de.aristaflow.adept2.base.service

Class AbstractAuthenticatedService

java.lang.Object

de.aristaflow.adept2.base.service.AbstractADEPT2Service

de.aristaflow.adept2.base.service.AbstractAuthenticatedService

All Implemented Interfaces:

ADEPT2Service, AuthenticatingService, LogService, ServiceThreadHandling

Direct Known Subclasses:

AbstractConfigurableAuthenticatedService, AbstractRegistry, DefaultProcessCheckService, EmbdServContHTTPService, MultiplexingClientService

@ConfigurationDescription(properties={@Property(name="ServiceAuthUserName",defaultValue="${arflow:confVar.SystemUserName}",description="The user name with which this service authenticates at the global security manager."),,,,,,,})
public class AbstractAuthenticatedService
extends AbstractADEPT2Service
implements AuthenticatingService

An abstract class providing the basic means for authenticating and managing a SessionFactory as well as some session management (token verification and alike).

Nested Class Summary

Nested classes/interfaces inherited from class de.aristaflow.adept2.base.service.AbstractADEPT2Service

AbstractADEPT2Service.ActiveSessions

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	CFG_EARLY_SERVICEAUTH_ORGPOSID The configuration key for the organisational position ID of this service in the early phase (before the global security manager is available).
static java.lang.String	CFG_EARLY_SERVICEAUTH_ORGPOSNAME The configuration key for the organisational position of this service in the early phase (before the global security manager is available).
static java.lang.String	CFG_EARLY_SERVICEAUTH_PASSWORD The configuration key for the password of this service in the early phase (before the global security manager is available.
static java.lang.String	CFG_EARLY_SERVICEAUTH_USERNAME The configuration key for the user name of this service in the early phase (before the global security manager is available.
static java.lang.String	CFG_SERVICEAUTH_ORGPOSID The configuration key for the organisational position ID of this service.
static java.lang.String	CFG_SERVICEAUTH_ORGPOSNAME The configuration key for the organisational position of this service identified by its name.
static java.lang.String	CFG_SERVICEAUTH_PASSWORD The configuration key for the password of this service.
static java.lang.String	CFG_SERVICEAUTH_USERNAME The configuration key for the user name of this service.

Fields inherited from class de.aristaflow.adept2.base.service.AbstractADEPT2Service

CONF_CSV_LOGGING, configuration, logger, registry, runtimeRequiredServices, startupRequiredServices

Constructor Summary

Constructors

Constructor and Description
AbstractAuthenticatedService(Configuration conf, Registry registry, java.lang.Class<?> cls) Creates an ADEPT2 service with the designated registry, a logger for this and assuming that there are no other services required except the org model manager for non-early services.
AbstractAuthenticatedService(Configuration conf, Registry registry, java.lang.String[] startupRequiredServices, java.lang.String[] runtimeRequiredServices, java.lang.Class<?> cls) Creates an ADEPT2 service with the designated registry, a logger for this and the designated required services.

Method Summary

Modifier and Type	Method and Description
void	_sessionActive(SessionToken session, java.util.UUID templID, java.util.UUID baseTemplID, java.util.UUID embdTemplID, java.util.UUID instID, EBPInstanceReference ebpIR, int addStackElems) Registers the designated session as active, tracks the current thread and registers the log context (if CSV-logging is configured).
protected void	authenticateService() (Re-)Authenticates this service using the security manager provided by getSecurityManager().
protected void	awaitActiveSessions(boolean emergency) Awaits the termination of active sessions.
SessionToken	createChildSession(SessionToken parentSession) Creates a new child session token to the given session using the session factory assigned to this service.
SessionToken	createSession() Creates a new session token using the session factory assigned to this service.
QualifiedAgent	getAgent(SessionToken session) Gets the agent of the designated session token.
protected SecurityManager	getSecurityManager() Returns the security manager that will be used for authentication.
SessionFactory	getSessionFactory() Returns the session factory assigned to this service.
protected static java.lang.String[]	getStartupRequired(Registry registry, java.lang.String[] startupRequiredServices) Gets the startup required services of this service.
QualifiedAgent	getTopLevelAgent(SessionToken session) Gets the agent of the top-level session token of the designated session token.
Pair<QualifiedAgent,QualifiedAgent>	getUserCredentials(SessionToken session) Gets the agent of the top-level session token and the agent of the designated session token if a session factory is available.
void	globalSecurityManagerAvailable() Notifies this service that the global security manager is available.
void	init(java.net.URI[] localExportedUris, java.net.URI[] globalExportedUris) Copies the designated URI array and stores it internally and authenticates to the system and sets the session factory.
protected static boolean	isEarlyService(Registry registry) Gets whether this service is an early service and is started before the global security manager.
boolean	sessionHasCapability(SessionToken session, java.lang.String capability) Returns whether the given session has the specified capability.
void	shutdown(boolean emergency) Awaits the termination of the active sessions and nulls the session factory.

