com.ibm.dse.applsrv.aa
Class SecurityAccessService

java.lang.Object
  |
  +--com.ibm.dse.base.DSENotifier
        |
        +--com.ibm.dse.base.Service
              |
              +--com.ibm.dse.applsrv.aa.SecurityAccessService

public class SecurityAccessService
extends Service
implements SecurityConstants, SecurityServiceConstants

This class implements the Security Access Service.

See Also:
Serialized Form

Fields inherited from class com.ibm.dse.base.Service
externalizer
 
Fields inherited from class com.ibm.dse.base.DSENotifier
handlersList, name
 
Fields inherited from interface com.ibm.dse.applsrv.aa.SecurityConstants
ACTIVE_CONTEXTS, ALL_CONTEXTS, AUDIT_FILE, CBTF_TRACING, CONFIGURATION, CONFIGURATIONS_DATABASE, CONTEXT_ACTIVE, CONTEXT_DATABASE, CONTEXT_INACTIVE, CONTEXT_INVALID, CONTEXTS, CONTROLLER, DEFAULT_CONFIGURATIONS_DATABASE, DEFAULT_CONTEXT_DATABASE, DEFAULT_GROUPS_DATABASE, DEFAULT_RIGHTS_DATABASE, DEFAULT_ROLES_DATABASE, DEFAULT_SERVICES_DATABASE, DEFAULT_USER_DATABASE, ENCRYPTION, GLOBAL_CONTEXTS, GROUPS, GROUPS_DATABASE, INACTIVE_CONTEXTS, JDBC_DATABASE, JDBC_DRIVER, JDBC_MAX_DATA, JDBC_MAX_GROUPS, JDBC_MAX_HANDLER, JDBC_MAX_ID, JDBC_MAX_PASSWORD, JDBC_MAX_RIGHT_TIMES, JDBC_MAX_RIGHTS, JDBC_MAX_ROLE_TIMES, JDBC_MAX_ROLES, JDBC_MAX_USER_ID, JDBC_MAX_USERS, JDBC_PASSWORD, JDBC_URL, JDBC_USER_ID, LIMIT_DATABASE, LIMITS, LOGGING_HANDLER, LOGGING_OPTIONS, PERSIST_CONTEXTS, PERSISTENCE, QUERY_PASSWORDS, RIGHTS, RIGHTS_DATABASE, ROLES, ROLES_DATABASE, SECURITY_DIRECTORY, SECURITY_MANAGER, SERVICES, SERVICES_DATABASE, SPECIFIC_CONTEXTS, TEST_ADD_RIGHT_TO_USER, TEST_ADD_RIGHTS_TO_USER, TEST_AUDIT, TEST_CONTEXT_IDS, TEST_DISABLE_PERSISTENCE, TEST_EXPORT, TEST_GET_CONFIGURATION, TEST_GET_CONTEXTS, TEST_GET_GROUPS, TEST_GET_PASSWORD_ACCESS, TEST_GET_PERSISTENCE, TEST_GET_RIGHTS, TEST_GET_ROLES, TEST_GET_SERVICES, TEST_GET_UNIQUE_LOGON, TEST_GET_USERS, TEST_GROUP_IDS, TEST_IMPORT, TEST_IMPORT2, TEST_LOAD_CONFIGURATIONS, TEST_LOAD_CONTEXTS, TEST_LOAD_GROUPS, TEST_LOAD_RIGHTS, TEST_LOAD_ROLES, TEST_LOAD_SERVICES, TEST_LOAD_USERS, TEST_PERSISTENCE, TEST_QUERY_SM, TEST_REMOVE_ALL_RIGHTS_FROM_USER, TEST_RESET, TEST_RIGHT_IDS, TEST_ROLE_IDS, TEST_SAVE, TEST_SERVICE_IDS, TEST_SET_CONFIGURATION, TEST_SET_PASSWORD_ACCESS, TEST_SET_PERSISTENCE, TEST_SET_UNIQUE_LOGON, TEST_TEST1, TEST_TEST2, TEST_TEST3, TEST_TRACE, TEST_USER_IDS, TRACE_EXCEPTIONS, TRACE_FILE, TRACE_LOGGER, UNIQUE_LOGONS, USE_LIMITS, USER_DATABASE, USERS
 
Fields inherited from interface com.ibm.dse.applsrv.aa.SecurityServiceConstants
SEC_ACCESS_SERVICE1, SEC_ACCESS_SERVICE2, SEC_ADMINISTRATION_SERVICE1, SEC_ADMINISTRATION_SERVICE2, SEC_AUTHORIZATION_OP, SEC_DSE_INI, SEC_ERROR_MSG, SEC_LOGOFF_OP, SEC_LOGON_OP, SEC_NULL_ERR_MSG, SEC_OP_PASSWORD, SEC_OP_STEP, SEC_OP_USER_ID, SEC_RETURN_CODE, SEC_RETURN_CONFIRM, SEC_RETURN_ERR, SEC_RETURN_MESSAGE, SEC_RETURN_OK, SEC_RETURN_STATUS, SEC_SESSION_ID, SEC_SETTINGS_TYPE, SEC_SIGNOFF_OP, SEC_SIGNON_OP, SEC_SUCCESS_MSG, SEC_TID, SEC_USER_CONTEXT, SEC_USER_CONTEXT_DB_PASSWORD, SEC_USER_CONTEXT_DB_USER_ID, SEC_USER_CONTEXT_LOGON_ID, SEC_USER_CONTEXT_STATUS, SEC_USER_CONTEXT_USER_ID, SEC_USER_PARENT_CONTEXT
 
Constructor Summary
SecurityAccessService()
          SecurityService constructor.
SecurityAccessService(java.lang.String aName)
          Constructs a Security Service instance with a name attribute set to aName.
 
Method Summary
 boolean canLogOn(java.lang.String user, java.lang.String password)
          Check validity of user id and password.
 boolean checkAccess(java.lang.String nameOfService, int id)
          Check the accessability of a service by the current user.
static void debug()
          Enable debugging.
static void dump(java.lang.Throwable e, java.lang.String s, boolean raise)
          Dump a (nested) exception to the display.
 void forcedSignOff(int signoffContext, int callerContext)
          This method disables the specified context.
 void forcedSignOn(java.lang.String userId, java.lang.String password, int id)
          This method attempts to signon onto another user's context - raising an exception if it fails.
 java.lang.String[] getActiveUsersFromGroup(java.lang.String aGroup, int id)
          Return the list of active users that are members of the specified group.
 java.lang.String[] getActiveUsersWithRight(java.lang.String aRight, int id)
          Return the list of active users that are currently logged on and have the specified right.
 java.lang.String[] getActiveUsersWithRole(java.lang.String aRole, int id)
          Return the list of active users that are currently logged on and have the specified role.
 Dictionary getContainerLmt(SecurityLimit aLimit)
          Returns a copy of the container limit information of aLimit
 Dictionary getContainerLmt(java.lang.String userid, java.lang.String curCode, java.lang.String containerType, java.lang.String containerSubType)
          Returns a copy of the container limit information of the limit that matches the parameters request
 Dictionary getDataFromLimit(SecurityLimit aLimit)
          Returns the data item from the specified limit.
 java.lang.String getDataFromLimit(SecurityLimit aLimit, java.lang.String key)
          A security manager must define a method to return the named data item from the specified user.
 java.lang.String getDataFromUser(java.lang.String user, java.lang.String key, int id)
          Return the value associated with the specified key for the specified user.
 Array getLimitsOfUser(java.lang.String userid)
          Returns all limits of the specified user.
 Dictionary getTransactionLmt(SecurityLimit aLimit)
          Returns a copy of the transaction limit information of aLimit
 Dictionary getTransactionLmt(java.lang.String userid, java.lang.String curCode, java.lang.String transType)
          Returns a copy of the transaction limit information of the limit that matches the parameters request
 int getUserStatus(int id)
          Return the status of the specified context.
 java.lang.String getValue(java.lang.String key, int id)
          Return the value associated with the specified key for this user.
 java.lang.Object initializeFrom(Tag aTag)
          Actualizes all attributes that are defined in SGML file.
 void logOff(int id)
          Log off the specified user.
 void logOff(java.lang.String userid, java.lang.String password, int options, int[] contexts)
          Logoff the specified contexts of the specified user.
 int logOn(java.lang.String user, java.lang.String password)
          Perform a logon.
 int logOn(java.lang.String userId, java.lang.String password, java.lang.Object object)
          Perform a log on.
 void signOff(int id)
          This method disables the user's current context.
 void signOn(java.lang.String userId, java.lang.String password)
          This method attempts to signon the user - raising an exception if it fails.
 void signOn(java.lang.String userId, java.lang.String password, int id)
          This method attempts to signon the user - raising an exception if it fails.
 java.lang.String toString()
          Returns the SGML representation.
 
