Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

no.feide.moria.controller
Class MoriaController

java.lang.Object
  extended by no.feide.moria.controller.MoriaController

public final class MoriaController
extends java.lang.Object

Intermediator for the sub modules of Moria. The controller is the only entry point for accessing Moria. Basically, all work is done by the authorization module, the distributed store, the directory manager and the logger. The controller must be initialized from the servlets that are using it. This can be done by calling the initController method.

Version:
$Revision: 1.82 $
Author:
Lars Preben S. Arnesen <lars.preben.arnesen@conduct.no>
See Also:
initController(javax.servlet.ServletContext)

Field Summary
private static no.feide.moria.log.AccessLogger accessLogger
          Used for access logging.
private static boolean amReady
          Flag set to true if the authorization manager is ready.
private static no.feide.moria.authorization.AuthorizationManager authzManager
          The single instance of the authorization manager.
private static java.lang.String CAUGHT_DENIED_USERORG
          Log message for AuthorizationException.
private static java.lang.String CAUGHT_INVALID_TICKET
          Standard log message for InvalidTicketException.
private static java.lang.String CAUGHT_NONEXISTENT_TICKET
          Standard log message for NonExistentTicketException.
private static java.lang.String CAUGHT_STORE
          Standard log message for InvalidTicketException.
private static ConfigurationManager configManager
          The single instance of the configuration manager.
private static java.lang.String DIRECT_AUTH_OPER
          Operation type for local authentication.
private static no.feide.moria.directory.DirectoryManager directoryManager
          The single instance of the directory manager.
private static boolean dmReady
          Flag set to true if the directory manager is ready.
private static java.lang.String INTERACTIVE_AUTH_OPER
          Operation type for interactive authentication.
private static java.lang.Boolean isInitialized
          Flag set to true if the controller has been initialized.
private static no.feide.moria.log.MessageLogger messageLogger
          Used for message/error logging.
private static java.lang.String NONEXISTENT_TICKET
          Standard exception message for indication that ticket does not exist.
private static java.lang.String NOT_READY
          Standard exception message for indication that the controller is not ready.
private static java.lang.String PROXY_AUTH_OPER
          Operation type for interactive authentication.
private static boolean ready
          Flag set to true if the controller and all modules are ready.
static java.lang.String SERVICE_TICKET
          Ticket type constant, indicating a login ticket, for use when returning a HashMap with multiple tickets.
private static javax.servlet.ServletContext servletContext
          The servlet context for the servlets using the controller.
private static boolean smReady
          Flag set to true if the store manager is ready.
static java.lang.String SSO_TICKET
          Ticket type constant, indicating an SSO ticket, for use when returning a HashMap of two tickets.
private static no.feide.moria.store.MoriaStore store
          The single instance of the data store.
private static java.lang.String STORE_DOWN
          Standard exception message for indication that the store is unavailable.
(package private) static java.lang.String TGT_IDENTIFIER
          Identifier for the TGT used in attribute requests.
private static java.lang.String VERIFY_USER_EXISTENCE_OPER
          Operation type for verify user existence.
 
Constructor Summary
private MoriaController()
          Private constructor.
 
Method Summary
static java.util.Map attemptLogin(java.lang.String loginTicketId, java.lang.String ssoTicketId, java.lang.String userId, java.lang.String password, boolean denySSO)
          Performs interactive login attempt using tickets and credentials.
static java.lang.String attemptSingleSignOn(java.lang.String loginTicketId, java.lang.String ssoTicketId)
          Attempts single sign on (non-interactive) with an SSO ticket together with the login ticket.
private static java.util.HashMap authenticate(java.lang.String sessionTicket, no.feide.moria.directory.Credentials userCredentials, java.lang.String[] attributeRequest)
          Convenience method to assure certain pre-authentication checks.
private static void authorizationCheck(java.lang.String servicePrincipal, java.lang.String[] attributes, java.lang.String operation)
          Performs an authorization validation of a service request; can the service perform the requested operation?
static java.util.Map directNonInteractiveAuthentication(java.lang.String[] requestedAttributes, java.lang.String userId, java.lang.String password, java.lang.String servicePrincipal)
          Performs a direct authentication without the use of tickets.
static java.lang.String getProxyTicket(java.lang.String ticketGrantingTicket, java.lang.String proxyServicePrincipal, java.lang.String servicePrincipal)
          Generates a proxy ticket based on a TGT.
static java.lang.String getRedirectURL(java.lang.String serviceTicketId)
          Creates a redirect URL for redirecting user back to web service.
static java.lang.String[] getRequestedAttributes(java.lang.String loginTicket, java.lang.String servicePrincipal)
          Gets the name of the attributes a service requests, based on the loginTicket.
static int getSecLevel(java.lang.String loginTicketId)
          Gets the security level of an authentication attempt.
static java.util.HashMap getServiceProperties(java.lang.String loginTicketId)
          Returns the service configuration for the service that created the authentication attempt.
static java.util.HashMap getStatus()
          Gets the total status of the controller.
static java.util.Map getUserAttributes(java.lang.String serviceTicketId, java.lang.String servicePrincipal)
          Retrieves user attributes from an authentication attempt.
static java.lang.String getUserOrg(java.lang.String username)
          Resolves a user's home organization through the Directory Manager.
(package private) static void init()
          Initiates the controller.
static void initController(javax.servlet.ServletContext sc)
          Starts the controller.
static java.lang.String initiateAuthentication(java.lang.String[] attributes, java.lang.String returnURLPrefix, java.lang.String returnURLPostfix, boolean forceInteractiveAuthentication, java.lang.String servicePrincipal)
          Initiates authentication through Moria.
static void invalidateSSOTicket(java.lang.String ssoTicketId)
          Invalidates an SSO ticket.
(package private) static boolean isLegalURL(java.lang.String url)
          Validates a URL.
static boolean isOrganizationAllowedForService(java.lang.String servicePrincipal, java.lang.String userOrganization)
          Check whether a given service may allow users from a given organization.
private static void organizationCheck(java.lang.String servicePrincipal, java.lang.String userOrganization)
          Checks whether the user's organization is allowed to use the service in question.
static java.util.Map proxyAuthentication(java.lang.String[] requestedAttributes, java.lang.String proxyTicketId, java.lang.String servicePrincipal)
          Performs a ticket based proxy authentication.
static void setConfig(java.lang.String module, java.util.Properties properties)
          Sets config for a module.
(package private) static void stop()
          Shuts down the controller.
static void stopController()
          Stops the controller.
static boolean verifyUserExistence(java.lang.String userId, java.lang.String servicePrincipal)
          Verifies the existence of a user.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

SSO_TICKET

public static final java.lang.String SSO_TICKET
Ticket type constant, indicating an SSO ticket, for use when returning a HashMap of two tickets.

See Also:
attemptLogin(java.lang.String, java.lang.String, java.lang.String, java.lang.String, boolean), attemptSingleSignOn(java.lang.String, java.lang.String), Constant Field Values

SERVICE_TICKET

public static final java.lang.String SERVICE_TICKET
Ticket type constant, indicating a login ticket, for use when returning a HashMap with multiple tickets.

See Also:
attemptLogin(java.lang.String, java.lang.String, java.lang.String, java.lang.String, boolean), attemptSingleSignOn(java.lang.String, java.lang.String), Constant Field Values

DIRECT_AUTH_OPER

private static final java.lang.String DIRECT_AUTH_OPER
Operation type for local authentication.

See Also:
Constant Field Values

INTERACTIVE_AUTH_OPER

private static final java.lang.String INTERACTIVE_AUTH_OPER
Operation type for interactive authentication.

See Also:
Constant Field Values

PROXY_AUTH_OPER

private static final java.lang.String PROXY_AUTH_OPER
Operation type for interactive authentication.

See Also:
Constant Field Values

VERIFY_USER_EXISTENCE_OPER

private static final java.lang.String VERIFY_USER_EXISTENCE_OPER
Operation type for verify user existence.

See Also:
Constant Field Values

TGT_IDENTIFIER

static final java.lang.String TGT_IDENTIFIER
Identifier for the TGT used in attribute requests.

See Also:
Constant Field Values

STORE_DOWN

private static final java.lang.String STORE_DOWN
Standard exception message for indication that the store is unavailable.

See Also:
Constant Field Values

NOT_READY

private static final java.lang.String NOT_READY
Standard exception message for indication that the controller is not ready.

See Also:
Constant Field Values

NONEXISTENT_TICKET

private static final java.lang.String NONEXISTENT_TICKET
Standard exception message for indication that ticket does not exist.

See Also:
Constant Field Values

CAUGHT_NONEXISTENT_TICKET

private static final java.lang.String CAUGHT_NONEXISTENT_TICKET
Standard log message for NonExistentTicketException.

See Also:
Constant Field Values

CAUGHT_INVALID_TICKET

private static final java.lang.String CAUGHT_INVALID_TICKET
Standard log message for InvalidTicketException.

See Also:
Constant Field Values

CAUGHT_STORE

private static final java.lang.String CAUGHT_STORE
Standard log message for InvalidTicketException.

See Also:
Constant Field Values

CAUGHT_DENIED_USERORG

private static final java.lang.String CAUGHT_DENIED_USERORG
Log message for AuthorizationException.

See Also:
Constant Field Values

store

private static no.feide.moria.store.MoriaStore store
The single instance of the data store.

configManager

private static ConfigurationManager configManager
The single instance of the configuration manager.

authzManager

private static no.feide.moria.authorization.AuthorizationManager authzManager
The single instance of the authorization manager.

directoryManager

private static no.feide.moria.directory.DirectoryManager directoryManager
The single instance of the directory manager.

isInitialized

private static java.lang.Boolean isInitialized
Flag set to true if the controller has been initialized.

ready

private static boolean ready
Flag set to true if the controller and all modules are ready.

amReady

private static boolean amReady
Flag set to true if the authorization manager is ready.

dmReady

private static boolean dmReady
Flag set to true if the directory manager is ready.

smReady

private static boolean smReady
Flag set to true if the store manager is ready.

servletContext

private static javax.servlet.ServletContext servletContext
The servlet context for the servlets using the controller.

accessLogger

private static no.feide.moria.log.AccessLogger accessLogger
Used for access logging.

messageLogger

private static no.feide.moria.log.MessageLogger messageLogger
Used for message/error logging.

Constructor Detail

MoriaController

private MoriaController()
Private constructor. Never to be used.

Method Detail

init

static void init()
          throws InoperableStateException
Initiates the controller. The initialization includes the initialization of all sub modules.

Throws:
InoperableStateException - If Moria is not ready for use.

stop

static void stop()
Shuts down the controller. All ready status fields are set to false.

getStatus

public static java.util.HashMap getStatus()
Gets the total status of the controller. The method returns a HashMap with Boolean values. The following elements are in the map:

Returns:
A HashMap with all status fields for the controller (init,dm, sm,am and moria).
See Also:
initController(javax.servlet.ServletContext), DirectoryManager.setConfig(java.util.Properties), MoriaStore.setConfig(java.util.Properties), AuthorizationManager.setConfig(java.util.Properties)

attemptSingleSignOn

public static java.lang.String attemptSingleSignOn(java.lang.String loginTicketId,
                                                   java.lang.String ssoTicketId)
                                            throws UnknownTicketException,
                                                   InoperableStateException,
                                                   IllegalInputException,
                                                   no.feide.moria.authorization.UnknownServicePrincipalException
Attempts single sign on (non-interactive) with an SSO ticket together with the login ticket. If both tickets are valid and the requested attributes are cached, a service ticket is returned and there is no need to perform the regular interactive authentication.

