Package de.aristaflow.adept2.base.sessionmanagement

Interface SessionFactory

  • All Superinterfaces:
    CapabilityChecker, Serializable
    public interface SessionFactory
extends Serializable, CapabilityChecker
    A session factory provides the means to create session tokens, child session tokens as well as privileged child session tokens allowing to bypass security checks. Session tokens are used for security reasons as well as synchronising access incorporating different (independent) ADEPT2-services. Session tokens may have additional, session-specific attributes, for instance to use in a web context.
    Session factories encapsulate a SecurityToken which include user and security-related information. All of this is provided when the factory is created.

    While a session token is used like a transaction in a database management system, a session factory corresponds to a user session, for instance in a web browser. A session factory is retrieved when logging on and may be used until logging off. Every request or a combination or requests belonging together in one transaction are performed with the same session token of the provided session factory (user session).

    • Field Detail

      • serialVersionUID

        static final long serialVersionUID
        Generated ID for serialisation.
        See Also:
        Constant Field Values

    • Method Detail

      • getSessionToken

        SessionToken getSessionToken​(URI[] callingComponent)
        Creates a new (top-level) session token for the designated component. A top-level session token has a new UUID and the child level 0.
        Parameters:
        callingComponent - The component initiating the requested session, identified by its communication protocol depended URIs.
        Returns:
        A session token for the qualified agent of this session factory with the designated component URIs.

      • getSessionToken

        SessionToken getSessionToken​(URI[] callingComponent,
                             Map<String,​String> additionalAttributes)
        Creates a new (top-level) session token for the designated component with the designated additional attributes. A top-level session token has the child level 0.
        Parameters:
        callingComponent - The component initiating the requested session, identified by its communication protocol depended URIs.
        additionalAttributes - Additional attributes which are provided by the created session token. This may be null.
        Returns:
        A session token for the qualified agent of this session factory with the designated component URIs.

      • getSubstituteSessionToken

        SessionToken getSubstituteSessionToken​(SessionToken callerSession,
                                       SignedSecurityToken substitutedToken)
                                throws SecurityTokenIntegrityException
        Creates a new (top-level) session token for the designated caller session with the designated security information for usage as substitute.
        Parameters:
        callerSession - The session token identifying the caller to retrieve a substitute session token.
        substitutedToken - The security token containing the security information for the created session token.
        Returns:
        A new session token having the security information of the designated security token and the designated component URIs.
        Throws:
        SecurityTokenIntegrityException - If either the designated caller session or the security token have no integrity, a SecurityTokenIntegrityException will be thrown.

      • getSubstituteSessionToken

        SessionToken getSubstituteSessionToken​(SessionToken callerSession,
                                       SignedSecurityToken substitutedToken,
                                       Map<String,​String> additionalAttributes)
                                throws SecurityTokenIntegrityException
        Creates a new (top-level) session token for the designated caller session with the designated security information and the designated additional attributes for usage as substitute.
        Parameters:
        callerSession - The session token identifying the caller to retrieve a substitute session token.
        substitutedToken - The security token containing the security information for the created session token.
        additionalAttributes - Additional attributes which are provided by the created session token. This may be null.
        Returns:
        A new session token having the security information of the designated security token and the designated component URIs.
        Throws:
        SecurityTokenIntegrityException - If either the designated caller session or the security token have no integrity, a SecurityTokenIntegrityException will be thrown.

      • getChildSession

        SessionToken getChildSession​(SessionToken parentSession,
                             URI[] callingComponent)
        Creates a new child session token with the designated session as parent and for the designated component. The UUID is the same as the parent session, but the child level is increased and it has an own child session UUID.
        Parameters:
        parentSession - The parent session for the requested session.
        callingComponent - The component initiating the requested child session, identified by its communication protocol depended URIs.
        Returns:
        A session token as child of the designated parent session and the component initiating the child session for provision to a trusting component.

      • getChildSession

        SessionToken getChildSession​(SessionToken parentSession,
                             URI[] callingComponent,
                             Map<String,​String> additionalAttributes)
        Creates a new child session token with the designated session as parent, the designated additional attributes and for the designated component. The UUID is the same as the parent session, but the child level is increased and it has an own child session UUID.
        Parameters:
        parentSession - The parent session for the requested session.
        callingComponent - The component initiating the requested child session, identified by its communication protocol depended URIs.
        additionalAttributes - Additional attributes which are provided by the created session token. This may be null.
        Returns:
        A session token as child of the designated parent session and the component initiating the child session for provision to a trusting component.

      • getPrivilegedChildSession

        SessionToken getPrivilegedChildSession​(SessionToken parentSession,
                                       URI[] callingComponent)
        Creates a new child session token with the designated session as parent but with the privileges of the encapsulated security data. The UUID is the same as the parent session, but the child level is increased and it has an own child session UUID. The integrity of the parent session will be checked and the child session token will be refused if appropriate.
        Parameters:
        parentSession - The parent session for the requested session (signed).
        callingComponent - The component initiating the requested privileged child session, identified by its communication protocol depended URIs.
        Returns:
        A session token (signed) as child of the designated parent session and the component initiating the child session having the access rights of the designated privileged token (of the calling component).