Methods inherited from class com.ibm.dse.base.Service
externalizer, getExternalizer, getTagName, readExternal, readExternal, readObject, removeExternal, setExternalizer, terminate, toStrings, toTags, writeExternal, writeExternal
 
Methods inherited from class com.ibm.dse.base.DSENotifier
addHandler, getHandlersList, getName, removeHandler, setName, signalEvent, signalEvent, signalEvent
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

SecurityAccessService

public SecurityAccessService()
SecurityService constructor.

SecurityAccessService

public SecurityAccessService(java.lang.String aName)
                      throws java.io.IOException
Constructs a Security Service instance with a name attribute set to aName.
Parameters:
aName - String - the name attribute.
Method Detail

canLogOn

public boolean canLogOn(java.lang.String user,
                        java.lang.String password)
                 throws DSESecurityException
Check validity of user id and password.
Parameters:
user - String - the user id.
password - String - the password.
Returns:
boolean - true if user id & password are valid else false.
Throws:
DSESecurityException - - error in the request.

checkAccess

public boolean checkAccess(java.lang.String nameOfService,
                           int id)
                    throws DSESecurityException
Check the accessability of a service by the current user.
Parameters:
nameOfService - String - the name of the service to check.
id - int - the context id of the requestor.
Returns:
boolean - return true if access is allowed to the service else return false.
Throws:
DSESecurityException - - error in the request.

debug

public static void debug()
Enable debugging.

dump

public static void dump(java.lang.Throwable e,
                        java.lang.String s,
                        boolean raise)
                 throws DSESecurityException
Dump a (nested) exception to the display.
Parameters:
e - Throwable - the exception to dump.
s - String - the banner.
raise - boolean - if true then raise the exception.
Throws:
DSESecurityException - - the raised exception.

forcedSignOff

public void forcedSignOff(int signoffContext,
                          int callerContext)
                   throws DSESecurityException
This method disables the specified context.
Parameters:
signoffContext - int - the id of the context to sign off.
callerContext - int - the id of the context of the caller.
Throws:
DSESecurityException - - error in the request.

forcedSignOn

public void forcedSignOn(java.lang.String userId,
                         java.lang.String password,
                         int id)
                  throws DSESecurityException
This method attempts to signon onto another user's context - raising an exception if it fails.
Parameters:
userId - String - your user id.
password - String - your password.
id - int - the context id of the other user.
Throws:
DSESecurityException - - error in the request.

getActiveUsersFromGroup

public java.lang.String[] getActiveUsersFromGroup(java.lang.String aGroup,
                                                  int id)
                                           throws DSESecurityException
Return the list of active users that are members of the specified group.
Parameters:
aGroup - String - the name of the group.
id - int - the context id of the requestor.
Returns:
String[] - the list of user ids satisfying the specified conditions.
Throws:
DSESecurityException - - error in the request.

