8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The contents of this file are subject to the terms
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of the Common Development and Distribution License
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * (the License). You may not use this file except in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * compliance with the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * You can obtain a copy of the License at
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * See the License for the specific language governing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * permission and limitations under the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When distributing Covered Code, include this CDDL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Header Notice in each file and include the License file
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If applicable, add the following below the CDDL Header,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with the fields enclosed by brackets [] replaced by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * your own identifying information:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * $Id: AuthContextLocal.java,v 1.12 2009/05/21 21:57:34 qcheng Exp $
42a452a9f1193f232b34e7c22706b8fe44207d3dPhill Cunnington * Portions Copyright 2013-2015 ForgeRock AS.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.authentication.AuthContext;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.authentication.service.AMLoginContext;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.authentication.service.LoginState;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.authentication.service.LoginStatus;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.authentication.spi.AuthLoginException;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.authentication.spi.PagePropertiesCallback;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.authentication.util.ISAuthConstants;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.policy.util.PolicyDecisionUtils;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.shared.encode.URLEncDec;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The <code>AuthContextLocal</code> provides the implementation for
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * authenticating users.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * A typical caller instantiates this class and starts the login process.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The caller then obtains an array of <code>Callback</code> objects,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * which contains the information required by the authentication plug-in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * module. The caller requests information from the user. On receiving
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the information from the user, the caller submits the same to this class.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If more information is required, the above process continues until all
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the information required by the plug-ins/authentication modules, has
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * been supplied. The caller then checks if the user has successfully
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * been authenticated. If successfully authenticated, the caller can
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * then get the <code>Subject</code> and <code>SSOToken</code> for the user;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if not successfully authenticated, the caller obtains the AuthLoginException.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The implementation supports authenticating users either locally
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * i.e., in process with all authentication modules configured or remotely
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * to an authentication service/framework. (See documentation to configure
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * in either of the modes).
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The <code>getRequirements()</code> and <code>submitRequirements()</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * are used to pass the user credentials for authentication by the plugin
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * modules,<code>getStatus()</code> returns the authentication status.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * It should be serializable as a requirement to be stored in HttpSession.
91cb2bef1c88e70b5d433c2a34bca110a35786ceMark Craig * @supported.api
0503f9abf9d0469a149d3aa0d009409f328a6e59Phill Cunningtonpublic final class AuthContextLocal extends Object
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Protected variables used locally
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Debug & I18N class
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String amAuthContextLocal = "amAuthContextLocal";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Hold the debug instance
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected static Debug authDebug = Debug.getInstance(amAuthContextLocal);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Holds the locale-specific information
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Locale.getInstallResourceBundle(amAuthContextLocal);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Holds organizationName
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Holds the set of module instance names
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Holds the index type
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Holds the index name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Holds the login status
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Holds the host name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Holds the http session
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Holds Single Sign on Token
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * AuthLoginException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected volatile AuthLoginException loginException = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Holds call back information
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected Callback[] informationRequired = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * AuthLoginContext
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Holds LoginStatus
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Holds subject
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * character array for password
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Holds information about submittion of requirements
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Creates <code>AuthContextLocal</code> instance is obtained for a given
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * organization name, or sub organization name. <code>login</code> method is
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * then used to start the authentication process.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param orgName name of the user's organization.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContextLocal() constructor called");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AMLoginContext object is... " + amlc);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns authentication module/s instances(or) plugin(s) configured
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * for an organization, or sub-organization that was set during the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>AuthContext</code> constructor.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return authentication module/s instances (or plugins).
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws UnsupportedOperationException if an error occurred.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster moduleInstanceNames = amlc.getModuleInstanceNames();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Starts the login process for the given <code>AuthContextLocal</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @exception AuthLoginException if an error occurred during login.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void login() throws AuthLoginException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Starts the login process for the given <code>AuthContextLocal</code>s
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * object for the given <code>Principal</code> and the user's password.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This method should be called primarily
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * when the authenticator knows there would no other
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * credentials needed to complete the authentication process.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param principal <code>Principal</code> of the user to be authenticated.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param password password for the user.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AuthLoginException if an error occurred
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * during login.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void login(Principal principal, char[] password)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Make sure principal and password are not null
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new AuthLoginException(amAuthContextLocal,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new AuthLoginException(amAuthContextLocal,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Copy the password
42a452a9f1193f232b34e7c22706b8fe44207d3dPhill Cunnington login(null, null, principal, password, null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Start the login process for the <code>AuthContextLocal</code> object
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * identified by the index type and index name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The <code>IndexType</code> defines the possible kinds
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of "objects" or "resources" for which an authentication can
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * be performed. Currently supported index types are
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * users, roles, services (or application), levels and mechanism.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param type authentication index type.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param indexName authentication index name.
