Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD

com.xmlserv.security
Class RoleSecurityManager

java.lang.Object
  |
  +--com.xmlserv.security.SecurityManager
        |
        +--com.xmlserv.security.RoleSecurityManager
Direct Known Subclasses:
AppSecurityManager
public abstract class RoleSecurityManager
extends SecurityManager

A role based SecurityManager. This class does not define where to store user information. A subclass should implement the abtract methods through which user information is read.
It fills the framework outlined in SecurityManager, but relies on subclasses to provide access to a storage method (LDAP, RDBMS, filebased, ...).

Version:
$Id: RoleSecurityManager.java,v 1.30 2002/12/19 20:27:09 muecke Exp $
Author:
Wolfram Saringer

Inner classes inherited from class com.xmlserv.security.SecurityManager
SecurityManager.AccessRight, SecurityManager.Authorization, SecurityManager.Resource, SecurityManager.Role, SecurityManager.User
 
Fields inherited from class com.xmlserv.security.SecurityManager
DELETE, INSERT, SELECT, UPDATE
 
Constructor Summary
RoleSecurityManager()
          Create empty object. init() must be called before it is usable.
 
Method Summary
 SecurityManager.User authenticate(java.lang.String username, java.lang.String password)
          Authenticate a user.
 SecurityManager.Authorization authorize(SecurityManager.User user, SecurityManager.Resource resource, java.lang.String access)
          Authorize an access method on a resource.
protected abstract  void checkAuth(SecurityManager.User user, SecurityManager.Resource resource, java.lang.String access)
          This method must be implemented in a subclass for each storage type supported.
protected abstract  java.lang.String checkUser(java.lang.String user, java.lang.String password)
          This method must be implemented for each storage type supported.
 void destroy()
          Free resources.
 java.lang.String doLogin(javax.servlet.ServletContext context, javax.servlet.http.HttpServletRequest req)
          Handle login.
protected  java.lang.String errorPage(java.lang.String msg)
          Create am HTML error page.
protected abstract  java.lang.String getEmail(java.lang.String username)
          Return the users email address.
protected abstract  int getId(java.lang.String username)
          Return the users numeric id.
protected abstract  java.lang.String getRoleGroup(java.lang.String username)
          Get the RoleGroup the given user belongs to.
protected abstract  int getRoleGroupId(java.lang.String username)
          Get the numerical RoleGroup id the given user belongs to.
 java.lang.String getUser(javax.servlet.http.HttpServletRequest req)
          Return the uid of the authenticated user.
 SecurityManager.User getUserObj(javax.servlet.http.HttpServletRequest req)
          Return the SecurityManager.User object of the authenticated user.
 java.lang.String getUserRoleGroup(javax.servlet.http.HttpServletRequest req)
          Get the RoleGroup for the logged in user.
 int getUserRoleGroupId(javax.servlet.http.HttpServletRequest req)
          Get numeric RoleGroup ID.
 void init()
          Initialize object.
protected  java.lang.String loginPage(java.lang.String target, javax.servlet.http.HttpServletRequest req)
          Create a login page pointing to the given target.
protected  java.lang.String loginPage(java.lang.String target, javax.servlet.http.HttpServletRequest req, java.lang.String status)
          Create an HTML login page with a status message.
 void logout(javax.servlet.http.HttpServletRequest req)
          Remove login information from the session context and invalidate the session.
 void signout(SecurityManager.Authorization authorization)
          Remove login information from the session context.
 boolean validate(SecurityManager.Authorization authorization)
          Check whether this Authorization object was actually created by this SecurityManager and is still valid.
 boolean validate(SecurityManager.User userobj)
          Check whether this User object was actually created by this SecurityManager.
 
Methods inherited from class com.xmlserv.security.SecurityManager
addACL, getResource, getUserById, getUserID, getUserStatus, hasAuth, isAnon, toUserStatus
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

RoleSecurityManager

public RoleSecurityManager()
Create empty object. init() must be called before it is usable.
Method Detail

init

public void init()
          throws SecurityManagerException
Initialize object.
Overrides:
init in class SecurityManager

destroy

public void destroy()
Free resources.
Overrides:
destroy in class SecurityManager

doLogin

public java.lang.String doLogin(javax.servlet.ServletContext context,
                                javax.servlet.http.HttpServletRequest req)
Handle login. The following HTTP Parameters are recognized:
Overrides:
doLogin in class SecurityManager
Parameters:
context - The servlet context.
req - The client request.
Returns:
null in case everything is OK, an HTML login page otherwise.

authenticate

public SecurityManager.User authenticate(java.lang.String username,
                                         java.lang.String password)
                                  throws SecurityManagerException
Authenticate a user.
Overrides:
authenticate in class SecurityManager
Parameters:
username - The username.
password - The password.
Returns:
A SecurityManager.User object in case the login is OK.
Throws:
SecurityManagerException - If the account is invalid.

