psdi.security

Class SecurityService

java.lang.Object

psdi.server.AppService

psdi.security.SecurityService

All Implemented Interfaces:

java.rmi.Remote, MboServerInterface, MaxRemoteProxy, SecurityServiceRemote, AppServiceRemote, Dependable, Service, ServiceRemote, FixedLoggerNames, FixedLoggers

public class SecurityService
extends AppService
implements Service, SecurityServiceRemote

Provides security services for Mbos. Currently this is User authentication only.

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	clientHostDelim For clientHostAddr input params to authenticateUser, this is the delimiter separating the clientHost and clientAddr parts of the param.
static int	LANDLORDTENANTID The tenant id reservedfor LANDLORD tenant.
static java.lang.String	SAMESYSTEMCONNECTIONKEYPERTHREAD
static java.lang.String	TENANTDBUSERNAMETOKEN

Fields inherited from interface psdi.security.SecurityServiceRemote

ADMIN_LOGOUT, BROWSER_TIMEOUT, SERVER_TIMEOUT, SERVER_TIMEOUT_SESSIONREMOVAL, USER_LOGOUT

Fields inherited from interface psdi.util.logging.FixedLoggers

APPLOGGER, CRONTASKLOGGER, CRONTASKMGRLOGGER, CRONTASKMGRSQLLOGGER, DBCONNECTIONLOGGER, DDLOGGER, DMLOGGER, EVENTLOGGER, EXCEPTIONLOGGER, MAILLOGGER, MAXIMOLOGGER, MTLOGGER, NULLMBOPOINTER, SECURITY, SENDFAILEDLOGGER, SERVICELOGGER, SQLLOGGER

Fields inherited from interface psdi.util.logging.FixedLoggerNames

appenderPrefix, LOGGERNAME_APP, LOGGERNAME_CRONTASK, LOGGERNAME_CRONTASKMGR, LOGGERNAME_DBCONNECTION, LOGGERNAME_DD, LOGGERNAME_DM, LOGGERNAME_DMPREVIEW, LOGGERNAME_EVENT, LOGGERNAME_EXCEPTION, LOGGERNAME_MAIL, LOGGERNAME_MAXIMO, LOGGERNAME_MT, LOGGERNAME_NULLMBOPOINTER, LOGGERNAME_SECURITY, LOGGERNAME_SENDFAILED, LOGGERNAME_SERVICE, LOGGERNAME_SQL, LOGGERNAME_SQL_CRONTASKMGR, LOGGERNAME_TXN, loggerPrefix

Constructor Summary

Constructors

Constructor and Description
SecurityService(MXServer mxServer) Construct from the MXServer
SecurityService(java.lang.String url) Construct the security service on the specified database
SecurityService(java.lang.String url, MXServer mxServer)