42a452a9f1193f232b34e7c22706b8fe44207d3dPhill Cunnington * @throws AuthLoginException if an error occurred
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * during login.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void login(AuthContext.IndexType type, String indexName)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContextLocal::login() called " +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "with IndexType : " + type + " & Indexname : " + indexName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Starts the login process for the given <code>AuthContextLocal</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * object for the given <code>Subject</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Refer to JAAS for description on <code>Subject</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param subject <code>Subject</code> of the user to be authenticated.
42a452a9f1193f232b34e7c22706b8fe44207d3dPhill Cunnington * @throws AuthLoginException if an error occurred
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * during login.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void login(Subject subject) throws AuthLoginException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Starts the login process for the given <code>AuthContextLocal</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * object identified by the index type and index name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The <code>IndexType</code> defines the possible kinds
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of "objects" or "resources" for which an authentication can
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * be performed.Currently supported index types are
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * users, roles, services (or application), levels and mechanism.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The locale specifies the user preferred locale setting.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param type authentication index type.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param indexName authentication index name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param locale locale setting.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AuthLoginException if an error occurred during
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * login process.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContextLocal::login() called " +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "with IndexType : " + type + " & Indexname : " + indexName +
42a452a9f1193f232b34e7c22706b8fe44207d3dPhill Cunnington login(type, indexName, null, null, null, null, locale);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Starts the login process for the given <code>AuthContextLocal</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * object identified by the index type and index name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The <code>IndexType</code> defines the possible kinds
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of "objects" or "resources" for which an authentication can
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * be performed.Currently supported index types are
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * users, roles, services (or application), levels and mechanism.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The locale specifies the user preferred locale setting.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param type authentication index type.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param indexName authentication index name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param envMap Environment Map, key is String, value is set of string.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * this is applicable only when the type is
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>AuthContext.IndexType.RESOURCE</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param locale locale setting.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AuthLoginException if an error occurred during
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * login process.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContextLocal::login() called " +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "with IndexType : " + type + " & Indexname : " + indexName +
42a452a9f1193f232b34e7c22706b8fe44207d3dPhill Cunnington login(type, indexName, null, null, null, envMap, locale);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Performs the Login for the given AuthContext
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param type authentication index type
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param indexName authentication index name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param principal principal name of the user to be authenticated
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param password password for the user
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param subject authentication subject
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AuthLoginException if error occurs during login
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected void login(AuthContext.IndexType type, String indexName,
42a452a9f1193f232b34e7c22706b8fe44207d3dPhill Cunnington Principal principal, char[] password, Subject subject) throws AuthLoginException {
42a452a9f1193f232b34e7c22706b8fe44207d3dPhill Cunnington login(type, indexName, principal, password, subject, null, null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Performs the Login for the given AuthContext
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param type authentication index type
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param indexName authentication index name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param principal principal name of the user to be authenticated
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param password password for the user
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param subject authentication subject
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param envMap Environment map, this is applicable only when the type
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * is <code>AuthContext.IndexType.RESOURCE</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param locale locale setting
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AuthLoginException if error occurs during login
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected void login(AuthContext.IndexType type, String indexName,
42a452a9f1193f232b34e7c22706b8fe44207d3dPhill Cunnington Principal principal, char[] password, Subject subject, Map envMap, String locale)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /*if (!getStatus().equals(AuthContext.Status.NOT_STARTED)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (authDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContextLocal::login called " +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "when the current login status is : " + getStatus());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new AuthLoginException(amAuthContextLocal,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "invalidMethod", new Object[]{getStatus()});
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // switch the login status
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // specially processing for resouce/IP/Environement based auth
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((type != null) && type.equals(AuthContext.IndexType.RESOURCE)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // this is resouce/IP/Env based authentication
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // call Policy Decision Util to find out the actual auth type
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // required by policy
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster result = PolicyDecisionUtils.doResourceIPEnvAuth(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // ignore, continue to default realm based authentication
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // may need to revisit this in the future
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.warning("AuthContextLocal.login() policy error " +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContextLocal.login: policy decision="
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // this is the redirection case (Policy Redirection Advice)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // append goto parameter for federation case
