Class Session
- java.lang.Object
-
- org.apache.directory.fortress.core.model.FortEntity
-
- org.apache.directory.fortress.core.model.Session
-
- All Implemented Interfaces:
Serializable
,PwMessage
public class Session extends FortEntity implements PwMessage, Serializable
This contains attributes related to a user's RBAC session. The following example shows the mapping to Session attributes on this entity:Session
session.getUserId() => demoUser4
session.getInternalUserId() => be2dd2e:12a82ba707e:-7fee
session.getMessage() => Fortress checkPwPolicies userId <demouser4> VALIDATION GOOD
session.getErrorId() => 0
session.getWarningId() => 11
session.getExpirationSeconds() => 469831
session.getGraceLogins() => 0
session.getIsAuthenticated() => true
session.getLastAccess() => 1283623680440
session.getSessionId() => -7410986f:12addeea576:-7fff
- ------------------------------------------
User user = session.getUser();
-
user.getUserId() => demoUser4
user.getInternalId() => be2dd2e:12a82ba707e:-7fee
user.getCn() => JoeUser4
user.getDescription() => Demo Test User 4
user.getOu() => test
user.getSn() => User4
user.getBeginDate() => 20090101
user.getEndDate() => none
user.getBeginLockDate() => none
user.getEndLockDate() => none
user.getDayMask() => 1234567
user.getTimeout() => 60
List<UserRole> roles = session.getRoles();
-
UserRole userRole = roles.get(i);
userRole.getName() => role1
userRole.getBeginTime() => 0000
userRole.getEndTime() => 0000
userRole.getBeginDate() => none
userRole.getEndDate() => none
userRole.getBeginLockDate() => null
userRole.getEndLockDate() => null
userRole.getDayMask() => null
userRole.getTimeout() => 0
List<UserAdminRole> adminRoles = session.getAdminRoles();
-
UserAdminRole userAdminRole = adminRoles.get(i);
userAdminRole.getName() => DemoAdminUsers
userAdminRole.getBeginTime() => 0000
userAdminRole.getEndTime() => 0000
userAdminRole.getBeginDate() => none
userAdminRole.getEndDate() => none
userAdminRole.getBeginLockDate() => null
userAdminRole.getEndLockDate() => null
userAdminRole.getDayMask() => null
userAdminRole.getTimeout() => 0
userAdminRole.getOsPs() => [ftT3POrg10, ftT4POrg10]
userAdminRole.getOsUs() => [ftT1UOrg10, ftT2UOrg10]
userAdminRole.getBeginRange() => ftT14Role1
userAdminRole.getEndRange() => ftT14Role10
userAdminRole.getBeginInclusive() => true
userAdminRole.getEndInclusive() => false
Sample Data data contained within this Entity.
Ses UID [demoUser4]:
Ses IID [ccbb2929-bf01-413d-b768-529de4d428e5]
Ses ERR [0]
Ses WARN [10]
Ses MSG [checkPwPolicies for userId <demouser4> PASSWORD CHECK SUCCESS]
Ses EXP [0]
Ses GRAC [0]
Ses AUTH [true]
Ses LAST [1297408501356]
Ses SID [fc228713-1242-4061-9d8a-d4860bf8d3d8]
------------------------------------------
Usr UID [demoUser4]
Usr IID [ccbb2929-bf01-413d-b768-529de4d428e5]
Usr CN [JoeUser4]
Usr DESC [Demo Test User 4]
Usr OU [demousrs1]
Usr SN [User4]
Usr BDTE [20090101]
Usr EDTE [20990101]
Usr BLDT [none]
Usr ELDT [none]
Usr DMSK [1234567]
Usr TO [60]
Usr REST [false]
Usr PROP1 [customerNumber, 3213432]
USER RBAC ROLE[0]:
Rle role name [role1]
Rle begin time [0000]
Rle end time [0000]
Rle begin date [20110101]
Rle end date [none]
Rle begin lock [none]
Rle end lock [none]
Rle day mask [all]
Rle time out [60]
USER ADMIN ROLE[0]:
Adm admin role name [DemoAdminUsers]
Adm OsU [Dev1]
Adm OsP [App1]
Adm begin range [role1]
Adm end range [role3]
Adm begin time [0000]
Adm end time [0000]
Adm begin date [20110101]
Adm end date [none]
Adm begin lock [none]
Adm end lock [none]
Adm day mask [23456]
Adm time out [30]
- Author:
- Apache Directory Project
- See Also:
- Serialized Form
-
-
Field Summary
-
Fields inherited from class org.apache.directory.fortress.core.model.FortEntity
adminSession, contextId, modCode, modId, sequenceId
-
-
Constructor Summary
Constructors Constructor Description Session()
Default constructor for Fortress Session.Session(Group group)
Construct a new Session instance with given Group entity.Session(Group group, String sessionId)