getActiveUsersWithRight

public java.lang.String[] getActiveUsersWithRight(java.lang.String aRight,
                                                  int id)
                                           throws DSESecurityException
Return the list of active users that are currently logged on and have the specified right.
Parameters:
aRight - String - the name of the right.
id - int - the context id of the requestor.
Returns:
String[] - the list of user ids satisfying the specified conditions.
Throws:
DSESecurityException - - error in the request.

getActiveUsersWithRole

public java.lang.String[] getActiveUsersWithRole(java.lang.String aRole,
                                                 int id)
                                          throws DSESecurityException
Return the list of active users that are currently logged on and have the specified role.
Parameters:
aRole - String - the name of the role.
id - int - the context id of the requestor.
Returns:
String[] - the list of user ids satisfying the specified conditions.
Throws:
DSESecurityException - - error in the request.

getContainerLmt

public Dictionary getContainerLmt(SecurityLimit aLimit)
                           throws DSESecurityException
Returns a copy of the container limit information of aLimit
Parameters:
aLimit - SecurityLimit - The limit to take container information from.
Returns:
com.ibm.dse.applsrv.aa.Dictionary - a copy of the container limit information
Throws:
DSESecurityException - - thrown when a problem occurs while retrieving limit information

getContainerLmt

public Dictionary getContainerLmt(java.lang.String userid,
                                  java.lang.String curCode,
                                  java.lang.String containerType,
                                  java.lang.String containerSubType)
                           throws DSESecurityException
Returns a copy of the container limit information of the limit that matches the parameters request
Parameters:
userid - java.lang.String - The user the limit belongs to.
curCode - java.lang.String - The currency Code of the limit.
containerType - java.lang.String - The containerType of the limit
containerSubType - java.lang.String - The containerSubType of the limit
Returns:
com.ibm.dse.applsrv.aa.Dictionary - a copy of the container limit information
Throws:
DSESecurityException - - thrown when a problem occurs while retrieving limit information

getDataFromLimit

public Dictionary getDataFromLimit(SecurityLimit aLimit)
                            throws DSESecurityException
Returns the data item from the specified limit.
Parameters:
aLimit - SecurityLimit- the limit to retrieve information from.
Returns:
Dictionary - the obtained data.
Throws:
DSESecurityException - - error in the request.

getDataFromLimit

public java.lang.String getDataFromLimit(SecurityLimit aLimit,
                                         java.lang.String key)
                                  throws DSESecurityException
A security manager must define a method to return the named data item from the specified user.
Parameters:
aLimit - SecurityLimit - the limit to retrieve information from .
dataName - String - the name of the data item.
Returns:
String - the requested data.
Throws:
DSESecurityException - - error in the request.

getDataFromUser

public java.lang.String getDataFromUser(java.lang.String user,
                                        java.lang.String key,
                                        int id)
                                 throws DSESecurityException
Return the value associated with the specified key for the specified user.
Parameters:
user - String - the user id.
key - String - the key to look up.
id - int - the context id of the caller.
Returns:
String - the associated value or null if none.
Throws:
DSESecurityException - - error in the request.

getLimitsOfUser

public Array getLimitsOfUser(java.lang.String userid)
                      throws DSESecurityException
Returns all limits of the specified user.
Parameters:
userid - java.lang.String - the userid the limits belong to
Returns:
Array - the Array of limits belonging to userid
Throws:
DSESecurityException - - error in the request.

