Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.rhq.enterprise.server.auth
Interface SubjectManagerLocal

All Known Implementing Classes:
SubjectManagerBean
public interface SubjectManagerLocal

The local EJB interface to the Authentication Boss.

Author:
John Mazzitelli

Method Summary
 void changePassword(org.rhq.core.domain.auth.Subject subject, String username, String password)
          #see {@link SubjectManagerRemote#changePassword(Subject, String, String)
 org.rhq.core.domain.auth.Subject checkAuthentication(String username, String password)
          Checks whether a user would successfully login with the provided credentials.
 void createPrincipal(org.rhq.core.domain.auth.Subject subject, org.rhq.core.domain.auth.Principal principal)
          Creates a new principal (username and password) in the internal database.
 void createPrincipal(org.rhq.core.domain.auth.Subject subject, String username, String password)
          #see {@link SubjectManagerRemote#createPrincipal(Subject, String, String)
 org.rhq.core.domain.auth.Subject createSubject(org.rhq.core.domain.auth.Subject subject, org.rhq.core.domain.auth.Subject subjectToCreate)
          #see {@link SubjectManagerRemote#createSubject(Subject, Subject)
 org.rhq.core.domain.auth.Subject createSubject(org.rhq.core.domain.auth.Subject subject, org.rhq.core.domain.auth.Subject subjectToCreate, String password)
          Creates a new subject, including their assigned roles, as well as an associated principal with the specified password.
 void deleteSubjects(org.rhq.core.domain.auth.Subject subject, int[] subjectIds)
          #see {@link SubjectManagerRemote#deleteSubjects(Subject, int[])
 void deleteUsers(org.rhq.core.domain.auth.Subject subject, int[] subjectIds)
          Deletes the given set of users, including both the Subject and Principal objects associated with those users.
 Collection<String> findAllUsersWithPrincipals()
          Get a collection of all user names, where the collection contains the names of all users that have principals only.
 org.rhq.core.domain.util.PageList<org.rhq.core.domain.auth.Subject> findAvailableSubjectsForRole(org.rhq.core.domain.auth.Subject whoami, Integer roleId, Integer[] pendingSubjectIds, org.rhq.core.domain.util.PageControl pc)
          This returns a list of subjects that are available to be assigned to a given role but not yet assigned to that role.
 org.rhq.core.domain.util.PageList<org.rhq.core.domain.auth.Subject> findSubjectsByCriteria(org.rhq.core.domain.auth.Subject subject, org.rhq.core.domain.criteria.SubjectCriteria criteria)
           
 org.rhq.core.domain.auth.Subject getOverlord()
          This returns the system super user subject that can be used to authorize the caller for any other system call.
 org.rhq.core.domain.auth.Subject getSubjectById(int id)
           
 org.rhq.core.domain.auth.Subject getSubjectByName(String username)
           
 org.rhq.core.domain.auth.Subject getSubjectByNameAndSessionId(String username, int sessionId)
           
 org.rhq.core.domain.auth.Subject getSubjectBySessionId(int sessionId)
           
 boolean isUserWithPrincipal(String username)
          Checks that the user exists and has a Principal associated with it.
 boolean isValidSessionId(int session, String username, int userid)
          Determines if the given session ID is valid and it is associated with the given username and user ID.
 org.rhq.core.domain.auth.Subject loadUserConfiguration(Integer subjectId)
          Loads in the given subject's preferences and roles.
 org.rhq.core.domain.auth.Subject login(String username, String password)
           
 org.rhq.core.domain.auth.Subject loginUnauthenticated(String username)
          Logs in a user without performing any authentication.
 void logout(int sessionId)
           
 void logout(org.rhq.core.domain.auth.Subject subject)
           
 org.rhq.core.domain.auth.Subject processSubjectForLdap(org.rhq.core.domain.auth.Subject subject, String subjectPassword)
           
 org.rhq.core.domain.auth.Subject updateSubject(org.rhq.core.domain.auth.Subject subject, org.rhq.core.domain.auth.Subject subjectToModify)
           
 org.rhq.core.domain.auth.Subject updateSubject(org.rhq.core.domain.auth.Subject subject, org.rhq.core.domain.auth.Subject subjectToModify, String newPassword)
          Updates an existing subject, including their assigned roles, and optionally their password.
 

