Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.novell.nidp.authentication.local
Class LocalAuthenticationClass

java.lang.Object
  extended by com.novell.nidp.authentication.local.LocalAuthenticationClass

public abstract class LocalAuthenticationClass
extends java.lang.Object

Provides methods for authenticating to the local authority. It is an abstract class, so that each local authentication class can be implemented as a subclass.

Field Summary
static int AUTHENTICATED
          Indicates that the authentication was successful.
static int CANCEL
          Indicates that the authentication was cancelled.
static int HANDLED_REQUEST
          Indicates that the request was handled and that a query for more information is necessary for the authentication to proceed.
protected  java.util.Properties m_Properties
          The class and method properties defined in the admin utility as well as other system properties.
protected  HttpServletRequest m_Request
          The current HttpServletRequest that is being processed.
protected  HttpServletResponse m_Response
          The HttpServletResponse that will be responded to.
protected  NIDPSession m_Session
          The current Novell Identity Server session.
static int NOT_AUTHENTICATED
          Indicates that the authentication was unsuccessful.
static int PWD_EXPIRED
          Indicates that the user's password is expired.
static int PWD_EXPIRING
          Indicates that the user's password is expiring.
 
Constructor Summary
LocalAuthenticationClass(java.util.Properties props, java.util.ArrayList uStores)
          Defines the constructor to be used by all classes to do local authentication.
 
Method Summary
protected  void addCredential(WSCQToken token, XMLBase value)
          Adds a credential used to authencicate.
protected  void addLDAPCredentials()
          Adds the LDAP credentials, except the password.
protected  void addPrincipalAttributes(java.lang.String strAttr, java.lang.String[] values)
          Sets attributes for a user that has been authenticated.
 int authenticate()
          Performs the authentication process.
protected  boolean authenticateWithPassword(java.lang.String userid, java.lang.String password)
          Authenticates a user after locating the user with the specified DN.
protected  boolean authenticateWithQuery(java.lang.String query, java.lang.String password)
          Authenticates a user after locating the user with an LDAP query.
 java.util.ArrayList clearCredentials()
           
protected  int doAuthenticate()
          This is essentially an abstract method designed to be overloaded by authentication classes that intend to take advantage of secret store unlocking.
protected  java.lang.String escapeName(java.lang.String name)
          Escapes the characters typed by the user.
protected  NIDPPrincipal[] findPrincipals(java.lang.String userid)
          Searches through a list of user stores for users that match the specified user name.
protected  NIDPPrincipal[] findPrincipalsByQuery(java.lang.String filter)
          Searches through a list of user stores for users that match the given query.
protected  AuthnRequest getAuthnRequest()
          Gets the request that might have cause this authentication class to be invoked.
protected  boolean getBooleanProperty(java.lang.String property, boolean deflt)
          Gets a boolean value from the specified property.
 java.util.ArrayList getCredentials()
          Gets the list of credentials used to authenticate the user.
protected  DisplayableProvider[] getIDPProviders()
          Gets a list of identity providers that can be used as possible authentication sources.
 java.lang.String getLogMsg()
          Gets the message for the associated error ID.
 NIDPPrincipal getPrincipal()
          Gets the user authenticated by this class.
protected  javax.naming.directory.Attributes getPrincipalAttributes(java.lang.String[] attrs)
          Gets the attributes for the user that has been authenticated.
protected  UserAuthority getPrincipalUserAuthority()
          Gets the LDAP server that identified the user, assuming that m_Principal has been set.
protected  java.lang.String getProperty(java.lang.String property)
          Returns the value of the specified property.
protected  java.lang.String getProvisionURL()
          Gets the URL to call to provision a user.
protected  java.lang.String getReturnURL()
          Returns the URL which any user interactions should post data to.
 java.lang.String getType()
          Gets the authentication type this class implements.
protected  UserAuthority getUserAuthority(int index)
          Returns the specified LDAP server.
protected  int getUserAuthorityCount()
          Gets the number of searchable LDAP servers.
protected  java.lang.String getUserErrorMsg()
          Gets the error message that will be displayed to the end user.
 void initializeRequest(HttpServletRequest request, HttpServletResponse response, NIDPSession session, boolean following, java.lang.String url)
          Initializes the authentication class with the current request or response.
protected  boolean isCancelAppropriate()
          Determines if the option to cancel the authentication is appropriate for this instance.
protected  boolean isDefinesUser()
          Determines if this authentication class instance needs to identify a user.
 boolean isFailure()
          Indicates whether or not this authentication failed.
protected  boolean isFirstCallAfterPrevMethod()
          Determines if this authentication class begins execution immediately after the successful completion of another class.
protected  boolean isFirstInstance()
          Determines if this authentication class instance is the first since the system started up or was reconfigured.
protected  boolean isPendingAuthnRequest()
          Determines if there is a pending authentication request that has come from a service provider.
protected  boolean isUserIdentification()
          Determines if this authentication class instance is the result of an assertion being returned to an unauthenticated session.
 boolean mustPersist()
          Indicates if this class must persist during interaction with the user.
protected  void setErrorMsg(java.lang.String userErr, java.lang.String logErr)
          Sets the error message to send to the end user and to the log file.
protected  void setErrorMsg(java.lang.String userErr, java.lang.String logErr, java.lang.String logParam)
          Sets the error message to send to the end user and to the log file as well as a parameter to send with the log file message.
protected  void setFailure()
          Sets a failure state for the current authentication.
protected  void setPrincipal(NIDPPrincipal principal)
          Sets the user to be authenticated by this class.
protected  void setPrincipalAttributes(java.lang.String[] attrs, java.lang.String[] values)
          Sets the attributes for a user that has been authenticated.
protected  void setUserErrorMsg(java.lang.String userMsg)
          Sets the error message to be displayed to an end user.
protected  void showErrorJSP(java.lang.String msg)
          Causes an error JSP to be executed to display an error message.
protected  void showJSP(java.lang.String jsp)
          Forwards execution to a specific JSP.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

