com.novell.nidp.authentication.local
Class LocalAuthenticationClass

java.lang.Object
  com.novell.nidp.authentication.local.LocalAuthenticationClass

public abstract class LocalAuthenticationClass
extends java.lang.Object

Field Summary

static int	AUTHENTICATED Returns the value for authenticate, indicating the authentication was successful.
static int	HANDLED_REQUEST Returns the value for authenticate, indicating that the request was handled to query for more information that is necessary for authentication to proceed.
protected java.util.ArrayList<WSCCacheEntry>	m_Credentials
protected NIDPPrincipal	m_ExpiredPrincipal
protected boolean	m_LECP
protected NIDPContext	m_NIDPContext
protected PageToShow	m_PageToShow
protected NIDPException	m_PasswordException
protected java.util.Properties	m_Properties Contains the class and method properties defined in the admin utility as well as other system properties.
protected HttpServletRequest	m_Request The current HttpServletRequest that is being processed.
protected HttpServletResponse	m_Response The HttpServletResponse that will be responded to.
protected NIDPSession	m_Session The current Novell Identity Server session.
protected NIDPSessionData	m_SessionData
protected java.util.ArrayList<UserAuthority>	m_UserStores
static int	NOT_AUTHENTICATED Returns the value for authenticate, indicating that the authentication was unsuccessful.
static int	PWD_EXPIRED Returns the value for authenticate, indicating that the user's password is expired.
static int	PWD_EXPIRING Returns the value for authenticate, indicating that the user's password is expiring.
static int	SHOW_JSP
static int	SHOW_PAGE
static int	SHOW_PAGE_TERMINATE

Constructor Summary

LocalAuthenticationClass(java.util.Properties props, java.util.ArrayList<UserAuthority> uStores)
Defines the constructor to be used by all classes to do local authentication.

