SecurityMgr (KonaKart Server Engine API Documentation)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.konakart.bl
Class SecurityMgr

java.lang.Object
  com.konakart.bl.BaseMgr
      com.konakart.bl.SecurityMgr

All Implemented Interfaces:: SecurityMgrIf

Direct Known Subclasses:: SecurityMgrEE

public class SecurityMgr
extends BaseMgr
implements SecurityMgrIf
extends BaseMgr
implements SecurityMgrIf

Security Management

Field Summary
`protected static org.apache.commons.logging.Log`	`log` the log

Fields inherited from class com.konakart.bl.BaseMgr
`templateBaseDir`

Constructor Summary
`SecurityMgr(KKEngIf eng)` Constructor

Method Summary
`void`	`addCustomDataToSession(java.lang.String sessionId, java.lang.String data, int position)` Implemented in SecurityMgrEE
`protected java.lang.String`	`byteToHex(byte data)` Utility method
`void`	`changePassword(java.lang.String sessionId, java.lang.String currentPassword, java.lang.String newPassword)` The method ensures that the current password is correct, and then changes it with the new password.
`protected int`	`checkPassword(java.lang.String eMail, java.lang.String password)` The customer is searched for using his email as the key.
`int`	`checkSession(java.lang.String sessionId)` The given sessionId is checked to see whether it exists and whether it is has timed out.
`protected java.lang.String`	`createSessionId()` create a sessionId string
`void`	`enableCustomer(java.lang.String secretKey)` This method retrieves the SSO token using the Secret Key.
`java.lang.String`	`encrypt(java.lang.String password)` Generates a random byte which it concatenates with the password placing it in front (i.e.
`java.lang.String`	`getCustomDataFromSession(java.lang.String sessionId, int position)` Implemented in SecurityMgrEE
`protected int`	`getExpiryTimeInSecs()` Utility method to return the expiry time in minutes calculated from now.
`protected LDAPMgrIf`	`getLDAPMgr()` Used to get an instance of the LDAPMgr
`protected LoginIntegrationMgrInterface`	`getLoginIntegrationMgr()` Used to get an instance of the LoginIntegrationMgr
`java.lang.String`	`getRandomPassword(int length)` If length == 0, the configuration value ENTRY_PASSWORD_MIN_LENGTH is used.
`protected int`	`getSessionDurationInSecs()` Utility method to return the session duration in seconds.
`SSOTokenIf`	`getSSOToken(java.lang.String secretKey, boolean deleteToken)` Returns an SSOToken object for the secretKey (UUID).
`int`	`getTimeInSecs()` Utility method to return the current time in seconds
`protected void`	`insertSessionId(java.lang.String sessionId, int expiryInSecs, int customerId)` Insert the sessionId passed in as a parameter
`protected java.lang.String`	`login(int customerId)` protected login method that assumes that all checks have already been taken.
`java.lang.String`	`login(java.lang.String emailAddr, java.lang.String password)` Returns a session id if successful.
`java.lang.String`	`loginByAdmin(java.lang.String adminSession, int customerId)` Used to log in to the application as a customer by an Administrator.
`void`	`logout(java.lang.String sessionId)` Logout the user with the specified session Id.
`java.lang.String`	`saveSSOToken(SSOTokenIf token)` Saves the SSOToken in the database and returns a UUID secret key identifier.
`void`	`sendNewPassword(java.lang.String emailAddr, java.lang.String subject, java.lang.String countryCode)` Deprecated.
`EmailIf`	`sendNewPassword1(java.lang.String emailAddr, EmailOptionsIf options)` If a customer exists with the email address passed in as a parameter, then a new password is generated and sent to the customer.
`protected char`	`toHexChar(int i)` Utility method

