Class Session

  • All Implemented Interfaces:
    Serializable, PwMessage

    public class Session
    extends FortEntity
    implements PwMessage, Serializable
    This contains attributes related to a user's RBAC session. The following example shows the mapping to Session attributes on this entity:

    • Session
    • session.getUserId() => demoUser4
    • session.getInternalUserId() => be2dd2e:12a82ba707e:-7fee
    • session.getMessage() => Fortress checkPwPolicies userId <demouser4> VALIDATION GOOD
    • session.getErrorId() => 0
    • session.getWarningId() => 11
    • session.getExpirationSeconds() => 469831
    • session.getGraceLogins() => 0
    • session.getIsAuthenticated() => true
    • session.getLastAccess() => 1283623680440
    • session.getSessionId() => -7410986f:12addeea576:-7fff
    • ------------------------------------------
    • User user = session.getUser();
      • user.getUserId() => demoUser4
      • user.getInternalId() => be2dd2e:12a82ba707e:-7fee
      • user.getCn() => JoeUser4
      • user.getDescription() => Demo Test User 4
      • user.getOu() => test
      • user.getSn() => User4
      • user.getBeginDate() => 20090101
      • user.getEndDate() => none
      • user.getBeginLockDate() => none
      • user.getEndLockDate() => none
      • user.getDayMask() => 1234567
      • user.getTimeout() => 60
      • List<UserRole> roles = session.getRoles();
      • UserRole userRole = roles.get(i);
      • userRole.getName() => role1
      • userRole.getBeginTime() => 0000
      • userRole.getEndTime() => 0000
      • userRole.getBeginDate() => none
      • userRole.getEndDate() => none
      • userRole.getBeginLockDate() => null
      • userRole.getEndLockDate() => null
      • userRole.getDayMask() => null
      • userRole.getTimeout() => 0
      • List<UserAdminRole> adminRoles = session.getAdminRoles();
      • UserAdminRole userAdminRole = adminRoles.get(i);
      • userAdminRole.getName() => DemoAdminUsers
      • userAdminRole.getBeginTime() => 0000
      • userAdminRole.getEndTime() => 0000
      • userAdminRole.getBeginDate() => none
      • userAdminRole.getEndDate() => none
      • userAdminRole.getBeginLockDate() => null
      • userAdminRole.getEndLockDate() => null
      • userAdminRole.getDayMask() => null
      • userAdminRole.getTimeout() => 0
      • userAdminRole.getOsPs() => [ftT3POrg10, ftT4POrg10]
      • userAdminRole.getOsUs() => [ftT1UOrg10, ftT2UOrg10]
      • userAdminRole.getBeginRange() => ftT14Role1
      • userAdminRole.getEndRange() => ftT14Role10
      • userAdminRole.getBeginInclusive() => true
      • userAdminRole.getEndInclusive() => false

    Sample Data data contained within this Entity.

    Ses UID [demoUser4]:
    Ses IID [ccbb2929-bf01-413d-b768-529de4d428e5]
    Ses ERR [0]
    Ses WARN [10]
    Ses MSG [checkPwPolicies for userId <demouser4> PASSWORD CHECK SUCCESS]
    Ses EXP [0]
    Ses GRAC [0]
    Ses AUTH [true]
    Ses LAST [1297408501356]
    Ses SID [fc228713-1242-4061-9d8a-d4860bf8d3d8]
    ------------------------------------------
    Usr UID [demoUser4]
    Usr IID [ccbb2929-bf01-413d-b768-529de4d428e5]
    Usr CN [JoeUser4]
    Usr DESC [Demo Test User 4]
    Usr OU [demousrs1]
    Usr SN [User4]
    Usr BDTE [20090101]
    Usr EDTE [20990101]
    Usr BLDT [none]
    Usr ELDT [none]
    Usr DMSK [1234567]
    Usr TO [60]
    Usr REST [false]
    Usr PROP1 [customerNumber, 3213432]

    USER RBAC ROLE[0]:
    Rle role name [role1]
    Rle begin time [0000]
    Rle end time [0000]
    Rle begin date [20110101]
    Rle end date [none]
    Rle begin lock [none]
    Rle end lock [none]
    Rle day mask [all]
    Rle time out [60]