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set tmp = (Set) envMap.get(ISAuthConstants.GOTO_PARAM);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String gotoParam = (String) tmp.iterator().next();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((gotoParam != null) && (gotoParam.length() != 0)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // no policy decision, use default realm login
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "loginParamsMap : " + loginParamsMap.toString());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("calling AMLoginContext::exceuteLogin : ");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("after AMLoginContext::exceuteLogin : ");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (amlc.getStatus() == LoginStatus.AUTH_SUCCESS) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (amlc.getStatus() == LoginStatus.AUTH_FAILED) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "Status at the end of login() : " + loginStatus);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("Exception in ac.login : " + e.toString());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Resets this instance of <code>AuthContextLocal</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * object, so that a new login process can be initiated.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * A new authentication process can started using any
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * one of the <code>login</code> methods.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContextLocal::reset() called");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the set of Principals the user has been authenticated as.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This should be invoked only after successful authentication.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If the authentication fails or the authentication is in process,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * this will return <code>null</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return The set of Principals the user has been authenticated as.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!loginStatus.equals(AuthContext.Status.SUCCESS)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Checks if the login process requires more information from the user to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * complete the authentication.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return <code>true</code> if more credentials are required
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * from the user.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContextLocal::hasMoreRequirements()");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((amlc.getStatus() == LoginStatus.AUTH_SUCCESS) ||
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Checks if the login process requires more information from the user to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * complete the authentication
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param noFilter falg to indicate if there is a Filter
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return <code>true</code> if more credentials are required
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * from the user.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public boolean hasMoreRequirements(boolean noFilter) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContextLocal::hasMoreRequirements()");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((amlc.getStatus() == LoginStatus.AUTH_SUCCESS) ||
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (getCallbacks(informationRequired, noFilter) != null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns an array of <code>Callback</code> objects that
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * must be populated by the user and returned back.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * These objects are requested by the authentication plug-ins,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * and these are usually displayed to the user. The user then provides
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the requested information for it to be authenticated.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return an array of <code>Callback</code> objects requesting credentials
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * from user.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContextLocal::getRequirements()");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((amlc.getStatus() == LoginStatus.AUTH_SUCCESS) ||
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns an array of <code>Callback</code> objects that
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * must be populated by the user and returned back.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * These objects are requested by the authentication plug-ins,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * and these are usually displayed to the user. The user then provides
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the requested information for it to be authenticated.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param noFilter flag to indicate if there is a Filter
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return an array of <code>Callback</code> objects requesting credentials
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * from user.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public Callback[] getRequirements(boolean noFilter) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContextLocal::getRequirements()");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((amlc.getStatus() == LoginStatus.AUTH_SUCCESS) ||
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (getCallbacks(informationRequired, noFilter));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Submit the populated <code>Callback</code> objects
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * to the authentication plug-in modules. Called after
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>getRequirements</code> method and obtaining
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * user's response to these requests.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param info array of <code>Callback</code> objects
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void submitRequirements(Callback[] info) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContextLocal::submitRequirements()");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (amlc.getStatus() == LoginStatus.AUTH_SUCCESS) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (amlc.getStatus() == LoginStatus.AUTH_FAILED) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContextLocal::submitRequirements end");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("Status at the end of submitRequirements() : "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Logs out the user and also invalidates the <code>SSOToken</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * associated with this <code>AuthContextLocal</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AuthLoginException if an error occurred during logout
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void logout() throws AuthLoginException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContextLocal::logout()");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("Exception in AMLoginContext::logout() "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new AuthLoginException(amAuthContextLocal, "logoutError",
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("Called AMLoginContext::logout()");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns login exception, if any, during
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the authentication process. Typically set when the login
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return login exception.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public AuthLoginException getLoginException() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContextLocal::getLoginException()");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Sets the login exception that represents errors during the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * authentication process.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param exception AuthLoginException to be set.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void setLoginException(AuthLoginException exception) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the current status of the authentication process.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return the current status of the authentication process.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContextLocal::getStatus()");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (amlc.getStatus() == LoginStatus.AUTH_SUCCESS) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster else if (amlc.getStatus() == LoginStatus.AUTH_FAILED) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster else if (amlc.getStatus() == LoginStatus.AUTH_RESET) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster else if (amlc.getStatus() == LoginStatus.AUTH_ORG_MISMATCH) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster else if (amlc.getStatus() == LoginStatus.AUTH_IN_PROGRESS) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster else if (amlc.getStatus() == LoginStatus.AUTH_COMPLETED) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContextLocal:: Status : " + loginStatus);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Sets the login status. Used internally and
