Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.rhq.enterprise.server.auth
Class SubjectManagerBean

java.lang.Object
  extended by org.rhq.enterprise.server.auth.SubjectManagerBean
All Implemented Interfaces:
SubjectManagerLocal, SubjectManagerRemote
public class SubjectManagerBean
extends Object
implements SubjectManagerLocal, SubjectManagerRemote

Provides functionality to access and manipulate subjects and principals, mainly for authentication purposes.

Author:
John Mazzitelli

Constructor Summary
SubjectManagerBean()
           
 
Method Summary
 void changePassword(org.rhq.core.domain.auth.Subject whoami, String username, String password)
          #see {@link SubjectManagerRemote#changePassword(Subject, String, String)
 org.rhq.core.domain.auth.Subject checkAuthentication(String username, String password)
          Checks whether a user would successfully login with the provided credentials.
 void createPrincipal(org.rhq.core.domain.auth.Subject whoami, org.rhq.core.domain.auth.Principal principal)
          Creates a new principal (username and password) in the internal database.
 void createPrincipal(org.rhq.core.domain.auth.Subject whoami, String username, String password)
          #see {@link SubjectManagerRemote#createPrincipal(Subject, String, String)
 org.rhq.core.domain.auth.Subject createSubject(org.rhq.core.domain.auth.Subject whoami, org.rhq.core.domain.auth.Subject subject)
          #see {@link SubjectManagerRemote#createSubject(Subject, Subject)
 org.rhq.core.domain.auth.Subject createSubject(org.rhq.core.domain.auth.Subject whoami, org.rhq.core.domain.auth.Subject subjectToCreate, String password)
          Creates a new subject, including their assigned roles, as well as an associated principal with the specified password.
 void deleteSubjects(org.rhq.core.domain.auth.Subject sessionSubject, int[] subjectIds)
          #see {@link SubjectManagerRemote#deleteSubjects(Subject, int[])
 void deleteUsers(org.rhq.core.domain.auth.Subject subject, int[] subjectIds)
          Deletes the given set of users, including both the Subject and Principal objects associated with those users.
 Collection<String> findAllUsersWithPrincipals()
          Get a collection of all user names, where the collection contains the names of all users that have principals only.
 org.rhq.core.domain.util.PageList<org.rhq.core.domain.auth.Subject> findAvailableSubjectsForRole(org.rhq.core.domain.auth.Subject whoami, Integer roleId, Integer[] pendingSubjectIds, org.rhq.core.domain.util.PageControl pc)
          This returns a list of subjects that are available to be assigned to a given role but not yet assigned to that role.
 org.rhq.core.domain.util.PageList<org.rhq.core.domain.auth.Subject> findSubjectsByCriteria(org.rhq.core.domain.auth.Subject subject, org.rhq.core.domain.criteria.SubjectCriteria criteria)
           
 org.rhq.core.domain.auth.Subject getOverlord()
          This returns the system super user subject that can be used to authorize the caller for any other system call.
 org.rhq.core.domain.auth.Subject getSubjectById(int id)
           
 org.rhq.core.domain.auth.Subject getSubjectByName(String username)
          Looks up the existing subject using the given username.
 org.rhq.core.domain.auth.Subject getSubjectByNameAndSessionId(String username, int sessionId)
          Adds more security in the remote api call by requiring matching username
 org.rhq.core.domain.auth.Subject getSubjectBySessionId(int sessionId)
           
 boolean isUserWithPrincipal(String username)
          Checks that the user exists and has a Principal associated with it.
 boolean isValidSessionId(int session, String username, int userid)
          Determines if the given session ID is valid and it is associated with the given username and user ID.
 org.rhq.core.domain.auth.Subject loadUserConfiguration(Integer subjectId)
          Loads in the given subject's preferences and roles.
 org.rhq.core.domain.auth.Subject login(String username, String password)
          Logs a user into the system.
 org.rhq.core.domain.auth.Subject loginUnauthenticated(String username)
          Logs in a user without performing any authentication.
 void logout(int sessionId)
           
 void logout(org.rhq.core.domain.auth.Subject subject)
          Logs out a user.
 org.rhq.core.domain.auth.Subject processSubjectForLdap(org.rhq.core.domain.auth.Subject subject, String subjectPassword)
          This method is applied to Subject instances that may require LDAP auth/authz processing.
 org.rhq.core.domain.auth.Subject updateSubject(org.rhq.core.domain.auth.Subject whoami, org.rhq.core.domain.auth.Subject subjectToModify)
          Updates an existing subject with new data.
 org.rhq.core.domain.auth.Subject updateSubject(org.rhq.core.domain.auth.Subject whoami, org.rhq.core.domain.auth.Subject subjectToModify, String newPassword)
          Updates an existing subject, including their assigned roles, and optionally their password.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SubjectManagerBean

public SubjectManagerBean()
Method Detail

loadUserConfiguration

public org.rhq.core.domain.auth.Subject loadUserConfiguration(Integer subjectId)
Description copied from interface: SubjectManagerLocal
Loads in the given subject's preferences and roles.