Method Summary

Modifier and Type	Method and Description
boolean	allowNewSessions()
void	associateTenantsToConsultant(java.lang.String loginID, java.util.List<ConsultantInfo> alltenants) Associate or disassociate a consultant user to a list of tenants.
UserInfo	authenticateApiKey() Authenticate api key token
UserInfo	authenticateApiKey(int tenantId) Authenticate api key token
UserInfo	authenticateApiKey(java.lang.String tenantCode) Authenticate api key token
UserInfo	authenticateApiKey(java.lang.String tenantCode, java.lang.String userId) Authenticate api key token
UserInfo	authenticateSessionToken(java.lang.String userId, java.lang.String sessionToken)
UserInfo	authenticateSessionTokenM(java.lang.String[] userAndTenant, java.lang.String sessionToken)
UserInfo	authenticateThisApiKey(java.lang.String apiKey) Authenticate api key token
UserInfo	authenticateToken() Authenticate S2stoken for the SSM.
UserInfo	authenticateUser(java.lang.String userIdentity) Call authenticateUser with second parameter False (not silent login).
UserInfo	authenticateUser(java.lang.String userIdentity, boolean silentLogin) Authenticate internally connected privileged user.
UserInfo	authenticateUser(java.lang.String user, java.lang.Object cert, java.lang.String password, java.util.Locale locale, java.util.TimeZone timeZone, java.lang.String clientHostAddr)
UserInfo	authenticateUser(java.lang.String loginID, java.lang.Object cert, java.lang.String password, java.util.Locale locale, java.util.TimeZone timeZone, java.lang.String siteId, java.lang.String clientHostAddr) Authenticate the maximo user using maximo authentication as well as X509Certificate for the user identified as loginID.
UserInfo	authenticateUser(java.lang.String user, java.lang.String password, java.util.Locale locale, java.util.TimeZone timeZone, java.lang.String clientHostAddr) Wrapper method, calls authenticateUser.
UserInfo	authenticateUser(java.lang.String loginID, java.lang.String password, java.util.Locale locale, java.util.TimeZone timeZone, java.lang.String siteId, java.lang.String clientHostAddr) Authenticate the specified user name and password against the database user domain.
UserInfo	authenticateUser(java.lang.String user, java.lang.String password, java.lang.String clientHostAddr) Wrapper method, calls authenticateUser.
UserInfo	authenticateUserForLoginID(java.lang.String[] loginID, boolean silentLogin)
UserInfo	authenticateUserForLoginID(java.lang.String loginID, boolean silentLogin) Same as authenticateUser, but input param is LoginID.
UserInfo	authenticateUserForLoginIDAndTenantID(java.lang.String[] loginID, boolean silentLogin)
UserInfo	authenticateUserM(java.lang.String[] userIdentity, boolean silentLogin) The tenant has to be passed from userIdentify[1] or it has to be set by the context.
UserInfo	authenticateUserM(java.lang.String[] user, java.lang.Object cert, java.lang.String password, java.util.Locale locale, java.util.TimeZone timeZone, java.lang.String clientHostAddr)
UserInfo	authenticateUserM(java.lang.String[] loginID, java.lang.Object cert, java.lang.String password, java.util.Locale locale, java.util.TimeZone timeZone, java.lang.String siteId, java.lang.String clientHostAddr)
UserInfo	authenticateUserM(java.lang.String[] user, java.lang.String password, java.util.Locale locale, java.util.TimeZone timeZone, java.lang.String clientHostAddr)
UserInfo	authenticateUserM(java.lang.String[] loginID, java.lang.String password, java.util.Locale locale, java.util.TimeZone timeZone, java.lang.String siteId, java.lang.String clientHostAddr)
UserInfo	authenticateUserM(java.lang.String[] user, java.lang.String password, java.lang.String clientHostAddr)
UserInfo	authenticateUserMTenantID(java.lang.String[] userIdentity, boolean silentLogin)
void	blockConsultantUser(MboRemote landlordUser)
java.sql.Connection	changeToAdminUser(UserInfo lndlordInfo) Switch context to the admin user.
void	checkConcurrentUser(java.lang.String userId, java.lang.String loginID) Checks if another user of same id already logged in or not.
boolean	checkIfUserLoaded(java.lang.String loginID, int intendedTenancy) For multi-tenant environment do not allow to set fields for consultant user.
void	checkUniqueLoginID(java.lang.String loginID)
void	configure(java.util.Properties configData) Configuration information passed on creation of the service
boolean	createDb2TenantDbUserId(UserInfo landlordUi, java.lang.String tenantDbUserId) Creates "soft" (non-OS level) DB2 tenant database user by granting necessary privileges.
java.util.Map<java.lang.String,java.lang.String>	createExtensionView(java.util.Map<java.lang.String,java.util.Map<java.lang.String,java.util.Map<java.lang.String,java.lang.String>>> tableNames, java.util.Set<java.lang.String> deleteTables) Get lsit of objects which were changted (but not configured yet) by Master
void	destroy() Call to destroy the service
void	disconnectUser(java.lang.String userid, long maxsessionid, int disconnectType, java.lang.String adminUserID) Delete or inactivate from maxsession table and delete from users cache.
void	disconnectUser(UserInfo userInfo) Deprecated. Call disconnectUser.
void	disconnectUser(UserInfo userInfo, int disconnectType) Delete or inactivate from maxsession and remove from users cache.
java.lang.String	generateSessionToken(UserInfo userInfo, java.lang.String sessionId)
psdi.security.SecurityService.AllowNewSessions	getAllowNewSessions()
java.lang.String	getDBUrl() Return the database url dbURL.
java.lang.String	getDBUserNameForTenant(UserInfo landlordUserInfo) Get the database user of the tenant id.
java.lang.String	getLtpaToken(javax.servlet.http.HttpServletRequest request) Get LPTA Token cookie value from request.
int	getMasterConfigLevel() Get Configure level for Master Configuration
MboValueInfo	getMasterMboValueInfo(MboRemote tenantMbo) Get MboValueInfo for Master for given object and atribute
java.util.Map<java.lang.String,java.lang.String>	getMasterModifiedObjects() Get lsit of objects which were changted (but not configured yet) by Master
ProfileRemote	getProfile(java.lang.String userID) Get a user's security profile.
ProfileRemote	getProfile(UserInfo userInfo) Get a user's security profile by calling getSecurityInfo.
java.lang.String	getRealmName() Get the realm name for the current tenant.
int	getSessionCounter() Return number of sessions last counted.
UserInfo	getSystemUserInfo() An internal method to construct the system user information that's used to access all business objects.
UserInfo	getTempUserInfoForTenant(UserInfo landlordUserInfo, int tenantID, java.lang.String tenantUserName, java.lang.String tenantLoginID, java.lang.String dbUserName, java.util.Locale l, java.lang.String langCode) Get the temporary UserInfo for the tenant.
java.lang.String	getTenantCode(UserInfo ui) Get tenant code of the UserInfo.
java.lang.String	getURL() Gets the URL value
UserInfo	getUserInfo(AuthenticatedAccessToken session, java.util.Locale locale, java.util.TimeZone timeZone) }
UserInfo	getUserInfo(AuthenticatedAccessToken session, java.util.Locale locale, java.util.TimeZone timeZone, java.lang.String clientHost, java.lang.String clientAddr) This call is made by an already authenticated user session that's trying to get access to business objects.
UserInfo	getUserInfo(AuthenticatedAccessToken session, java.lang.Object cert, java.util.Locale locale, java.util.TimeZone timeZone)
UserInfo	getUserInfo(AuthenticatedAccessToken session, java.lang.Object cert, java.util.Locale locale, java.util.TimeZone timeZone, java.lang.String clientHost, java.lang.String clientAddr) Returns a UserInfo object based on the session data passed.
UserInfo	getUserInfo(java.lang.String userIdentity) This is an internal method that should not be exposed through Remote Interface.
void	init() Initialize the Application Service.
void	initLandlordUserInfo() Called by MXServer only.
void	invalidateLtpaToken(javax.servlet.http.HttpServletRequest request) Add LPTA Token to list of invalid tokens.
boolean	isAppService() Used by ServiceCoordinator
boolean	isConsultantFieldModified(MboRemote landlordMbo) Returns true if the mbo has updates in the consultant-related field.
static boolean	isLandlord(int tenantID) Whehter the tenant id is the landlord's tenant id.
boolean	isSingletonService() Is used to setup singleton services, i.e.
boolean	isSystemUserInfo(UserInfo ui) Check whether the passed in UserInfo object is a system user info.
boolean	isUser(UserInfo userinfo, java.lang.String loginCheck, java.lang.String passCheck) Is this user the same one specified in the input params? Called from AppService verifyUser.
boolean	isValidDBUser(UserInfo lndlordInfo, java.lang.String tenantDbUserId) Validate the database user name.
boolean	isValidDBUserForMT(UserInfo landlordUI, java.lang.String dbUserName) Validate the database user name.
boolean	isValidTenant(java.lang.String tenantCode) Check whether the tenant code is a known tenant code by this server.
static boolean	killLtpaToken() Should LTPA token be added to invalid token list upon logout.
java.util.Map<java.lang.String,java.util.List<java.util.List<java.lang.String>>>	loadCopyFieldsInfo()
void	populateConsultantFields(MboRemote landlordMbo, MboRemote tenantMbo) This method is used to populate fields for associating a consultant mbo with a tenant.
void	populateConsultantFields(java.lang.String origLoginID, java.lang.String newLoginID, MboRemote landlordMbo) Populate the landlord mbo's change to the associated tenants.
void	processConsultant(MboRemote consultMbo, boolean isConsultant, boolean validate) For multi-tenant environment do not allow to set fields for consultant user.
void	processVMMParameters(LoadVMMSyncSettings settings) Process the VMMSync properties for MT.
void	refreshProfile(java.lang.String userID, Profile profile) Refresh SecurityInfo Profile cache.
void	refreshProfile(UserInfo userInfo, Profile profile) Refresh SecurityInfo Profile cache.
void	refreshSecurityInfo(java.lang.String userID, MboRemote userMbo, MboRemote personMbo) Update UserInfo, UserLoginDetails, and/or Profile (as appropriate) and update SecurityInfo with the new data.
void	registerConsultantUserListener() Registers the consult user event listener, so when data is changed for consultant users, the change will populate to associated tenants.
void	reloadTenantReg(java.lang.String tenantCode)
void	resetSystemUserInfo() clear the cached system userinfo
void	restart() Indicates that the Service should reload any cached information.
void	setSystemCredential(UserInfo uiObject)
void	setURL(java.lang.String url) Used by ServiceCoordinator
void	validateLtpaToken(javax.servlet.http.HttpServletRequest request) Check if LPTA Token is in list of invalid tokens.