Methods inherited from class com.konakart.bl.BaseMgr
addInsertAttr, addInsertAttr, checkRequired, getAdminEngMgr, getBasketMgr, getBillingMgr, getBookableProductMgr, getCatMgr, getConfigMgr, getCookieMgr, getCurrMgr, getCustMgr, getCustomerIdFromSession, getCustomerStatsMgr, getCustomerTagMgr, getEmailMgr, getEng, getLangMgr, getManuMgr, getMiscItemMgr, getMode, getModeString, getMqMgr, getMultiStoreMgr, getNewCriteria, getNewCriteria, getOrderMgr, getOrderTotalMgr, getPaymentMgr, getProdMgr, getPromMgr, getRewardPointMgr, getSecMgr, getShippingMgr, getSolrMgr, getStoreId, getTaxMgr, getTemplate, getTemplateRoot, getVelocityContextMgr, getWishListMgr, init, isEnterprise, isMultiStoreShareCustomers, isMultiStoreShareProducts

Methods inherited from class com.konakart.bl.BaseMgr

addInsertAttr, addInsertAttr, checkRequired, getAdminEngMgr, getBasketMgr, getBillingMgr, getBookableProductMgr, getCatMgr, getConfigMgr, getCookieMgr, getCurrMgr, getCustMgr, getCustomerIdFromSession, getCustomerStatsMgr, getCustomerTagMgr, getEmailMgr, getEng, getLangMgr, getManuMgr, getMiscItemMgr, getMode, getModeString, getMqMgr, getMultiStoreMgr, getNewCriteria, getNewCriteria, getOrderMgr, getOrderTotalMgr, getPaymentMgr, getProdMgr, getPromMgr, getRewardPointMgr, getSecMgr, getShippingMgr, getSolrMgr, getStoreId, getTaxMgr, getTemplate, getTemplateRoot, getVelocityContextMgr, getWishListMgr, init, isEnterprise, isMultiStoreShareCustomers, isMultiStoreShareProducts

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

log

protected static org.apache.commons.logging.Log log

the log

Constructor Detail

SecurityMgr

public SecurityMgr(KKEngIf eng)
            throws java.lang.Exception

Constructor

Parameters:: eng -
Throws:: java.lang.Exception

Method Detail

login

public java.lang.String login(java.lang.String emailAddr,
                              java.lang.String password)
                       throws java.lang.Exception

Returns a session id if successful. Otherwise returns null.

Specified by:: login in interface SecurityMgrIf

Parameters:: emailAddr -; password -
Returns:: SessionId if OK. Otherwise null.
Throws:: java.lang.Exception

login

protected java.lang.String login(int customerId)
                          throws java.lang.Exception

protected login method that assumes that all checks have already been taken. If we get to this point, the credentials have matched and so we need to create a random session id, 16 bytes long. Since duplicate session ids may be created, we retry a few times to create a unique session id.

Parameters:: customerId -
Returns:: Returns the sessionId
Throws:: java.lang.Exception

insertSessionId

protected void insertSessionId(java.lang.String sessionId,
                               int expiryInSecs,
                               int customerId)
                        throws org.apache.torque.TorqueException,
                               KKException

Insert the sessionId passed in as a parameter

Parameters:: sessionId -; expiryInSecs -; customerId -
Throws:: org.apache.torque.TorqueException; KKException

createSessionId

protected java.lang.String createSessionId()

create a sessionId string

Returns:: Returns a newly created sessionId string

logout

public void logout(java.lang.String sessionId)
            throws org.apache.torque.TorqueException,
                   com.workingdogs.village.DataSetException,
                   KKException

Logout the user with the specified session Id. First we check that the sessionId is valid.

Specified by:: logout in interface SecurityMgrIf

Parameters:: sessionId -
Throws:: com.workingdogs.village.DataSetException; org.apache.torque.TorqueException; KKException

getTimeInSecs

public int getTimeInSecs()

Utility method to return the current time in seconds

Specified by:: getTimeInSecs in interface SecurityMgrIf

Returns:: Returns the time

getExpiryTimeInSecs

protected int getExpiryTimeInSecs()

Utility method to return the expiry time in minutes calculated from now.

Returns:: Returns the expiry time

getSessionDurationInSecs

protected int getSessionDurationInSecs()

Utility method to return the session duration in seconds.

