org.rhq.enterprise.server.auth
Class SubjectManagerBean

java.lang.Object
  org.rhq.enterprise.server.auth.SubjectManagerBean

All Implemented Interfaces:

SubjectManagerLocal, SubjectManagerRemote

public class SubjectManagerBean
extends java.lang.Object
implements SubjectManagerLocal, SubjectManagerRemote

Provides functionality to access and manipulate subjects and principals, mainly for authentication purposes.

Author:

John Mazzitelli

Constructor Summary

SubjectManagerBean()

Method Summary

boolean	authenticateTemporarySessionPassword(java.lang.String password) Tests the validity of the given session password.
void	changePassword(Subject whoami, java.lang.String username, java.lang.String password) #see {@link SubjectManagerRemote#changePassword(Subject, String, String)
void	createPrincipal(Subject whoami, Principal principal) Creates a new principal (username and password) in the internal database.
void	createPrincipal(Subject whoami, java.lang.String username, java.lang.String password) #see {@link SubjectManagerRemote#createPrincipal(Subject, String, String)
Subject	createSubject(Subject whoami, Subject subject) #see {@link SubjectManagerRemote#createSubject(Subject, Subject)
void	deleteSubjects(Subject sessionSubject, int[] subjectIds) #see {@link SubjectManagerRemote#deleteSubjects(Subject, int[])
void	deleteUsers(Subject subject, int[] subjectIds) Deletes the given set of users, including both the Subject and Principal objects associated with those users.
PageList<Subject>	findAllSubjects(PageControl pc)
java.util.Collection<java.lang.String>	findAllUsersWithPrincipals() Get a collection of all user names, where the collection contains the names of all users that have principals only.
PageList<Subject>	findAvailableSubjectsForAlertDefinition(Subject whoami, java.lang.Integer alertDefinitionId, java.lang.Integer[] pendingSubjectIds, PageControl pc) This returns a list of subjects that are available to be assigned to a given alert definition but not yet assigned to that alert definition.
PageList<Subject>	findAvailableSubjectsForRole(Subject whoami, java.lang.Integer roleId, java.lang.Integer[] pendingSubjectIds, PageControl pc) This returns a list of subjects that are available to be assigned to a given role but not yet assigned to that role.
PageList<Subject>	findSubjectsByCriteria(Subject subject, SubjectCriteria criteria)
PageList<Subject>	findSubjectsById(java.lang.Integer[] subjectIds, PageControl pc) Given a set of subject Ids, this returns a list of all the subjects.
java.lang.String	generateTemporarySessionPassword(int sessionId) Generates a one-time temporary session password for the given session.
Subject	getOverlord() This returns the system super user subject that can be used to authorize the caller for any other system call.
Subject	getSessionSubject(int sessionId) Returns the actual Subject for the given session.
Subject	getSubjectById(int id) #see SubjectManagerRemote#getSubjectById(Subject, int)
Subject	getSubjectByName(java.lang.String username) Looks up the existing of a subject by the given username.
boolean	isLoggedIn(java.lang.String username)
boolean	isUserWithPrincipal(java.lang.String username) Checks that the user exists and has a Principal associated with it.
boolean	isValidSessionId(int session, java.lang.String username) Determines if the given session ID is valid and it is associated with the given user.
Subject	loadUserConfiguration(java.lang.Integer subjectId) Loads in the given subject's configuration.
Subject	login(java.lang.String username, java.lang.String password) Logs a user into the system.
Subject	loginUnauthenticated(java.lang.String username, boolean reattach) Logs in a user without performing any authentication.
void	logout(int sessionId) Logs out a user.
void	logout(Subject subject) Logs out a user.
Subject	updateSubject(Subject whoami, Subject subjectToModify) Updates an existing subject with new data.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SubjectManagerBean

public SubjectManagerBean()

Method Detail

loadUserConfiguration

public Subject loadUserConfiguration(java.lang.Integer subjectId)

Description copied from interface: SubjectManagerLocal

Loads in the given subject's configuration.

Specified by:

loadUserConfiguration in interface SubjectManagerLocal

Parameters:

subjectId - identifies the subject whose user configuration is to be loaded

Returns:

the subject, with its user configuration loaded

See Also:

SubjectManagerLocal.loadUserConfiguration(Integer)

findSubjectsById

public PageList<Subject> findSubjectsById(java.lang.Integer[] subjectIds,
                                          PageControl pc)

Description copied from interface: SubjectManagerLocal

Given a set of subject Ids, this returns a list of all the subjects.