Method Summary

protected void	addCredential(WSCQToken token, XMLBase value) Add a credential used to authencicate.
protected void	addLDAPCredentials() Adds the LDAP credentials except password
protected void	addPrincipalAttributes(java.lang.String strAttr, java.lang.String[] values) Sets attributes for a principal that has been authenticated.
int	authenticate() Performs the authentication process.
protected boolean	authenticateWithPassword(java.lang.String userid, java.lang.String password) Authenticates a principal after locating it with a user id.
protected boolean	authenticateWithQuery(java.lang.String query, java.lang.String password) Authenticates a principal after locating it with an LDAP query.
protected java.lang.String	checkForQuery() Checks for the use of a query string to access LDAP for user identification
java.util.ArrayList<WSCCacheEntry>	clearCredentials()
protected int	doAuthenticate() This is essentially an abstract method designed to be overloaded by authentication classes that intend to take advantage of secret store unlocking.
protected int	doAuthenticateNRL() This is essentially an abstract method designed to be overloaded by authentication classes that intend to take advantage of secret store unlocking.
protected java.lang.String	escapeName(java.lang.String name) Escape characters typed by user
protected java.lang.String	fillLDAPQueryString(java.lang.String query) Takes a query string and fills it with data to use in an LDAP query to find a user
protected NIDPPrincipal[]	findPrincipals(java.lang.String userid) Search for a principal in a list of user stores by user name.
protected NIDPPrincipal[]	findPrincipalsByQuery(java.lang.String filter) Searches for a principal in a list of user stores by a given query.
protected AuthnRequest	getAuthnRequest() Get the request that may have cause this authentication class to be invoked.
protected boolean	getBooleanProperty(java.lang.String property, boolean deflt) Gets a boolean value from class properties.
protected AuthenticationCard[]	getCards() This method is now depricated.
protected java.lang.String	getContractURI() Gets the URI of the contract for a request coming from an agent
java.util.ArrayList<WSCCacheEntry>	getCredentials() Gets the list of credentials used to authenticate the user or principal.
NIDPPrincipal	getExpiredPrincipal()
java.lang.String	getLogMsg() Gets the message for the associated error id.
PageToShow	getPageToShow()
NIDPException	getPasswordException()
NIDPPrincipal	getPrincipal() Gets the principal authenticated by this class.
protected javax.naming.directory.Attributes	getPrincipalAttributes(java.lang.String[] attrs) Get attributes for the principal that has been authenticated.
protected UserAuthority	getPrincipalUserAuthority() Gets the user authority for the identified principal, assuming that m_Principal has been set.
protected java.util.ArrayList<java.lang.String>	getProperties(java.lang.String prefix) Gets all properties that have names starting with a given prefix.
protected java.lang.String	getProperty(java.lang.String property) Gets a boolean property.
protected java.lang.String	getProvisionURL() Deprecated.
protected java.lang.String	getReturnURL() Returns the URL that any user interactions should post data back to.
java.lang.String	getType() Gets the authentication type this class implements.
protected UserAuthority	getUserAuthority(int index) Gets a specific user authority.
protected int	getUserAuthorityCount() Get the number of searchable user authorities.
protected java.lang.String	getUserErrorMsg() Gets the error message that will be displayed to the end user.
java.lang.String	getUserId() Gets the user id for the associated authentication.
void	initializeRequest(HttpServletRequest request, HttpServletResponse response, NIDPSession session, NIDPSessionData data, boolean following, java.lang.String url) Initializes the authentication class with the current request/response.
protected boolean	isCancelAppropriate() Deprecated.
public boolean	isCaptchaRequired()
protected boolean	isDefinesUser() Determines if this authentication class instance needs to identify a user.
boolean	isFailure() Indicates whether or not this authentication failed.
protected boolean	isFirstCallAfterPrevMethod() Determine if this authentication class instance is the result of an assertion being returned to an unauthenticated session
protected boolean	isFirstExecution()
protected boolean	isFirstInstance() Determines if this authentication class instance is the first since a the system started up or was reconfigured
protected boolean	isPendingAuthnRequest() Determine if there is a pending authentication request that has come from a service provider.
protected boolean	isUserIdentification() Deprecated
boolean	mustPersist() Indicates if this class must persist during interaction with the user.
protected void	setErrorMsg(java.lang.String userErr, java.lang.String logErr) Set the error message to be seen by the end user as well as the error message to be put into the log file.
protected void	setErrorMsg(java.lang.String userErr, java.lang.String logErr, java.lang.String logParam) Sets the error message to be seen by the end user, as well as the error message to be put into the log file.
protected void	setFailure() Sets a failure state for the current authentication
protected void	setPasswordException(NIDPException PasswordException) Allow password exceptions to be set
protected void	setPrincipal(NIDPPrincipal principal) Sets the principal to be authenticated by this class.
protected void	setPrincipalAttributes(java.lang.String[] attrs, java.lang.String[] values) Sets attributes for a principal that has been authenticated.
protected void	setUserErrorMsg(java.lang.String userMsg) Sets the error message to be displayed to an end user.
void	setUserId(java.lang.String userid) Sets the user id for the associated authentication.
protected int	showError(NIDPError error) Causes an error JSP to be executed to display an error message.
protected void	showJSP(java.lang.String jsp) Forwards execution to a specific JSP.
public boolean	verifyRecaptcha()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

AUTHENTICATED

public static final int AUTHENTICATED

Returns the value for authenticate, indicating the authentication was successful.

See Also:

Constant Field Values

HANDLED_REQUEST

public static final int HANDLED_REQUEST

Returns the value for authenticate, indicating that the request was handled to query for more information that is necessary for authentication to proceed.

See Also:

Constant Field Values

NOT_AUTHENTICATED

public static final int NOT_AUTHENTICATED

Returns the value for authenticate, indicating that the authentication was unsuccessful.

See Also:

Constant Field Values

PWD_EXPIRING

public static final int PWD_EXPIRING

Returns the value for authenticate, indicating that the user's password is expiring.

See Also:

Constant Field Values

PWD_EXPIRED

public static final int PWD_EXPIRED

Returns the value for authenticate, indicating that the user's password is expired.

See Also:

Constant Field Values

SHOW_JSP

public static final int SHOW_JSP

See Also:

Constant Field Values

SHOW_PAGE

public static final int SHOW_PAGE

See Also:

Constant Field Values

SHOW_PAGE_TERMINATE

public static final int SHOW_PAGE_TERMINATE

See Also:

Constant Field Values

m_NIDPContext

protected NIDPContext m_NIDPContext

m_UserStores

protected java.util.ArrayList<UserAuthority> m_UserStores

m_Properties

protected java.util.Properties m_Properties

Contains the class and method properties defined in the admin utility as well as other system properties.

m_Request

protected HttpServletRequest m_Request

The current HttpServletRequest that is being processed.

See Also:

initializeRequest

m_Response

protected HttpServletResponse m_Response

The HttpServletResponse that will be responded to.

See Also:

initializeRequest

m_Session

protected NIDPSession m_Session

The current Novell Identity Server session.

m_SessionData

protected NIDPSessionData m_SessionData

m_PageToShow

protected PageToShow m_PageToShow

m_LECP

protected boolean m_LECP

m_Credentials

protected java.util.ArrayList<WSCCacheEntry> m_Credentials

m_ExpiredPrincipal

protected NIDPPrincipal m_ExpiredPrincipal

m_PasswordException

protected NIDPException m_PasswordException

Constructor Detail

LocalAuthenticationClass

public LocalAuthenticationClass(java.util.Properties props,
                                java.util.ArrayList<UserAuthority> uStores)

Defines the constructor to be used by all classes to do local authentication.

Parameters:

props - Properties associated with the implementing class.

uStores - Provides a list of ordered user stores to authenticate against.

Method Detail

initializeRequest

public void initializeRequest(HttpServletRequest request,
                              HttpServletResponse response,
                              NIDPSession session,
                              NIDPSessionData data,
                              boolean following,
                              java.lang.String url)

Initializes the authentication class with the current request/response.

Parameters:

request - Specifies the HttpServletRequest that the request came in on.

response - Specifies the HttpServletResponse that the request will respond with.

session - Identifies the user's liberty session.

following - Specify true if this class is following a previous method.

url - Identifies the URL to return to after completion of context.

getPasswordException

public NIDPException getPasswordException()

getExpiredPrincipal

public NIDPPrincipal getExpiredPrincipal()

getType

public java.lang.String getType()

Gets the authentication type this class implements.

Returns:

Returns the authentication type represented by this class.

getPrincipal

public NIDPPrincipal getPrincipal()

Gets the principal authenticated by this class. This value will be null if the authentication class is set to not define a user.

Returns:

The authenticate NIDPPrincipal.

setPrincipal

protected void setPrincipal(NIDPPrincipal principal)

Sets the principal to be authenticated by this class.

Parameters:

principal - The principal to be considered authenticated.

isFailure

public boolean isFailure()

Indicates whether or not this authentication failed.

Returns:

Returns true if authentication failed, otherwise false.

setFailure

protected void setFailure()

Sets a failure state for the current authentication

getProvisionURL

protected java.lang.String getProvisionURL()

Deprecated.

Returns:

Returns null. This method is deprecated.

getReturnURL

protected java.lang.String getReturnURL()

Returns the URL that any user interactions should post data back to.

Returns:

The URL to be used to POST user data back to this class.

mustPersist

public boolean mustPersist()

Indicates if this class must persist during interaction with the user.

Returns:

True if this class should persist during user interaction.

isFirstInstance

protected boolean isFirstInstance()

Determines if this authentication class instance is the first since a the system started up or was reconfigured

Returns:

True if this is the first instance of the class.

isCancelAppropriate

protected boolean isCancelAppropriate()

Deprecated.

Returns:

Deprecated. Always returns false

isDefinesUser

protected boolean isDefinesUser()

Determines if this authentication class instance needs to identify a user.

Returns:

True if this authentication class needs to identity a user.

isUserIdentification

protected boolean isUserIdentification()

Deprecated

Returns:

Deprecated. Always returns false.

isFirstCallAfterPrevMethod

protected boolean isFirstCallAfterPrevMethod()

Determine if this authentication class instance is the result of an assertion being returned to an unauthenticated session

Returns:

True if assertion has been returned to unauthenticated session.

isPendingAuthnRequest

protected boolean isPendingAuthnRequest()

Determine if there is a pending authentication request that has come from a service provider. Indicates that this class was initiated as a result of a login request from an SP.

Returns:

True if login request came from a Service Provider.

getAuthnRequest

protected AuthnRequest getAuthnRequest()

Get the request that may have cause this authentication class to be invoked.

