Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.rhq.enterprise.server.auth
Class TemporarySessionPasswordGenerator

java.lang.Object
  extended by org.rhq.enterprise.server.auth.TemporarySessionPasswordGenerator

public class TemporarySessionPasswordGenerator
extends java.lang.Object

Provides a random password generator and a storage area that helps temporarily authenticate users even though their true passwords are not known. This is necessary when a scheduled action is triggered and we want to run as the user, but we don't know the user's true password. In other words, these temporary passwords should only be used if we have previously validated the user for a given session ID. Session passwords generated by this object can only be used once, and they must be validated fairly quickly after being generated.

This object is thread-safe.

Author:
John Mazzitelli

Constructor Summary
TemporarySessionPasswordGenerator()
          Constructor for TemporarySessionPasswordGenerator.
TemporarySessionPasswordGenerator(int timeoutMillis)
          Constructor for TemporarySessionPasswordGenerator.
 
Method Summary
 java.lang.Integer authenticateSessionPassword(java.lang.String password)
          Returns the session's ID if the given session's password was one that was generated by this object.
 java.lang.String generateSessionPassword(int sessionId)
          Given a session identifier, this will generate a temporary password that can be used to identify the user whose session that is.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

TemporarySessionPasswordGenerator

public TemporarySessionPasswordGenerator()
Constructor for TemporarySessionPasswordGenerator.

TemporarySessionPasswordGenerator

public TemporarySessionPasswordGenerator(int timeoutMillis)
Constructor for TemporarySessionPasswordGenerator.

Parameters:
timeoutMillis - the amount of milliseconds that a temporary password is guaranteed to remain valid (a password may actually live longer than this, but it is not guaranteed to do so)
Method Detail

generateSessionPassword

public java.lang.String generateSessionPassword(int sessionId)
Given a session identifier, this will generate a temporary password that can be used to identify the user whose session that is. Use authenticateSessionPassword(String) to later check for this password's authenticity. This session password can only be authenticated once.

Parameters:
sessionId - the session of a user who needs a temporary password assigned
Returns:
a password that can be used to associate a session with a user
See Also:
authenticateSessionPassword(String)

authenticateSessionPassword

public java.lang.Integer authenticateSessionPassword(java.lang.String password)
                                              throws java.lang.IllegalStateException
Returns the session's ID if the given session's password was one that was generated by this object. Returns null if the password was invalid and thus the user attempting to log in should be denied access. Once authenticated, the password will no longer be valid and can not be used to validate the session again.

Parameters:
password - the password to test
Returns:
session's ID if the session's password was one that was generated by this object; null otherwise
Throws:
java.lang.IllegalStateException - if the password was in a valid format but the password's MD5 does not match; this exception will only be thrown when it looks like someone is trying to hack a session password
See Also:
generateSessionPassword(int)
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2008-2009 Red Hat, Inc.. All Rights Reserved.