewLoginException(java.lang.String message)
                               throws javax.security.auth.login.LoginException
This method is for throwing exceptions if the user credentials are not correct. The method logs a message and then throws a new javax.security.auth.login.LoginException with message "Access Denied!".
Parameters:
message - - the message to be logged.
Throws:
javax.security.auth.login.LoginException - - always throws LoginException with message "Access Denied!"

throwNewLoginException

protected void throwNewLoginException(java.lang.String message,
                                      byte cause)
                               throws javax.security.auth.login.LoginException
This method is for throwing exceptions if the user credentials are not correct. The method logs a message and then throws a new javax.security.auth.login.LoginException with message "Access Denied!".
Parameters:
message - - the message to be logged.
Throws:
javax.security.auth.login.LoginException - - always throws LoginException with message "Access Denied!"

throwUserLoginException

protected void throwUserLoginException(java.lang.Exception exception)
                                throws javax.security.auth.login.LoginException
This method is for exceptions caused by the caller. The method logs the exception and then throws a new javax.security.auth.login.LoginException with message "Access Denied!".
Parameters:
exception - - the exception to be logged.
Throws:
javax.security.auth.login.LoginException - - always throws LoginException with message "Access Denied!"

throwUserLoginException

protected void throwUserLoginException(java.lang.Exception exception,
                                       byte cause)
                                throws javax.security.auth.login.LoginException
This method is for exceptions caused by the caller. The method logs the exception and then throws a new javax.security.auth.login.LoginException with message "Access Denied!".
Parameters:
exception - - the exception to be logged.
Throws:
javax.security.auth.login.LoginException - - always throws LoginException with message "Access Denied!"

initialize

public void initialize(javax.security.auth.Subject subject,
                       javax.security.auth.callback.CallbackHandler callbackHandler,
                       java.util.Map sharedState,
                       java.util.Map options)
Initialises its shared state.
Specified by:
initialize in interface javax.security.auth.spi.LoginModule

login

public abstract boolean login()
                       throws javax.security.auth.login.LoginException
Specified by:
login in interface javax.security.auth.spi.LoginModule

commit

public abstract boolean commit()
                        throws javax.security.auth.login.LoginException
Specified by:
commit in interface javax.security.auth.spi.LoginModule

abort

public abstract boolean abort()
                       throws javax.security.auth.login.LoginException
Specified by:
abort in interface javax.security.auth.spi.LoginModule

logout

public abstract boolean logout()
                        throws javax.security.auth.login.LoginException
Specified by:
logout in interface javax.security.auth.spi.LoginModule
Overview  Package   Class  Tree  Deprecated  Index  Help 

SAP J2EE Engine

Version 6.40
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD
Copyright © 2001-2005 SAP AG. All Rights Reserved.