org.rhq.enterprise.server.auth

Interface SubjectManagerLocal

All Superinterfaces:

SubjectManagerRemote

All Known Implementing Classes:

SubjectManagerBean

public interface SubjectManagerLocal
extends SubjectManagerRemote

The local EJB interface to the Authentication Boss.

Author:

John Mazzitelli

Method Summary

Methods

Modifier and Type	Method and Description
org.rhq.core.domain.auth.Subject	checkAuthentication(String username, String password) Checks whether a user would successfully login with the provided credentials.
void	createPrincipal(org.rhq.core.domain.auth.Subject subject, org.rhq.core.domain.auth.Principal principal) Creates a new principal (username and password) in the internal database.
org.rhq.core.domain.auth.Subject	createSubject(org.rhq.core.domain.auth.Subject subject, org.rhq.core.domain.auth.Subject subjectToCreate, String password) Creates a new subject, including their assigned roles, as well as an associated principal with the specified password.
void	deleteUsers(org.rhq.core.domain.auth.Subject subject, int[] subjectIds) Deletes the given set of users, including both the Subject and Principal objects associated with those users.
Collection<String>	findAllUsersWithPrincipals() Get a collection of all user names, where the collection contains the names of all users that have principals only.
org.rhq.core.domain.util.PageList<org.rhq.core.domain.auth.Subject>	findAvailableSubjectsForRole(org.rhq.core.domain.auth.Subject whoami, Integer roleId, Integer[] pendingSubjectIds, org.rhq.core.domain.util.PageControl pc) This returns a list of subjects that are available to be assigned to a given role but not yet assigned to that role.
org.rhq.core.domain.auth.Subject	getOverlord() This returns the system super user subject that can be used to authorize the caller for any other system call.
org.rhq.core.domain.auth.Subject	getSubjectById(int id)
org.rhq.core.domain.auth.Subject	getSubjectBySessionId(int sessionId)
boolean	isUserWithPrincipal(String username) Checks that the user exists and has a Principal associated with it.
boolean	isValidSessionId(int session, String username, int userid) Determines if the given session ID is valid and it is associated with the given username and user ID.
org.rhq.core.domain.auth.Subject	loadUserConfiguration(Integer subjectId) Loads in the given subject's preferences and roles.
org.rhq.core.domain.auth.Subject	loginLocal(String username, String password) Logs in a user performing the authentication.
org.rhq.core.domain.auth.Subject	loginUnauthenticated(String username) Logs in a user without performing any authentication.
void	logout(int sessionId)
org.rhq.core.domain.auth.Subject	processSubjectForLdap(org.rhq.core.domain.auth.Subject subject, String subjectPassword)
void	scheduleSessionPurgeJob() For internal use only - used by the StartupBean only - don't call this.
org.rhq.core.domain.auth.Subject	updateSubject(org.rhq.core.domain.auth.Subject subject, org.rhq.core.domain.auth.Subject subjectToModify, String newPassword) Updates an existing subject, including their assigned roles, and optionally their password.

Methods inherited from interface org.rhq.enterprise.server.auth.SubjectManagerRemote

changePassword, createPrincipal, createSubject, deleteSubjects, findSubjectsByCriteria, getSubjectByName, getSubjectByNameAndSessionId, login, logout, updateSubject

Method Detail

loadUserConfiguration

org.rhq.core.domain.auth.Subject loadUserConfiguration(Integer subjectId)

Loads in the given subject's preferences and roles.

Parameters:

subjectId - identifies the subject whose preferences and roles are to be loaded

Returns:

the subject, with its preferences and roles loaded

getOverlord

org.rhq.core.domain.auth.Subject getOverlord()

This returns the system super user subject that can be used to authorize the caller for any other system call. This must not be exposed to remote clients.

Returns:

a subject that is authorized to do anything

loginUnauthenticated

org.rhq.core.domain.auth.Subject loginUnauthenticated(String username)
                                                      throws LoginException

Logs in a user without performing any authentication. This method should be used with care and is not available to remote clients. Because of the unauthenticated nature of this login, the new login session will have a session timeout of only two minutes.

Parameters:

username - The user to login

Returns:

A Subject with an active session for the the user

Throws:

LoginException - if failed to create a new session for the given user

loginLocal

org.rhq.core.domain.auth.Subject loginLocal(String username,
                                          String password)
                                            throws LoginException

Logs in a user performing the authentication. The difference between this method and SubjectManagerRemote.login(String, String) method is that the latter is meant to be used only for CLI, because if LDAP user without any role is trying to log in (and it is disabled) this one lets the user in because of the LDAP registration form.