Returns:

The authentication request that was received from a Service Provider.

getContractURI

protected java.lang.String getContractURI()

Gets the URI of the contract for a request coming from an agent

Returns:

The URI of a contract that may be requested from an agent.

isFirstExecution

protected boolean isFirstExecution()

getCards

protected AuthenticationCard[] getCards()

This method is now depricated.

Returns:

Returns an empty array of authentication cards

getPageToShow

public PageToShow getPageToShow()

showError

protected int showError(NIDPError error)

Causes an error JSP to be executed to display an error message.

Parameters:

msg - The error message that is to be displayed.

showJSP

protected void showJSP(java.lang.String jsp)

Forwards execution to a specific JSP.

Parameters:

jsp - Specifies the JSP to which control should be forwarded.

setErrorMsg

protected void setErrorMsg(java.lang.String userErr,
                           java.lang.String logErr)

Set the error message to be seen by the end user as well as the error message to be put into the log file.

Parameters:

userErr - The message to be displayed to the end user.

logErr - The message to log for the administrator.

setErrorMsg

protected void setErrorMsg(java.lang.String userErr,
                           java.lang.String logErr,
                           java.lang.String logParam)

Sets the error message to be seen by the end user, as well as the error message to be put into the log file.

Parameters:

userErr - The message to be displayed to the end user.

logErr - The message to log for the administrator.

logParam - The parameter to be used as part of the log file error message.

setUserErrorMsg

protected void setUserErrorMsg(java.lang.String userMsg)

Sets the error message to be displayed to an end user.

Parameters:

userMsg - The message to display to the end user on an error page.

getUserErrorMsg

protected java.lang.String getUserErrorMsg()

Gets the error message that will be displayed to the end user.

Returns:

The end user error message, or null if none.

getLogMsg

public java.lang.String getLogMsg()

Gets the message for the associated error id.

Returns:

The error message text.

getUserId

public java.lang.String getUserId()

Gets the user id for the associated authentication.

Returns:

user id

setUserId

public void setUserId(java.lang.String userid)

Sets the user id for the associated authentication.

Parameters:

user - id

addLDAPCredentials

protected void addLDAPCredentials()

Adds the LDAP credentials except password

addCredential

protected void addCredential(WSCQToken token,
                             XMLBase value)

Add a credential used to authencicate.

Parameters:

token - The credential token used.

value - The credential value.

getCredentials

public java.util.ArrayList<WSCCacheEntry> getCredentials()

Gets the list of credentials used to authenticate the user or principal.

Returns:

A list containing all current credentials.

clearCredentials

public java.util.ArrayList<WSCCacheEntry> clearCredentials()

escapeName

protected java.lang.String escapeName(java.lang.String name)

Escape characters typed by user

Parameters:

name - The user name.

Returns:

The escaped user name.

getUserAuthorityCount

protected int getUserAuthorityCount()

Get the number of searchable user authorities.

Returns:

The number of user authorities that are available to be searched.

See Also:

getUserAuthority

getUserAuthority

protected UserAuthority getUserAuthority(int index)

Gets a specific user authority.

Parameters:

index - The index of the user authority to be obtained.

Returns:

Returns the user authority identified by a particular index, or null if the index is out of range.

See Also:

getUserAuthorityCount

getPrincipalUserAuthority

protected UserAuthority getPrincipalUserAuthority()

Gets the user authority for the identified principal, assuming that m_Principal has been set.

Returns:

Returns the user authority for the identified principal, or null if no principal is found.

See Also:

getUserAuthority, getPrincipal

authenticateWithPassword

protected boolean authenticateWithPassword(java.lang.String userid,
                                           java.lang.String password)
                                    throws PasswordExpiredException,
                                           PasswordExpiringException

Authenticates a principal after locating it with a user id.

Parameters:

userid - Specifies the id of the user/principal to locate.

password - The password with which to authenticate the user/principal.

Returns:

Returns true if authentication succeeds.

Throws:

PasswordExpiredException - An exception that occurs only with eDir indicating user's password has expired.