Methods inherited from class psdi.server.AppService

checkSecurity, freeDBConnection, freeMboSet, getCriteria, getCurrentState, getDBConnection, getLiveObjCount, getLoad, getMaximoDD, getMaxVar, getMboSet, getMXServer, getName, getProxy, getSchemaOwner, getServiceInfo, getServiceLogger, getSetForRelationship, getSetFromKeys, getStateCmdList, getStateList, initCriteriaList, isRunning, setProxy, setRunning, verifyUser, verifyUser

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface psdi.server.Service

getName

Methods inherited from interface psdi.server.ServiceRemote

getName

Field Detail

SAMESYSTEMCONNECTIONKEYPERTHREAD

public static final java.lang.String SAMESYSTEMCONNECTIONKEYPERTHREAD

See Also:

Constant Field Values

TENANTDBUSERNAMETOKEN

public static final java.lang.String TENANTDBUSERNAMETOKEN

See Also:

Constant Field Values

clientHostDelim

public static java.lang.String clientHostDelim

For clientHostAddr input params to authenticateUser, this is the delimiter separating the clientHost and clientAddr parts of the param.

LANDLORDTENANTID

public static final int LANDLORDTENANTID

The tenant id reservedfor LANDLORD tenant.

See Also:

Constant Field Values

Constructor Detail

SecurityService

public SecurityService(MXServer mxServer)
                throws java.rmi.RemoteException

Construct from the MXServer

Throws:

java.rmi.RemoteException

See Also:

AppService(MXServer)

SecurityService

public SecurityService(java.lang.String url)
                throws java.rmi.RemoteException

Construct the security service on the specified database

Throws:

java.rmi.RemoteException

SecurityService

public SecurityService(java.lang.String url,
                       MXServer mxServer)
                throws java.rmi.RemoteException

Throws:

java.rmi.RemoteException

See Also:

AppService(MXServer), AppService.setURL(java.lang.String)

Method Detail

configure

public void configure(java.util.Properties configData)

Configuration information passed on creation of the service

Specified by:

configure in interface Service

Overrides:

configure in class AppService

See Also:

Service

init

public void init()

Description copied from class: AppService

Initialize the Application Service.

Specified by:

init in interface Service

Overrides:

init in class AppService

See Also:

AppService.init(), AdminModeManager

initLandlordUserInfo

public void initLandlordUserInfo()

Called by MXServer only.

destroy

public void destroy()

Call to destroy the service

Specified by:

destroy in interface Service

Overrides:

destroy in class AppService

See Also:

Service

authenticateUser

public UserInfo authenticateUser(java.lang.String user,
                                 java.lang.String password,
                                 java.lang.String clientHostAddr)
                          throws MXException,
                                 java.rmi.RemoteException

Wrapper method, calls authenticateUser. Assigns the MXServer locale and timezone to the returned UserInfo object.

Specified by:

authenticateUser in interface SecurityServiceRemote

Parameters:

user - Login ID.

password - User password

clientHostAddr - The client host and address (delimited by clientHostDelim), used for maxsession table

Returns:

the UserInfo

Throws:

MXException

java.rmi.RemoteException

See Also:

authenticateUser(String, String, Locale, TimeZone, String, String)

authenticateUserM

public UserInfo authenticateUserM(java.lang.String[] user,
                                  java.lang.String password,
                                  java.lang.String clientHostAddr)
                           throws MXException,
                                  java.rmi.RemoteException

Specified by:

authenticateUserM in interface SecurityServiceRemote

Throws:

MXException

java.rmi.RemoteException

See Also:

authenticateUserM(String[], String, String)

authenticateUser

public UserInfo authenticateUser(java.lang.String user,
                                 java.lang.String password,
                                 java.util.Locale locale,
                                 java.util.TimeZone timeZone,
                                 java.lang.String clientHostAddr)
                          throws MXException,
                                 java.rmi.RemoteException

Wrapper method, calls authenticateUser. Assigns the MXServer locale and timezone to the returned UserInfo object.

Specified by:

authenticateUser in interface SecurityServiceRemote

Parameters:

user - Login ID.

password - User password

locale - User locale

timeZone - User time zone

clientHostAddr - The client host and address (delimited by clientHostDelim), used for maxsession table

Returns:

the UserInfo

Throws:

MXException

java.rmi.RemoteException

See Also:

authenticateUser(String, String, Locale, TimeZone, String, String)

authenticateUserM

public UserInfo authenticateUserM(java.lang.String[] user,
                                  java.lang.String password,
                                  java.util.Locale locale,
                                  java.util.TimeZone timeZone,
                                  java.lang.String clientHostAddr)
                           throws MXException,
                                  java.rmi.RemoteException

Specified by:

authenticateUserM in interface SecurityServiceRemote

Throws:

MXException

java.rmi.RemoteException

See Also:

psdi.security.SecurityService#authenticateUserM(String, String, Locale, TimeZone, String)

authenticateUser

public UserInfo authenticateUser(java.lang.String user,
                                 java.lang.Object cert,
                                 java.lang.String password,
                                 java.util.Locale locale,
                                 java.util.TimeZone timeZone,
                                 java.lang.String clientHostAddr)
                          throws MXException,
                                 java.rmi.RemoteException

Specified by:

authenticateUser in interface SecurityServiceRemote

Throws:

MXException

java.rmi.RemoteException

See Also:

authenticateUser(String, Object, String, Locale, TimeZone, String)

authenticateUserM

public UserInfo authenticateUserM(java.lang.String[] user,
                                  java.lang.Object cert,
                                  java.lang.String password,
                                  java.util.Locale locale,
                                  java.util.TimeZone timeZone,
                                  java.lang.String clientHostAddr)
                           throws MXException,
                                  java.rmi.RemoteException

Specified by:

authenticateUserM in interface SecurityServiceRemote

Throws:

MXException

java.rmi.RemoteException

See Also:

psdi.security.SecurityService#authenticateUserM(String, Object, String, Locale, TimeZone, String)

authenticateUser

public UserInfo authenticateUser(java.lang.String loginID,
                                 java.lang.Object cert,
                                 java.lang.String password,
                                 java.util.Locale locale,
                                 java.util.TimeZone timeZone,
                                 java.lang.String siteId,
                                 java.lang.String clientHostAddr)
                          throws MXException,
                                 java.rmi.RemoteException

Authenticate the maximo user using maximo authentication as well as X509Certificate for the user identified as loginID. It checks whether the certificate is valid and then authenticate the maximo username and password.

Specified by:

authenticateUser in interface SecurityServiceRemote

Throws:

MXException

java.rmi.RemoteException

See Also:

authenticateUser(String, Object, String, Locale, TimeZone, String, String)

authenticateUserM

public UserInfo authenticateUserM(java.lang.String[] loginID,
                                  java.lang.Object cert,
                                  java.lang.String password,
                                  java.util.Locale locale,
                                  java.util.TimeZone timeZone,
                                  java.lang.String siteId,
                                  java.lang.String clientHostAddr)
                           throws MXException,
                                  java.rmi.RemoteException

Specified by:

authenticateUserM in interface SecurityServiceRemote

Throws:

MXException

java.rmi.RemoteException

See Also:

psdi.security.SecurityService#authenticateUserM(String, Object, String, Locale, TimeZone, String, String)

authenticateUser

public UserInfo authenticateUser(java.lang.String loginID,
                                 java.lang.String password,
                                 java.util.Locale locale,
                                 java.util.TimeZone timeZone,
                                 java.lang.String siteId,
                                 java.lang.String clientHostAddr)
                          throws MXException,
                                 java.rmi.RemoteException

Authenticate the specified user name and password against the database user domain. If is an invalid user, an MXAccessException is thrown.

If the user is blocked (maxuser.status) or is invalid for other reasons (e.g. wrong password or no row in MaxUser), then the user is bad; Throw the "NoLogin" error.

Specified by:

authenticateUser in interface SecurityServiceRemote

Parameters:

loginID - Validated against maxuser.loginid

password - User password

locale - User locale

timeZone - User time zone

siteId - User Site

clientHostAddr - The client host and address, used for maxsession table. Host and address are delimited by #clientHostDelim.

Returns:

the UserInfo

Throws:

MXException

java.rmi.RemoteException

See Also:

verifyUser(java.lang.String, java.lang.String, psdi.mbo.MboRemote), registerUser(psdi.mbo.MboRemote, java.util.Locale, java.util.TimeZone, long, java.lang.String, java.lang.String), users, MaxUser.isBlocked(), MaxUser.addLoginTracking(String), MaxUser.addMaxSession(), MaxUser, MAXSession, LoginTracking, commonUserValidation(java.lang.String, boolean, java.lang.String, java.lang.String)

authenticateToken

public UserInfo authenticateToken()
                           throws MXException,
                                  java.rmi.RemoteException

Authenticate S2stoken for the SSM.

Returns:

the UserInfo

Throws:

MXException

java.rmi.RemoteException

See Also:

authenticateUser(String, String, Locale, TimeZone, String, String)

authenticateApiKey

public UserInfo authenticateApiKey()
                            throws MXException,
                                   java.rmi.RemoteException

Authenticate api key token

Returns:

the UserInfo

Throws:

MXException

java.rmi.RemoteException

See Also:

authenticateUser(String, String, Locale, TimeZone, String, String)

authenticateThisApiKey

public UserInfo authenticateThisApiKey(java.lang.String apiKey)
                                throws MXException,
                                       java.rmi.RemoteException

Authenticate api key token

Returns:

the UserInfo

Throws:

MXException

java.rmi.RemoteException

See Also:

authenticateUser(String, String, Locale, TimeZone, String, String)

authenticateApiKey

public UserInfo authenticateApiKey(java.lang.String tenantCode)
                            throws MXException,
                                   java.rmi.RemoteException

Authenticate api key token

Returns:

the UserInfo

Throws:

MXException

java.rmi.RemoteException

See Also:

authenticateUser(String, String, Locale, TimeZone, String, String)

authenticateApiKey

public UserInfo authenticateApiKey(int tenantId)
                            throws MXException,
                                   java.rmi.RemoteException

Authenticate api key token

Returns:

the UserInfo

Throws:

MXException

java.rmi.RemoteException

See Also:

authenticateUser(String, String, Locale, TimeZone, String, String)

authenticateApiKey

public UserInfo authenticateApiKey(java.lang.String tenantCode,
                                   java.lang.String userId)
                            throws MXException,
                                   java.rmi.RemoteException

Authenticate api key token

Returns:

the UserInfo

Throws:

MXException

java.rmi.RemoteException

See Also:

authenticateUser(String, String, Locale, TimeZone, String, String)

authenticateUserM

public UserInfo authenticateUserM(java.lang.String[] loginID,
                                  java.lang.String password,
                                  java.util.Locale locale,
                                  java.util.TimeZone timeZone,
                                  java.lang.String siteId,
                                  java.lang.String clientHostAddr)
                           throws MXException,
                                  java.rmi.RemoteException

Specified by:

authenticateUserM in interface SecurityServiceRemote

Throws:

MXException

java.rmi.RemoteException

See Also:

psdi.security.SecurityService#authenticateUserM(String, String, Locale, TimeZone, String, String)

generateSessionToken

public java.lang.String generateSessionToken(UserInfo userInfo,
                                             java.lang.String sessionId)
                                      throws MXException,
                                             java.rmi.RemoteException

Specified by:

generateSessionToken in interface SecurityServiceRemote

Throws:

MXException

java.rmi.RemoteException

authenticateSessionToken

public UserInfo authenticateSessionToken(java.lang.String userId,
                                         java.lang.String sessionToken)
                                  throws MXException,
                                         java.rmi.RemoteException

Specified by:

authenticateSessionToken in interface SecurityServiceRemote

Throws:

MXException

java.rmi.RemoteException

authenticateSessionTokenM

public UserInfo authenticateSessionTokenM(java.lang.String[] userAndTenant,
                                          java.lang.String sessionToken)
                                   throws MXException,
                                          java.rmi.RemoteException

Specified by:

authenticateSessionTokenM in interface SecurityServiceRemote

Throws:

MXException

java.rmi.RemoteException

getUserInfo

public UserInfo getUserInfo(AuthenticatedAccessToken session,
                            java.lang.Object cert,
                            java.util.Locale locale,
                            java.util.TimeZone timeZone)
                     throws MXException,
                            java.rmi.RemoteException

Specified by:

getUserInfo in interface SecurityServiceRemote

Throws:

MXException

java.rmi.RemoteException

See Also:

getUserInfo(AuthenticatedAccessToken, Object, Locale, TimeZone, String, String)

getUserInfo

public UserInfo getUserInfo(AuthenticatedAccessToken session,
                            java.lang.Object cert,
                            java.util.Locale locale,
                            java.util.TimeZone timeZone,
                            java.lang.String clientHost,
                            java.lang.String clientAddr)
                     throws MXException,
                            java.rmi.RemoteException

Returns a UserInfo object based on the session data passed. This method is called only when appserver secutiry is used and certificate information is passed in. The UserInfo object returned by this method will contain the certification information for future database connection on behalf this authenticated user.

Specified by:

getUserInfo in interface SecurityServiceRemote

Parameters:

session -

cert -

locale -

timeZone -

clientHost -

clientAddr -

Returns:

Throws:

MXException

java.rmi.RemoteException

See Also:

getUserInfo(AuthenticatedAccessToken, Object, Locale, TimeZone, String, String)

getUserInfo

public UserInfo getUserInfo(AuthenticatedAccessToken session,
                            java.util.Locale locale,
                            java.util.TimeZone timeZone)
                     throws MXException,
                            java.rmi.RemoteException

}

Specified by:

getUserInfo in interface SecurityServiceRemote

Throws:

MXException

java.rmi.RemoteException

See Also:

#getUserInfo(AuthenticatedAccessToken, Locale, timeZone, null, null)

getUserInfo

public UserInfo getUserInfo(AuthenticatedAccessToken session,
                            java.util.Locale locale,
                            java.util.TimeZone timeZone,
                            java.lang.String clientHost,
                            java.lang.String clientAddr)
                     throws MXException,
                            java.rmi.RemoteException

This call is made by an already authenticated user session that's trying to get access to business objects. The code assumes that the Application Server authentication already occurred and the call is made with an access token that's given by the accesstoken provider ejb bean. The code here tries to verify the access token to make sure that the token is indeed generated by this server and contains valid token details.

Throws:

MXException

java.rmi.RemoteException

See Also:

SecurityServiceRemote.getUserInfo(psdi.security.AuthenticatedAccessToken, java.util.Locale, java.util.TimeZone), commonUserValidation(java.lang.String, boolean, java.lang.String, java.lang.String), registerUser(psdi.mbo.MboRemote, java.util.Locale, java.util.TimeZone, long, java.lang.String, java.lang.String)

authenticateUser

public UserInfo authenticateUser(java.lang.String userIdentity)
                          throws MXException,
                                 java.rmi.RemoteException

Call authenticateUser with second parameter False (not silent login). This method should NOT be exposed remotely!

Parameters:

userIdentity -

Returns:

UserInfo

Throws:

MXException

java.rmi.RemoteException

authenticateUserForLoginID

public UserInfo authenticateUserForLoginID(java.lang.String loginID,
                                           boolean silentLogin)
                                    throws MXException,
                                           java.rmi.RemoteException

Same as authenticateUser, but input param is LoginID. This is for use by the MEA group.

Parameters:

loginID - Login ID

silentLogin - Normally this should be False. Extreme care should be exercised when using True.

Returns:

UserInfo

Throws:

MXException

java.rmi.RemoteException

See Also:

getUserIDForLoginID(java.lang.String[], psdi.security.UserInfo), authenticateUser(String, boolean)

authenticateUserForLoginID

public UserInfo authenticateUserForLoginID(java.lang.String[] loginID,
                                           boolean silentLogin)
                                    throws MXException,
                                           java.rmi.RemoteException

Throws:

MXException

java.rmi.RemoteException

authenticateUserForLoginIDAndTenantID

public UserInfo authenticateUserForLoginIDAndTenantID(java.lang.String[] loginID,
                                                      boolean silentLogin)
                                               throws MXException,
                                                      java.rmi.RemoteException

Throws:

MXException

java.rmi.RemoteException

authenticateUser

public UserInfo authenticateUser(java.lang.String userIdentity,
                                 boolean silentLogin)
                          throws MXException,
                                 java.rmi.RemoteException

Authenticate internally connected privileged user. This method should NOT be exposed remotely! It is for use only by internal processes that need a completely configured UserInfo (with data from Person mbo, etc.). If you have already done a full authentication, or need only a skeletal UserInfo, you can also call getUserInfo. In multitenant environment, the tenant context should have been established.

Parameters:

userIdentity - UserID for the user to be authenticated.

silentLogin - If True, MaxSession and LoginTracking records will not be written (silent login). If False, they will be written, as for a regular login. Also, authenticateUser calls this with False.

Returns:

UserInfo for the given userID

Throws:

MXException

java.rmi.RemoteException

See Also:

getUserMbo(java.lang.String, psdi.security.UserInfo, boolean), registerUser(psdi.mbo.MboRemote, java.util.Locale, java.util.TimeZone, long, java.lang.String, java.lang.String), MaxUser.addLoginTracking(String)

authenticateUserM

public UserInfo authenticateUserM(java.lang.String[] userIdentity,
                                  boolean silentLogin)
                           throws MXException,
                                  java.rmi.RemoteException

The tenant has to be passed from userIdentify[1] or it has to be set by the context.