Specified by:

findSubjectsById in interface SubjectManagerLocal

Returns:

all the subjects with the given ID

See Also:

SubjectManagerLocal.findSubjectsById(Integer[],PageControl)

updateSubject

public Subject updateSubject(Subject whoami,
                             Subject subjectToModify)

Description copied from interface: SubjectManagerRemote

Updates an existing subject with new data. This does not cascade any changes to the roles but it will save the subject's configuration.

Specified by:

updateSubject in interface SubjectManagerLocal

Specified by:

updateSubject in interface SubjectManagerRemote

Parameters:

whoami - The logged in user's subject.

subjectToModify - the subject whose data is to be updated (which may or may not be the same as user)

Returns:

the merged subject, which may or may not be the same instance of subjectToModify

See Also:

SubjectManagerLocal.updateSubject(Subject, Subject)

getOverlord

public Subject getOverlord()

Description copied from interface: SubjectManagerLocal

This returns the system super user subject that can be used to authorize the caller for any other system call. This must not be exposed to remote clients.

Specified by:

getOverlord in interface SubjectManagerLocal

Returns:

a subject that is authorized to do anything

See Also:

SubjectManagerLocal.getOverlord()

getSubjectByName

public Subject getSubjectByName(java.lang.String username)

Description copied from interface: SubjectManagerRemote

Looks up the existing of a subject by the given username.

Specified by:

getSubjectByName in interface SubjectManagerLocal

Specified by:

getSubjectByName in interface SubjectManagerRemote

Parameters:

username - the name of the subject to look for

Returns:

the subject that was found or null if not found

See Also:

org.rhq.enterprise.server.auth.SubjectManagerRemote#g(Subject,String)

createSubject

public Subject createSubject(Subject whoami,
                             Subject subject)
                      throws SubjectException

Description copied from interface: SubjectManagerLocal

#see {@link SubjectManagerRemote#createSubject(Subject, Subject)

Specified by:

createSubject in interface SubjectManagerLocal

Specified by:

createSubject in interface SubjectManagerRemote

Parameters:

whoami - The logged in user's subject.

subject - The subject to be created.

Returns:

the newly persisted Subject

Throws:

SubjectException

See Also:

SubjectManagerLocal.createSubject(Subject, Subject)

findAllSubjects

public PageList<Subject> findAllSubjects(PageControl pc)

Specified by:

findAllSubjects in interface SubjectManagerLocal

See Also:

SubjectManagerLocal.findAllSubjects(PageControl)

getSubjectById

public Subject getSubjectById(int id)

Description copied from interface: SubjectManagerLocal

#see SubjectManagerRemote#getSubjectById(Subject, int)

Specified by:

getSubjectById in interface SubjectManagerLocal

See Also:

org.rhq.enterprise.server.auth.SubjectManagerLocal#getSubjectById(org.rhq.core.domain.auth.Subject, int)

generateTemporarySessionPassword

public java.lang.String generateTemporarySessionPassword(int sessionId)

Description copied from interface: SubjectManagerLocal

Generates a one-time temporary session password for the given session. This can be used to authenticate the user of that session for one time and one time only (i.e. to login as the user this temporary password can be used as opposed to the user's real password).

Note that this method should only be available on this EJB's local interface.

Specified by:

generateTemporarySessionPassword in interface SubjectManagerLocal

Parameters:

sessionId - the session to assign a temporary password to

Returns:

a temporary password that can be used once to login as the user

See Also:

SubjectManagerLocal.generateTemporarySessionPassword(int)

authenticateTemporarySessionPassword

public boolean authenticateTemporarySessionPassword(java.lang.String password)
                                             throws java.lang.Exception

Description copied from interface: SubjectManagerLocal

Tests the validity of the given session password. Returns true if the password is valid and the session is still valid.

Specified by:

authenticateTemporarySessionPassword in interface SubjectManagerLocal

Parameters:

password - a temporary session password that was created by SubjectManagerLocal.generateTemporarySessionPassword(int).

Returns:

true if the given password is valid and its associated session is still valid

Throws:

java.lang.Exception - if the password was valid but its associated session has either timed out or was invalidated

See Also:

SubjectManagerLocal.authenticateTemporarySessionPassword(java.lang.String)

login

public Subject login(java.lang.String username,
                     java.lang.String password)
              throws LoginException

Description copied from interface: SubjectManagerRemote

Logs a user into the system. This will authenticate the given user with the given password. If the user was already logged in, the current session will be used but the password will still need to be authenticated.