Specified by:
loadUserConfiguration in interface SubjectManagerLocal
Parameters:
subjectId - identifies the subject whose preferences and roles are to be loaded
Returns:
the subject, with its preferences and roles loaded
See Also:
SubjectManagerLocal.loadUserConfiguration(Integer)

updateSubject

public org.rhq.core.domain.auth.Subject updateSubject(org.rhq.core.domain.auth.Subject whoami,
                                                      org.rhq.core.domain.auth.Subject subjectToModify)
Description copied from interface: SubjectManagerRemote
Updates an existing subject with new data. This does not cascade any changes to the roles but it will save the subject's configuration.

Specified by:
updateSubject in interface SubjectManagerLocal
Specified by:
updateSubject in interface SubjectManagerRemote
Parameters:
whoami - The logged in user's subject.
subjectToModify - the subject whose data is to be updated (which may or may not be the same as user)
Returns:
the merged subject, which may or may not be the same instance of subjectToModify
See Also:
SubjectManagerLocal.updateSubject(Subject, Subject)

createSubject

public org.rhq.core.domain.auth.Subject createSubject(org.rhq.core.domain.auth.Subject whoami,
                                                      org.rhq.core.domain.auth.Subject subjectToCreate,
                                                      String password)
                                               throws SubjectException,
                                                      javax.persistence.EntityExistsException
Description copied from interface: SubjectManagerLocal
Creates a new subject, including their assigned roles, as well as an associated principal with the specified password.

Specified by:
createSubject in interface SubjectManagerLocal
Parameters:
whoami - the logged in user's subject
subjectToCreate - the subject to be created (which will never be the same as subject)
password - the password for the principal to be created for the new user
Returns:
the persisted subject
Throws:
SubjectException
javax.persistence.EntityExistsException

updateSubject

public org.rhq.core.domain.auth.Subject updateSubject(org.rhq.core.domain.auth.Subject whoami,
                                                      org.rhq.core.domain.auth.Subject subjectToModify,
                                                      String newPassword)
Description copied from interface: SubjectManagerLocal
Updates an existing subject, including their assigned roles, and optionally their password.

Specified by:
updateSubject in interface SubjectManagerLocal
Parameters:
whoami - the logged in user's subject
subjectToModify - the subject whose data is to be updated (which may or may not be the same as subject)
newPassword - if non-null, a new password to be set on the user's associated principal
Returns:
the merged subject, which may or may not be the subjectToModify instance

getOverlord

public org.rhq.core.domain.auth.Subject getOverlord()
Description copied from interface: SubjectManagerLocal
This returns the system super user subject that can be used to authorize the caller for any other system call. This must not be exposed to remote clients.

Specified by:
getOverlord in interface SubjectManagerLocal
Returns:
a subject that is authorized to do anything
See Also:
SubjectManagerLocal.getOverlord()

getSubjectByName

public org.rhq.core.domain.auth.Subject getSubjectByName(String username)
Description copied from interface: SubjectManagerRemote
Looks up the existing subject using the given username.

Specified by:
getSubjectByName in interface SubjectManagerLocal
Specified by:
getSubjectByName in interface SubjectManagerRemote
Parameters:
username - the name of the subject to look for
Returns:
the subject that was found or null if not found
See Also:
SubjectManagerRemote.getSubjectByName(String)

createSubject

public org.rhq.core.domain.auth.Subject createSubject(org.rhq.core.domain.auth.Subject whoami,
                                                      org.rhq.core.domain.auth.Subject subject)
                                               throws SubjectException
Description copied from interface: SubjectManagerLocal
#see {@link SubjectManagerRemote#createSubject(Subject, Subject)

Specified by:
createSubject in interface SubjectManagerLocal
Specified by:
createSubject in interface SubjectManagerRemote
Parameters:
whoami - The logged in user's subject.
subject - The subject to be created.
Returns:
the newly persisted Subject
Throws:
SubjectException
See Also:
SubjectManagerLocal.createSubject(Subject, Subject)

getSubjectById

public org.rhq.core.domain.auth.Subject getSubjectById(int id)
Specified by:
getSubjectById in interface SubjectManagerLocal
See Also:
SubjectManagerLocal.getSubjectById(int)

login

public org.rhq.core.domain.auth.Subject login(String username,
                                              String password)
                                       throws LoginException
Description copied from interface: SubjectManagerRemote
Logs a user into the system. This will authenticate the given user with the given password. If the user was already logged in, the current session will be used but the password will still need to be authenticated.