    USER ADMIN ROLE[0]:
    Adm admin role name [DemoAdminUsers]
    Adm OsU [Dev1]
    Adm OsP [App1]
    Adm begin range [role1]
    Adm end range [role3]
    Adm begin time [0000]
    Adm end time [0000]
    Adm begin date [20110101]
    Adm end date [none]
    Adm begin lock [none]
    Adm end lock [none]
    Adm day mask [23456]
    Adm time out [30]

    Author:
    Apache Directory Project
    See Also:
    Serialized Form
    • Constructor Summary

      Constructors 
      Constructor Description
      Session()
      Default constructor for Fortress Session.
      Session​(Group group)
      Construct a new Session instance with given Group entity.
      Session​(Group group, String sessionId)
      Construct a new Session instance with given Group entity.
      Session​(User user)
      Construct a new Session instance with given User entity.
      Session​(User user, String sessionId)
      Construct a new Session instance with given User entity.
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void copy​(Session inSession)
      Copy values from incoming Session object.
      List<UserAdminRole> getAdminRoles()
      Return a list of User's Admin Roles that have been activated into User's session.
      int getErrorId()
      Return the error id that is associated with the password policy checks.
      int getExpirationSeconds()
      This attribute specifies the maximum number of seconds before a password is due to expire that expiration warning messages will be returned to an authenticating user.
      int getGraceLogins()
      Gets the attribute that specifies the number of times an expired password can be used to authenticate before failure.
      Group getGroup()
      Return the Group entity that is associated with this entity.
      String getGroupName()
      Return the group name that is associated with this Session object.
      String getInternalUserId()
      Return the internal userId that is associated with User.
      long getLastAccess()
      Returns the last access time in milliseconds.
      String getMsg()
      Gets the message that is associated with the user's last authentication attempt.
      List<UserRole> getRoles()
      Return the list of User's RBAC Roles that have been activated into User's or Group's session.
      String getSessionId()
      Return the unique id that is associated with User.
      User getUser()
      Return the User entity that is associated with this entity.
      String getUserId()
      Return the userId that is associated with this Session object.
      List<Warning> getWarnings()
      Get the warnings attached to this Session.
      boolean isAuthenticated()
      A 'true' value here indicates user successfully authenticated with Fortress.
      boolean isGroupSession()
      A 'true' value here indicates this Session was created for Group entity
      boolean setAuthenticated()
      Get the value that will be set to 'true' if user has successfully authenticated with Fortress for this Session.
      void setAuthenticated​(boolean authenticated)
      Set the value to 'true' indicating that user has successfully authenticated with Fortress.
      void setErrorId​(int error)
      Set the error id that is associated with the password policy checks.
      void setExpirationSeconds​(int expire)
      This attribute specifies the maximum number of seconds before a password is due to expire that expiration warning messages will be returned to an authenticating user.
      void setGraceLogins​(int grace)
      This attribute specifies the number of times an expired password can be used to authenticate.
      void setGroup​(Group group)
      Set a Group entity into the Session.
      void setGroupName​(String groupName)
      Set the groupName that is associated with Group.
      void setGroupSession​(boolean isGroupSession)
      Set the value to 'true' indicating that Session is created for Group entity
      void setInternalUserId​(String internalUserId)
      Set the internal userId that is associated with User.
      void setLastAccess()
      Set the last access time in milliseconds.
      void setMsg​(String message)
      Set the message that is associated with the user's last authentication attempt.
      void setRole​(UserRole role)
      Add a single user-role object to the list of UserRoles for User.
      void setRoles​(List<UserRole> roles)
      Add a list of RBAC Roles to this entity that have been activated into Session or are under consideration for activation.
      void setUser​(User user)
      Set a User entity into the Session.
      void setUserId​(String userId)
      Set the userId that is associated with User.
      void setWarning​(Warning warning)
      Add a warning to the collection into Fortress Session object.
      void setWarnings​(List<Warning> warnings)
      Set the warnings on this Session.
      String toString()  
    • Constructor Detail