Specified by:

login in interface SubjectManagerLocal

Specified by:

login in interface SubjectManagerRemote

Parameters:

username - The name of the user.

password - The password.

Returns:

The subject of the authenticated user.

Throws:

LoginException - if the login failed for some reason

See Also:

SubjectManagerLocal.login(String, String)

logout

public void logout(Subject subject)

Description copied from interface: SubjectManagerRemote

Logs out a user.

Specified by:

logout in interface SubjectManagerLocal

Specified by:

logout in interface SubjectManagerRemote

See Also:

SubjectManagerLocal.logout(Subject)

logout

public void logout(int sessionId)

Logs out a user.

Specified by:

logout in interface SubjectManagerLocal

Parameters:

sessionId - The sessionId for the user to log out

isLoggedIn

public boolean isLoggedIn(java.lang.String username)

Specified by:

isLoggedIn in interface SubjectManagerLocal

See Also:

SubjectManagerLocal.isLoggedIn(java.lang.String)

createPrincipal

public void createPrincipal(Subject whoami,
                            java.lang.String username,
                            java.lang.String password)
                     throws SubjectException

Description copied from interface: SubjectManagerLocal

#see {@link SubjectManagerRemote#createPrincipal(Subject, String, String)

Specified by:

createPrincipal in interface SubjectManagerLocal

Specified by:

createPrincipal in interface SubjectManagerRemote

Parameters:

whoami - The logged in user's subject.

username - The username part of the principal

password - The password part ofthe principal

Throws:

SubjectException

See Also:

SubjectManagerLocal.createPrincipal(Subject, String, String)

createPrincipal

public void createPrincipal(Subject whoami,
                            Principal principal)
                     throws SubjectException

Description copied from interface: SubjectManagerLocal

Creates a new principal (username and password) in the internal database.

Specified by:

createPrincipal in interface SubjectManagerLocal

Parameters:

whoami - The subject of the currently logged in user

principal - The principal to add

Throws:

SubjectException

See Also:

SubjectManagerLocal.createPrincipal(Subject, Principal)

changePassword

public void changePassword(Subject whoami,
                           java.lang.String username,
                           java.lang.String password)

Description copied from interface: SubjectManagerLocal

#see {@link SubjectManagerRemote#changePassword(Subject, String, String)

Specified by:

changePassword in interface SubjectManagerLocal

Specified by:

changePassword in interface SubjectManagerRemote

Parameters:

whoami - The logged in user's subject.

username - The user whose password will be changed

password - The new password for the user

See Also:

SubjectManagerLocal.changePassword(Subject, String, String)

isUserWithPrincipal

public boolean isUserWithPrincipal(java.lang.String username)

Description copied from interface: SubjectManagerLocal

Checks that the user exists and has a Principal associated with it. This means that the user both exists and is authenticated via JDBC. An LDAP user will not have a Principal because it is authenticated via the LDAP server, not from the database.

Specified by:

isUserWithPrincipal in interface SubjectManagerLocal

Parameters:

username - the user whose existence is to be checked

Returns:

true if the user exists and has a Principal, false otherwise

See Also:

SubjectManagerLocal.isUserWithPrincipal(String)

findAllUsersWithPrincipals

public java.util.Collection<java.lang.String> findAllUsersWithPrincipals()

Description copied from interface: SubjectManagerLocal

Get a collection of all user names, where the collection contains the names of all users that have principals only. You will not get a list of usernames for those users authenticated by LDAP.

Specified by:

findAllUsersWithPrincipals in interface SubjectManagerLocal

Returns:

collection of all user names that have principals

See Also:

SubjectManagerLocal.findAllUsersWithPrincipals()

loginUnauthenticated

public Subject loginUnauthenticated(java.lang.String username,
                                    boolean reattach)
                             throws LoginException

Description copied from interface: SubjectManagerLocal

Logs in a user without performing any authentication. This method should be used with care and not available to remote clients. Because of the unauthenticated nature of this login, the new login session will have a session timeout of only a few seconds. However, if you pass in true for the "reattach", this method will re-attach to an existing session for the user, if one is active already. If one does not exist, this method will login and create a new session just as if that parameter was false.

