Package com.sun.identity.authentication.server

Class AuthContextLocal

  • All Implemented Interfaces:
    Serializable
    @Supported
public final class AuthContextLocal
extends Object
implements Serializable
    The AuthContextLocal provides the implementation for authenticating users.

    A typical caller instantiates this class and starts the login process. The caller then obtains an array of Callback objects, which contains the information required by the authentication plug-in module. The caller requests information from the user. On receiving the information from the user, the caller submits the same to this class. If more information is required, the above process continues until all the information required by the plug-ins/authentication modules, has been supplied. The caller then checks if the user has successfully been authenticated. If successfully authenticated, the caller can then get the Subject and SSOToken for the user; if not successfully authenticated, the caller obtains the AuthLoginException.

    The implementation supports authenticating users either locally i.e., in process with all authentication modules configured or remotely to an authentication service/framework. (See documentation to configure in either of the modes).

    The getRequirements() and submitRequirements() are used to pass the user credentials for authentication by the plugin modules,getStatus() returns the authentication status.

    It should be serializable as a requirement to be stored in HttpSession.

    See Also:
    Serialized Form

    • Constructor Summary

      Constructors 
      Constructor Description
      AuthContextLocal​(String orgName)
      Creates AuthContextLocal instance is obtained for a given organization name, or sub organization name.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void abort()
      Terminates an ongoing login call that has not yet completed.
      AuthLoginException getLoginException()
      Returns login exception, if any, during the authentication process.
      Set getModuleInstanceNames()
      Returns authentication module/s instances(or) plugin(s) configured for an organization, or sub-organization that was set during the AuthContext constructor.
      String getOrganizationName()
      Returns the the organization name that was set during the AuthContextLocal constructor.
      Callback[] getRequirements()
      Returns an array of Callback objects that must be populated by the user and returned back.
      Callback[] getRequirements​(boolean noFilter)
      Returns an array of Callback objects that must be populated by the user and returned back.
      SSOToken getSSOToken()
      Returns the Single-Sign-On (SSO) Token for the authenticated user.Single-Sign-On token can be used as the authenticated token.
      AuthContext.Status getStatus()
      Returns the current status of the authentication process.
      Subject getSubject()
      Returns the set of Principals the user has been authenticated as.
      boolean hasMoreRequirements()
      Checks if the login process requires more information from the user to complete the authentication.
      void login()
      Starts the login process for the given AuthContextLocal object.
      void login​(AuthContext.IndexType type, String indexName)
      Start the login process for the AuthContextLocal object identified by the index type and index name.
      void login​(Principal principal, char[] password)
      Starts the login process for the given AuthContextLocals object for the given Principal and the user's password.
      void login​(Subject subject)
      Starts the login process for the given AuthContextLocal object for the given Subject.
      void logout()
      Logs out the user and also invalidates the SSOToken associated with this AuthContextLocal.
      void submitRequirements​(Callback[] info)
      Submit the populated Callback objects to the authentication plug-in modules.

    • Constructor Detail

      • AuthContextLocal

        @Supported
public AuthContextLocal​(String orgName)
        Creates AuthContextLocal instance is obtained for a given organization name, or sub organization name. login method is then used to start the authentication process.
        Parameters:
        orgName - name of the user's organization.

    • Method Detail

      • getModuleInstanceNames

        @Supported
public Set getModuleInstanceNames()
        Returns authentication module/s instances(or) plugin(s) configured for an organization, or sub-organization that was set during the AuthContext constructor.
        Returns:
        authentication module/s instances (or plugins).
        Throws:
        UnsupportedOperationException - if an error occurred.

      • login

        @Supported
public void login​(Principal principal,
                  char[] password)
           throws AuthLoginException
        Starts the login process for the given AuthContextLocals object for the given Principal and the user's password. This method should be called primarily when the authenticator knows there would no other credentials needed to complete the authentication process.
        Parameters:
        principal - Principal of the user to be authenticated.
        password - password for the user.
        Throws:
        AuthLoginException - if an error occurred during login.

      • login

        @Supported
public void login​(AuthContext.IndexType type,
                  String indexName)
           throws AuthLoginException
        Start the login process for the AuthContextLocal object identified by the index type and index name. The IndexType defines the possible kinds of "objects" or "resources" for which an authentication can be performed. Currently supported index types are users, roles, services (or application), levels and mechanism.
        Parameters:
        type - authentication index type.
        indexName - authentication index name.
        Throws:
        AuthLoginException - if an error occurred during login.

      • login

        @Supported
public void login​(Subject subject)
           throws AuthLoginException
        Starts the login process for the given AuthContextLocal object for the given Subject. Refer to JAAS for description on Subject.
        Parameters:
        subject - Subject of the user to be authenticated.
        Throws:
        AuthLoginException - if an error occurred during login.

      • getSubject

        @Supported
public Subject getSubject()
        Returns the set of Principals the user has been authenticated as. This should be invoked only after successful authentication. If the authentication fails or the authentication is in process, this will return null.
        Returns:
        The set of Principals the user has been authenticated as.

      • hasMoreRequirements

        @Supported
public boolean hasMoreRequirements()
        Checks if the login process requires more information from the user to complete the authentication.
        Returns:
        true if more credentials are required from the user.

      • getRequirements

        @Supported
public Callback[] getRequirements()
        Returns an array of Callback objects that must be populated by the user and returned back. These objects are requested by the authentication plug-ins, and these are usually displayed to the user. The user then provides the requested information for it to be authenticated.
        Returns:
        an array of Callback objects requesting credentials from user.

      • getRequirements

        @Supported
public Callback[] getRequirements​(boolean noFilter)
        Returns an array of Callback objects that must be populated by the user and returned back. These objects are requested by the authentication plug-ins, and these are usually displayed to the user. The user then provides the requested information for it to be authenticated.
        Parameters:
        noFilter - flag to indicate if there is a Filter
        Returns:
        an array of Callback objects requesting credentials from user.

      • submitRequirements

        @Supported
public void submitRequirements​(Callback[] info)
        Submit the populated Callback objects to the authentication plug-in modules. Called after getRequirements method and obtaining user's response to these requests.
        Parameters:
        info - array of Callback objects

      • getLoginException

        @Supported
public AuthLoginException getLoginException()
        Returns login exception, if any, during the authentication process. Typically set when the login fails.
        Returns:
        login exception.

      • getStatus

        @Supported
public AuthContext.Status getStatus()
        Returns the current status of the authentication process.
        Returns:
        the current status of the authentication process.

      • getSSOToken

        @Supported
public SSOToken getSSOToken()
        Returns the Single-Sign-On (SSO) Token for the authenticated user.Single-Sign-On token can be used as the authenticated token.
        Returns:
        single-sign-on token

      • getOrganizationName

        @Supported
public String getOrganizationName()
        Returns the the organization name that was set during the AuthContextLocal constructor.
        Returns:
        Organization name.