      • Session

        public Session()
        Default constructor for Fortress Session.
      • Session

        public Session​(User user)
        Construct a new Session instance with given User entity.
        Parameters:
        user - contains the User attributes that are associated with the Session.
      • Session

        public Session​(Group group)
        Construct a new Session instance with given Group entity.
        Parameters:
        group - contains the Group attributes that are associated with the Session.
      • Session

        public Session​(User user,
                       String sessionId)
        Construct a new Session instance with given User entity.
        Parameters:
        user - contains the User attributes that are associated with the Session.
      • Session

        public Session​(Group group,
                       String sessionId)
        Construct a new Session instance with given Group entity.
        Parameters:
        group - contains the Group attributes that are associated with the Session.
    • Method Detail

      • isAuthenticated

        public boolean isAuthenticated()
        A 'true' value here indicates user successfully authenticated with Fortress.
        Specified by:
        isAuthenticated in interface PwMessage
        Returns:
        boolean indicating successful authentication.
      • isGroupSession

        public boolean isGroupSession()
        A 'true' value here indicates this Session was created for Group entity
        Returns:
        boolean indicating if this Session is created for Group
      • copy

        public void copy​(Session inSession)
        Copy values from incoming Session object.
        Parameters:
        inSession - contains Session values.
      • getSessionId

        public String getSessionId()
        Return the unique id that is associated with User. This attribute is generated automatically by Fortress when new Session is created and is not known or changeable by external client.
        Returns:
        attribute maps to unique sessionId associated with user's session.
      • getUser

        public User getUser()
        Return the User entity that is associated with this entity. Sample User data contained in Session object:

        ------------------------------------------
        U UID [demoUser4]
        U IID [ccbb2929-bf01-413d-b768-529de4d428e5]
        U CN [JoeUser4]
        U DESC [Demo Test User 4]
        U OU [demousrs1]
        U SN [User4]
        U BDTE [20090101]
        U EDTE [20990101]
        U BLDT [none]
        U ELDT [none]
        U DMSK [1234567]
        U TO [60]
        U REST [false]
        U PROP[0]=customerNumber VAL=3213432

        USER ROLE[0]:
        role name <role1>
        begin time <0000>
        end time <0000>
        begin date <none>
        end date <none>
        begin lock <none>
        end lock <none>
        day mask <all>
        time out <0>

        USER ADMIN ROLE[0]:
        admin role name <DemoAdminUsers>
        OsU <null>
        OsP <null>
        begin range <null>
        end range <null>
        begin time <0000>
        end time <0000>
        begin date <none>
        end date <none>
        begin lock <none>
        end lock <none>
        day mask <all>
        time out <0>

        Returns:
        User entity that contains userid, roles and other attributes valid for Session.
      • getGroup

        public Group getGroup()
        Return the Group entity that is associated with this entity.
      • getUserId

        public String getUserId()
        Return the userId that is associated with this Session object.
        Specified by:
        getUserId in interface PwMessage
        Returns:
        userId maps to the 'uid' attribute on the 'inetOrgPerson' object class.
      • getGroupName

        public String getGroupName()
        Return the group name that is associated with this Session object.
        Returns:
        group name maps to the 'name' attribute on the 'ftGroup' object class.
      • getInternalUserId

        public String getInternalUserId()
        Return the internal userId that is associated with User. This attribute is generated automatically by Fortress when new User is added to directory and is not known or changeable by external client.
        Returns:
        attribute maps to 'ftId' in 'ftUserAttrs' object class.
      • getRoles

        public List<UserRole> getRoles()
        Return the list of User's RBAC Roles that have been activated into User's or Group's session. This list will not include ascendant RBAC roles which may be retrieved using AccessMgrImpl.authorizedRoles(Session).
        Returns:
        List containing User's RBAC roles. This list may be empty if User not assigned RBAC.
      • getAdminRoles

        public List<UserAdminRole> getAdminRoles()
        Return a list of User's Admin Roles that have been activated into User's session. This list will not include ascendant ARBAC roles which may be retrieved using DelAccessMgr.authorizedAdminRoles(Session).
        Returns:
        List containing User's Admin roles. This list may be empty if User not assigned Administrative role.
      • getLastAccess

        public long getLastAccess()
        Returns the last access time in milliseconds. Note that while the unit of time of the return value is a millisecond, the granularity of the value depends on the underlying operating system and may be larger. For example, many operating systems measure time in units of tens of milliseconds.
        Returns:
        the difference, measured in milliseconds, between the last access time and midnight, January 1, 1970 UTC.
      • getMsg

