se.esss.ics.rbac.logic

Class AuthenticationEJB

java.lang.Object

se.esss.ics.rbac.logic.AuthenticationEJB

All Implemented Interfaces:

Serializable

public class AuthenticationEJB
extends Object
implements Serializable

AuthenticationEJB implements the logic related to authentication, such as login, logout, token retrieval etc.

Author:

Jaka Bobnar

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor and Description
AuthenticationEJB()

Method Summary

Modifier and Type	Method and Description
TokenInfo	getToken(String tokenID) Method checks if a token with provided ID exists.
TokenInfo	isTokenValid(String tokenID) Verifies if the token with the provided ID exists and if it is valid.
TokenInfo	login(char[] username, char[] password, String ip, String[] roleNames) Method attempts to login the user using DirectoryServiceAccess.
TokenInfo	logout(String tokenID) Logs the caller out by deleting the token with provided ID.
TokenInfo	renewToken(String tokenID) Method checks if a token with provided ID exists.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthenticationEJB

public AuthenticationEJB()

Method Detail

login

public TokenInfo login(char[] username,
                       char[] password,
                       String ip,
                       String[] roleNames)
                throws RBACException

Method attempts to login the user using DirectoryServiceAccess. If the login is successful, a new Token is created, populated with provided data and persisted. Token information, including the token data signature is returned to the caller as TokenInfo.

Parameters:

username - character array containing login user name

password - character array containing login password

ip - address of the login attempt call

roleNames - array of role preferred role names

Returns:

token info containing all of the created token's information and a signature

Throws:

IllegalRBACArgumentException - if any of the required parameters is null

AuthAndAuthException - if the user could not be authenticated

RBACException - if there is an error while creating token signature

isTokenValid

public TokenInfo isTokenValid(String tokenID)
                       throws IllegalRBACArgumentException,
                              TokenInvalidException,
                              DataConsistencyException

Verifies if the token with the provided ID exists and if it is valid. This method does not do any changes to the token, like extending its expiration period. It also does not fetch any data besides the token itself, to allow to return as quickly as possible. The returned info contains only the info that Token contains. The first name, last name, UUID and signature are not returned.

Parameters:

tokenID - the id of the token

Returns:

the token info if the token is valid

Throws:

IllegalRBACArgumentException - if the token ID is null or empty

TokenInvalidException - if the token is invalid or does not exist

DataConsistencyException - if there are more tokens with the given ID

logout

public TokenInfo logout(String tokenID)
                 throws RBACException

Logs the caller out by deleting the token with provided ID. The token is only deleted, if it exists. If the token does not exist, logout is considered successful, but the method will return null.

Parameters:

tokenID - id of the token to be deleted.

Returns:

token info if the logout has been successful, null if the token was already logged out or expired or it never existed

Throws:

IllegalRBACArgumentException - if any of the required parameters is null.

DataConsistencyException - if multiple tokens exist

RBACException - if there was an error communicating with the directory service

getToken

public TokenInfo getToken(String tokenID)
                   throws RBACException

Method checks if a token with provided ID exists. It fetches the token with the specified ID from the database, creates a TokenInfo from it and returns it. Expired tokens may not and will not be retrieved.

Parameters:

tokenID - id of the token to be returned

Returns:

token with the specified tokenID

Throws:

IllegalRBACArgumentException - if any of the required parameters is null.

RBACException - if there was an error communicating with the directory service

DataConsistencyException - if multiple tokens were found

TokenInvalidException - if the token does not exist

renewToken

public TokenInfo renewToken(String tokenID)
                     throws RBACException

Method checks if a token with provided ID exists. It fetches the token with the specified ID from the database, extends its expiration time, creates a TokenInfo from it and returns it. Expired tokens may not and will not be renewed. Exception will be thrown if an expired token is being renewed.

Parameters:

tokenID - id of the token to be renewed.

Returns:

token with the specified tokenID and extended expiration time.

Throws:

IllegalRBACArgumentException - if any of the required parameters is null.

TokenInvalidException - if the token is invalid

DataConsistencyException - if multiple tokens or permissions exist

RBACException - if there was an error retrieving data from the directory service