Parameters:
loginTicketId - The reference to the authentication attempt.
ssoTicketId - The SSO ticket received from the users browser.
Returns:
A service ticket.
Throws:
UnknownTicketException - If either the login ticket or the SSO ticket is invalid or non-existing, the authetication attempt requires interactive authentication, or the SSO ticket does not point to a cached user data object with enough attributes.
InoperableStateException - If the controller is not ready.
IllegalInputException - If the loginTicketId and/or ssoTicketId is null or empty.
no.feide.moria.authorization.UnknownServicePrincipalException - If the service principal cannot be resolved, in which case there is probably an issue with the Authentication Module configuration.

attemptLogin

public static java.util.Map attemptLogin(java.lang.String loginTicketId,
                                         java.lang.String ssoTicketId,
                                         java.lang.String userId,
                                         java.lang.String password,
                                         boolean denySSO)
                                  throws UnknownTicketException,
                                         InoperableStateException,
                                         IllegalInputException,
                                         AuthenticationException,
                                         DirectoryUnavailableException,
                                         AuthorizationException
Performs interactive login attempt using tickets and credentials. The authentication is performed by the directory service, using the supplied username and password. All retrieved user data is cached in the authentication attempt, identified by the loginTicketId. A new cached userdata object is created and all cachable attributes are stored in it. The existing SSO ticket is removed. After a successful authentication a new service ticket, pointing to the same authentication attempt, is created. A new SSO ticket is created, pointing to the cached userdata object.

Parameters:
loginTicketId - The ticket identifying the authentication attempt.
ssoTicketId - The ticket identifying the existing cached user data object.
userId - The user's userId.
password - The user's password.
denySSO - The user's SSO choice.
Returns:
A HashMap with two tickets: login and SSO, indexed with MoriaController.SSO_TICKET and MoiraController.LOGIN_TICKET.
Throws:
UnknownTicketException - If the login ticket is invalid or does not exist.
InoperableStateException - If the controller is not ready to be used, or the store cannot be accessed.
IllegalInputException - If any of loginTicketId,userId, or password are null or an empty string.
AuthenticationException - If the authentication failed due to wrong credentials.
AuthorizationException - If the user's organization is not allowed to use this service
DirectoryUnavailableException - If the directory of the user's home organization is unavailable.

initiateAuthentication

public static java.lang.String initiateAuthentication(java.lang.String[] attributes,
                                                      java.lang.String returnURLPrefix,
                                                      java.lang.String returnURLPostfix,
                                                      boolean forceInteractiveAuthentication,
                                                      java.lang.String servicePrincipal)
                                               throws AuthorizationException,
                                                      IllegalInputException,
                                                      InoperableStateException
Initiates authentication through Moria. An authentication attempt is created and the supplied argument is stored in it for later use. After a successful authentication, the user is redirected back to a URL consisting of the URL prefix and postfix, with the service ticket added in the middle.

Parameters:
attributes - The requested attributes. Cannot be null.
returnURLPrefix - Prefix of the redirect URL, used to direct the user back to the web service. Cannot be null or an empty string.
returnURLPostfix - Postfix of the redirect URL, used to direct the user back to the web service. Cannot be null.
forceInteractiveAuthentication - If true, do not use SSO.
servicePrincipal - The principal of the requesting service. Cannot be null or an empty string.
Returns:
A login ticket ID.
Throws:
AuthorizationException - If the service requests attributes it is not authorized to receive.
IllegalInputException - If attributes or returnURLPostfix is null, or returnURLPrefix or servicePrincipal is null or an empty string.
InoperableStateException - If the controller is not yet ready for use, or if the store cannot be accessed at this time.

authorizationCheck

private static void authorizationCheck(java.lang.String servicePrincipal,
                                       java.lang.String[] attributes,
                                       java.lang.String operation)
                                throws AuthorizationException
Performs an authorization validation of a service request; can the service perform the requested operation? If no exception is thrown, the authorization was successful.

