SAP AG UserManagementEngine 4.0 API: Interface ILogonAuthentication

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.sap.security.api.logon
Interface ILogonAuthentication

All Superinterfaces:: IAuthentication, IConfigurable

public interface ILogonAuthentication
extends IAuthentication

Extension from IAuthentication that provides more powerful authentication services.

Method Summary

IAuthScheme[] getAuthSchemes()
          Returns the names of teh available auth schemes.

ILogonFrontend getLogonFrontend(java.lang.String authSchemeName)
          Returns the LogonFrontend for the auth scheme.

boolean isAuthenticated(IUser user)
          Check if the current user is already authenticated, i.e.

boolean isAuthSchemeSufficient(IUser user, java.lang.String authscheme)
          Checks if the current logged in user has satisfied the autscheme with name authscheme.

javax.security.auth.Subject logon(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp, java.lang.String authscheme)
          Function that is intended for programmatic logon.

Methods inherited from interface com.sap.security.api.IAuthentication

forceLoggedInUser, forceLogoffUser, getLoggedInUser, logout

Methods inherited from interface com.sap.security.api.IConfigurable

initialize

Method Detail

logon

public javax.security.auth.Subject logon(javax.servlet.http.HttpServletRequest req,
                                         javax.servlet.http.HttpServletResponse resp,
                                         java.lang.String authscheme)
                                  throws javax.security.auth.login.LoginException

Function that is intended for programmatic logon. Internally, this function is called by IAuthentication.forceLoggedInUser(HttpServletRequest,HttpServletResponse ). The function follows the specific syntax: The parameter authscheme determines which logon variant will be used, e.g. which authentication mechanism will be used. The standard mechanism does the following: Looks up for the parameter j_user and j_password (pls. see the constants ILoginConstants.LOGON_UID_ALIAS and ILoginConstants.LOGON_PWD_ALIAS) in the servlet request and uses them for logon against the user repository that's configured. On successful return (i.e. if no exception is being thrown) a Subject is returned. In order to get an IUser object from this subject, call Subject.getPrincipals() and iterate through the returned Set of principals.

For error situations please see the below list of possible exception

Parameters:

req - HttpServletRequest

resp - HttpServletResponse

authscheme - The name of the authscheme to perform logon.

Returns:

The subject or null otherwise.

Throws:

javax.security.auth.login.LoginException - if the logon fails. The message of the exception is the key for the error message.
Possible keys are

SecurityPolicy.USER_AUTH_FAILED: general logon failure. Logon id or password wrong, logon id not existent etc.
SecurityPolicy.ACCOUNT_LOCKED_LOGON: the user account is locked due to logon failures.
SecurityPolicy.CERT_AUTH_FAILED: the client certificate is not mapped to a user.
SecurityPolicy.ACCOUNT_LOCKED_ADMIN: the user account is locked by administrator and can't logon.
SecurityPolicy.SAPSTAR_ACTIVATED: the super user SAP* is activated and therefore no other user can logon.
SecurityPolicy.PASSWORD_EXPIRED: the user's password has expired.

isAuthSchemeSufficient

public boolean isAuthSchemeSufficient(IUser user,
                                      java.lang.String authscheme)

Checks if the current logged in user has satisfied the autscheme with name


  authscheme

Parameters:: user - object returned by IAuthentication.getLoggedInUser(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse).; authscheme - authscheme to be satisfied
Returns:: true if yes, false if not.

getLogonFrontend

public ILogonFrontend getLogonFrontend(java.lang.String authSchemeName)

Returns the LogonFrontend for the auth scheme.

Parameters:: authSchemeName - name of the auth scheme
Returns:: the logon frontend or null

getAuthSchemes

public IAuthScheme[] getAuthSchemes()

Returns the names of teh available auth schemes.

Returns:: the names of auth schemes

isAuthenticated

public boolean isAuthenticated(IUser user)

Check if the current user is already authenticated, i.e. if the IUser object is result of an authentication process (it could also have been created by something like UMFactory.getInstance().getUserFactory().getUser (...)).

Parameters:: user - user to check.
Returns:: true if authenticated, otherwise false.