Construct a new Session instance with given Group entity.Session(User user)
Construct a new Session instance with given User entity.Session(User user, String sessionId)
Construct a new Session instance with given User entity.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
copy(Session inSession)
Copy values from incoming Session object.List<UserAdminRole>
getAdminRoles()
Return a list of User's Admin Roles that have been activated into User's session.int
getErrorId()
Return the error id that is associated with the password policy checks.int
getExpirationSeconds()
This attribute specifies the maximum number of seconds before a password is due to expire that expiration warning messages will be returned to an authenticating user.int
getGraceLogins()
Gets the attribute that specifies the number of times an expired password can be used to authenticate before failure.Group
getGroup()
Return the Group entity that is associated with this entity.String
getGroupName()
Return the group name that is associated with this Session object.String
getInternalUserId()
Return the internal userId that is associated with User.long
getLastAccess()
Returns the last access time in milliseconds.String
getMsg()
Gets the message that is associated with the user's last authentication attempt.List<UserRole>
getRoles()
Return the list of User's RBAC Roles that have been activated into User's or Group's session.String
getSessionId()
Return the unique id that is associated with User.User
getUser()
Return the User entity that is associated with this entity.String
getUserId()
Return the userId that is associated with this Session object.List<Warning>
getWarnings()
Get the warnings attached to this Session.boolean
isAuthenticated()
A 'true' value here indicates user successfully authenticated with Fortress.boolean
isGroupSession()
A 'true' value here indicates this Session was created for Group entityboolean
setAuthenticated()
Get the value that will be set to 'true' if user has successfully authenticated with Fortress for this Session.void
setAuthenticated(boolean authenticated)
Set the value to 'true' indicating that user has successfully authenticated with Fortress.void
setErrorId(int error)
Set the error id that is associated with the password policy checks.void
setExpirationSeconds(int expire)
This attribute specifies the maximum number of seconds before a password is due to expire that expiration warning messages will be returned to an authenticating user.void
setGraceLogins(int grace)
This attribute specifies the number of times an expired password can be used to authenticate.void
setGroup(Group group)
Set a Group entity into the Session.void
setGroupName(String groupName)
Set the groupName that is associated with Group.void
setGroupSession(boolean isGroupSession)
Set the value to 'true' indicating that Session is created for Group entityvoid
setInternalUserId(String internalUserId)
Set the internal userId that is associated with User.void
setLastAccess()
Set the last access time in milliseconds.void
setMsg(String message)
Set the message that is associated with the user's last authentication attempt.void
setRole(UserRole role)
Add a single user-role object to the list of UserRoles for User.void
setRoles(List<UserRole> roles)
Add a list of RBAC Roles to this entity that have been activated into Session or are under consideration for activation.void
setUser(User user)
Set a User entity into the Session.void
setUserId(String userId)
Set the userId that is associated with User.void
setWarning(Warning warning)
Add a warning to the collection into Fortress Session object.void
setWarnings(List<Warning> warnings)
Set the warnings on this Session.String
toString()
-
Methods inherited from class org.apache.directory.fortress.core.model.FortEntity
getAdminSession, getContextId, getModCode, getModId, getSequenceId, setAdminSession, setContextId, setModCode, setSequenceId
-
-
-
-
Constructor Detail
-
Session
public Session()
Default constructor for Fortress Session.