PasswordExpiringException - An exception that occurs only with eDir indicating user's password is about to expire.

authenticateWithQuery

protected boolean authenticateWithQuery(java.lang.String query,
                                        java.lang.String password)
                                 throws PasswordExpiredException,
                                        PasswordExpiringException

Authenticates a principal after locating it with an LDAP query.

Parameters:

query - Specifies the LDAP query to use to identify the principal.

password - The password with which to authenticate the principal.

Returns:

Returns true if the authentication succeeds.

Throws:

PasswordExpiredException - An exception that occurs only with eDir indicating user's password has expired.

PasswordExpiringException - An exception that occurs only with eDir indicating user's password is about to expire.

findPrincipals

protected NIDPPrincipal[] findPrincipals(java.lang.String userid)

Search for a principal in a list of user stores by user name.

Parameters:

userid - The id of the user to search for.

Returns:

The list of principals found in one of the stores.

findPrincipalsByQuery

protected NIDPPrincipal[] findPrincipalsByQuery(java.lang.String filter)

Searches for a principal in a list of user stores by a given query.

Parameters:

filter - The filter or query to use.

Returns:

The list of principals found in one of the stores.

getPrincipalAttributes

protected javax.naming.directory.Attributes getPrincipalAttributes(java.lang.String[] attrs)

Get attributes for the principal that has been authenticated.

Parameters:

attrs - Specifies an array of strings representing the attributes to obtain.

Returns:

An Attributes object containing values of attributes that were obtainable.

setPrincipalAttributes

protected void setPrincipalAttributes(java.lang.String[] attrs,
                                      java.lang.String[] values)
                               throws NIDPException

Sets attributes for a principal that has been authenticated.

Parameters:

attrs - Specifies an array of strings representing the attributes to obtain.

values - Specifies an array of value objects to associate with attributes in attribute array.

Throws:

NIDPException

addPrincipalAttributes

protected void addPrincipalAttributes(java.lang.String strAttr,
                                      java.lang.String[] values)
                               throws NIDPException

Sets attributes for a principal that has been authenticated.

Parameters:

attrs - Specifies an array of strings representing the attributes to obtain.

values - Specifies an array of value objects to associate with attributes in attribute array.

Throws:

NIDPException

getProperty

protected java.lang.String getProperty(java.lang.String property)

Gets a boolean property.

Parameters:

property - The property name to obtain.

Returns:

The value of the property or null if not found.

getProperties

protected java.util.ArrayList<java.lang.String> getProperties(java.lang.String prefix)

Gets all properties that have names starting with a given prefix.

Parameters:

prefix - The prefix used to match returned properties.

Returns:

The value of the property or null if not found.

getBooleanProperty

protected boolean getBooleanProperty(java.lang.String property,
                                     boolean deflt)

Gets a boolean value from class properties. Values specified during configuration of Identity Server can be obtained with this method.

Parameters:

property - Specifies the name of the boolean value property to obtain.

deflt - The value to return if the property is not found.

Returns:

The boolean value of the property or the default value if not found.

authenticate

public int authenticate()

Performs the authentication process.

Returns:

The results of the authentication process: AUTHENTICATED, NOT_AUTHENTICATED, CANCELLEDCANCEL, HANDLED_REQUEST, PWD_EXPIRING, OR PWD_EXPIRED.

doAuthenticate

protected int doAuthenticate()

This is essentially an abstract method designed to be overloaded by authentication classes that intend to take advantage of secret store unlocking.

doAuthenticateNRL

protected int doAuthenticateNRL()

This is essentially an abstract method designed to be overloaded by authentication classes that intend to take advantage of secret store unlocking.

checkForQuery

protected java.lang.String checkForQuery()

Checks for the use of a query string to access LDAP for user identification

fillLDAPQueryString

protected java.lang.String fillLDAPQueryString(java.lang.String query)

Takes a query string and fills it with data to use in an LDAP query to find a user

Parameters:

query - the query string defined by administrator

Returns:

returns an LDAP query form string that can be used to search directory or null if not available

setPasswordException

protected void setPasswordException(NIDPException PasswordException)

Allow password exceptions to be set

public boolean isCaptchaRequired()

Required to implement reCAPTCHA

public boolean verifyRecaptcha(String gRecaptchaResponse)

Required to implement reCAPTCHA