AUTHENTICATED

public static final int AUTHENTICATED
Indicates that the authentication was successful.

See Also:
authenicate, Constant Field Values

HANDLED_REQUEST

public static final int HANDLED_REQUEST
Indicates that the request was handled and that a query for more information is necessary for the authentication to proceed.

See Also:
authenicate, Constant Field Values

NOT_AUTHENTICATED

public static final int NOT_AUTHENTICATED
Indicates that the authentication was unsuccessful.

See Also:
authenticate, Constant Field Values

CANCEL

public static final int CANCEL
Indicates that the authentication was cancelled.

See Also:
authenticate, Constant Field Values

PWD_EXPIRING

public static final int PWD_EXPIRING
Indicates that the user's password is expiring.

See Also:
authenitcate, Constant Field Values

PWD_EXPIRED

public static final int PWD_EXPIRED
Indicates that the user's password is expired.

See Also:
authenticate, Constant Field Values

m_Properties

protected java.util.Properties m_Properties
The class and method properties defined in the admin utility as well as other system properties.

m_Request

protected HttpServletRequest m_Request
The current HttpServletRequest that is being processed.

See Also:
initializeRequest

m_Response

protected HttpServletResponse m_Response
The HttpServletResponse that will be responded to.

See Also:
initializeRequest

m_Session

protected NIDPSession m_Session
The current Novell Identity Server session.

Constructor Detail

LocalAuthenticationClass

public LocalAuthenticationClass(java.util.Properties props,
                                java.util.ArrayList uStores)
Defines the constructor to be used by all classes to do local authentication.

Parameters:
props - The properties associated with the implementing class.
uStores - A list of ordered user stores to authenticate against.
Method Detail

initializeRequest

public void initializeRequest(HttpServletRequest request,
                              HttpServletResponse response,
                              NIDPSession session,
                              boolean following,
                              java.lang.String url)
Initializes the authentication class with the current request or response.

Parameters:
request - The HttpServletRequest that the request came in on.
response - The HttpServletResponse that the request will respond with.
session - The user's liberty session.
following - True if this class is following a previous method, otherwise false.
url - The URL to return to after completion of context.

getType

public java.lang.String getType()
Gets the authentication type this class implements.

Returns:
Returns the authentication type represented by this class. Returns one of the following strings: ProtectedPassword, Password, ProtectedBasic, Basic, X509, Token, SmartCard, SmartCardPKI, Other.

getPrincipal

public NIDPPrincipal getPrincipal()
Gets the user authenticated by this class. This value is null if the authentication class is set to not define a user.

Returns:
The authenticated NIDPPrincipal, or null.

setPrincipal

protected void setPrincipal(NIDPPrincipal principal)
Sets the user to be authenticated by this class.

Parameters:
principal - The user to be considered authenticated.

isFailure

public boolean isFailure()
Indicates whether or not this authentication failed.

Returns:
Returns true if the authentication failed, otherwise false.

setFailure

protected void setFailure()
Sets a failure state for the current authentication.

getProvisionURL

protected java.lang.String getProvisionURL()
Gets the URL to call to provision a user.