Method Detail

loadUserConfiguration

org.rhq.core.domain.auth.Subject loadUserConfiguration(Integer subjectId)
Loads in the given subject's preferences and roles.

Parameters:
subjectId - identifies the subject whose preferences and roles are to be loaded
Returns:
the subject, with its preferences and roles loaded

getOverlord

org.rhq.core.domain.auth.Subject getOverlord()
This returns the system super user subject that can be used to authorize the caller for any other system call. This must not be exposed to remote clients.

Returns:
a subject that is authorized to do anything

loginUnauthenticated

org.rhq.core.domain.auth.Subject loginUnauthenticated(String username)
                                                      throws LoginException
Logs in a user without performing any authentication. This method should be used with care and is not available to remote clients. Because of the unauthenticated nature of this login, the new login session will have a session timeout of only two minutes.

Parameters:
username - The user to login
Returns:
A Subject with an active session for the the user
Throws:
LoginException - if failed to create a new session for the given user

createPrincipal

void createPrincipal(org.rhq.core.domain.auth.Subject subject,
                     org.rhq.core.domain.auth.Principal principal)
                     throws SubjectException
Creates a new principal (username and password) in the internal database.

Parameters:
subject - The subject of the currently logged in user
principal - The principal to add
Throws:
Exception - if the principal could not be added
SubjectException

isUserWithPrincipal

boolean isUserWithPrincipal(String username)
Checks that the user exists and has a Principal associated with it. This means that the user both exists and is authenticated via JDBC. An LDAP user will not have a Principal because it is authenticated via the LDAP server, not from the database.

Parameters:
username - the user whose existence is to be checked
Returns:
true if the user exists and has a Principal, false otherwise

findAllUsersWithPrincipals

Collection<String> findAllUsersWithPrincipals()
Get a collection of all user names, where the collection contains the names of all users that have principals only. You will not get a list of usernames for those users authenticated by LDAP.

Returns:
collection of all user names that have principals

deleteUsers

void deleteUsers(org.rhq.core.domain.auth.Subject subject,
                 int[] subjectIds)
Deletes the given set of users, including both the Subject and Principal objects associated with those users.

Parameters:
subject - the person requesting the deletion
subjectIds - identifies the subject IDs for all the users that are to be deleted
Throws:
Exception - if failed to delete one or more users

isValidSessionId

boolean isValidSessionId(int session,
                         String username,
                         int userid)
Determines if the given session ID is valid and it is associated with the given username and user ID.

Parameters:
session -
username -
userid -
Returns:
true if the session ID indentifies a valid session; false if it is invalid or has timed out

findAvailableSubjectsForRole

org.rhq.core.domain.util.PageList<org.rhq.core.domain.auth.Subject> findAvailableSubjectsForRole(org.rhq.core.domain.auth.Subject whoami,
                                                                                                 Integer roleId,
                                                                                                 Integer[] pendingSubjectIds,
                                                                                                 org.rhq.core.domain.util.PageControl pc)
This returns a list of subjects that are available to be assigned to a given role but not yet assigned to that role. This excludes subjects already assigned to the role. The returned list will not include the subjects identified by pendingSubjectIds since it is assumed the pending subjects will be assigned to the role.

Parameters:
whoami - user attempting to make this call
roleId - the role whose list of available subjects are to be returned
pendingSubjectIds - the list of subjects that are planned to be given to the role
pc -
Returns:
the list of subjects that can be assigned to the given role, not including the pending subjects

logout

void logout(int sessionId)

getSubjectById

org.rhq.core.domain.auth.Subject getSubjectById(int id)

getSubjectBySessionId

org.rhq.core.domain.auth.Subject getSubjectBySessionId(int sessionId)
                                                       throws Exception
Throws:
Exception

createSubject

org.rhq.core.domain.auth.Subject createSubject(org.rhq.core.domain.auth.Subject subject,
                                               org.rhq.core.domain.auth.Subject subjectToCreate,
                                               String password)
                                               throws SubjectException,
                                                      javax.persistence.EntityExistsException
Creates a new subject, including their assigned roles, as well as an associated principal with the specified password.