Methods inherited from class de.aristaflow.adept2.base.service.AbstractADEPT2Service

_sessionFinished, activeOrInvalidServiceStateException, changeLogContext, changeLogContext, changeLogContext, consoleLog, csvLoggingEnabled, getClassSpecificJulLogger, getDependencyRegistry, getLocalUris, getLogger, getRelease, getRuntimeRequiredServices, getServiceInstanceName, getStartupRequiredServices, getURIs, isActive, isSessionActive, isShutdown, logMethodEntry, logMethodEntry, logMethodEntry, logMethodExit, logMethodExit, ping, preShutdown, privilegeSession, privilegeThread, revertLogContextChanges, sessionActive, sessionActive, sessionActive, sessionActive, sessionFinished, sessionFinished, signalShutdown, signalStart, start, unprivilegeThread

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CFG_SERVICEAUTH_USERNAME

public static final java.lang.String CFG_SERVICEAUTH_USERNAME

The configuration key for the user name of this service.

See Also:

Constant Field Values

CFG_SERVICEAUTH_ORGPOSID

public static final java.lang.String CFG_SERVICEAUTH_ORGPOSID

The configuration key for the organisational position ID of this service.

See Also:

Constant Field Values

CFG_SERVICEAUTH_ORGPOSNAME

public static final java.lang.String CFG_SERVICEAUTH_ORGPOSNAME

The configuration key for the organisational position of this service identified by its name.

See Also:

Constant Field Values

CFG_SERVICEAUTH_PASSWORD

public static final java.lang.String CFG_SERVICEAUTH_PASSWORD

The configuration key for the password of this service.

See Also:

Constant Field Values

CFG_EARLY_SERVICEAUTH_USERNAME

public static final java.lang.String CFG_EARLY_SERVICEAUTH_USERNAME

The configuration key for the user name of this service in the early phase (before the global security manager is available.

See Also:

Constant Field Values

CFG_EARLY_SERVICEAUTH_ORGPOSID

public static final java.lang.String CFG_EARLY_SERVICEAUTH_ORGPOSID

The configuration key for the organisational position ID of this service in the early phase (before the global security manager is available).

See Also:

Constant Field Values

CFG_EARLY_SERVICEAUTH_ORGPOSNAME

public static final java.lang.String CFG_EARLY_SERVICEAUTH_ORGPOSNAME

The configuration key for the organisational position of this service in the early phase (before the global security manager is available). The organisational position is identified by its name.

See Also:

Constant Field Values

CFG_EARLY_SERVICEAUTH_PASSWORD

public static final java.lang.String CFG_EARLY_SERVICEAUTH_PASSWORD

The configuration key for the password of this service in the early phase (before the global security manager is available.

See Also:

Constant Field Values

Constructor Detail

AbstractAuthenticatedService

public AbstractAuthenticatedService(Configuration conf,
                                    Registry registry,
                                    java.lang.Class<?> cls)
                             throws ConfigurationException

Creates an ADEPT2 service with the designated registry, a logger for this and assuming that there are no other services required except the org model manager for non-early services.

Parameters:

conf - The configuration providing the logon credentials for this service.

registry - The registry to be used for accessing services by this service. This is provided as parameter to the constructor when creating a service.

cls - The class specifying the name of the logger of this service.

Throws:

ConfigurationException - If the password for this authenticated service cannot be parsed from the configuration, a ConfigurationException will be thrown.