Parameters:

userIdentity -

silentLogin -

Returns:

Throws:

MXException

java.rmi.RemoteException

authenticateUserMTenantID

public UserInfo authenticateUserMTenantID(java.lang.String[] userIdentity,
                                          boolean silentLogin)
                                   throws MXException,
                                          java.rmi.RemoteException

Throws:

MXException

java.rmi.RemoteException

getUserInfo

public UserInfo getUserInfo(java.lang.String userIdentity)
                     throws MXException,
                            java.rmi.RemoteException

This is an internal method that should not be exposed through Remote Interface. This method should only be called by code that's running inside the business object layer.

If the user has already been authenticated, return the existing UserInfo. Otherwise, construct a new, skeletal UserInfo via createUserInfo with null Mbo parameter.

Parameters:

userIdentity - user id

Returns:

UserInfo object for the user id.

Throws:

MXException

java.rmi.RemoteException

See Also:

getUserMbo(java.lang.String, psdi.security.UserInfo, boolean), createUserInfo(psdi.mbo.MboRemote, java.util.Locale, java.util.TimeZone, long, java.lang.String, java.lang.String, java.lang.String)

isUser

public boolean isUser(UserInfo userinfo,
                      java.lang.String loginCheck,
                      java.lang.String passCheck)
               throws MXException,
                      java.rmi.RemoteException

Is this user the same one specified in the input params? Called from AppService verifyUser.

Specified by:

isUser in interface SecurityServiceRemote

Parameters:

userinfo - The userinfo for the session we're verifying

loginCheck - The loginid to verify.

passCheck - The password to verify.

Returns:

True if match, else False

Throws:

MXException

java.rmi.RemoteException

See Also:

isUser(psdi.security.UserInfo, java.lang.String, java.lang.String)

checkConcurrentUser

public void checkConcurrentUser(java.lang.String userId,
                                java.lang.String loginID)
                         throws java.rmi.RemoteException,
                                MXException

Checks if another user of same id already logged in or not. In multi-tenancy, this is check within the tenant. From NON LDAP environment, it takes login id and gets userid from usermbo to check for duplicate. For LDAP it takes userId. This check is done only if the maxvar mxe.enableConcurrentCheck is true.

Specified by:

checkConcurrentUser in interface SecurityServiceRemote

Parameters:

userId -

loginID -

Throws:

java.rmi.RemoteException

MXException

See Also:

checkConcurrentUser(java.lang.String, java.lang.String)

getSystemUserInfo

public UserInfo getSystemUserInfo()
                           throws MXException,
                                  java.rmi.RemoteException

An internal method to construct the system user information that's used to access all business objects. (UserID = value of mxe.adminuserid.)

Returns:

UserInfo a system level user information

Throws:

MXException

java.rmi.RemoteException

See Also:

getUserInfo(String)

isSystemUserInfo

public boolean isSystemUserInfo(UserInfo ui)

Check whether the passed in UserInfo object is a system user info.

Parameters:

ui -

Returns:

setSystemCredential

public void setSystemCredential(UserInfo uiObject)
                         throws MXException

Throws:

MXException

getProfile

public ProfileRemote getProfile(UserInfo userInfo)
                         throws MXException,
                                java.rmi.RemoteException

Get a user's security profile by calling getSecurityInfo.

Specified by:

getProfile in interface MboServerInterface

Specified by:

getProfile in interface SecurityServiceRemote

Overrides:

getProfile in class AppService

Parameters:

userInfo - UserInfo

Returns:

Profile for this user

Throws:

MXException

java.rmi.RemoteException

See Also:

getSecurityInfo(psdi.security.UserInfo)

getProfile

public ProfileRemote getProfile(java.lang.String userID)
                         throws MXException,
                                java.rmi.RemoteException

Get a user's security profile. If the userID is not in users, then return null.

Parameters:

userID - User ID

Returns:

Profile for this user

Throws:

MXException

java.rmi.RemoteException

refreshProfile

public void refreshProfile(UserInfo userInfo,
                           Profile profile)

Refresh SecurityInfo Profile cache. Called from Profile object.

Parameters:

user - UserInfo

Profile - for this user

See Also:

refreshProfile(String, Profile)

refreshProfile

public void refreshProfile(java.lang.String userID,
                           Profile profile)

Refresh SecurityInfo Profile cache.

Parameters:

userID - User ID

Profile - for this user

See Also:

SecurityInfo#refreshProfile, Profile

refreshSecurityInfo

public void refreshSecurityInfo(java.lang.String userID,
                                MboRemote userMbo,
                                MboRemote personMbo)
                         throws MXException,
                                java.rmi.RemoteException

Update UserInfo, UserLoginDetails, and/or Profile (as appropriate) and update SecurityInfo with the new data. The SecurityInfo is accessed via the users cache.

This does NOT update the Profile info related to security groups, application access, etc.

Specified by:

refreshSecurityInfo in interface SecurityServiceRemote

Parameters:

userID - The userID to be updated.

userMbo - MaxUser mbo to use for refreshing user cache. Can be null if no changes.

personMbo - Person mbo to use for refreshing user profile. Can be null if no changes.

Throws:

MXException

java.rmi.RemoteException

See Also:

refreshSecurityInfo(java.lang.String, psdi.mbo.MboRemote, psdi.mbo.MboRemote)

getDBUrl

public java.lang.String getDBUrl()

Return the database url dbURL.

Specified by:

getDBUrl in interface SecurityServiceRemote

Returns:

The database url.

See Also:

getDBUrl()

disconnectUser

public void disconnectUser(UserInfo userInfo)

Deprecated. Call disconnectUser.

Calls disconnectUser with disconnectType = USER_LOGOUT.

Specified by:

disconnectUser in interface SecurityServiceRemote

See Also:

disconnectUser(UserInfo)

disconnectUser

public void disconnectUser(UserInfo userInfo,
                           int disconnectType)

Delete or inactivate from maxsession and remove from users cache.

Specified by:

disconnectUser in interface SecurityServiceRemote

Parameters:

userInfo - The UserInfo being disconnected. This contains the userid and sessionid.

disconnectType - SecurityServiceRemote SERVER_TIMEOUT, BROWSER_TIMEOUT, USER_LOGOUT.