Returns:: Returns the the session duration

checkSession

public int checkSession(java.lang.String sessionId)
                 throws org.apache.torque.TorqueException,
                        com.workingdogs.village.DataSetException,
                        KKException

The given sessionId is checked to see whether it exists and whether it is has timed out. If it is valid, the expiry attribute is updated.

Specified by:: checkSession in interface SecurityMgrIf

Parameters:: sessionId -
Returns:: Returns customerId
Throws:: org.apache.torque.TorqueException; com.workingdogs.village.DataSetException; KKException

encrypt

public java.lang.String encrypt(java.lang.String password)
                         throws java.security.NoSuchAlgorithmException

Generates a random byte which it concatenates with the password placing it in front (i.e. "randomByte" + "Password"). Once the string has been encrypted it is returned as "encrypted string" : "random byte" . For example : password = secret and random byte = ce, then we encrypt cesecret . If the result is "51fc1050abe9ce692565814ac52a9ed2" we return 51fc1050abe9ce692565814ac52a9ed2:ce

Specified by:: encrypt in interface SecurityMgrIf

Parameters:: password -
Returns:: Returns an encrypted password
Throws:: java.security.NoSuchAlgorithmException

checkPassword

protected int checkPassword(java.lang.String eMail,
                            java.lang.String password)
                     throws org.apache.torque.TorqueException,
                            com.workingdogs.village.DataSetException,
                            java.security.NoSuchAlgorithmException,
                            KKException

The customer is searched for using his email as the key. We retrieve the hashed password from the DB; remove the colon and the random byte. We concatenate the random byte to the input password and encrypt the lot. Then we have to check whether the result matches the hashed password.

Parameters:: eMail -; password -
Returns:: id of customer if password matches. Otherwise a negative number.
Throws:: org.apache.torque.TorqueException; com.workingdogs.village.DataSetException; java.security.NoSuchAlgorithmException; KKException

byteToHex

protected java.lang.String byteToHex(byte data)

Utility method

Parameters:: data -
Returns:: Returns hex representation of the data

toHexChar

protected char toHexChar(int i)

Utility method

Parameters:: i -
Returns:: Returns a hex representation of the char

changePassword

public void changePassword(java.lang.String sessionId,
                           java.lang.String currentPassword,
                           java.lang.String newPassword)
                    throws java.lang.Exception

The method ensures that the current password is correct, and then changes it with the new password. It allows any password length and relies on the application to ensure that a minimum length is guaranteed.

Specified by:: changePassword in interface SecurityMgrIf

Parameters:: sessionId -; currentPassword -; newPassword -
Throws:: java.lang.Exception

getRandomPassword

public java.lang.String getRandomPassword(int length)
                                   throws java.lang.Exception

If length == 0, the configuration value ENTRY_PASSWORD_MIN_LENGTH is used.

Specified by:: getRandomPassword in interface SecurityMgrIf

Parameters:: length -
Returns:: Returns a random password
Throws:: java.lang.Exception

sendNewPassword

public void sendNewPassword(java.lang.String emailAddr,
                            java.lang.String subject,
                            java.lang.String countryCode)
                     throws java.security.NoSuchAlgorithmException,
                            java.lang.Exception

Deprecated.

If a customer exists with the email address passed in as a parameter, then a new password is generated and sent to the customer.

Specified by:: sendNewPassword in interface SecurityMgrIf

Parameters:: emailAddr -; subject -; countryCode -
Throws:: java.security.NoSuchAlgorithmException; java.lang.Exception

sendNewPassword1

public EmailIf sendNewPassword1(java.lang.String emailAddr,
                                EmailOptionsIf options)
                         throws java.security.NoSuchAlgorithmException,
                                java.lang.Exception

If a customer exists with the email address passed in as a parameter, then a new password is generated and sent to the customer.

Specified by:: sendNewPassword1 in interface SecurityMgrIf

Parameters:: emailAddr -; options -
Returns:: An Email object
Throws:: java.security.NoSuchAlgorithmException; java.lang.Exception

loginByAdmin

public java.lang.String loginByAdmin(java.lang.String adminSession,
                                     int customerId)
                              throws java.lang.Exception

Used to log in to the application as a customer by an Administrator. This is useful for Call Center type applications where the Call Center person can log into the application as the customer without requiring the customer's credentials, in order to perform some action on behalf of the customer. The adminSession must contain the session of a logged in Administrator User. The customerId must contain the Id of the customer to login as.