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * not visible outside this package.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param status login status
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected void setLoginStatus(AuthContext.Status status) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContextLocal::setLoginStatus()");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the Single-Sign-On (SSO) Token for the authenticated
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * user.Single-Sign-On token can be used as the authenticated token.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return single-sign-on token
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the Successful Login URL for the authenticated user.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return the Successful Login URL for the authenticated user.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the Failure Login URL for the authenticating user.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return the Failure Login URL for the authenticating user.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the the organization name that was set during the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>AuthContextLocal</code> constructor.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Organization name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Terminates an ongoing <code>login</code> call that has not yet completed.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AuthLoginException if an error occurred during abort.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void abort() throws AuthLoginException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContextLocal::abort()");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("Exception in AMLoginContext::abort() "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new AuthLoginException(amAuthContextLocal, "abortError",
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the error template.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return the error template.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the error message.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return the error message.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the error code.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return error code.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the current 'authIdentifier' of the authentication process as
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * String Session ID.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return <code>authIdentifier</code> of the authentication process
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the account lockout message. This can be either a dynamic
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * message indicating the number of tries left or the the account
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * deactivated message.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return account lockout message.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("getLockoutMsg: lockoutMsg: " + lockoutMsg);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Checks the account is locked out
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return <code>true</code> if the account is locked,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>false</code> otherwise
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("isLockedOut : " + isLockedOut);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Sets the client's host name , this method is used in case of remote
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * authentication,to set the client's hostname or IP address.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This could be used by the policy component to restrict access
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * to resources.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param hostname Host name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void setClientHostName(String hostname) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the clients host name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return hostname
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Sets the <code>HttpSession</code> that will be used by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the SSO component to store the session information. In the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * absence of <code>HttpSession</code> the information is stored
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * in <code>HashMap</code> and will have issues with fail-over.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * With session fail-over turned on <code>HttpSession</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * would be provide persistance storage mechanism for SSO.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param session HttpSession
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void setHttpSession(HttpSession session) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the <code>HTTPSession</code> associated with the current
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * authentication context
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return httpSession
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the array of <code>Callback</code> requirements objects
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param recdCallbacks callbacks requirements
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param noFilter boolean to indicate if filter exists
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return an array of <code>Callback</code> objects
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (noFilter) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (int i = 0; i < recdCallbacks.length; i++) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("In getCallbacks() callback : "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!(recdCallbacks[i] instanceof PagePropertiesCallback)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (Callback[]) callbackList.toArray(answer);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Sets the Login State
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param state login state
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the login state
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return loginState
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Sets the Organization DN
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param orgDN Organization DN
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the Organization DN
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return the Organization DN
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Holds LDAP URL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public final static String LDAP_AUTH_URL = "ldap://";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Holds principal name to be authenticated
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public final static String PRINCIPAL = "principal";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Holds Password for the user
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public final static String PASSWORD = "password";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * authentication subject
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public final static String SUBJECT = "subject";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * authentication index type
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public final static String INDEX_TYPE = "indexType";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * authentication index name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public final static String INDEX_NAME = "indexName";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * locale setting
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Redirection URL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static final String REDIRECT_URL = "redirectionURL";