Parameters:
servicePrincipal - The principal for the service performing the request. Must be a non-empty string.
attributes - The requested attributes, if any.
operation - The requested operation. Must be a non-empty string.
Throws:
AuthorizationException - If the authorization failed, for some reason.
java.lang.IllegalArgumentException - If servicePrincipal is an empty string, or operation is unknown or null.

organizationCheck

private static void organizationCheck(java.lang.String servicePrincipal,
                                      java.lang.String userOrganization)
                               throws AuthorizationException
Checks whether the user's organization is allowed to use the service in question. If no exception is thrown, this is allowed.

Parameters:
servicePrincipal - The principal for the service performing the request.
userOrganization - The organization the user comes from. Must be a non-empty string.
Throws:
AuthorizationException - If the user is not allowed to use this service.
java.lang.IllegalArgumentException - If servicePrincipal is an empty string.

isOrganizationAllowedForService

public static boolean isOrganizationAllowedForService(java.lang.String servicePrincipal,
                                                      java.lang.String userOrganization)
                                               throws java.lang.IllegalArgumentException,
                                                      no.feide.moria.authorization.UnknownServicePrincipalException
Check whether a given service may allow users from a given organization.

Parameters:
servicePrincipal - The service's unique principal.
userOrganization - The home organization, in short form.
Returns:
true if users from this organization can access this service.
Throws:
java.lang.IllegalArgumentException - If servicePrincipal or userOrganization is null or an empty string.
no.feide.moria.authorization.UnknownServicePrincipalException - If servicePrincipal is unknown.

getRequestedAttributes

public static java.lang.String[] getRequestedAttributes(java.lang.String loginTicket,
                                                        java.lang.String servicePrincipal)
                                                 throws IllegalInputException,
                                                        UnknownTicketException,
                                                        InoperableStateException,
                                                        AuthorizationException
Gets the name of the attributes a service requests, based on the loginTicket.

Parameters:
loginTicket - the login ticket
servicePrincipal - the name of the service that requested the attributes
Returns:
An array with attribute names.
Throws:
IllegalInputException
UnknownTicketException
InoperableStateException
AuthorizationException

getUserAttributes

public static java.util.Map getUserAttributes(java.lang.String serviceTicketId,
                                              java.lang.String servicePrincipal)
                                       throws IllegalInputException,
                                              UnknownTicketException,
                                              InoperableStateException,
                                              AuthorizationException
Retrieves user attributes from an authentication attempt. The method returns the user attributes stored in the authentication attempt, which is referenced to by the service ticket.

Note that this method can only be used once for each non-SSO authentication attempt. For security reasons, Moria will not cache attribute values longer than absolutely necessary.

Parameters:
serviceTicketId - The ticket associated with the authentication attempt. Cannot be null or an empty string.
servicePrincipal - The principal of the calling service. Cannot be null or an empty string.
Returns:
A newly instantiated Map object containing the requested user attributes, if found. Entries have a String key and a String[] value.
Throws:
AuthorizationException - If userorg isn't set for ticket, userorg is denied access to the service or service principal is unknown.
IllegalInputException - If serviceTicketId or servicePrincipal is null or an empty string.
UnknownTicketException - If the service ticket does not exist in the store, or is invalid.
InoperableStateException - If Moria is not ready for use.

directNonInteractiveAuthentication

public static java.util.Map directNonInteractiveAuthentication(java.lang.String[] requestedAttributes,
                                                               java.lang.String userId,
                                                               java.lang.String password,
                                                               java.lang.String servicePrincipal)
                                                        throws AuthorizationException,
                                                               IllegalInputException,
                                                               InoperableStateException,
                                                               AuthenticationException,
                                                               DirectoryUnavailableException
Performs a direct authentication without the use of tickets. The user is authenticated directly against the backend, and the attributes retrieved are returned to the caller.

