com.adobe.livecycle.usermanager.client
Class AuthenticationManagerServiceClient

java.lang.Object
  ManagerServiceClient
      com.adobe.livecycle.usermanager.client.AuthenticationManagerServiceClient

All Implemented Interfaces:

AuthenticationManager

public class AuthenticationManagerServiceClient
extends ManagerServiceClient
implements AuthenticationManager

This is the client implementation of the AuthenticationManager class.

See Also:

AuthenticationManager

Constructor Summary

AuthenticationManagerServiceClient(ServiceClientFactory serviceClientFactory)
Authentication manager service client constructor.

Method Summary

AuthResult	authenticate(byte[] ssoToken, boolean createAssertion) This is the primary method for authenticating a user from the single sign-on (SSO) servlet.
AuthResult	authenticate(org.w3c.dom.Element wssecHeaderElement) This method authenticates a WS-Security header element in a SOAP request.
AuthResult	authenticate(org.w3c.dom.Element wssecHeaderElement, java.util.List domainList) This method authenticates a WS-Security header element in a SOAP request.
AuthResult	authenticate(HttpRequestToken requestToken) This method authenticates a WS-Security header in a SOAP request.
AuthResult	authenticate(java.lang.String wssecHeader) This method authenticates a WS-Security header in a SOAP request.
AuthResult	authenticate(java.lang.String username, byte[] password) This is the primary method for authenticating a user.
AuthResult	authenticate(java.lang.String username, byte[] password, java.util.List domainList) This is the primary method for authenticating a user.
AuthResult	authenticate(java.lang.String wssecHeader, java.util.List domainList) This method authenticates a WS-Security header in a SOAP request.
AuthResult	authenticate(java.lang.String unsignedData, java.lang.String signatureValue) This method is for certificate-based authentication.
AuthResult	authenticate(java.lang.String unsignedData, java.lang.String signatureValue, java.util.List domainList) This method is for certificate-based authentication.
AuthResult	getAuthResultOnBehalfOfUser(java.lang.String canonicalName, java.lang.String domainName, Context caller) This method retrieves an authentication result on behalf of a user.
java.util.List	getAuthSchemes() This method retrieves a List of all the authentication schemes.
SSOToken	getSSOToken(Context context) Retrieves the single sign-on (SSO) token used in the SSO servlet.
byte[]	getSSOTokenBytes(Context context) Retrieves a byte array representing the single sign-on (SSO) token used in the SSO servlet.
AuthResult	renewAssertion(java.lang.String assertionId, Context context) Renews the SAML assertion referred by the given assertionId.
Context	validateAssertion(Context ctx) This method creates and returns a Context after validating the assertion contained in the context.
AuthResult	validateAssertion(java.lang.String assertion) This method creates and returns an authentication result after validating the assertion.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthenticationManagerServiceClient

public AuthenticationManagerServiceClient(ServiceClientFactory serviceClientFactory)

Authentication manager service client constructor.

Parameters:

serviceClientFactory - The service client factory.

Method Detail

authenticate

public AuthResult authenticate(java.lang.String username,
                               byte[] password,
                               java.util.List domainList)
                        throws UMException

This is the primary method for authenticating a user. It returns an authentication result indicating whether authentication was successful. That result can then be used in the Context.

Specified by:

authenticate in interface AuthenticationManager

Parameters:

username - The user name.

password - The password.

domainList - List of domains against which user should be authenticated

Returns:

The authentication result.

Throws:

UMException

See Also:

Context

authenticate

public AuthResult authenticate(java.lang.String username,
                               byte[] password)
                        throws UMException

This is the primary method for authenticating a user. It returns an authentication result indicating whether authentication was successful. That result can then be used in the Context.

Specified by:

authenticate in interface AuthenticationManager

Parameters:

username - The user name.

password - The password.

Returns:

The authentication result.

Throws:

UMException

See Also:

Context

authenticate

public AuthResult authenticate(byte[] ssoToken,
                               boolean createAssertion)
                        throws UMException

This is the primary method for authenticating a user from the single sign-on (SSO) servlet.

Specified by:

authenticate in interface AuthenticationManager

Parameters:

ssoToken - The SSO token.

createAssertion - Used to determine whether an assertion is created.

Returns:

The authentication result.

Throws:

UMException

authenticate

public AuthResult authenticate(java.lang.String wssecHeader,
                               java.util.List domainList)
                        throws UMException

This method authenticates a WS-Security header in a SOAP request. It returns an authentication result indicating whether authentication was successful. That result can then be used in the Context.

Specified by:

authenticate in interface AuthenticationManager

Parameters:

wssecHeader - The WS-Security header.

domainList - List of domains against which user should be authenticated

Returns:

The authentication result.

Throws:

UMException

See Also:

Context

authenticate

public AuthResult authenticate(java.lang.String wssecHeader)
                        throws UMException

This method authenticates a WS-Security header in a SOAP request. It returns an authentication result indicating whether authentication was successful. That result can then be used in the Context.

Specified by:

authenticate in interface AuthenticationManager

Parameters:

wssecHeader - The WS-Security header.

Returns:

The authentication result.

Throws:

UMException

See Also:

Context

getAuthResultOnBehalfOfUser

public AuthResult getAuthResultOnBehalfOfUser(java.lang.String canonicalName,
                                              java.lang.String domainName,
                                              Context caller)
                                       throws UMException

This method retrieves an authentication result on behalf of a user. This method can be used to impersonate a user (typically a system user) who has higher privilege.