-
Session
public Session(User user)
Construct a new Session instance with given User entity.- Parameters:
user
- contains the User attributes that are associated with the Session.
-
Session
public Session(Group group)
Construct a new Session instance with given Group entity.- Parameters:
group
- contains the Group attributes that are associated with the Session.
-
Session
public Session(User user, String sessionId)
Construct a new Session instance with given User entity.- Parameters:
user
- contains the User attributes that are associated with the Session.
-
-
Method Detail
-
isAuthenticated
public boolean isAuthenticated()
A 'true' value here indicates user successfully authenticated with Fortress.- Specified by:
isAuthenticated
in interfacePwMessage
- Returns:
- boolean indicating successful authentication.
-
isGroupSession
public boolean isGroupSession()
A 'true' value here indicates this Session was created for Group entity- Returns:
- boolean indicating if this Session is created for Group
-
copy
public void copy(Session inSession)
Copy values from incoming Session object.- Parameters:
inSession
- contains Session values.
-
getSessionId
public String getSessionId()
Return the unique id that is associated with User. This attribute is generated automatically by Fortress when new Session is created and is not known or changeable by external client.- Returns:
- attribute maps to unique sessionId associated with user's session.
-
getUser
public User getUser()
Return the User entity that is associated with this entity. Sample User data contained in Session object:------------------------------------------
U UID [demoUser4]
U IID [ccbb2929-bf01-413d-b768-529de4d428e5]
U CN [JoeUser4]
U DESC [Demo Test User 4]
U OU [demousrs1]
U SN [User4]
U BDTE [20090101]
U EDTE [20990101]
U BLDT [none]
U ELDT [none]
U DMSK [1234567]
U TO [60]
U REST [false]
U PROP[0]=customerNumber VAL=3213432
USER ROLE[0]:
role name <role1>
begin time <0000>
end time <0000>
begin date <none>
end date <none>
begin lock <none>
end lock <none>
day mask <all>
time out <0>
USER ADMIN ROLE[0]:
admin role name <DemoAdminUsers>
OsU <null>
OsP <null>
begin range <null>
end range <null>
begin time <0000>
end time <0000>
begin date <none>
end date <none>
begin lock <none>
end lock <none>
day mask <all>
time out <0>
- Returns:
- User entity that contains userid, roles and other attributes valid for Session.
-
getGroup
public Group getGroup()
Return the Group entity that is associated with this entity.
-
getUserId
public String getUserId()
Return the userId that is associated with this Session object.
-
getGroupName
public String getGroupName()
Return the group name that is associated with this Session object.- Returns:
- group name maps to the 'name' attribute on the 'ftGroup' object class.
-
getInternalUserId
public String getInternalUserId()
Return the internal userId that is associated with User. This attribute is generated automatically by Fortress when new User is added to directory and is not known or changeable by external client.- Returns:
- attribute maps to 'ftId' in 'ftUserAttrs' object class.
-
getRoles
public List<UserRole> getRoles()
Return the list of User's RBAC Roles that have been activated into User's or Group's session. This list will not include ascendant RBAC roles which may be retrieved usingAccessMgrImpl.authorizedRoles(Session)
.- Returns:
- List containing User's RBAC roles. This list may be empty if User not assigned RBAC.
-
getAdminRoles
public List<UserAdminRole> getAdminRoles()
Return a list of User's Admin Roles that have been activated into User's session. This list will not include ascendant ARBAC roles which may be retrieved usingDelAccessMgr.authorizedAdminRoles(Session)
.- Returns:
- List containing User's Admin roles. This list may be empty if User not assigned Administrative role.
-
getLastAccess
public long getLastAccess()
Returns the last access time in milliseconds. Note that while the unit of time of the return value is a millisecond, the granularity of the value depends on the underlying operating system and may be larger. For example, many operating systems measure time in units of tens of milliseconds.- Returns:
- the difference, measured in milliseconds, between the last access time and midnight, January 1, 1970 UTC.