Specified by:

loginUnauthenticated in interface SubjectManagerLocal

Parameters:

username - The user to authenticate and login

reattach - If true, will re-attach to an existing login session, if one exists

Returns:

the user's Subject

Throws:

LoginException - if failed to create a new session for the given user

See Also:

SubjectManagerLocal.loginUnauthenticated(String, boolean)

deleteUsers

public void deleteUsers(Subject subject,
                        int[] subjectIds)

Description copied from interface: SubjectManagerLocal

Deletes the given set of users, including both the Subject and Principal objects associated with those users.

Specified by:

deleteUsers in interface SubjectManagerLocal

Parameters:

subject - the person requesting the deletion

subjectIds - identifies the subject IDs for all the users that are to be deleted

See Also:

SubjectManagerLocal.deleteUsers(Subject, int[])

deleteSubjects

public void deleteSubjects(Subject sessionSubject,
                           int[] subjectIds)

Description copied from interface: SubjectManagerLocal

#see {@link SubjectManagerRemote#deleteSubjects(Subject, int[])

Specified by:

deleteSubjects in interface SubjectManagerLocal

Specified by:

deleteSubjects in interface SubjectManagerRemote

Parameters:

sessionSubject - The logged in user's subject.

subjectIds - identifies the subject IDs for all the users that are to be deleted

See Also:

TODO: A wrapper method for deleteUsers, exposed in remote, both should be merged at some point.

getSessionSubject

public Subject getSessionSubject(int sessionId)
                          throws java.lang.Exception

Description copied from interface: SubjectManagerLocal

Returns the actual Subject for the given session.

Specified by:

getSessionSubject in interface SubjectManagerLocal

Returns:

the Subject representation of the user that is logged in with that session ID

Throws:

java.lang.Exception - if the subject could not be retreived for some reason

See Also:

SubjectManagerLocal.getSessionSubject(int)

isValidSessionId

public boolean isValidSessionId(int session,
                                java.lang.String username)

Description copied from interface: SubjectManagerLocal

Determines if the given session ID is valid and it is associated with the given user.

Specified by:

isValidSessionId in interface SubjectManagerLocal

Returns:

true if the session ID indentifies a valid session; false if it is invalid or has timed out

See Also:

SubjectManagerLocal.isValidSessionId(int, String)

findAvailableSubjectsForAlertDefinition

public PageList<Subject> findAvailableSubjectsForAlertDefinition(Subject whoami,
                                                                 java.lang.Integer alertDefinitionId,
                                                                 java.lang.Integer[] pendingSubjectIds,
                                                                 PageControl pc)

Description copied from interface: SubjectManagerLocal

This returns a list of subjects that are available to be assigned to a given alert definition but not yet assigned to that alert definition. This excludes subjects already assigned to the alert definition. The returned list will not include the subjects identified by pendingSubjectIds since it is assumed the pending subjects will be assigned to the alert definition.

Specified by:

findAvailableSubjectsForAlertDefinition in interface SubjectManagerLocal

Parameters:

whoami - user attempting to make this call

alertDefinitionId - the alert definition whose list of available subjects are to be returned

pendingSubjectIds - the list of subjects that are planned to be given to the alert definition

Returns:

the list of subjects that can be assigned to the given alert definition, not including the pending subjects

findAvailableSubjectsForRole

public PageList<Subject> findAvailableSubjectsForRole(Subject whoami,
                                                      java.lang.Integer roleId,
                                                      java.lang.Integer[] pendingSubjectIds,
                                                      PageControl pc)

Description copied from interface: SubjectManagerLocal

This returns a list of subjects that are available to be assigned to a given role but not yet assigned to that role. This excludes subjects already assigned to the role. The returned list will not include the subjects identified by pendingSubjectIds since it is assumed the pending subjects will be assigned to the role.

Specified by:

findAvailableSubjectsForRole in interface SubjectManagerLocal

Parameters:

whoami - user attempting to make this call

roleId - the role whose list of available subjects are to be returned

pendingSubjectIds - the list of subjects that are planned to be given to the role

Returns:

the list of subjects that can be assigned to the given role, not including the pending subjects

findSubjectsByCriteria

public PageList<Subject> findSubjectsByCriteria(Subject subject,
                                                SubjectCriteria criteria)

Specified by:

findSubjectsByCriteria in interface SubjectManagerLocal

Specified by:

findSubjectsByCriteria in interface SubjectManagerRemote