Returns:
Returns the URL to redirect to for user provisioning, or null if not available.

getReturnURL

protected java.lang.String getReturnURL()
Returns the URL which any user interactions should post data to.

Returns:
The URL that the JSP associated with this classes uses to post back credentials.

mustPersist

public boolean mustPersist()
Indicates if this class must persist during interaction with the user.

Returns:
True if this class should persist during user interaction, otherwise false.

isFirstInstance

protected boolean isFirstInstance()
Determines if this authentication class instance is the first since the system started up or was reconfigured.

Returns:
True if this is the first instance of the class, otherwise false.

isCancelAppropriate

protected boolean isCancelAppropriate()
Determines if the option to cancel the authentication is appropriate for this instance.

Returns:
True if cancelling this instance of the class is appropriate, otherwise false.

isDefinesUser

protected boolean isDefinesUser()
Determines if this authentication class instance needs to identify a user.

Returns:
True if this authentication class needs to identity a user, otherwise false.

isUserIdentification

protected boolean isUserIdentification()
Determines if this authentication class instance is the result of an assertion being returned to an unauthenticated session.

Returns:
True if the assertion has been returned to an unauthenticated session, otherwise false.

isFirstCallAfterPrevMethod

protected boolean isFirstCallAfterPrevMethod()
Determines if this authentication class begins execution immediately after the successful completion of another class. This enables a class to know if credentials were actually used by the previous class.

Returns:
True if the previous call was a successful completion of an authentication class, otherwise false.

isPendingAuthnRequest

protected boolean isPendingAuthnRequest()
Determines if there is a pending authentication request that has come from a service provider. If true is returned, it indicates that this class was initiated as a result of a login request from a service provider.

Returns:
True if login request came from a service provider.

getAuthnRequest

protected AuthnRequest getAuthnRequest()
Gets the request that might have cause this authentication class to be invoked.

Returns:
The authentication request that was received from a service provider.

getIDPProviders

protected DisplayableProvider[] getIDPProviders()
Gets a list of identity providers that can be used as possible authentication sources. These providers can be shown on pages that query for credentials.

Returns:
The list of identity providers that can provide authentication.

showErrorJSP

protected void showErrorJSP(java.lang.String msg)
Causes an error JSP to be executed to display an error message.

Parameters:
msg - The error message that is to be displayed.

showJSP

protected void showJSP(java.lang.String jsp)
Forwards execution to a specific JSP.

Parameters:
jsp - Specifies the JSP to which control should be forwarded.

setErrorMsg

protected void setErrorMsg(java.lang.String userErr,
                           java.lang.String logErr)
Sets the error message to send to the end user and to the log file.

Parameters:
userErr - The message to be displayed to the end user.
logErr - The message to log for the administrator.

setErrorMsg

protected void setErrorMsg(java.lang.String userErr,
                           java.lang.String logErr,
                           java.lang.String logParam)
Sets the error message to send to the end user and to the log file as well as a parameter to send with the log file message.

Parameters:
userErr - The message to be displayed to the end user.
logErr - The message to log for the administrator.
logParam - The parameter to be used as part of the log file error message.

setUserErrorMsg

protected void setUserErrorMsg(java.lang.String userMsg)
Sets the error message to be displayed to an end user.

Parameters:
userMsg - The message to display to the end user on an error page.

getUserErrorMsg

protected java.lang.String getUserErrorMsg()
Gets the error message that will be displayed to the end user.

Returns:
The end user error message, or null if none.

getLogMsg

public java.lang.String getLogMsg()
Gets the message for the associated error ID.

Returns:
The error message text.

addLDAPCredentials

protected void addLDAPCredentials()
Adds the LDAP credentials, except the password.

addCredential

protected void addCredential(WSCQToken token,
                             XMLBase value)
Adds a credential used to authencicate.

Parameters:
token - The credential token used.
value - The credential value.

getCredentials

public java.util.ArrayList getCredentials()
Gets the list of credentials used to authenticate the user.

Returns:
An array containing all current credentials.

clearCredentials

public java.util.ArrayList clearCredentials()

escapeName

protected java.lang.String escapeName(java.lang.String name)
Escapes the characters typed by the user.

Parameters:
name - The user name.
Returns:
The escaped user name.

getUserAuthorityCount

protected int getUserAuthorityCount()
Gets the number of searchable LDAP servers.