Specified by:: loginByAdmin in interface SecurityMgrIf

Parameters:: adminSession - The session of a logged in administrator user; customerId - The id of the customer to login as
Returns:: Returns the sessionId for the customer's session
Throws:: java.lang.Exception

getLoginIntegrationMgr

protected LoginIntegrationMgrInterface getLoginIntegrationMgr()

Used to get an instance of the LoginIntegrationMgr

Returns:: Returns an LoginIntegrationMgr Object

getLDAPMgr

protected LDAPMgrIf getLDAPMgr()

Used to get an instance of the LDAPMgr

Returns:: Returns an LDAPMgr Object

addCustomDataToSession

public void addCustomDataToSession(java.lang.String sessionId,
                                   java.lang.String data,
                                   int position)
                            throws org.apache.torque.TorqueException,
                                   KKException

Implemented in SecurityMgrEE

Specified by:: addCustomDataToSession in interface SecurityMgrIf

Parameters:: sessionId - The sessionId; data - The data to be saved; position - This must be in the range of 1-5 to identify custom1 to custom5
Throws:: org.apache.torque.TorqueException; KKException

getCustomDataFromSession

public java.lang.String getCustomDataFromSession(java.lang.String sessionId,
                                                 int position)
                                          throws KKException,
                                                 org.apache.torque.TorqueException,
                                                 com.workingdogs.village.DataSetException

Implemented in SecurityMgrEE

Specified by:: getCustomDataFromSession in interface SecurityMgrIf

Parameters:: sessionId - The sessionId; position - This must be in the range of 1-5 to identify custom1 to custom5
Returns:: Returns the custom data
Throws:: KKException; org.apache.torque.TorqueException; com.workingdogs.village.DataSetException

saveSSOToken

public java.lang.String saveSSOToken(SSOTokenIf token)
                              throws java.lang.Exception

Saves the SSOToken in the database and returns a UUID secret key identifier.

Specified by:: saveSSOToken in interface SecurityMgrIf

Parameters:: token - The SSO token to be saved
Returns:: Returns a UUID secret key identifier for the token
Throws:: java.lang.Exception

getSSOToken

public SSOTokenIf getSSOToken(java.lang.String secretKey,
                              boolean deleteToken)
                       throws org.apache.torque.TorqueException,
                              com.workingdogs.village.DataSetException

Returns an SSOToken object for the secretKey (UUID). Null is returned if no token is found. If the deleteToken parameter is set to true, the token is deleted from the database after having been read.

Specified by:: getSSOToken in interface SecurityMgrIf

Parameters:: secretKey - The UUID secretKey used to identify the token; deleteToken - The token is deleted from the database after being read
Returns:: Returns an SSOToken
Throws:: org.apache.torque.TorqueException; com.workingdogs.village.DataSetException

enableCustomer

public void enableCustomer(java.lang.String secretKey)
                    throws java.lang.Exception

This method retrieves the SSO token using the Secret Key. Once read, the token is deleted. The customer id read from the token is used to identify and enable the customer. An exception is thrown if a customer doesn't exist for the customer id found in the token.

Specified by:: enableCustomer in interface SecurityMgrIf

Parameters:: secretKey -
Throws:: java.lang.Exception

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.konakart.bl Class SecurityMgr

log

SecurityMgr

login

login

insertSessionId

createSessionId

logout

getTimeInSecs

getExpiryTimeInSecs

getSessionDurationInSecs

checkSession

encrypt

checkPassword

byteToHex

toHexChar

changePassword

getRandomPassword

sendNewPassword

sendNewPassword1

loginByAdmin

getLoginIntegrationMgr

getLDAPMgr

addCustomDataToSession

getCustomDataFromSession

saveSSOToken

getSSOToken

enableCustomer

com.konakart.bl
Class SecurityMgr