glogic.jthin.serv
Class AuthenticationHandler

java.lang.Object
  glogic.jthin.serv.AuthenticationHandler

Direct Known Subclasses:

BasicAuthenticationHandler

public class AuthenticationHandler

extends java.lang.Object

Base class for handling authentication processing. Different authentication implementations built.

Author:

Sam Taha

Field Summary

static long

SESSIONHASH_TIME_WINDOW

Constructor Summary

AuthenticationHandler()

Method Summary

void	authenticateSession(Attributes clientAuthAttributes, Attributes sesAttributes, java.lang.String stProductName) Authenticate the user to the associated product.
java.lang.String	decryptSsoSession(SSOSessionBean ssoSessionBean) Implement your custom decryption logic here in subclass.
SSOSessionBean	encryptSsoSession(java.lang.String stSessionID) Implement your custom encryption logic here in subclass
java.lang.String	getUsername(Attributes authAttributes)
boolean	isAdminUser(Attributes authAttributes)
boolean	isAdminUser(JThinSsoKey ssoKey)
boolean	isAdminUser(SessionData sessionData)
boolean	isSSOSessionValid(javax.servlet.http.HttpServletRequest request) Checks if the web session is valid.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SESSIONHASH_TIME_WINDOW

public static final long SESSIONHASH_TIME_WINDOW

See Also:

Constant Field Values

Constructor Detail

AuthenticationHandler

public AuthenticationHandler()

Method Detail

authenticateSession

public void authenticateSession(Attributes clientAuthAttributes,
                                Attributes sesAttributes,
                                java.lang.String stProductName)
                         throws AuthenticationException,
                                WServiceAccessException

Authenticate the user to the associated product. Override this method in subclass.

Parameters:

sesAttributes - Attributes saved in the SessionData object. Optional.

stProductName - Product name user is being authenticated against.

Throws:

AuthenticationException

WServiceAccessException

isSSOSessionValid

public boolean isSSOSessionValid(javax.servlet.http.HttpServletRequest request)

Checks if the web session is valid. This is called from the JNLP download servlet when downloading the the JNLP file to decide if the user is authenticated or not. If it returns true it means the JNLP file can contain session data to be used by webstart application if false normally the user will be directed to an expired session browser screen. Use default or override to implement custom solution.

encryptSsoSession

public SSOSessionBean encryptSsoSession(java.lang.String stSessionID)

Implement your custom encryption logic here in subclass

decryptSsoSession

public java.lang.String decryptSsoSession(SSOSessionBean ssoSessionBean)
                                   throws AuthenticationException

Implement your custom decryption logic here in subclass. The SSOSessionBean supports a timeout feature that allows the server to put an upper time limit and when prevent session authentication/decryption. If subclass implementation can't be decrypted it should throw an AuthenticationExcpetion exception.

Throws:

AuthenticationException

getUsername

public java.lang.String getUsername(Attributes authAttributes)

isAdminUser

public boolean isAdminUser(Attributes authAttributes)

isAdminUser

public boolean isAdminUser(JThinSsoKey ssoKey)

isAdminUser

public boolean isAdminUser(SessionData sessionData)