-
getMsg
public String getMsg()
Gets the message that is associated with the user's last authentication attempt.
-
getGraceLogins
public int getGraceLogins()
Gets the attribute that specifies the number of times an expired password can be used to authenticate before failure.- Specified by:
getGraceLogins
in interfacePwMessage
- Returns:
- The number of logins the user has left before password fails.
-
getExpirationSeconds
public int getExpirationSeconds()
This attribute specifies the maximum number of seconds before a password is due to expire that expiration warning messages will be returned to an authenticating user.If this attribute is not present, or if the value is 0 no warnings will be returned. If not 0, the value must be smaller than the value of the pwdMaxAge attribute.
- Specified by:
getExpirationSeconds
in interfacePwMessage
- Returns:
- attribute is computed based on last time user has changed their password.
-
setAuthenticated
public boolean setAuthenticated()
Get the value that will be set to 'true' if user has successfully authenticated with Fortress for this Session. This value is set by the Fortress DAO object.- Returns:
- value indicates result of authentication.
-
getErrorId
public int getErrorId()
Return the error id that is associated with the password policy checks. a '0' indicates no errors.-
INVALID_PASSWORD_MESSAGE = -10;
-
GOOD = 0;
-
PASSWORD_HAS_EXPIRED = 100;
-
ACCOUNT_LOCKED = 101;
-
CHANGE_AFTER_RESET = 102;
-
NO_MODIFICATIONS = 103;
-
MUST_SUPPLY_OLD = 104;
-
INSUFFICIENT_QUALITY = 105;
-
PASSWORD_TOO_SHORT = 106;
-
PASSWORD_TOO_YOUNG = 107;
-
HISTORY_VIOLATION = 108;
-
ACCOUNT_LOCKED_CONSTRAINTS = 109;
- Specified by:
getErrorId
in interfacePwMessage
- Returns:
- int contains the error id that was generated on the user's last authentication.
-
-
setUser
public void setUser(User user)
Set a User entity into the Session. Sample User data contained in Session object:------------------------------------------
U UID [demoUser4]
U IID [ccbb2929-bf01-413d-b768-529de4d428e5]
U CN [JoeUser4]
U DESC [Demo Test User 4]
U OU [demousrs1]
U SN [User4]
U BDTE [20090101]
U EDTE [20990101]
U BLDT [none]
U ELDT [none]
U DMSK [1234567]
U TO [60]
U REST [false]
U PROP[0]=customerNumber VAL=3213432
USER ROLE[0]:
role name <role1>
begin time <0000>
end time <0000>
begin date <none>
end date <none>
begin lock <none>
end lock <none>
day mask <all>
time out <0>
USER ADMIN ROLE[0]:
admin role name <DemoAdminUsers>
OsU <null>
OsP <null>
begin range <null>
end range <null>
begin time <0000>
end time <0000>
begin date <none>
end date <none>
begin lock <none>
end lock <none>
day mask <all>
time out <0>
- Parameters:
user
- Contains userId, roles and other security attributes used for access control.
-
setGroup
public void setGroup(Group group)
Set a Group entity into the Session.- Parameters:
group
- Contains group name, roles members and other security attributes used for access control.
-
setInternalUserId
public void setInternalUserId(String internalUserId)
Set the internal userId that is associated with User. This method is used by DAO class and is generated automatically by Fortress. Attribute stored in LDAP cannot be changed by external caller. This method can be used by client for search purposes only.- Parameters:
internalUserId
- maps to 'ftId' in 'ftUserAttrs' object class.
-
setAuthenticated
public void setAuthenticated(boolean authenticated)
Set the value to 'true' indicating that user has successfully authenticated with Fortress. This value is set by the Fortress DAO object.- Specified by:
setAuthenticated
in interfacePwMessage
- Parameters:
authenticated
- indicates result of authentication.