      • getPrivilegedChildSession

        SessionToken getPrivilegedChildSession​(SessionToken parentSession,
                                       URI[] callingComponent,
                                       Map<String,​String> additionalAttributes)
        Creates a new child session token with the designated session as parent and the additional attributes but with the privileges of the encapsulated security data. The UUID is the same as the parent session, but the child level is increased and it has an own child session UUID. The integrity of the parent session will be checked and the child session token will be refused if appropriate.
        Parameters:
        parentSession - The parent session for the requested session (signed).
        callingComponent - The component initiating the requested privileged child session, identified by its communication protocol depended URIs.
        additionalAttributes - Additional attributes which are provided by the created session token. This may be null.
        Returns:
        A session token as child of the designated parent session and the component initiating the child session having the access rights of the designated privileged token (of the calling component).

      • getPublicKey

        PublicKey getPublicKey()
        Gets the public key of the security manager of this session factory.
        Returns:
        The public key of the security manager of this session factory.

      • checkIntegrity

        void checkIntegrity​(SessionToken sessionToken)
             throws SecurityTokenIntegrityException
        Checks the integrity of the (security token of the) designated session token. If the security token has integrity, this method will just return, otherwise a SecurityTokenIntegrityException will be thrown.
        Parameters:
        sessionToken - The session token of which to check the integrity.
        Throws:
        SecurityTokenIntegrityException - If the designated session token has no integrity, a SecurityTokenIntegrityException will be thrown.

      • checkAndGetAgent

        QualifiedAgent checkAndGetAgent​(SessionToken sessionToken)
                         throws SecurityTokenIntegrityException
        Checks the integrity of the (security token of the) designated session token and returns the agent of the (child level) session token. This agent differs from the initiator of the session in case the (sub-) session token is privileged.
        Parameters:
        sessionToken - The session token of which to check the integrity and to return the qualified agent of.
        Returns:
        The qualified agent of the designated (sub-) session
        Throws:
        SecurityTokenIntegrityException - If the designated session token has no integrity, a SecurityTokenIntegrityException will be thrown.

      • checkAndGetTopLevelAgent

        QualifiedAgent checkAndGetTopLevelAgent​(SessionToken sessionToken)
                                 throws SecurityTokenIntegrityException
        Checks the integrity of the (security token of the) top-level session of the designated session token and returns the agent of the corresponding top-level session token. This agent differs from the agent of the (sub-) session in case it is privileged.
        Parameters:
        sessionToken - The session token of which the corresponding top-level session is checked for integrity and the qualified agent is returned.
        Returns:
        The qualified agent of the top-level parent session of the designated (sub-) session.
        Throws:
        SecurityTokenIntegrityException - If the top-level parent session of the designated session token has no integrity, a SecurityTokenIntegrityException will be thrown.

      • hasCapability

        @Deprecated
boolean hasCapability​(SessionToken sessionToken,
                      String capability)
               throws SecurityTokenIntegrityException
        Deprecated.
        Use CapabilityChecker.hasOneCapability(SessionToken, String...) instead.
        Checks the integrity of the (security token of the) designated session token and returns whether the (security token of the) designated session has the designated capability.
        Parameters:
        sessionToken - The session token of which to check the integrity and to return the capability of.
        capability - A string representing the capability of the function the owner of this token wants to perform.
        Returns:
        Whether the (security token of the) designated session has the designated capability.
        Throws:
        SecurityTokenIntegrityException - If the designated session token has no integrity, a SecurityTokenIntegrityException will be thrown.
        See Also:
        Capabilities

      • hasTopLevelCapability

        @Deprecated
boolean hasTopLevelCapability​(SessionToken sessionToken,
                              String capability)
                       throws SecurityTokenIntegrityException
        Deprecated.
        Use CapabilityChecker.hasOneTopLevelCapability(SessionToken, String...) instead.
        Checks the integrity of the (security token of the) top-level session of the designated session token and returns whether the (security token of the) top-level session of the designated session has the designated capability.
        Parameters:
        sessionToken - The session token of which to check the integrity and to return the capability of the corresponding top-level session token.
        capability - A string representing the capability of the function the owner of the top-level session token wants to perform.
        Returns:
        Whether the (security token of the) top-level parent session of the designated session has the designated capability.
        Throws:
        SecurityTokenIntegrityException - If the top-level parent session of the designated session token has no integrity, a SecurityTokenIntegrityException will be thrown.
        See Also:
        Capabilities

      • unmarshalSessionToken

        SessionToken unmarshalSessionToken​(UUID sessionID,
                                   SignedSecurityToken securityToken,
                                   URI[] callingComponent,
                                   Map<String,​String> additionalAttributes)
        Unmarshalls a top-level session token having the designated attributes.
        Parameters:
        sessionID - The sessionID of the unmarshalled session. This must not be null.
        securityToken - The security token (signed) containing the access rights and the user. This must not be null.
        callingComponent - The component that started the unmarshalled session. This must neither be null nor an empty array.
        additionalAttributes - Additional attributes which are provided by this session token that may contain additional session-specific information. This may be null.
        Returns:
        The unmarshalled top-level session token.

      • unmarshalChildSessionToken

        SessionToken unmarshalChildSessionToken​(SessionToken parentSession,
                                        UUID childSessionID,
                                        URI[] callingComponent,
                                        Map<String,​String> additionalAttributes)
        Unmarshalls a child session token having the designated attributes and the designated parent session.
        Parameters:
        parentSession - The (sub)session the unmarshalled session is a subsession of. This must not be null.
        childSessionID - The sessionID that should be assigned to the unmarshalled child session (unique to this child session). This must not be null.
        callingComponent - The ADEPT2 component for the unmarshalled subsession, identified by its communication protocol depended URIs. This must neither be null nor an empty array.
        additionalAttributes - Additional attributes which are provided by this session token that may contain additional session-specific information. This may be null.
        Returns:
        The unmarshalled child session token.