Specified by:

getAuthResultOnBehalfOfUser in interface AuthenticationManager

Parameters:

canonicalName - The canonical name of the user.

domainName - The domain name to which the user belongs. This parameter is case sensitive. For example, the domain names "adobe" and "Adobe" would be treated differently.

caller - The context of the caller.

Returns:

The authentication result.

Throws:

UMException

getSSOToken

public SSOToken getSSOToken(Context context)
                     throws UMException

Retrieves the single sign-on (SSO) token used in the SSO servlet.

Specified by:

getSSOToken in interface AuthenticationManager

Parameters:

context - The context.

Returns:

The SSO token.

Throws:

UMException

getSSOTokenBytes

public byte[] getSSOTokenBytes(Context context)
                        throws UMException

Retrieves a byte array representing the single sign-on (SSO) token used in the SSO servlet.

Specified by:

getSSOTokenBytes in interface AuthenticationManager

Parameters:

context - The context.

Returns:

A byte array containing the SSO token information.

Throws:

UMException

authenticate

public AuthResult authenticate(org.w3c.dom.Element wssecHeaderElement,
                               java.util.List domainList)
                        throws UMException

This method authenticates a WS-Security header element in a SOAP request. It returns an authentication result indicating whether authentication was successful. That result can then be used in the Context.

Specified by:

authenticate in interface AuthenticationManager

Parameters:

wssecHeaderElement - The WS-Security header element.

domainList - List of domains against which user should be authenticated

Returns:

The authentication result.

Throws:

UMException

See Also:

Context

authenticate

public AuthResult authenticate(org.w3c.dom.Element wssecHeaderElement)
                        throws UMException

This method authenticates a WS-Security header element in a SOAP request. It returns an authentication result indicating whether authentication was successful. That result can then be used in the Context.

Specified by:

authenticate in interface AuthenticationManager

Parameters:

wssecHeaderElement - The WS-Security header element.

Returns:

The authentication result.

Throws:

UMException

See Also:

Context

authenticate

public AuthResult authenticate(java.lang.String unsignedData,
                               java.lang.String signatureValue,
                               java.util.List domainList)
                        throws UMException

This method is for certificate-based authentication. It returns an authentication result indicating whether authentication was successful. That result can then be used in the Context.

Specified by:

authenticate in interface AuthenticationManager

Parameters:

unsignedData - The unsigned data used in certificate-based authentication.

signatureValue - A base64-encoded, PKCS7-Detached digital signature.

domainList - List of domains against which user should be authenticated

Returns:

The authentication result.

Throws:

UMException

See Also:

Context

authenticate

public AuthResult authenticate(java.lang.String unsignedData,
                               java.lang.String signatureValue)
                        throws UMException

This method is for certificate-based authentication. It returns an authentication result indicating whether authentication was successful. That result can then be used in the Context.

Specified by:

authenticate in interface AuthenticationManager

Parameters:

unsignedData - The unsigned data used in certificate-based authentication.

signatureValue - A base64-encoded, PKCS7-Detached digital signature.

Returns:

The authentication result.

Throws:

UMException

See Also:

Context

getAuthSchemes

public java.util.List getAuthSchemes()
                              throws UMException

This method retrieves a List of all the authentication schemes.

Specified by:

getAuthSchemes in interface AuthenticationManager

Returns:

A List containing all the authentication schemes.

Throws:

UMException

validateAssertion

public AuthResult validateAssertion(java.lang.String assertion)
                             throws UMException

This method creates and returns an authentication result after validating the assertion.

Specified by:

validateAssertion in interface AuthenticationManager

Parameters:

assertion - The assertion.

Returns:

The authentication result.

Throws:

UMException

validateAssertion

public Context validateAssertion(Context ctx)
                          throws UMException

This method creates and returns a Context after validating the assertion contained in the context. Returns the same context back if it is localOnly

Specified by:

validateAssertion in interface AuthenticationManager

Parameters:

ctx - The context.

Returns:

The validated context.

Throws:

UMException

authenticate

public AuthResult authenticate(HttpRequestToken requestToken)
                        throws UMException

This method authenticates a WS-Security header in a SOAP request. It returns an authentication result indicating whether authentication was successful. That result can then be used in the Context.

Specified by:

authenticate in interface AuthenticationManager

Parameters:

requestToken - The WS-Security header.

Returns:

The authentication result.

Throws:

UMException

See Also:

Context

renewAssertion

public AuthResult renewAssertion(java.lang.String assertionId,
                                 Context context)
                          throws UMException

Renews the SAML assertion referred by the given assertionId. The assertion would be renewed only if following conditions are met

• Renewal should be done before the SAML assertion gets expired
• The api for renewal should pass a Context with it. The Context user must have UMConstants.FGACConstants.PERM_USER_MANAGER_RENEW_ASSERTION permission
• The renewal would be allowed for only certain number of times(which is configurable) only. The default value is set to 10. If the renewal count exceed this limit then a UMException exception would be thrown with error code UMConstants.ErrorCodes.E_ASSERTION_RENEWAL_COUNT_EXCEEDED

The assertionId is the value of the cookie set by the UM during the authentication process. The cookie name is specified by UMConstants.SSOConstants.LIVECYCLE_AUTH_TOKEN. The value can also be obtained using HttpRequestToken. For example

        String assertionId = new HttpRequestToken(servletRequest).getAssertionId();
 

Here the servletRequest is an object of type HttpServletRequest

Specified by:

renewAssertion in interface AuthenticationManager

Parameters:

assertionId - - The id of the assertion for the which renewal is required

context - - Context of the user with specified permission as mentioned above.This context must be a valid context.

Returns:

an AuthResult containing the renewed assertion

Throws:

UMException - if the assertion is already expired or the renewal count has exceeded the specified limit