getTransactionLmt

public Dictionary getTransactionLmt(SecurityLimit aLimit)
                             throws DSESecurityException
Returns a copy of the transaction limit information of aLimit
Parameters:
aLimit - SecurityLimit - The limit to take transaction information from.
Returns:
com.ibm.dse.applsrv.aa.Dictionary - a copy of the transaction limit information
Throws:
DSESecurityException - - thrown when a problem occurs while retrieving limit information

getTransactionLmt

public Dictionary getTransactionLmt(java.lang.String userid,
                                    java.lang.String curCode,
                                    java.lang.String transType)
                             throws DSESecurityException
Returns a copy of the transaction limit information of the limit that matches the parameters request
Parameters:
userid - java.lang.String - The user the limit belongs to.
curCode - java.lang.String - The currency Code of the limit.
transactionType - java.lang.String - The transactionType of the limit
Returns:
com.ibm.dse.applsrv.aa.Dictionary - a copy of the transaction limit information
Throws:
DSESecurityException - - thrown when a problem occurs while retrieving limit information

getUserStatus

public int getUserStatus(int id)
                  throws DSESecurityException
Return the status of the specified context.
Parameters:
id - int - the context id to check.
Returns:
int - return CONTEXT_ACTIVE, CONTEXT_INACTIVE or CONTEXT_INVALID if the context is active, inactive or invalid respectively.
Throws:
DSESecurityException - - error in the request.

getValue

public java.lang.String getValue(java.lang.String key,
                                 int id)
                          throws DSESecurityException
Return the value associated with the specified key for this user.
Parameters:
key - String - the key to look up.
id - int - the context id to check.
Returns:
String - the associated value or null if none.
Throws:
DSESecurityException - - error in the request.

initializeFrom

public java.lang.Object initializeFrom(Tag aTag)
                                throws DSESecurityException
Actualizes all attributes that are defined in SGML file.
Overrides:
initializeFrom in class Service
Parameters:
aTag - com.ibm.dse.base.Tag
Returns:
Object
Throws:
DSESecurityException - - initialization error.

logOff

public void logOff(int id)
            throws DSESecurityException
Log off the specified user.
Parameters:
id - int - the context id of the requestor.
Throws:
DSESecurityException - - error in the request.

logOff

public void logOff(java.lang.String userid,
                   java.lang.String password,
                   int options,
                   int[] contexts)
            throws DSESecurityException
Logoff the specified contexts of the specified user. This operation is NOT atomic!
Parameters:
userid - String - the user to be affected.
password - String - the password of the specified user.
options - int - the type of contexts to logoff.
contexts - int[] - the list of specified contexts to logoff.
Throws:
DSESecurityException - - error in the request.

logOn

public int logOn(java.lang.String user,
                 java.lang.String password)
          throws DSESecurityException
Perform a logon.
Parameters:
user - String - the name of the user to logon.
password - String - the password.
Returns:
int - the new context id.
Throws:
DSESecurityException - - error in the request.

logOn

public int logOn(java.lang.String userId,
                 java.lang.String password,
                 java.lang.Object object)
          throws DSESecurityException
Perform a log on.
Parameters:
userId - String - the name of the user to log on.
password - String - the password.
object - Object - an arbitrary object which is passed on to the role handlers and interpreted there by custom code. The default code ignores it.
Returns:
int - the new context id.
Throws:
DSESecurityException - - error in the request.

signOff

public void signOff(int id)
             throws DSESecurityException
This method disables the user's current context.
Parameters:
id - int - the context id of the requestor.
Throws:
DSESecurityException - - error in the request.

signOn

public void signOn(java.lang.String userId,
                   java.lang.String password)
            throws DSESecurityException
This method attempts to signon the user - raising an exception if it fails.
Parameters:
userId - String - the user id.
password - String - the password.
Throws:
DSESecurityException - - error in the request.

signOn

public void signOn(java.lang.String userId,
                   java.lang.String password,
                   int id)
            throws DSESecurityException
This method attempts to signon the user - raising an exception if it fails.
Parameters:
userId - String - the user id.
password - String - the password.
id - int - the id of the context to signon.
Throws:
DSESecurityException - - error in the request.

toString

public java.lang.String toString()
Returns the SGML representation.
Overrides:
toString in class Service
Returns:
String - the SGML representation.