Specified by:
login in interface SubjectManagerLocal
Specified by:
login in interface SubjectManagerRemote
Parameters:
username - The name of the user.
password - The password.
Returns:
The subject of the authenticated user.
Throws:
LoginException - if the login failed for some reason
See Also:
SubjectManagerLocal.login(String, String)

checkAuthentication

public org.rhq.core.domain.auth.Subject checkAuthentication(String username,
                                                            String password)
Description copied from interface: SubjectManagerLocal
Checks whether a user would successfully login with the provided credentials.

Specified by:
checkAuthentication in interface SubjectManagerLocal
Parameters:
username - the username
password - the password
Returns:
the subject if the credentials are correct, null otherwise

processSubjectForLdap

public org.rhq.core.domain.auth.Subject processSubjectForLdap(org.rhq.core.domain.auth.Subject subject,
                                                              String subjectPassword)
                                                       throws LoginException
This method is applied to Subject instances that may require LDAP auth/authz processing. Called from both SLSB and SubjectGWTServiceImpl and: -if Subject passed in has Principal(not LDAP account) then we immediately return Subject as no processing needed. -if Subject for LDAP account

Specified by:
processSubjectForLdap in interface SubjectManagerLocal
Parameters:
subject - Authenticated subject.
Returns:
same or new Subject returned from LDAP processing.
Throws:
LoginException

logout

public void logout(org.rhq.core.domain.auth.Subject subject)
Description copied from interface: SubjectManagerRemote
Logs out a user.

Specified by:
logout in interface SubjectManagerLocal
Specified by:
logout in interface SubjectManagerRemote
Parameters:
subject - The Subject to log out. The sessionId must be valid.
See Also:
SubjectManagerRemote.logout(Subject)

logout

public void logout(int sessionId)
Specified by:
logout in interface SubjectManagerLocal
See Also:
SubjectManagerLocal.logout(int)

createPrincipal

public void createPrincipal(org.rhq.core.domain.auth.Subject whoami,
                            String username,
                            String password)
                     throws SubjectException
Description copied from interface: SubjectManagerLocal
#see {@link SubjectManagerRemote#createPrincipal(Subject, String, String)

Specified by:
createPrincipal in interface SubjectManagerLocal
Specified by:
createPrincipal in interface SubjectManagerRemote
Parameters:
whoami - The logged in user's subject.
username - The username part of the principal
password - The password part ofthe principal
Throws:
SubjectException
See Also:
SubjectManagerLocal.createPrincipal(Subject, String, String)

createPrincipal

public void createPrincipal(org.rhq.core.domain.auth.Subject whoami,
                            org.rhq.core.domain.auth.Principal principal)
                     throws SubjectException
Description copied from interface: SubjectManagerLocal
Creates a new principal (username and password) in the internal database.

Specified by:
createPrincipal in interface SubjectManagerLocal
Parameters:
whoami - The subject of the currently logged in user
principal - The principal to add
Throws:
SubjectException
See Also:
SubjectManagerLocal.createPrincipal(Subject, Principal)

changePassword

public void changePassword(org.rhq.core.domain.auth.Subject whoami,
                           String username,
                           String password)
Description copied from interface: SubjectManagerLocal
#see {@link SubjectManagerRemote#changePassword(Subject, String, String)

Specified by:
changePassword in interface SubjectManagerLocal
Specified by:
changePassword in interface SubjectManagerRemote
Parameters:
whoami - The logged in user's subject.
username - The user whose password will be changed
password - The new password for the user
See Also:
SubjectManagerLocal.changePassword(Subject, String, String)

isUserWithPrincipal

public boolean isUserWithPrincipal(String username)
Description copied from interface: SubjectManagerLocal
Checks that the user exists and has a Principal associated with it. This means that the user both exists and is authenticated via JDBC. An LDAP user will not have a Principal because it is authenticated via the LDAP server, not from the database.

Specified by:
isUserWithPrincipal in interface SubjectManagerLocal
Parameters:
username - the user whose existence is to be checked
Returns:
true if the user exists and has a Principal, false otherwise
See Also:
SubjectManagerLocal.isUserWithPrincipal(String)

findAllUsersWithPrincipals

public Collection<String> findAllUsersWithPrincipals()
Description copied from interface: SubjectManagerLocal
Get a collection of all user names, where the collection contains the names of all users that have principals only. You will not get a list of usernames for those users authenticated by LDAP.