getRoleGroupId

protected abstract int getRoleGroupId(java.lang.String username)
                               throws SecurityManagerException
Get the numerical RoleGroup id the given user belongs to. To be supplied by an implementation.

getRoleGroup

protected abstract java.lang.String getRoleGroup(java.lang.String username)
                                          throws SecurityManagerException
Get the RoleGroup the given user belongs to.

checkUser

protected abstract java.lang.String checkUser(java.lang.String user,
                                              java.lang.String password)
                                       throws SecurityManagerException
This method must be implemented for each storage type supported.
Parameters:
user - The username. Must be lowercase
password - The password.
Returns:
The String representation of the numerical UID.
Throws:
SecurityManagerException - Thrown if the given useraccount is not valid.

getEmail

protected abstract java.lang.String getEmail(java.lang.String username)
                                      throws SecurityManagerException
Return the users email address.
Parameters:
username - The username to search for.
Returns:
The Email address or an empty string if user not found or email not available

getId

protected abstract int getId(java.lang.String username)
                      throws SecurityManagerException
Return the users numeric id.
Parameters:
username - The username to search for.
Returns:
The users numeric id.

authorize

public SecurityManager.Authorization authorize(SecurityManager.User user,
                                               SecurityManager.Resource resource,
                                               java.lang.String access)
                                        throws SecurityManagerException
Authorize an access method on a resource.
Overrides:
authorize in class SecurityManager
Parameters:
user - The SecurityManager.User object.
resource - The named resource.
access - The access method string as defined in SecurityManager.
Throws:
SecurityManagerException - Thrown if the given useraccount is not valid.

checkAuth

protected abstract void checkAuth(SecurityManager.User user,
                                  SecurityManager.Resource resource,
                                  java.lang.String access)
                           throws SecurityManagerException
This method must be implemented in a subclass for each storage type supported.
Parameters:
user - The SecurityManager.User object.
resource - The named resource.
access - The access method string as defined in SecurityManager.
Throws:
SecurityManagerException - Thrown if the requested authorization is not granted.

validate

public boolean validate(SecurityManager.User userobj)
Check whether this User object was actually created by this SecurityManager.
Overrides:
validate in class SecurityManager
Parameters:
userobj - The SecurityManager.User object to check.
Returns:
boolean indicating valid (true) or invalid(false) object status.

validate

public boolean validate(SecurityManager.Authorization authorization)
Check whether this Authorization object was actually created by this SecurityManager and is still valid.
Overrides:
validate in class SecurityManager
Parameters:
authorization - The SecurityManager.Authorization object to test.
Returns:
boolean indicating valid (true) or invalid(false) object status.

getUser

public java.lang.String getUser(javax.servlet.http.HttpServletRequest req)
                         throws SecurityManagerException
Return the uid of the authenticated user.
Overrides:
getUser in class SecurityManager
Parameters:
req - The client request.
Returns:
The username associated with this request.
Throws:
SecurityManagerException - In case the user is not authenticated.

getUserObj

public SecurityManager.User getUserObj(javax.servlet.http.HttpServletRequest req)
                                throws SecurityManagerException
Return the SecurityManager.User object of the authenticated user.
Overrides:
getUserObj in class SecurityManager
Parameters:
req - The client request.
Returns:
A SecurityManager.User object.
Throws:
SecurityManagerException - In case the user is not authenticated.

getUserRoleGroup

public java.lang.String getUserRoleGroup(javax.servlet.http.HttpServletRequest req)
                                  throws SecurityManagerException
Get the RoleGroup for the logged in user.
Overrides:
getUserRoleGroup in class SecurityManager
Returns:
An empty String in case no RoleGroup is set, the RoleGroup name otherwise.

getUserRoleGroupId

public int getUserRoleGroupId(javax.servlet.http.HttpServletRequest req)
                       throws SecurityManagerException
Get numeric RoleGroup ID.
Overrides:
getUserRoleGroupId in class SecurityManager

signout

public void signout(SecurityManager.Authorization authorization)
Remove login information from the session context.
Overrides:
signout in class SecurityManager
Parameters:
authorization - The authorization object to invalidate.

logout

public void logout(javax.servlet.http.HttpServletRequest req)
Remove login information from the session context and invalidate the session.
Overrides:
logout in class SecurityManager
Parameters:
req - The client request.

errorPage

protected java.lang.String errorPage(java.lang.String msg)
Create am HTML error page.
Parameters:
msg - The error message.
Returns:
The HTML error page.

loginPage

protected java.lang.String loginPage(java.lang.String target,
                                     javax.servlet.http.HttpServletRequest req)
Create a login page pointing to the given target.
Parameters:
target - The target to use as the action of the login page.
req - The client request.
Returns:
The Login page.

loginPage

protected java.lang.String loginPage(java.lang.String target,
                                     javax.servlet.http.HttpServletRequest req,
                                     java.lang.String status)
Create an HTML login page with a status message.
Parameters:
target - The target to use as the action of the login page.
req - The client request.
status - The status strign to include.
Returns:
The Login page.
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD