de.aristaflow.adept2.base.sessionmanagement

Interface SessionFactory

All Superinterfaces:

java.io.Serializable

public interface SessionFactory
extends java.io.Serializable

A session factory provides the means to create session tokens, child session tokens as well as privileged child session tokens allowing to bypass security checks. Session tokens are used for security reasons as well as synchronising access incorporating different (independent) ADEPT2-services. Session tokens may have additional, session-specific attributes, for instance to use in a web context.
Session factories encapsulate a SecurityToken which include user and security-related information. All of this is provided when the factory is created.

While a session token is used like a transaction in a database management system, a session factory corresponds to a user session, for instance in a web browser. A session factory is retrieved when logging on and may be used until logging off. Every request or a combination or requests belonging together in one transaction are performed with the same session token of the provided session factory (user session).

Author:

Ulrich Kreher

Field Summary

Fields

Modifier and Type	Field and Description
static long	serialVersionUID Generated ID for serialisation.

Method Summary

Modifier and Type	Method and Description
QualifiedAgent	checkAndGetAgent(SessionToken sessionToken) Checks the integrity of the (security token of the) designated session token and returns the agent of the (child level) session token.
QualifiedAgent	checkAndGetTopLevelAgent(SessionToken sessionToken) Checks the integrity of the (security token of the) top-level session of the designated session token and returns the agent of the corresponding top-level session token.
void	checkIntegrity(SessionToken sessionToken) Checks the integrity of the (security token of the) designated session token.
SessionToken	getChildSession(SessionToken parentSession, java.net.URI[] callingComponent) Creates a new child session token with the designated session as parent and for the designated component.
SessionToken	getChildSession(SessionToken parentSession, java.net.URI[] callingComponent, java.util.Map<java.lang.String,java.lang.String> additionalAttributes) Creates a new child session token with the designated session as parent, the designated additional attributes and for the designated component.
SessionToken	getPrivilegedChildSession(SessionToken parentSession, java.net.URI[] callingComponent) Creates a new child session token with the designated session as parent but with the privileges of the encapsulated security data.
SessionToken	getPrivilegedChildSession(SessionToken parentSession, java.net.URI[] callingComponent, java.util.Map<java.lang.String,java.lang.String> additionalAttributes) Creates a new child session token with the designated session as parent and the additional attributes but with the privileges of the encapsulated security data.
java.security.PublicKey	getPublicKey() Gets the public key of the security manager of this session factory.
SessionToken	getSessionToken(java.net.URI[] callingComponent) Creates a new (top-level) session token for the designated component.
SessionToken	getSessionToken(java.net.URI[] callingComponent, java.util.Map<java.lang.String,java.lang.String> additionalAttributes) Creates a new (top-level) session token for the designated component with the designated additional attributes.
SessionToken	getSubstituteSessionToken(SessionToken callerSession, SignedSecurityToken substitutedToken) Creates a new (top-level) session token for the designated caller session with the designated security information for usage as substitute.
SessionToken	getSubstituteSessionToken(SessionToken callerSession, SignedSecurityToken substitutedToken, java.util.Map<java.lang.String,java.lang.String> additionalAttributes) Creates a new (top-level) session token for the designated caller session with the designated security information and the designated additional attributes for usage as substitute.
boolean	hasCapability(SessionToken sessionToken, java.lang.String capability) Checks the integrity of the (security token of the) designated session token and returns whether the (security token of the) designated session has the designated capability.
boolean	hasTopLevelCapability(SessionToken sessionToken, java.lang.String capability) Checks the integrity of the (security token of the) top-level session of the designated session token and returns whether the (security token of the) top-level session of the designated session has the designated capability.
SessionToken	unmarshalChildSessionToken(SessionToken parentSession, java.util.UUID childSessionID, java.net.URI[] callingComponent, java.util.Map<java.lang.String,java.lang.String> additionalAttributes) Unmarshalls a child session token having the designated attributes and the designated parent session.
SessionToken	unmarshalSessionToken(java.util.UUID sessionID, SignedSecurityToken securityToken, java.net.URI[] callingComponent, java.util.Map<java.lang.String,java.lang.String> additionalAttributes) Unmarshalls a top-level session token having the designated attributes.

Field Detail

serialVersionUID

static final long serialVersionUID

Generated ID for serialisation.

See Also:

Constant Field Values

Method Detail

getSessionToken

SessionToken getSessionToken(java.net.URI[] callingComponent)

Creates a new (top-level) session token for the designated component. A top-level session token has a new UUID and the child level 0.

Parameters:

callingComponent - The component initiating the requested session, identified by its communication protocol depended URIs.

Returns:

A session token for the qualified agent of this session factory with the designated component URIs.

getSessionToken

SessionToken getSessionToken(java.net.URI[] callingComponent,
                             java.util.Map<java.lang.String,java.lang.String> additionalAttributes)

Creates a new (top-level) session token for the designated component with the designated additional attributes. A top-level session token has the child level 0.

Parameters:

callingComponent - The component initiating the requested session, identified by its communication protocol depended URIs.

additionalAttributes - Additional attributes which are provided by the created session token. This may be null.

Returns:

A session token for the qualified agent of this session factory with the designated component URIs.

getSubstituteSessionToken

SessionToken getSubstituteSessionToken(SessionToken callerSession,
                                       SignedSecurityToken substitutedToken)
                                throws SecurityTokenIntegrityException

Creates a new (top-level) session token for the designated caller session with the designated security information for usage as substitute.

Parameters:

callerSession - The session token identifying the caller to retrieve a substitute session token.

substitutedToken - The security token containing the security information for the created session token.

Returns:

A new session token having the security information of the designated security token and the designated component URIs.

Throws:

SecurityTokenIntegrityException - If either the designated caller session or the security token have no integrity, a SecurityTokenIntegrityException will be thrown.

getSubstituteSessionToken

SessionToken getSubstituteSessionToken(SessionToken callerSession,
                                       SignedSecurityToken substitutedToken,
                                       java.util.Map<java.lang.String,java.lang.String> additionalAttributes)
                                throws SecurityTokenIntegrityException

Creates a new (top-level) session token for the designated caller session with the designated security information and the designated additional attributes for usage as substitute.

Parameters:

callerSession - The session token identifying the caller to retrieve a substitute session token.

substitutedToken - The security token containing the security information for the created session token.

additionalAttributes - Additional attributes which are provided by the created session token. This may be null.

Returns:

A new session token having the security information of the designated security token and the designated component URIs.

Throws:

SecurityTokenIntegrityException - If either the designated caller session or the security token have no integrity, a SecurityTokenIntegrityException will be thrown.

getChildSession

SessionToken getChildSession(SessionToken parentSession,
                             java.net.URI[] callingComponent)

Creates a new child session token with the designated session as parent and for the designated component. The UUID is the same as the parent session, but the child level is increased and it has an own child session UUID.

Parameters:

parentSession - The parent session for the requested session.

callingComponent - The component initiating the requested child session, identified by its communication protocol depended URIs.

Returns:

A session token as child of the designated parent session and the component initiating the child session for provision to a trusting component.

getChildSession

SessionToken getChildSession(SessionToken parentSession,
                             java.net.URI[] callingComponent,
                             java.util.Map<java.lang.String,java.lang.String> additionalAttributes)

Creates a new child session token with the designated session as parent, the designated additional attributes and for the designated component. The UUID is the same as the parent session, but the child level is increased and it has an own child session UUID.

Parameters:

parentSession - The parent session for the requested session.

callingComponent - The component initiating the requested child session, identified by its communication protocol depended URIs.

additionalAttributes - Additional attributes which are provided by the created session token. This may be null.

Returns:

A session token as child of the designated parent session and the component initiating the child session for provision to a trusting component.

getPrivilegedChildSession

SessionToken getPrivilegedChildSession(SessionToken parentSession,
                                       java.net.URI[] callingComponent)

Creates a new child session token with the designated session as parent but with the privileges of the encapsulated security data. The UUID is the same as the parent session, but the child level is increased and it has an own child session UUID. The integrity of the parent session will be checked and the child session token will be refused if appropriate.

Parameters:

parentSession - The parent session for the requested session (signed).

callingComponent - The component initiating the requested privileged child session, identified by its communication protocol depended URIs.

Returns:

A session token (signed) as child of the designated parent session and the component initiating the child session having the access rights of the designated privileged token (of the calling component).

getPrivilegedChildSession

SessionToken getPrivilegedChildSession(SessionToken parentSession,
                                       java.net.URI[] callingComponent,
                                       java.util.Map<java.lang.String,java.lang.String> additionalAttributes)

Creates a new child session token with the designated session as parent and the additional attributes but with the privileges of the encapsulated security data. The UUID is the same as the parent session, but the child level is increased and it has an own child session UUID. The integrity of the parent session will be checked and the child session token will be refused if appropriate.

Parameters:

parentSession - The parent session for the requested session (signed).

callingComponent - The component initiating the requested privileged child session, identified by its communication protocol depended URIs.

additionalAttributes - Additional attributes which are provided by the created session token. This may be null.

Returns:

A session token as child of the designated parent session and the component initiating the child session having the access rights of the designated privileged token (of the calling component).

getPublicKey

java.security.PublicKey getPublicKey()

Gets the public key of the security manager of this session factory.

Returns:

The public key of the security manager of this session factory.

checkIntegrity

void checkIntegrity(SessionToken sessionToken)
             throws SecurityTokenIntegrityException

Checks the integrity of the (security token of the) designated session token. If the security token has integrity, this method will just return, otherwise a SecurityTokenIntegrityException will be thrown.

Parameters:

sessionToken - The session token of which to check the integrity.

Throws:

SecurityTokenIntegrityException - If the designated session token has no integrity, a SecurityTokenIntegrityException will be thrown.

checkAndGetAgent

QualifiedAgent checkAndGetAgent(SessionToken sessionToken)
                         throws SecurityTokenIntegrityException

Checks the integrity of the (security token of the) designated session token and returns the agent of the (child level) session token. This agent differs from the initiator of the session in case the (sub-) session token is privileged.

Parameters:

sessionToken - The session token of which to check the integrity and to return the qualified agent of.

Returns:

The qualified agent of the designated (sub-) session

Throws:

SecurityTokenIntegrityException - If the designated session token has no integrity, a SecurityTokenIntegrityException will be thrown.

checkAndGetTopLevelAgent

QualifiedAgent checkAndGetTopLevelAgent(SessionToken sessionToken)
                                 throws SecurityTokenIntegrityException

Checks the integrity of the (security token of the) top-level session of the designated session token and returns the agent of the corresponding top-level session token. This agent differs from the agent of the (sub-) session in case it is privileged.

Parameters:

sessionToken - The session token of which the corresponding top-level session is checked for integrity and the qualified agent is returned.

Returns:

The qualified agent of the top-level parent session of the designated (sub-) session.

Throws:

SecurityTokenIntegrityException - If the top-level parent session of the designated session token has no integrity, a SecurityTokenIntegrityException will be thrown.

hasCapability

boolean hasCapability(SessionToken sessionToken,
                      java.lang.String capability)
               throws SecurityTokenIntegrityException

Checks the integrity of the (security token of the) designated session token and returns whether the (security token of the) designated session has the designated capability.

Parameters:

sessionToken - The session token of which to check the integrity and to return the capability of.

capability - A string representing the capability of the function the owner of this token wants to perform.

Returns:

Whether the (security token of the) designated session has the designated capability.

Throws:

SecurityTokenIntegrityException - If the designated session token has no integrity, a SecurityTokenIntegrityException will be thrown.

See Also:

Capabilities

hasTopLevelCapability

boolean hasTopLevelCapability(SessionToken sessionToken,
                              java.lang.String capability)
                       throws SecurityTokenIntegrityException

Checks the integrity of the (security token of the) top-level session of the designated session token and returns whether the (security token of the) top-level session of the designated session has the designated capability.

Parameters:

sessionToken - The session token of which to check the integrity and to return the capability of the corresponding top-level session token.

capability - A string representing the capability of the function the owner of the top-level session token wants to perform.

Returns:

Whether the (security token of the) top-level parent session of the designated session has the designated capability.

Throws:

SecurityTokenIntegrityException - If the top-level parent session of the designated session token has no integrity, a SecurityTokenIntegrityException will be thrown.

See Also:

Capabilities

unmarshalSessionToken

SessionToken unmarshalSessionToken(java.util.UUID sessionID,
                                   SignedSecurityToken securityToken,
                                   java.net.URI[] callingComponent,
                                   java.util.Map<java.lang.String,java.lang.String> additionalAttributes)

Unmarshalls a top-level session token having the designated attributes.

Parameters:

sessionID - The sessionID of the unmarshalled session. This must not be null.

securityToken - The security token (signed) containing the access rights and the user. This must not be null.

callingComponent - The component that started the unmarshalled session. This must neither be null nor an empty array.

additionalAttributes - Additional attributes which are provided by this session token that may contain additional session-specific information. This may be null.

Returns:

The unmarshalled top-level session token.

unmarshalChildSessionToken

SessionToken unmarshalChildSessionToken(SessionToken parentSession,
                                        java.util.UUID childSessionID,
                                        java.net.URI[] callingComponent,
                                        java.util.Map<java.lang.String,java.lang.String> additionalAttributes)

Unmarshalls a child session token having the designated attributes and the designated parent session.

Parameters:

parentSession - The (sub)session the unmarshalled session is a subsession of. This must not be null.

childSessionID - The sessionID that should be assigned to the unmarshalled child session (unique to this child session). This must not be null.

callingComponent - The ADEPT2 component for the unmarshalled subsession, identified by its communication protocol depended URIs. This must neither be null nor an empty array.

additionalAttributes - Additional attributes which are provided by this session token that may contain additional session-specific information. This may be null.

Returns:

The unmarshalled child session token.