Parameters:
requestedAttributes - The requested attributes.
userId - The user's username.
password - The user's password.
servicePrincipal - The principal (read: username) of the calling service.
Returns:
Map containing user attributes with String (attribute name) as key and String[] (user attributes) as value.
Throws:
AuthorizationException - If the service is not allowed to perform this operation, or if the user's organization does not allow the use of this service.
IllegalInputException - If requestedAttributes is null, or userId, password, or servicePrincipal is null or an empty string.
InoperableStateException - If Moria is not currently ready for use.
AuthenticationException - If the authentication failed due to bad user credentials.
DirectoryUnavailableException - If directory of the user's home organization is unavailable.

proxyAuthentication

public static java.util.Map proxyAuthentication(java.lang.String[] requestedAttributes,
                                                java.lang.String proxyTicketId,
                                                java.lang.String servicePrincipal)
                                         throws AuthorizationException,
                                                IllegalInputException,
                                                InoperableStateException,
                                                UnknownTicketException
Performs a ticket based proxy authentication. A proxy ticket and a set of requested attributes are used to retrieve user data. Only cached userdata can be retrieved.

Parameters:
requestedAttributes - The requested attributes to retrieve.
proxyTicketId - The proxy ticket connected with the cached user data.
servicePrincipal - The principal of the requesting service.
Returns:
Map containing user attributes with String (attribute name) as key and String[] (user attributes) as value.
Throws:
AuthorizationException - If the service is not allowed to perform this operation, or if the user's organization does not allow the use of this service.
IllegalInputException - If requestedAttributes is null, or proxyTicketId or servicePrincipal is null or an empty string.
InoperableStateException - If the controller is not currently ready to use.
UnknownTicketException - If the proxy ticket is invalid or does not exist.

getProxyTicket

public static java.lang.String getProxyTicket(java.lang.String ticketGrantingTicket,
                                              java.lang.String proxyServicePrincipal,
                                              java.lang.String servicePrincipal)
                                       throws AuthorizationException,
                                              IllegalInputException,
                                              InoperableStateException,
                                              UnknownTicketException
Generates a proxy ticket based on a TGT. A new proxy ticket is created, referring to the same cached user data as the TGT does. The proxy ticket will be owned by the target service, not the one that requested its creation.

Parameters:
ticketGrantingTicket - The TGT to generate a proxy ticket for.
proxyServicePrincipal - The principal of the service that the proxy ticket is created for.
servicePrincipal - The principal of the service requesting the ticket generation.
Returns:
A String containing the proxy ticket.
Throws:
AuthorizationException - If the requesting service is not allowed to perform the operation, or if the user's organization does not allow the use of this service.
IllegalInputException - If ticketGrantingTicket, proxyServicePrincipal or servicePrincipal is null or an empty string.
InoperableStateException - If Moria is not currently ready for use.
UnknownTicketException - If the ticketGrantingTicket is invalid or does not exist, or userorg is not set in ticket.

verifyUserExistence

public static boolean verifyUserExistence(java.lang.String userId,
                                          java.lang.String servicePrincipal)
                                   throws AuthorizationException,
                                          IllegalInputException,
                                          InoperableStateException,
                                          DirectoryUnavailableException
Verifies the existence of a user.

Parameters:
userId - The username to verify.
servicePrincipal - The principal of the requesting service.
Returns:
true if the user exists, otherwise false.
Throws:
AuthorizationException - If the requesting service is not allowed to perform the operation, or if the user's organization does not allow the use of this service.
IllegalInputException - If userId or servicePrincipal is null or an empty string.
InoperableStateException - If the controller is not currently ready to use.
DirectoryUnavailableException - If the directory for the user is not available.

setConfig

public static void setConfig(java.lang.String module,
                             java.util.Properties properties)
Sets config for a module. A supplied configuration is transferred to the correct module. When all modules have received their config, the controller's status becomes ready.

Parameters:
module - Name of the module to set config for.
properties - The configuration to transfer to the module.
See Also:
ConfigurationManager.MODULE_AM, ConfigurationManager.MODULE_DM, ConfigurationManager.MODULE_SM, ConfigurationManager.MODULE_WEB

initController

public static void initController(javax.servlet.ServletContext sc)
                           throws InoperableStateException
Starts the controller. The controller expects to be started from a web application. The supplied ServletContext will be used to transfer config from the configuration manager to the servlets.