AbstractAuthenticatedService

public AbstractAuthenticatedService(Configuration conf,
                                    Registry registry,
                                    java.lang.String[] startupRequiredServices,
                                    java.lang.String[] runtimeRequiredServices,
                                    java.lang.Class<?> cls)
                             throws ConfigurationException

Creates an ADEPT2 service with the designated registry, a logger for this and the designated required services.

Parameters:

conf - The configuration providing the logon credentials for this service.

registry - The registry to be used for accessing services by this service. This is provided as parameter to the constructor when creating a service.

startupRequiredServices - The service type names of services required at startup time (in init(URI[], URI[]) and AbstractADEPT2Service.start()).

runtimeRequiredServices - The service type names of services required at runtime (after startup time).

cls - The class specifying the name of the logger of this service.

Throws:

ConfigurationException - If the password for this authenticated service cannot be parsed from the configuration, a ConfigurationException will be thrown.

Method Detail

isEarlyService

protected static boolean isEarlyService(Registry registry)

Gets whether this service is an early service and is started before the global security manager.

Parameters:

registry - The registry of the service or null in case no registry is provided, for instance when creating a registry itself.

Returns:

Whether this service is an early service and is started before the global security manager.

getStartupRequired

protected static java.lang.String[] getStartupRequired(Registry registry,
                                                       java.lang.String[] startupRequiredServices)

Gets the startup required services of this service. Depending on whether the service is an early service, the org model manager is added to the startup required services or not. Early services do not have the global security manager and therefore must not access the org model manager. Otherwise there will be cyclic service dependencies.

Parameters:

registry - The registry of the service.

startupRequiredServices - The services required at startup as declared by the service.

Returns:

The services actually required at startup as declared by the service. This may additionally contain the org model manager in case of a non-early service.

_sessionActive

public void _sessionActive(SessionToken session,
                           java.util.UUID templID,
                           java.util.UUID baseTemplID,
                           java.util.UUID embdTemplID,
                           java.util.UUID instID,
                           EBPInstanceReference ebpIR,
                           int addStackElems)

Description copied from class: AbstractADEPT2Service

Registers the designated session as active, tracks the current thread and registers the log context (if CSV-logging is configured). The session will not be allowed to proceed if the service has not been started or shut down. The former blocks until the service has started successfully, the later throws an InvalidStateException.
This method has to be called as soon as a request is received from the outside. It may be called several times, but every call has to be complemented by a call to AbstractADEPT2Service.sessionFinished(SessionToken).

This method synchronises on the activeSessions object. So be sure not to hold any locks or at least acquire the locks in a well-defined order.

This method should not be called directly. Call AbstractADEPT2Service.sessionActive(SessionToken), AbstractADEPT2Service.sessionActive(SessionToken, int), AbstractADEPT2Service.sessionActive(SessionToken, UUID, UUID, UUID, UUID) or AbstractADEPT2Service.sessionActive(SessionToken, UUID, UUID, EBPInstanceReference) instead.

Overrides:

_sessionActive in class AbstractADEPT2Service

Parameters:

session - The session token with which a method is called and therefore active. This must not be null.

templID - The template ID for the log record. This may be null.

baseTemplID - The base template ID for the log record. This may be null.

embdTemplID - The (internal) ID of the embedded template ID the for the log record. This may be null.

instID - The instance ID for the log record. This may be null.

ebpIR - The EBPInstanceReference for the log record. This may be null.

addStackElems - The additional elements to be removed from the stack so that the real method name is logged instead of a sessionActive. This is usually 0. Unless you override this method or call some sessionActive methods internally before calling methods of this class.

Throws:

ServiceAccessControlException - If the designated session token has no integrity and therefore the agents cannot be determined, a ServiceAccessControlExceptionwill be thrown.

init

public void init(java.net.URI[] localExportedUris,
                 java.net.URI[] globalExportedUris)
          throws AbortServiceException

Copies the designated URI array and stores it internally and authenticates to the system and sets the session factory.
This method can be called any time in overriding init-methods.

In case of an early service, this will not authenticate to the system! Such a service need to authenticateService() later when the security manager is available.

Specified by:

init in interface ADEPT2Service

Overrides:

init in class AbstractADEPT2Service

Parameters:

localExportedUris - The URIs with which this service is exported locally or a local URI or an empty array for internal services.

globalExportedUris - The URIs with which this service is published globally or null in case the service is not published.

Throws:

AbortServiceException - If authenticating at the security manager fails, an AbortServiceException will be thrown.

globalSecurityManagerAvailable

public void globalSecurityManagerAvailable()
                                    throws AbortServiceException

Description copied from interface: AuthenticatingService

Notifies this service that the global security manager is available. This is only notified to early clients so that they re-authenticate at the global security manager.

Specified by:

globalSecurityManagerAvailable in interface AuthenticatingService

Throws:

AbortServiceException - If there are problems re-authenticating at the global security manager, an AbortServiceException will be thrown.

getSecurityManager

protected SecurityManager getSecurityManager()

Returns the security manager that will be used for authentication. This implementation will simply return the security manager provided by the registry. This may be overridden in subclasses.

Returns:

the security manager that will be used for authentication

authenticateService

protected void authenticateService()
                            throws AuthenticationException,
                                   AbortServiceException

(Re-)Authenticates this service using the security manager provided by getSecurityManager().

Throws:

AuthenticationException - If the provided credentials are incorrect, an AuthenticationException will be thrown.

AbortServiceException - If the authentication at the security manager fails an AbortServiceException will be thrown.

ConfigurationException - If the password cannot be parsed, a ConfigurationException will be thrown.

getSessionFactory

public SessionFactory getSessionFactory()

Returns the session factory assigned to this service.

Returns:

The session factory assigned to this service.

createSession

public SessionToken createSession()

Creates a new session token using the session factory assigned to this service.

Returns:

A new session token using the session factory assigned to this service.

createChildSession

public SessionToken createChildSession(SessionToken parentSession)

Creates a new child session token to the given session using the session factory assigned to this service.

Parameters:

parentSession - the session for which to create a child session

Returns:

A new child session token to the given session using the session factory assigned to this service.

sessionHasCapability

public boolean sessionHasCapability(SessionToken session,
                                    java.lang.String capability)

Returns whether the given session has the specified capability.

Parameters:

session - the session to check

capability - the capability to check for

Returns:

whether the given session has the specified capability

Throws:

ServiceAccessControlException - if the integrity of the session's security token fails

awaitActiveSessions

protected void awaitActiveSessions(boolean emergency)

Awaits the termination of active sessions. This allows subclasses to separate waiting for the termination from shutting down this abstract service.

Parameters:

emergency - Whether the active sessions should only be awaited for a specific time.

shutdown

public void shutdown(boolean emergency)

Awaits the termination of the active sessions and nulls the session factory.

Specified by:

shutdown in interface ADEPT2Service

Overrides:

shutdown in class AbstractADEPT2Service

Parameters:

emergency - Whether the shutdown will be an emergency shutdown.

getUserCredentials

public Pair<QualifiedAgent,QualifiedAgent> getUserCredentials(SessionToken session)

Gets the agent of the top-level session token and the agent of the designated session token if a session factory is available. Really returns the top-level agent and the agent of the designated session token since this class has a session factory.

Overrides:

getUserCredentials in class AbstractADEPT2Service

Parameters:

session - The session token of which to retrieve the agent of the top-level session token and the own agent.

Returns:

The agent of the top-level session token and the agent of the designated session token or an empty pair (containing null-values). This must not return null.

Throws:

ServiceAccessControlException - If the designated session token has no integrity and therefore the agents cannot be determined, a ServiceAccessControlExceptionwill be thrown.

getTopLevelAgent

public QualifiedAgent getTopLevelAgent(SessionToken session)

Gets the agent of the top-level session token of the designated session token.

Parameters:

session - The session token of which to retrieve the agent of the top-level session token.

Returns:

The agent of the top-level session token of the designated session token.

Throws:

ServiceAccessControlException - If the designated session token has no integrity and therefore the agent of the top-level session token cannot be determined, a ServiceAccessControlExceptionwill be thrown.

getAgent

public QualifiedAgent getAgent(SessionToken session)

Gets the agent of the designated session token.

Parameters:

session - The session token of which to retrieve the agent.

Returns:

The agent of the designated session token.

Throws:

ServiceAccessControlException - If the designated session token has no integrity and therefore the agent cannot be determined, a ServiceAccessControlException will be thrown.