Parameters:
subject - the logged in user's subject
subjectToCreate - the subject to be created (which will never be the same as subject)
password - the password for the principal to be created for the new user
Returns:
the persisted subject
Throws:
SubjectException
javax.persistence.EntityExistsException

updateSubject

org.rhq.core.domain.auth.Subject updateSubject(org.rhq.core.domain.auth.Subject subject,
                                               org.rhq.core.domain.auth.Subject subjectToModify,
                                               String newPassword)
Updates an existing subject, including their assigned roles, and optionally their password.

Parameters:
subject - the logged in user's subject
subjectToModify - the subject whose data is to be updated (which may or may not be the same as subject)
newPassword - if non-null, a new password to be set on the user's associated principal
Returns:
the merged subject, which may or may not be the subjectToModify instance

checkAuthentication

org.rhq.core.domain.auth.Subject checkAuthentication(String username,
                                                     String password)
Checks whether a user would successfully login with the provided credentials.

Parameters:
username - the username
password - the password
Returns:
the subject if the credentials are correct, null otherwise

changePassword

void changePassword(org.rhq.core.domain.auth.Subject subject,
                    String username,
                    String password)
#see {@link SubjectManagerRemote#changePassword(Subject, String, String)

createPrincipal

void createPrincipal(org.rhq.core.domain.auth.Subject subject,
                     String username,
                     String password)
                     throws SubjectException
#see {@link SubjectManagerRemote#createPrincipal(Subject, String, String)

Throws:
SubjectException

createSubject

org.rhq.core.domain.auth.Subject createSubject(org.rhq.core.domain.auth.Subject subject,
                                               org.rhq.core.domain.auth.Subject subjectToCreate)
                                               throws SubjectException
#see {@link SubjectManagerRemote#createSubject(Subject, Subject)

Throws:
SubjectException

deleteSubjects

void deleteSubjects(org.rhq.core.domain.auth.Subject subject,
                    int[] subjectIds)
#see {@link SubjectManagerRemote#deleteSubjects(Subject, int[])

getSubjectByName

org.rhq.core.domain.auth.Subject getSubjectByName(String username)
See Also:
SubjectManagerRemote#getSubjectByName(String)}

getSubjectByNameAndSessionId

org.rhq.core.domain.auth.Subject getSubjectByNameAndSessionId(String username,
                                                              int sessionId)
                                                              throws Exception
Throws:
Exception
See Also:
SubjectManagerRemote#getSubjectByNameAndSessionId(String, int)}

login

org.rhq.core.domain.auth.Subject login(String username,
                                       String password)
                                       throws LoginException
Throws:
LoginException
See Also:
SubjectManagerRemote.login(String, String)

logout

void logout(org.rhq.core.domain.auth.Subject subject)
See Also:
SubjectManagerRemote.logout(Subject)

updateSubject

org.rhq.core.domain.auth.Subject updateSubject(org.rhq.core.domain.auth.Subject subject,
                                               org.rhq.core.domain.auth.Subject subjectToModify)
See Also:
SubjectManagerRemote.updateSubject(org.rhq.core.domain.auth.Subject, org.rhq.core.domain.auth.Subject)

findSubjectsByCriteria

org.rhq.core.domain.util.PageList<org.rhq.core.domain.auth.Subject> findSubjectsByCriteria(org.rhq.core.domain.auth.Subject subject,
                                                                                           org.rhq.core.domain.criteria.SubjectCriteria criteria)
See Also:
SubjectManagerRemote.findSubjectsByCriteria(Subject, SubjectCriteria)

processSubjectForLdap

org.rhq.core.domain.auth.Subject processSubjectForLdap(org.rhq.core.domain.auth.Subject subject,
                                                       String subjectPassword)
                                                       throws LoginException
Throws:
LoginException
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2008-2012 Red Hat, Inc.. All Rights Reserved.