Specified by:
findAllUsersWithPrincipals in interface SubjectManagerLocal
Returns:
collection of all user names that have principals
See Also:
SubjectManagerLocal.findAllUsersWithPrincipals()

loginUnauthenticated

public org.rhq.core.domain.auth.Subject loginUnauthenticated(String username)
                                                      throws LoginException
Description copied from interface: SubjectManagerLocal
Logs in a user without performing any authentication. This method should be used with care and is not available to remote clients. Because of the unauthenticated nature of this login, the new login session will have a session timeout of only two minutes.

Specified by:
loginUnauthenticated in interface SubjectManagerLocal
Parameters:
username - The user to login
Returns:
A Subject with an active session for the the user
Throws:
LoginException - if failed to create a new session for the given user
See Also:
SubjectManagerLocal.loginUnauthenticated(String)

deleteUsers

public void deleteUsers(org.rhq.core.domain.auth.Subject subject,
                        int[] subjectIds)
Description copied from interface: SubjectManagerLocal
Deletes the given set of users, including both the Subject and Principal objects associated with those users.

Specified by:
deleteUsers in interface SubjectManagerLocal
Parameters:
subject - the person requesting the deletion
subjectIds - identifies the subject IDs for all the users that are to be deleted
See Also:
SubjectManagerLocal.deleteUsers(Subject, int[])

deleteSubjects

public void deleteSubjects(org.rhq.core.domain.auth.Subject sessionSubject,
                           int[] subjectIds)
Description copied from interface: SubjectManagerLocal
#see {@link SubjectManagerRemote#deleteSubjects(Subject, int[])

Specified by:
deleteSubjects in interface SubjectManagerLocal
Specified by:
deleteSubjects in interface SubjectManagerRemote
Parameters:
sessionSubject - The logged in user's subject.
subjectIds - identifies the subject IDs for all the users that are to be deleted
See Also:
TODO: A wrapper method for deleteUsers, exposed in remote, both should be merged at some point.

getSubjectBySessionId

public org.rhq.core.domain.auth.Subject getSubjectBySessionId(int sessionId)
                                                       throws Exception
Specified by:
getSubjectBySessionId in interface SubjectManagerLocal
Throws:
Exception
See Also:
SubjectManagerLocal.getSubjectBySessionId(int)

getSubjectByNameAndSessionId

public org.rhq.core.domain.auth.Subject getSubjectByNameAndSessionId(String username,
                                                                     int sessionId)
                                                              throws Exception
Adds more security in the remote api call by requiring matching username

Specified by:
getSubjectByNameAndSessionId in interface SubjectManagerLocal
Specified by:
getSubjectByNameAndSessionId in interface SubjectManagerRemote
Parameters:
username - The name of the user.
sessionId - The sessionId of the desired Subject.
Returns:
The Subject that was found
Throws:
Exception - if the sessionId is not valid
See Also:
SubjectManagerRemote#getSubjectByNameAndSessionId(String, int)}

isValidSessionId

public boolean isValidSessionId(int session,
                                String username,
                                int userid)
Description copied from interface: SubjectManagerLocal
Determines if the given session ID is valid and it is associated with the given username and user ID.

Specified by:
isValidSessionId in interface SubjectManagerLocal
Returns:
true if the session ID indentifies a valid session; false if it is invalid or has timed out
See Also:
SubjectManagerLocal.isValidSessionId(int, String, int)

findAvailableSubjectsForRole

public org.rhq.core.domain.util.PageList<org.rhq.core.domain.auth.Subject> findAvailableSubjectsForRole(org.rhq.core.domain.auth.Subject whoami,
                                                                                                        Integer roleId,
                                                                                                        Integer[] pendingSubjectIds,
                                                                                                        org.rhq.core.domain.util.PageControl pc)
Description copied from interface: SubjectManagerLocal
This returns a list of subjects that are available to be assigned to a given role but not yet assigned to that role. This excludes subjects already assigned to the role. The returned list will not include the subjects identified by pendingSubjectIds since it is assumed the pending subjects will be assigned to the role.

Specified by:
findAvailableSubjectsForRole in interface SubjectManagerLocal
Parameters:
whoami - user attempting to make this call
roleId - the role whose list of available subjects are to be returned
pendingSubjectIds - the list of subjects that are planned to be given to the role
Returns:
the list of subjects that can be assigned to the given role, not including the pending subjects

findSubjectsByCriteria

public org.rhq.core.domain.util.PageList<org.rhq.core.domain.auth.Subject> findSubjectsByCriteria(org.rhq.core.domain.auth.Subject subject,
                                                                                                  org.rhq.core.domain.criteria.SubjectCriteria criteria)
Specified by:
findSubjectsByCriteria in interface SubjectManagerLocal
Specified by:
findSubjectsByCriteria in interface SubjectManagerRemote
See Also:
SubjectManagerRemote.findSubjectsByCriteria(Subject, SubjectCriteria)
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2008-2012 Red Hat, Inc.. All Rights Reserved.