public interface SecurityManager
SecurityManager
provides a centralized interface for all security related services. It contains methods
to logon or logoff a user or to check security privileges and credentials.
The SecurityManager is accessed using EbaseSystem.getSecurityManager()
.
Modifier and Type | Method and Description |
---|---|
boolean |
checkCredentialValue(java.lang.String credentialName,
java.lang.String credentialValue)
Returns
true if the user credential identified by credentialName exists with the value credentialValue ,
otherwise returns false . |
java.lang.String |
getCredential(java.lang.String credentialName)
Returns the credential value for the user credential identified by
credentialName , or null if
the credential does not exist or no user is logged on. |
java.util.Map<java.lang.String,java.lang.Object> |
getCredentials()
Returns all of the User credentials that are established by the System Logon Service when the user
logs on.
|
java.lang.String[] |
getRoles()
Returns an array of role names for the logged on user
|
java.lang.String |
getUserName()
Returns the user name when a user is logged on or
null when no user is logged on. |
boolean |
hasRole(java.lang.String roleName)
Returns
true when a user is logged on and the user has the role identified by roleName ,
otherwise returns false . |
boolean |
isAuthorized(java.lang.String type,
java.lang.String name,
java.lang.String function)
Returns
true when a user is logged on and the user has the authorization identified by type ,
name and function ;otherwise returns false . |
boolean |
isDesignerUser()
Returns
true when a form has been submitted from the designer, otherwise returns false . |
boolean |
isGatewayRequest()
Returns true if the incoming Http Request contains the Gateway Authentication Token, otherwise false
|
boolean |
isUserLoggedOn()
Returns
true when a user is logged on to the current session, otherwise returns false . |
boolean |
isUserLoggedOn(java.lang.String userId)
Returns
true if the named user is currently logged on to the server, otherwise returns false . |
void |
logoff()
Logs a user off the system, this is the reverse of method
logon(String[][]) . |
void |
logon(java.lang.String[][] inParameters)
Logs a user onto the system by calling the default System Logon Service identified in
the Server Admin App > Security > User Authentication.
|
void |
logon(java.lang.String webServiceName,
java.lang.String[][] inParameters)
Logs a user onto the system by calling the specific System Logon Service identified by
parameter webServiceName.
|
boolean |
logonGatewayAuthentication(java.lang.String gatewayServerName)
Logon using the Gateway Authentication Token.
|
void |
logonOpenIdConnect(java.lang.String openIdConnectName)
Logon using OpenID Connect.
|
void |
logonOpenIdConnect(java.lang.String openIdConnectName,
java.lang.String scope)
Logon using OpenID Connect.
|
void |
updateLoggedOnUser(java.lang.String userId,
java.lang.String[][] inParameters)
If the user identified by userId is currently logged on, the default System Logon Service
is invoked and all sessions where the user is logged on are updated; if the user is not currently
logged on no action is taken.
|
void |
updateLoggedOnUser(java.lang.String webServiceName,
java.lang.String userId,
java.lang.String[][] inParameters)
If the user identified by userId is currently logged on, the specific System Logon Service identified by
parameter webServiceName is invoked and all sessions where the user is logged on are updated; if the user is not currently
logged on no action is taken.
|
java.lang.String getUserName()
null
when no user is logged on.logon(String[][])
boolean isUserLoggedOn()
true
when a user is logged on to the current session, otherwise returns false
.logon(String[][])
boolean isUserLoggedOn(java.lang.String userId)
true
if the named user is currently logged on to the server, otherwise returns false
.boolean hasRole(java.lang.String roleName)
true
when a user is logged on and the user has the role identified by roleName
,
otherwise returns false
. User roles are established by the System Logon Service when the user
logs on.
logon(String[][])
java.lang.String[] getRoles()
boolean isAuthorized(java.lang.String type, java.lang.String name, java.lang.String function)
true
when a user is logged on and the user has the authorization identified by type
,
name
and function
;otherwise returns false
.
This method is only applicable when authorizations have been added by a Logon Service or when the supplied Ebase Security system is used to define users, roles
and authorizations. Authorizations represent an alternative to roles and offer more granularity, see hasRole(String)
.
logon(String[][])
java.lang.String getCredential(java.lang.String credentialName)
credentialName
, or null
if
the credential does not exist or no user is logged on. User credentials are established by the System Logon Service when the user
logs on.
checkCredentialValue(String, String)
,
logon(String[][])
java.util.Map<java.lang.String,java.lang.Object> getCredentials()
checkCredentialValue(String, String)
,
logon(String[][])
boolean checkCredentialValue(java.lang.String credentialName, java.lang.String credentialValue)
true
if the user credential identified by credentialName
exists with the value credentialValue
,
otherwise returns false
. User credentials are established by the System Logon Service when the user
logs on.
getCredential(String)
,
logon(String[][])
void logoff()
logon(String[][])
.
Method isUserLoggedOn()
returns false
after this method is invoked.
Note that the user's session is not terminated by calling this method.void logon(java.lang.String[][] inParameters) throws com.ebasetech.xi.exceptions.LogonException
If the logon fails for any reason or returns a null userid, a
LogonException
is thrown. A LogonException
contains the error code and
error description returned from the Logon Service. These are available as methods
LogonException.getErrorCode()
and
LogonException.getMessage()
respectively.
When the logon is successful, method isUserLoggedOn()
returns true
,
the user name can be obtained using method getUserName()
and the other methods in
this interface can be used to access the user's security roles and credentials as loaded by the Logon Service.