See Also:

removeUserFromCache(java.lang.String, long, int, java.lang.String), MXServer.clearUserInput(psdi.security.UserInfo)

disconnectUser

public void disconnectUser(java.lang.String userid,
                           long maxsessionid,
                           int disconnectType,
                           java.lang.String adminUserID)

Delete or inactivate from maxsession table and delete from users cache.

Specified by:

disconnectUser in interface SecurityServiceRemote

Parameters:

userid - The userid being disconnected.

maxsessionid - The sessionid being disconnected.

disconnectType - SecurityServiceRemote SERVER_TIMEOUT, BROWSER_TIMEOUT, ADMIN_LOGOUT, USER_LOGOUT.

adminUserID - If disconnectType is ADMIN_LOGOUT, then this is the UserID of the administrative user initiating the logout. Otherwise, this is null.

See Also:

removeUserFromCache(java.lang.String, long, int, java.lang.String)

getURL

public java.lang.String getURL()

Gets the URL value

Specified by:

getURL in interface AppServiceRemote

Specified by:

getURL in interface Service

Specified by:

getURL in interface ServiceRemote

Overrides:

getURL in class AppService

setURL

public void setURL(java.lang.String url)

Description copied from class: AppService

Used by ServiceCoordinator

Specified by:

setURL in interface Service

Overrides:

setURL in class AppService

isAppService

public boolean isAppService()

Description copied from class: AppService

Used by ServiceCoordinator

Specified by:

isAppService in interface Service

Specified by:

isAppService in interface ServiceRemote

Overrides:

isAppService in class AppService

restart

public void restart()
             throws java.rmi.RemoteException

Description copied from class: AppService

Indicates that the Service should reload any cached information.

Specified by:

restart in interface ServiceRemote

Overrides:

restart in class AppService

Throws:

java.rmi.RemoteException

isSingletonService

public boolean isSingletonService()

Is used to setup singleton services, i.e. this service is to be started on only one server.

Specified by:

isSingletonService in interface Service

Specified by:

isSingletonService in interface ServiceRemote

Overrides:

isSingletonService in class AppService

getSessionCounter

public int getSessionCounter()

Return number of sessions last counted.

Specified by:

getSessionCounter in interface SecurityServiceRemote

Returns:

Number of sessions

See Also:

SessionCounter#getSessionCounter

isValidTenant

public boolean isValidTenant(java.lang.String tenantCode)

Check whether the tenant code is a known tenant code by this server. Only active tenant is valid.

Parameters:

tenantCode -

Returns:

getTenantCode

public java.lang.String getTenantCode(UserInfo ui)
                               throws MXException,
                                      java.rmi.RemoteException

Get tenant code of the UserInfo.

Specified by:

getTenantCode in interface SecurityServiceRemote

Parameters:

tenantCode -

Returns:

Throws:

MXException

java.rmi.RemoteException

isLandlord

public static boolean isLandlord(int tenantID)

Whehter the tenant id is the landlord's tenant id.

Parameters:

tenantID -

Returns:

reloadTenantReg

public void reloadTenantReg(java.lang.String tenantCode)
                     throws MXException

Throws:

MXException

getTempUserInfoForTenant

public UserInfo getTempUserInfoForTenant(UserInfo landlordUserInfo,
                                         int tenantID,
                                         java.lang.String tenantUserName,
                                         java.lang.String tenantLoginID,
                                         java.lang.String dbUserName,
                                         java.util.Locale l,
                                         java.lang.String langCode)
                                  throws MXException

Get the temporary UserInfo for the tenant. If the passed in UserInfo is not that of the landlord context, an exception will be thrown. If it is the landlord, the UserInfo will be created. But only certain properties of the UserInfo is set. Limited operation can be performed by this UserInfo.

Parameters:

landlordUserInfo - the Landlord UserInfo object

tenantID -

Returns:

Throws:

MXException

createDb2TenantDbUserId

public boolean createDb2TenantDbUserId(UserInfo landlordUi,
                                       java.lang.String tenantDbUserId)
                                throws MXException,
                                       java.rmi.RemoteException

Creates "soft" (non-OS level) DB2 tenant database user by granting necessary privileges.

Parameters:

landlordUi -

tenantDbUserId -

Returns:

Throws:

MXException

java.rmi.RemoteException

isValidDBUserForMT

public boolean isValidDBUserForMT(UserInfo landlordUI,
                                  java.lang.String dbUserName)
                           throws MXException,
                                  java.rmi.RemoteException

Validate the database user name. Returns true if it can access the database. But it does not test all the permissions this dbusername has to have in order for it to be useable as a user for the tenant.

Parameters:

landlordUI -

dbUserName -

Returns:

Throws:

MXException

java.rmi.RemoteException

getDBUserNameForTenant

public java.lang.String getDBUserNameForTenant(UserInfo landlordUserInfo)
                                        throws MXException

Get the database user of the tenant id. If tenant id does not supported by this server null will be returned.

Parameters:

tenantID -

Returns:

Throws:

MXException

getMasterModifiedObjects

public java.util.Map<java.lang.String,java.lang.String> getMasterModifiedObjects()
                                                                          throws MXException

Get lsit of objects which were changted (but not configured yet) by Master

Parameters:

serverName -

Returns:

Map of all objects changed by Master

Throws:

MXException

getMasterMboValueInfo

public MboValueInfo getMasterMboValueInfo(MboRemote tenantMbo)
                                   throws MXException

Get MboValueInfo for Master for given object and atribute

Parameters:

tenantMbo - Tenant Mbo

Returns:

MboValueInfo for Master context.

Throws:

MXException

createExtensionView

public java.util.Map<java.lang.String,java.lang.String> createExtensionView(java.util.Map<java.lang.String,java.util.Map<java.lang.String,java.util.Map<java.lang.String,java.lang.String>>> tableNames,
                                                                            java.util.Set<java.lang.String> deleteTables)
                                                                     throws MXException

Get lsit of objects which were changted (but not configured yet) by Master

Parameters:

serverName -

Returns:

Map of all objects changed by Master

Throws:

MXException

getMasterConfigLevel

public int getMasterConfigLevel()
                         throws MXException

Get Configure level for Master Configuration

Parameters:

serverName -

Returns:

Master Configuration Level

Throws:

MXException

resetSystemUserInfo

public void resetSystemUserInfo()

clear the cached system userinfo

getRealmName

public java.lang.String getRealmName()
                              throws MXException,
                                     java.rmi.RemoteException

Get the realm name for the current tenant.

