Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.force.sdk.oauth.context
Class SecurityContextUtil

java.lang.Object
  extended by com.force.sdk.oauth.context.SecurityContextUtil

public final class SecurityContextUtil
extends Object

Utility class to handle all interactions with the browser cookies sed to track a user's authentication status. This will include the logic required to refresh the security context if it isn't available in the server side session.

Author:
John Simone

Field Summary
static String DEFAULT_ROLE
          Constant that defines the default role which will be used if no role is available.
static String FORCE_FORCE_ENDPOINT
          Constant that defines the name of the endpoint cookie.
static String FORCE_FORCE_SESSION
          Constant that defines the name of the session id cookie.
 
Method Summary
static void clearCookieValues(javax.servlet.http.HttpServletResponse response)
          Clears the endpoint and session cookies.
static Map<String,String> getCookieValues(javax.servlet.http.HttpServletRequest request)
          Gets the session id and endpoint from cookies.
static void initializeSecurityContextFromApi(SecurityContext securityContext)
          Initializes the user information into the security context via a call to the partner API.
static void setCookieValues(Map<String,String> cookieValueMap, javax.servlet.http.HttpServletResponse response, boolean secure, String path)
          Sets the map of cookie names and values into cookies on the response.
static void setCookieValues(SecurityContext sc, javax.servlet.http.HttpServletResponse response, boolean secure, String path)
          Sets the session id and endpoint from the security context into cookies.
static boolean useSecureCookies(javax.servlet.http.HttpServletRequest request)
          We should not use secure cookies if the request came from the local machine because this will usually mean that we are in a development environment where secure communitcation is not being used and isn't required to be.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

FORCE_FORCE_SESSION

public static final String FORCE_FORCE_SESSION
Constant that defines the name of the session id cookie.

See Also:
Constant Field Values

FORCE_FORCE_ENDPOINT

public static final String FORCE_FORCE_ENDPOINT
Constant that defines the name of the endpoint cookie.

See Also:
Constant Field Values

DEFAULT_ROLE

public static final String DEFAULT_ROLE
Constant that defines the default role which will be used if no role is available.

See Also:
Constant Field Values
Method Detail

getCookieValues

public static Map<String,String> getCookieValues(javax.servlet.http.HttpServletRequest request)
Gets the session id and endpoint from cookies.

Parameters:
request - HttpServletRequest
Returns:
Map - cookie name, cookie value

setCookieValues

public static void setCookieValues(SecurityContext sc,
                                   javax.servlet.http.HttpServletResponse response,
                                   boolean secure,
                                   String path)
Sets the session id and endpoint from the security context into cookies.

Parameters:
sc - SecurityContext
response - HttpServletResponse
secure - Whether or not the cookie should be secure

setCookieValues

public static void setCookieValues(Map<String,String> cookieValueMap,
                                   javax.servlet.http.HttpServletResponse response,
                                   boolean secure,
                                   String path)
Sets the map of cookie names and values into cookies on the response.

Parameters:
cookieValueMap - Map - cookie name, cookie value
response - HttpServletResponse
secure - Whether or not the cookie should be secure

clearCookieValues

public static void clearCookieValues(javax.servlet.http.HttpServletResponse response)
Clears the endpoint and session cookies.

Parameters:
response - HttpServletResponse

initializeSecurityContextFromApi

public static void initializeSecurityContextFromApi(SecurityContext securityContext)
                                             throws com.sforce.ws.ConnectionException
Initializes the user information into the security context via a call to the partner API.

Parameters:
securityContext - securityContext
Throws:
com.sforce.ws.ConnectionException - ConnectionException

useSecureCookies

public static boolean useSecureCookies(javax.servlet.http.HttpServletRequest request)
We should not use secure cookies if the request came from the local machine because this will usually mean that we are in a development environment where secure communitcation is not being used and isn't required to be.

Parameters:
request - Servlet Restust
Returns:
whether or not to use secure cookies
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2012. All Rights Reserved.