-
setGroupSession
public void setGroupSession(boolean isGroupSession)
Set the value to 'true' indicating that Session is created for Group entity- Parameters:
isGroupSession
- indicates if Session is for Group
-
setUserId
public void setUserId(String userId)
Set the userId that is associated with User. UserId is required attribute and must be set on add, update, delete, createSession, authenticate, etc..
-
setGroupName
public void setGroupName(String groupName)
Set the groupName that is associated with Group. GroupName is required attribute and must be set on add, update, delete, createSession, authenticate, etc..- Parameters:
groupName
- maps to 'name' attribute in 'ftGroup' object class.
-
setRoles
public void setRoles(List<UserRole> roles)
Add a list of RBAC Roles to this entity that have been activated into Session or are under consideration for activation.- Parameters:
roles
- List of type UserRole that contains at minimum UserId or GroupName and Role name.
-
setRole
public void setRole(UserRole role)
Add a single user-role object to the list of UserRoles for User.- Parameters:
role
- UserRole contains at least userId and role name (activation) and additional constraints (assignment)
-
setLastAccess
public void setLastAccess()
Set the last access time in milliseconds. Note that while the unit of time of the return value is a millisecond, the granularity of the value depends on the underlying operating system and may be larger. For example, many operating systems measure time in units of tens of milliseconds.
-
setMsg
public void setMsg(String message)
Set the message that is associated with the user's last authentication attempt.
-
setErrorId
public void setErrorId(int error)
Set the error id that is associated with the password policy checks. a '0' indicates no errors.-
INVALID_PASSWORD_MESSAGE = -10;
-
GOOD = 0;
-
PASSWORD_HAS_EXPIRED = 100;
-
ACCOUNT_LOCKED = 101;
-
CHANGE_AFTER_RESET = 102;
-
NO_MODIFICATIONS = 103;
-
MUST_SUPPLY_OLD = 104;
-
INSUFFICIENT_QUALITY = 105;
-
PASSWORD_TOO_SHORT = 106;
-
PASSWORD_TOO_YOUNG = 107;
-
HISTORY_VIOLATION = 108;
-
ACCOUNT_LOCKED_CONSTRAINTS = 109;
- Specified by:
setErrorId
in interfacePwMessage
- Parameters:
error
- contains the error id that was generated on the user's last authentication.
-
-
setGraceLogins
public void setGraceLogins(int grace)
This attribute specifies the number of times an expired password can be used to authenticate.- Specified by:
setGraceLogins
in interfacePwMessage
- Parameters:
grace
- The number of logins the user has left before password fails.
-
setExpirationSeconds
public void setExpirationSeconds(int expire)
This attribute specifies the maximum number of seconds before a password is due to expire that expiration warning messages will be returned to an authenticating user.If this attribute is not present, or if the value is 0 no warnings will be returned. If not 0, the value must be smaller than the value of the pwdMaxAge attribute.
- Specified by:
setExpirationSeconds
in interfacePwMessage
- Parameters:
expire
- attribute is computed based on last time user has changed their password.
-
getWarnings
public List<Warning> getWarnings()
Get the warnings attached to this Session. Used for processing password policy scenarios, e.g.. password expiring message.- Specified by:
getWarnings
in interfacePwMessage
- Returns:
- null value, zero or more objects of type
Warning
will be returned. Note: the caller of this method must ensure a not null condition before use.
-
setWarnings
public void setWarnings(List<Warning> warnings)
Set the warnings on this Session. Used for processing password policy scenarios, e.g.. password expiring message. Not intended for use outside of Fortress packages.- Specified by:
setWarnings
in interfacePwMessage
- Parameters:
warnings
- zero or more objects of type warning may be set on a Fortress session.
-
setWarning
public void setWarning(Warning warning)
Add a warning to the collection into Fortress Session object. Used for processing password policy scenarios, e.g.. password expiring message. Not intended for use outside of Fortress packages.- Specified by:
setWarning
in interfacePwMessage
- Parameters:
warning
- one object of type warning will be added to Fortress session.
-
toString
public String toString()
- Overrides:
toString
in classObject
- See Also:
Object.toString()
-
-