Specified by:

getRealmName in interface SecurityServiceRemote

Returns:

Throws:

MXException

java.rmi.RemoteException

allowNewSessions

public boolean allowNewSessions()
                         throws MXException,
                                java.rmi.RemoteException

Throws:

MXException

java.rmi.RemoteException

getAllowNewSessions

public psdi.security.SecurityService.AllowNewSessions getAllowNewSessions()

processVMMParameters

public void processVMMParameters(LoadVMMSyncSettings settings)
                          throws java.rmi.RemoteException,
                                 MXException

Process the VMMSync properties for MT.

Parameters:

settings - settings that need to be updated.

Throws:

MXException

java.rmi.RemoteException

checkUniqueLoginID

public void checkUniqueLoginID(java.lang.String loginID)
                        throws java.rmi.RemoteException,
                               MXException

Specified by:

checkUniqueLoginID in interface SecurityServiceRemote

Throws:

java.rmi.RemoteException

MXException

associateTenantsToConsultant

public void associateTenantsToConsultant(java.lang.String loginID,
                                         java.util.List<ConsultantInfo> alltenants)
                                  throws MXException,
                                         java.rmi.RemoteException

Associate or disassociate a consultant user to a list of tenants.

Specified by:

associateTenantsToConsultant in interface SecurityServiceRemote

Throws:

MXException

java.rmi.RemoteException

populateConsultantFields

public void populateConsultantFields(java.lang.String origLoginID,
                                     java.lang.String newLoginID,
                                     MboRemote landlordMbo)
                              throws MXException,
                                     java.rmi.RemoteException

Populate the landlord mbo's change to the associated tenants.

Specified by:

populateConsultantFields in interface SecurityServiceRemote

Parameters:

origLoginID - The original loginid (not the changed one if it has changed) of the consultant user.

newLoginID - The current loginid of the consultant user.

landlordMbo - The mbo in the landlord context that has changed fields. This can be a MAXUSER, PERSON, PHONE or EMAIL object.

Throws:

MXException

java.rmi.RemoteException

populateConsultantFields

public void populateConsultantFields(MboRemote landlordMbo,
                                     MboRemote tenantMbo)
                              throws MXException,
                                     java.rmi.RemoteException

This method is used to populate fields for associating a consultant mbo with a tenant. Can be used for MAXUSER, PERSON, PHONE, EMAIL objects. An ALN domain must be defined to specify what fields to copy.

Parameters:

objectName - The object name of the mbo.

landlordMbo - The mbo in the landlord space. To be copied to tenant.

tenantMbo - The tenant mbo to be populated with values from the landlordMbo.

isNew - Is this a newly created Mbo? If it is, need to populate primry key values also

Throws:

MXException

java.rmi.RemoteException

loadCopyFieldsInfo

public java.util.Map<java.lang.String,java.util.List<java.util.List<java.lang.String>>> loadCopyFieldsInfo()
                                                                                                    throws MXException,
                                                                                                           java.rmi.RemoteException

Throws:

MXException

java.rmi.RemoteException

processConsultant

public void processConsultant(MboRemote consultMbo,
                              boolean isConsultant,
                              boolean validate)
                       throws MXException,
                              java.rmi.RemoteException

For multi-tenant environment do not allow to set fields for consultant user. It wil be propgated from Landlord.

Parameters:

validate - is this method validate (called from appValidate) or set value to read only (called init)

Throws:

MXException

java.rmi.RemoteException

checkIfUserLoaded

public boolean checkIfUserLoaded(java.lang.String loginID,
                                 int intendedTenancy)
                          throws MXException,
                                 java.rmi.RemoteException

For multi-tenant environment do not allow to set fields for consultant user. It wil be propgated from Landlord.

Parameters:

validate - is this method validate (called from appValidate) or set value to read only (called init)

Throws:

MXException

java.rmi.RemoteException

changeToAdminUser

public java.sql.Connection changeToAdminUser(UserInfo lndlordInfo)
                                      throws MXException,
                                             java.rmi.RemoteException

Switch context to the admin user.

Parameters:

con - database connection

Returns:

database admin user name

Throws:

MXException

java.rmi.RemoteException

isValidDBUser

public boolean isValidDBUser(UserInfo lndlordInfo,
                             java.lang.String tenantDbUserId)
                      throws MXException,
                             java.rmi.RemoteException

Validate the database user name. Returns true if it can access the database. But it does not test all the permissions this dbusername has to have in order for it to be useable as a user for the tenant.

Parameters:

landlordUI -

dbUserName -

Returns:

Throws:

MXException

java.rmi.RemoteException

registerConsultantUserListener

public void registerConsultantUserListener()
                                    throws MXException,
                                           java.rmi.RemoteException

Registers the consult user event listener, so when data is changed for consultant users, the change will populate to associated tenants.

Throws:

MXException

java.rmi.RemoteException

isConsultantFieldModified

public boolean isConsultantFieldModified(MboRemote landlordMbo)
                                  throws MXException,
                                         java.rmi.RemoteException

Returns true if the mbo has updates in the consultant-related field.

Specified by:

isConsultantFieldModified in interface SecurityServiceRemote

Parameters:

landlordMbo -

Returns:

Throws:

MXException

java.rmi.RemoteException

blockConsultantUser

public void blockConsultantUser(MboRemote landlordUser)
                         throws java.rmi.RemoteException,
                                MXException

Throws:

java.rmi.RemoteException

MXException

getLtpaToken

public java.lang.String getLtpaToken(javax.servlet.http.HttpServletRequest request)

Get LPTA Token cookie value from request. Returns null if cookie does not exist.

killLtpaToken

public static boolean killLtpaToken()

Should LTPA token be added to invalid token list upon logout.

validateLtpaToken

public void validateLtpaToken(javax.servlet.http.HttpServletRequest request)
                       throws MXException,
                              java.rmi.RemoteException

Check if LPTA Token is in list of invalid tokens.

Parameters:

request -

Throws:

MXException

java.rmi.RemoteException

invalidateLtpaToken

public void invalidateLtpaToken(javax.servlet.http.HttpServletRequest request)
                         throws MXException,
                                java.rmi.RemoteException

Add LPTA Token to list of invalid tokens.

Parameters:

request -

Throws:

MXException

java.rmi.RemoteException