        public String getMsg()
        Gets the message that is associated with the user's last authentication attempt.
        Specified by:
        getMsg in interface PwMessage
        Returns:
        String contains text explaining result of user's last authentication.
      • getGraceLogins

        public int getGraceLogins()
        Gets the attribute that specifies the number of times an expired password can be used to authenticate before failure.
        Specified by:
        getGraceLogins in interface PwMessage
        Returns:
        The number of logins the user has left before password fails.
      • getExpirationSeconds

        public int getExpirationSeconds()
        This attribute specifies the maximum number of seconds before a password is due to expire that expiration warning messages will be returned to an authenticating user.

        If this attribute is not present, or if the value is 0 no warnings will be returned. If not 0, the value must be smaller than the value of the pwdMaxAge attribute.

        Specified by:
        getExpirationSeconds in interface PwMessage
        Returns:
        attribute is computed based on last time user has changed their password.
      • setAuthenticated

        public boolean setAuthenticated()
        Get the value that will be set to 'true' if user has successfully authenticated with Fortress for this Session. This value is set by the Fortress DAO object.
        Returns:
        value indicates result of authentication.
      • getErrorId

        public int getErrorId()
        Return the error id that is associated with the password policy checks. a '0' indicates no errors.
        • INVALID_PASSWORD_MESSAGE = -10;
        • GOOD = 0;
        • PASSWORD_HAS_EXPIRED = 100;
        • ACCOUNT_LOCKED = 101;
        • CHANGE_AFTER_RESET = 102;
        • NO_MODIFICATIONS = 103;
        • MUST_SUPPLY_OLD = 104;
        • INSUFFICIENT_QUALITY = 105;
        • PASSWORD_TOO_SHORT = 106;
        • PASSWORD_TOO_YOUNG = 107;
        • HISTORY_VIOLATION = 108;
        • ACCOUNT_LOCKED_CONSTRAINTS = 109;

        Specified by:
        getErrorId in interface PwMessage
        Returns:
        int contains the error id that was generated on the user's last authentication.
      • setUser

        public void setUser​(User user)
        Set a User entity into the Session. Sample User data contained in Session object:

        ------------------------------------------
        U UID [demoUser4]
        U IID [ccbb2929-bf01-413d-b768-529de4d428e5]
        U CN [JoeUser4]
        U DESC [Demo Test User 4]
        U OU [demousrs1]
        U SN [User4]
        U BDTE [20090101]
        U EDTE [20990101]
        U BLDT [none]
        U ELDT [none]
        U DMSK [1234567]
        U TO [60]
        U REST [false]
        U PROP[0]=customerNumber VAL=3213432

        USER ROLE[0]:
        role name <role1>
        begin time <0000>
        end time <0000>
        begin date <none>
        end date <none>
        begin lock <none>
        end lock <none>
        day mask <all>
        time out <0>

        USER ADMIN ROLE[0]:
        admin role name <DemoAdminUsers>
        OsU <null>
        OsP <null>
        begin range <null>
        end range <null>
        begin time <0000>
        end time <0000>
        begin date <none>
        end date <none>
        begin lock <none>
        end lock <none>
        day mask <all>
        time out <0>

        Parameters:
        user - Contains userId, roles and other security attributes used for access control.
      • setGroup

        public void setGroup​(Group group)
        Set a Group entity into the Session.
        Parameters:
        group - Contains group name, roles members and other security attributes used for access control.
      • setInternalUserId

        public void setInternalUserId​(String internalUserId)
        Set the internal userId that is associated with User. This method is used by DAO class and is generated automatically by Fortress. Attribute stored in LDAP cannot be changed by external caller. This method can be used by client for search purposes only.
        Parameters:
        internalUserId - maps to 'ftId' in 'ftUserAttrs' object class.
      • setAuthenticated

        public void setAuthenticated​(boolean authenticated)
        Set the value to 'true' indicating that user has successfully authenticated with Fortress. This value is set by the Fortress DAO object.
        Specified by:
        setAuthenticated in interface PwMessage
        Parameters:
        authenticated - indicates result of authentication.
      • setGroupSession

        public void setGroupSession​(boolean isGroupSession)
        Set the value to 'true' indicating that Session is created for Group entity
        Parameters:
        isGroupSession - indicates if Session is for Group
      • setUserId