Javascript example:
try { system.securityManager.logon( [ ["Script", fields.USER.value], ["Script", fields.PASSWORD.value] ] ); } catch (e) { event.owner.addErrorMessage(e.javaException.message); }
inParameters
- an array of arrays containing up to 3 pairs of parameters, where each pair contains 2 strings
corresponding to the parameter source type and parameter value.com.ebasetech.xi.exceptions.LogonException
- if any error occurs. This exception contains methods to obtain the detailed error code and
error description returned from the Logon Service.void logon(java.lang.String webServiceName, java.lang.String[][] inParameters) throws com.ebasetech.xi.exceptions.LogonException
If the logon fails for any reason or returns a null userid, a
LogonException
is thrown. A LogonException
contains the error code and
error description returned from the Logon Service. These are available as methods
LogonException.getErrorCode()
and
LogonException.getMessage()
respectively.
When the logon is successful, method isUserLoggedOn()
returns true
,
the user name can be obtained using method getUserName()
and the other methods in
this interface can be used to access the user's security roles and credentials as loaded by the Logon Service.
Javascript example:
try { system.securityManager.logon( "testLogonService", [ ["Script", fields.USER.value], ["Script", fields.PASSWORD.value] ] ); } catch (e) { event.owner.addErrorMessage(e.javaException.message); }
webServiceName
- the web service name for the Logon Service to be invokedinParameters
- an array of arrays containing up to 3 pairs of parameters, where each pair contains 2 strings
corresponding to the parameter source type and parameter value.com.ebasetech.xi.exceptions.LogonException
- if any error occurs. This exception contains methods to obtain the detailed error code and
error description returned from the Logon Service.boolean isDesignerUser()
true
when a form has been submitted from the designer, otherwise returns false
.
When a form is submitted from the designer, the designer user's security (userid plus authorizations) is transferred
to the runtime environment. Such forms always return true
to method isUserLoggedOn()
.
void updateLoggedOnUser(java.lang.String webServiceName, java.lang.String userId, java.lang.String[][] inParameters) throws com.ebasetech.xi.exceptions.LogonException
This function is intended to be used to update roles and/or credentials of logged on users without the need for the user to re-logon. It cannot be used to logoff a user or to change their userid. Also there is no point in repeating userid/password validation in the Logon Service as no action can be taken as a result.
Javascript example:
try { system.securityManager.logon( "testLogonService", fields.USER.value, [ ["Update", fields.USER.value] ] ); } catch (e) { event.owner.addErrorMessage(e.javaException.message); }
webServiceName
- the web service name for the Logon Service to be invokeduserId
- the user id whose sessions are to be updatedinParameters
- an array of arrays containing up to 3 pairs of parameters, where each pair contains 2 strings
corresponding to the parameter source type and parameter value.com.ebasetech.xi.exceptions.LogonException
- if any error occurs. This exception contains methods to obtain the detailed error code and
error description returned from the Logon Service.void updateLoggedOnUser(java.lang.String userId, java.lang.String[][] inParameters) throws com.ebasetech.xi.exceptions.LogonException
This function is intended to be used to update roles and/or credentials of logged on users without the need for the user to re-logon. It cannot be used to logoff a user or to change their userid. Also there is no point in repeating userid/password validation in the Logon Service as no action can be taken as a result.
Javascript example:
try { system.securityManager.updateLoggedOnUser( fields.USER.value, [ ["Update", fields.USER.value] ] ); } catch (e) { event.owner.addErrorMessage(e.javaException.message); }
userId
- the user id whose sessions are to be updatedinParameters
- an array of arrays containing up to 3 pairs of parameters, where each pair contains 2 strings
corresponding to the parameter source type and parameter value.com.ebasetech.xi.exceptions.LogonException
- if any error occurs. This exception contains methods to obtain the detailed error code and
error description returned from the Logon Service.void logonOpenIdConnect(java.lang.String openIdConnectName) throws com.ebasetech.xi.exceptions.LogonException
Javascript example:
try { system.securityManager.logonOpenIdConnect("MyAuth"); } catch (e) { event.owner.addErrorMessage(e.javaException.message); }
openIdConnectName
- the OpenID Connect configured on the server admincom.ebasetech.xi.exceptions.LogonException
- if any error occurs. This exception contains error description returned from the OpenIdConnect authorization.void logonOpenIdConnect(java.lang.String openIdConnectName, java.lang.String scope) throws com.ebasetech.xi.exceptions.LogonException
Javascript example:
try { system.securityManager.logonOpenIdConnect("MyAuth", "openid mail"); } catch (e) { event.owner.addErrorMessage(e.javaException.message); }
openIdConnectName
- the OpenID Connect configured on the server adminscope
- the OpenID Connect scope, this must contain openidcom.ebasetech.xi.exceptions.LogonException
- if any error occurs. This exception contains error description returned from the OpenIdConnect authorization.boolean logonGatewayAuthentication(java.lang.String gatewayServerName) throws com.ebasetech.xi.exceptions.LogonException
Javascript example:
try { system.securityManager.logonGatewayAuthentication("MyRemoteGatewayServer"); } catch (e) { event.owner.addErrorMessage(e.javaException.message); }
gatewayServerName
- to identify the configuration of remote Gateway Servercom.ebasetech.xi.exceptions.LogonException
- if any error occurs. This exception contains an error description if an error occurs authenticating the Gateway Authentication Token.boolean isGatewayRequest()