Returns:
The number of LDAP servers that are available to be searched.
See Also:
getUserAuthority

getUserAuthority

protected UserAuthority getUserAuthority(int index)
Returns the specified LDAP server.

Parameters:
index - The index of the LDAP server to return.
Returns:
Returns the LDAP server identified by a particular index, or null if the index is out of range.
See Also:
getUserAuthorityCount

getPrincipalUserAuthority

protected UserAuthority getPrincipalUserAuthority()
Gets the LDAP server that identified the user, assuming that m_Principal has been set.

Returns:
Returns the LDAP server that identified the user, or null if no user was found.
See Also:
getUserAuthority, getPrincipal

authenticateWithPassword

protected boolean authenticateWithPassword(java.lang.String userid,
                                           java.lang.String password)
                                    throws PasswordExpiredException,
                                           PasswordExpiringException
Authenticates a user after locating the user with the specified DN.

Parameters:
userid - The DN of the user to locate in a user store.
password - The password with which to authenticate the user.
Returns:
Returns true if authentication succeeds, otherwise false.
Throws:
PasswordExpiredException - An exception that occurs only with eDir, indicating the user's password has expired.
PasswordExpiringException - An exception that occurs only with eDir, indicating the user's password is about to expire.

authenticateWithQuery

protected boolean authenticateWithQuery(java.lang.String query,
                                        java.lang.String password)
                                 throws PasswordExpiredException,
                                        PasswordExpiringException
Authenticates a user after locating the user with an LDAP query.

Parameters:
query - The LDAP query to use to identify the user in a user store.
password - The password with which to authenticate the user.
Returns:
Returns true if the authentication succeeds,otherwise false.
Throws:
PasswordExpiredException - An exception that occurs only with eDir, indicating the user's password has expired.
PasswordExpiringException - An exception that occurs only with eDir, indicating the user's password is about to expire.

findPrincipals

protected NIDPPrincipal[] findPrincipals(java.lang.String userid)
Searches through a list of user stores for users that match the specified user name. When a user is found, the search continues in that user store to see if other users match, but it does not continue to the next user store in the list.

Parameters:
userid - The ID of the user to search for.
Returns:
The list of users found in one of the user stores.

findPrincipalsByQuery

protected NIDPPrincipal[] findPrincipalsByQuery(java.lang.String filter)
Searches through a list of user stores for users that match the given query. When a user is found, the search continues in that user store to see if other users match, but it does not continue to the next user store in the list.

Parameters:
filter - The filter or query to use.
Returns:
The list of users found in one of the user stores.

getPrincipalAttributes

protected javax.naming.directory.Attributes getPrincipalAttributes(java.lang.String[] attrs)
Gets the attributes for the user that has been authenticated.

Parameters:
attrs - An array of strings representing the attributes to obtain.
Returns:
An Attributes object containing the values of the attributes that were obtainable.

setPrincipalAttributes

protected void setPrincipalAttributes(java.lang.String[] attrs,
                                      java.lang.String[] values)
                               throws NIDPException
Sets the attributes for a user that has been authenticated.

Parameters:
attrs - An array of strings representing the attributes to set.
values - An array of value objects to associate with the attributes in the attribute array.
Throws:
NIDPException

addPrincipalAttributes

protected void addPrincipalAttributes(java.lang.String strAttr,
                                      java.lang.String[] values)
                               throws NIDPException
Sets attributes for a user that has been authenticated.

Parameters:
attrs - A strings representing the attribute to set.
values - An array of value objects to associate with the attribute.
Throws:
NIDPException

getProperty

protected java.lang.String getProperty(java.lang.String property)
Returns the value of the specified property.

Parameters:
property - The property name.
Returns:
The value of the property, or null if not found.

getBooleanProperty

protected boolean getBooleanProperty(java.lang.String property,
                                     boolean deflt)
Gets a boolean value from the specified property. The values specified during the configuration of the Identity Server can be obtained with this method.

Parameters:
property - The name of the boolean property.
deflt - The default value to return if the property is not found.
Returns:
The boolean value of the property, or the default value if not found.

authenticate

public int authenticate()
Performs the authentication process.

Returns:
The results of the authentication process: AUTHENTICATED, NOT_AUTHENTICATED, CANCELLEDCANCEL, HANDLED_REQUEST, PWD_EXPIRING, OR PWD_EXPIRED.

doAuthenticate

protected int doAuthenticate()
This is essentially an abstract method designed to be overloaded by authentication classes that intend to take advantage of secret store unlocking.

Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2005-2009 Novell, Inc. All Rights Reserved.