        public void setUserId​(String userId)
        Set the userId that is associated with User. UserId is required attribute and must be set on add, update, delete, createSession, authenticate, etc..
        Specified by:
        setUserId in interface PwMessage
        Parameters:
        userId - maps to 'uid' attribute in 'inNetOrgPerson' object class.
      • setGroupName

        public void setGroupName​(String groupName)
        Set the groupName that is associated with Group. GroupName is required attribute and must be set on add, update, delete, createSession, authenticate, etc..
        Parameters:
        groupName - maps to 'name' attribute in 'ftGroup' object class.
      • setRoles

        public void setRoles​(List<UserRole> roles)
        Add a list of RBAC Roles to this entity that have been activated into Session or are under consideration for activation.
        Parameters:
        roles - List of type UserRole that contains at minimum UserId or GroupName and Role name.
      • setRole

        public void setRole​(UserRole role)
        Add a single user-role object to the list of UserRoles for User.
        Parameters:
        role - UserRole contains at least userId and role name (activation) and additional constraints (assignment)
      • setLastAccess

        public void setLastAccess()
        Set the last access time in milliseconds. Note that while the unit of time of the return value is a millisecond, the granularity of the value depends on the underlying operating system and may be larger. For example, many operating systems measure time in units of tens of milliseconds.
      • setMsg

        public void setMsg​(String message)
        Set the message that is associated with the user's last authentication attempt.
        Specified by:
        setMsg in interface PwMessage
        Parameters:
        message - Contains text explaining result of user's last authentication.
      • setErrorId

        public void setErrorId​(int error)
        Set the error id that is associated with the password policy checks. a '0' indicates no errors.
        • INVALID_PASSWORD_MESSAGE = -10;
        • GOOD = 0;
        • PASSWORD_HAS_EXPIRED = 100;
        • ACCOUNT_LOCKED = 101;
        • CHANGE_AFTER_RESET = 102;
        • NO_MODIFICATIONS = 103;
        • MUST_SUPPLY_OLD = 104;
        • INSUFFICIENT_QUALITY = 105;
        • PASSWORD_TOO_SHORT = 106;
        • PASSWORD_TOO_YOUNG = 107;
        • HISTORY_VIOLATION = 108;
        • ACCOUNT_LOCKED_CONSTRAINTS = 109;

        Specified by:
        setErrorId in interface PwMessage
        Parameters:
        error - contains the error id that was generated on the user's last authentication.
      • setGraceLogins

        public void setGraceLogins​(int grace)
        This attribute specifies the number of times an expired password can be used to authenticate.
        Specified by:
        setGraceLogins in interface PwMessage
        Parameters:
        grace - The number of logins the user has left before password fails.
      • setExpirationSeconds

        public void setExpirationSeconds​(int expire)
        This attribute specifies the maximum number of seconds before a password is due to expire that expiration warning messages will be returned to an authenticating user.

        If this attribute is not present, or if the value is 0 no warnings will be returned. If not 0, the value must be smaller than the value of the pwdMaxAge attribute.

        Specified by:
        setExpirationSeconds in interface PwMessage
        Parameters:
        expire - attribute is computed based on last time user has changed their password.
      • getWarnings

        public List<Warning> getWarnings()
        Get the warnings attached to this Session. Used for processing password policy scenarios, e.g.. password expiring message.
        Specified by:
        getWarnings in interface PwMessage
        Returns:
        null value, zero or more objects of type Warning will be returned. Note: the caller of this method must ensure a not null condition before use.
      • setWarnings

        public void setWarnings​(List<Warning> warnings)
        Set the warnings on this Session. Used for processing password policy scenarios, e.g.. password expiring message. Not intended for use outside of Fortress packages.
        Specified by:
        setWarnings in interface PwMessage
        Parameters:
        warnings - zero or more objects of type warning may be set on a Fortress session.
      • setWarning

        public void setWarning​(Warning warning)
        Add a warning to the collection into Fortress Session object. Used for processing password policy scenarios, e.g.. password expiring message. Not intended for use outside of Fortress packages.
        Specified by:
        setWarning in interface PwMessage
        Parameters:
        warning - one object of type warning will be added to Fortress session.