Parameters:

username - The user to login

Returns:

A Subject with an active session for the the user

Throws:

LoginException - if failed to create a new session for the given user

createPrincipal

void createPrincipal(org.rhq.core.domain.auth.Subject subject,
                   org.rhq.core.domain.auth.Principal principal)
                     throws SubjectException

Creates a new principal (username and password) in the internal database.

Parameters:

subject - The subject of the currently logged in user

principal - The principal to add

Throws:

Exception - if the principal could not be added

SubjectException

isUserWithPrincipal

boolean isUserWithPrincipal(String username)

Checks that the user exists and has a Principal associated with it. This means that the user both exists and is authenticated via JDBC. An LDAP user will not have a Principal because it is authenticated via the LDAP server, not from the database.

Parameters:

username - the user whose existence is to be checked

Returns:

true if the user exists and has a Principal, false otherwise

findAllUsersWithPrincipals

Collection<String> findAllUsersWithPrincipals()

Get a collection of all user names, where the collection contains the names of all users that have principals only. You will not get a list of usernames for those users authenticated by LDAP.

Returns:

collection of all user names that have principals

deleteUsers

void deleteUsers(org.rhq.core.domain.auth.Subject subject,
               int[] subjectIds)

Deletes the given set of users, including both the Subject and Principal objects associated with those users.

Parameters:

subject - the person requesting the deletion

subjectIds - identifies the subject IDs for all the users that are to be deleted

Throws:

Exception - if failed to delete one or more users

isValidSessionId

boolean isValidSessionId(int session,
                       String username,
                       int userid)

Determines if the given session ID is valid and it is associated with the given username and user ID.

Parameters:

session -

username -

userid -

Returns:

true if the session ID indentifies a valid session; false if it is invalid or has timed out

findAvailableSubjectsForRole

org.rhq.core.domain.util.PageList<org.rhq.core.domain.auth.Subject> findAvailableSubjectsForRole(org.rhq.core.domain.auth.Subject whoami,
                                                                                               Integer roleId,
                                                                                               Integer[] pendingSubjectIds,
                                                                                               org.rhq.core.domain.util.PageControl pc)

This returns a list of subjects that are available to be assigned to a given role but not yet assigned to that role. This excludes subjects already assigned to the role. The returned list will not include the subjects identified by pendingSubjectIds since it is assumed the pending subjects will be assigned to the role.

Parameters:

whoami - user attempting to make this call

roleId - the role whose list of available subjects are to be returned

pendingSubjectIds - the list of subjects that are planned to be given to the role

pc -

Returns:

the list of subjects that can be assigned to the given role, not including the pending subjects

logout

void logout(int sessionId)

getSubjectById

org.rhq.core.domain.auth.Subject getSubjectById(int id)

getSubjectBySessionId

org.rhq.core.domain.auth.Subject getSubjectBySessionId(int sessionId)
                                                       throws Exception

Throws:

Exception

createSubject

org.rhq.core.domain.auth.Subject createSubject(org.rhq.core.domain.auth.Subject subject,
                                             org.rhq.core.domain.auth.Subject subjectToCreate,
                                             String password)
                                               throws SubjectException,
                                                      javax.persistence.EntityExistsException

Creates a new subject, including their assigned roles, as well as an associated principal with the specified password.

Parameters:

subject - the logged in user's subject

subjectToCreate - the subject to be created (which will never be the same as subject)

password - the password for the principal to be created for the new user

Returns:

the persisted subject

Throws:

SubjectException

javax.persistence.EntityExistsException

updateSubject

org.rhq.core.domain.auth.Subject updateSubject(org.rhq.core.domain.auth.Subject subject,
                                             org.rhq.core.domain.auth.Subject subjectToModify,
                                             String newPassword)

Updates an existing subject, including their assigned roles, and optionally their password.

Parameters:

subject - the logged in user's subject

subjectToModify - the subject whose data is to be updated (which may or may not be the same as subject)

newPassword - if non-null, a new password to be set on the user's associated principal

Returns:

the merged subject, which may or may not be the subjectToModify instance

checkAuthentication

org.rhq.core.domain.auth.Subject checkAuthentication(String username,
                                                   String password)

Checks whether a user would successfully login with the provided credentials.

Parameters:

username - the username

password - the password

Returns:

the subject if the credentials are correct, null otherwise

scheduleSessionPurgeJob

void scheduleSessionPurgeJob()

For internal use only - used by the StartupBean only - don't call this. This will schedule the periodic EJB timer to trigger a purge of all timed out sessions.

processSubjectForLdap

org.rhq.core.domain.auth.Subject processSubjectForLdap(org.rhq.core.domain.auth.Subject subject,
                                                     String subjectPassword)
                                                       throws LoginException

Throws:

LoginException