Parameters:
sc - The servletContext from the caller.
Throws:
InoperableStateException - if Moria is not ready for use.

stopController

public static void stopController()
Stops the controller.

isLegalURL

static boolean isLegalURL(java.lang.String url)
Validates a URL.

Parameters:
url - The URL to validate.
Returns:
true if the URL is valid, else false.
Throws:
java.lang.IllegalArgumentException - if url is null or an empty string.
See Also:
URI

getServiceProperties

public static java.util.HashMap getServiceProperties(java.lang.String loginTicketId)
                                              throws UnknownTicketException,
                                                     InoperableStateException,
                                                     IllegalInputException
Returns the service configuration for the service that created the authentication attempt.

Parameters:
loginTicketId - The login ticket associated with the authentication attempt. Cannot be null or an empty string.
Returns:
A HashMap containing service configuration.
Throws:
UnknownTicketException - If the ticket does not exist in the store, if the ticket is invalid, or if the ticket does not correspond to a service.
InoperableStateException - If the controller or the store is not ready to use.
IllegalInputException - If loginTicketId is null or an empty string.

getSecLevel

public static int getSecLevel(java.lang.String loginTicketId)
                       throws UnknownTicketException,
                              InoperableStateException
Gets the security level of an authentication attempt.

Parameters:
loginTicketId - The ticket associated with the authentication attempt.
Returns:
int describing the security level for the requested attributes in The authentication attempt.
Throws:
UnknownTicketException - If the ticket does not exist, is invalid, or is not associated with a service.
InoperableStateException - If Moria is not usable.
java.lang.IllegalArgumentException - If loginTicketId is null or empty.

invalidateSSOTicket

public static void invalidateSSOTicket(java.lang.String ssoTicketId)
                                throws IllegalInputException,
                                       InoperableStateException
Invalidates an SSO ticket. After the invalidation, the ticket cannot be used any more.

Parameters:
ssoTicketId - The ticket to be invalidated.
Throws:
IllegalInputException - If ssoTicketId is null or empty.
InoperableStateException - If Moria is not ready to use.

getRedirectURL

public static java.lang.String getRedirectURL(java.lang.String serviceTicketId)
                                       throws InoperableStateException,
                                              IllegalInputException,
                                              UnknownTicketException
Creates a redirect URL for redirecting user back to web service. The URL is created by concatenating the URL prefix with the service ticket and the URL postfix.

Parameters:
serviceTicketId - The service ticket to generate redirect URL for.
Returns:
A String containing the URL.
Throws:
InoperableStateException - If Moria is not ready for use.
IllegalInputException - If serviceTicketId is null or empty.
UnknownTicketException - If the service ticket is invalid or does not exist.

getUserOrg

public static java.lang.String getUserOrg(java.lang.String username)
                                   throws AuthenticationException
Resolves a user's home organization through the Directory Manager.

Parameters:
username - The full username of a user. Must be a non-empty string.
Returns:
A String containing the user's organization.
Throws:
AuthenticationException - If the user's organization is not found.
java.lang.IllegalArgumentException - If username is null or an empty string.

authenticate

private static final java.util.HashMap authenticate(java.lang.String sessionTicket,
                                                    no.feide.moria.directory.Credentials userCredentials,
                                                    java.lang.String[] attributeRequest)
                                             throws no.feide.moria.directory.backend.AuthenticationFailedException,
                                                    no.feide.moria.directory.backend.BackendException,
                                                    java.lang.IllegalStateException
Convenience method to assure certain pre-authentication checks.

Parameters:
sessionTicket - The session ticket.
userCredentials - The user's credentials.
attributeRequest - The attribute request.
Returns:
The returned attributes.
Throws:
no.feide.moria.directory.backend.AuthenticationFailedException - If authentication fails.
no.feide.moria.directory.backend.BackendException - If the backend fails to authenticate/retrieve attributes.
java.lang.IllegalStateException - If Moria2 is in an illegal state.
See Also:
DirectoryManager.authenticate(java.lang.String, no.feide.moria.directory.Credentials, java.lang.String[])
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2001-2006 UNINETT FAS. All Rights Reserved.