public abstract class

AbstractExternalSecurity

extends Object
implements ExternalSecurity
java.lang.Object
   ↳ com.microstrategy.web.app.AbstractExternalSecurity
Known Direct Subclasses

Class Overview

Title: AbstractExternalSecurity. Default basic implementation of the ExternalSecurity interface, indicating the logging process will be handled by the MSTR application, using the credentials as provided by the user.

Summary

[Expand]
Inherited Constants
From interface com.microstrategy.web.app.ExternalSecurity
Public Constructors
AbstractExternalSecurity()
Public Methods
boolean canReconnectSession(ContainerServices cntSvcs, WebIServerSession currentSession, int reason)
This method will be called each time Microstrategy Web tries to automatically reconnect a session that is still valid.
boolean closeSessionOnLogout(RequestKeys reqKeys, ContainerServices cntSvcs, WebIServerSession user)
Method to be called when the user or system invokes a logout event.
WebAppSessionManager getAppSessionManager()
Get the web web app session manager.
String getCustomLoginURL(String originalURL, String desiredServer, int desiredPort, String desiredProject)
Returns the URL of a custom page that will handle the authentication request, in case the handlesAuthenticationRequest() method returned USE_CUSTOM_LOGIN_PAGE
String getFailureURL(int reqType, ContainerServices cntrSvcs)
Once it has been determined the request has failed, this method will provide the URL information where the user should be taken next.
WebIServerSession getWebIServerSession(RequestKeys reqKeys, ContainerServices cntSvcs)
Create a new session object based on the information provided.
AbstractWebLoginProvider getWebLoginProvider(int webLoginMode)
Get the web login provider for a particular web login mode.
int handlesAuthenticationRequest(RequestKeys reqKeys, ContainerServices cntSvcs, int reason)
Indicates how ExternalSecurity wants to handle the session (authentication) request
boolean isRequestAuthorized(RequestKeys reqKeys, ContainerServices cntSvcs, WebIServerSession user)
Determines if the user is authorized to perform the incoming request
boolean processMSTRLoginForm(RequestKeys reqKeys, ContainerServices cntrSvcs, LoginForm loginForm, int reason)
Manipulates the already created WebIServerSession instance and modifies it if required
void setAppSessionManager(WebAppSessionManager appSessionManager)
Set the web web app session manager.
Protected Methods
int getPort(RequestKeys reqKeys)
Returns the Port from RequestKeys
String getProject(RequestKeys reqKeys)
Returns the Project Name from RequestKeys
String getServer(RequestKeys reqKeys)
Returns the Server Name from RequestKeys.
[Expand]
Inherited Methods
From class java.lang.Object
From interface com.microstrategy.web.app.ExternalSecurity

Public Constructors

public AbstractExternalSecurity ()

Public Methods

public boolean canReconnectSession (ContainerServices cntSvcs, WebIServerSession currentSession, int reason)

This method will be called each time Microstrategy Web tries to automatically reconnect a session that is still valid. At this point, it is always related to user preferences not matching the session values. There are certain user preferences that need to be applied at the time the session is created, namely:

  • Number and Date Locale
  • Session flags (cancel or remove pending jobs on logout)
Since user preferences are saved in the Metadata, the values provided when the session is created are "guessed" by Web or the ESM. After creating a session these values are compared with the actual Preferences values. If they do not match and there is enough information in the session to be able to reconnect, Web will invoke this method to confirm that the session can be reconnected with the correct preferences values. This method gets invoked even if the handlesAuthenticationRequest method returns COLLECT_SESSION_NOW, so customers implementing an ESM that creates a session need not to worry about applying user preferences themselves. This method is also invoked when a user changes one of these preferences through the application and the "Enable seamless login" setting is on.

Parameters
cntSvcs a ContainerServices valid instance
currentSession the WebIServerSession instance representing the current opened session.
reason The reason this method is called. Currently, there is only one reason MISMATCHED_PREFERENCES
Returns
  • If the ESM returns false, the session will not be reconnected and user-preferences will be used as-is.

public boolean closeSessionOnLogout (RequestKeys reqKeys, ContainerServices cntSvcs, WebIServerSession user)

Method to be called when the user or system invokes a logout event. This method can also be used to perform any custom operations when the user is logged out and before the session is closed.

Parameters
reqKeys a RequestKeys valid instance
cntSvcs a ContainerServices valid instance
user the WebIServerSession instance representing the current opened session being used for the user request and the one from which the user is about to be logged out.
Returns
  • a boolean value indicating if the session should be disconnected from the IServer and project or not.

public WebAppSessionManager getAppSessionManager ()

Get the web web app session manager.

Returns
  • WebAppSessionManager

public String getCustomLoginURL (String originalURL, String desiredServer, int desiredPort, String desiredProject)

Returns the URL of a custom page that will handle the authentication request, in case the handlesAuthenticationRequest() method returned USE_CUSTOM_LOGIN_PAGE

Parameters
originalURL the original url that was being called when the authentication request came up
desiredServer the server where the user requests to be logged to
desiredPort the port where the user requests to be logged to
desiredProject the project where the user requests to be logged to
Returns
  • a null String value, since by default Web Universal will use the predefined login page

public String getFailureURL (int reqType, ContainerServices cntrSvcs)

Once it has been determined the request has failed, this method will provide the URL information where the user should be taken next.

Parameters
reqType an int value indicating which request was the one that failed: AUTHENTICATION_REQUEST or AUTHORIZATION_REQUEST
cntrSvcs ContainerServices initialized instance
Returns
  • a String with the URL to use for redirecting the user.

public WebIServerSession getWebIServerSession (RequestKeys reqKeys, ContainerServices cntSvcs)

Create a new session object based on the information provided.

Parameters
reqKeys a RequestKeys valid instance
cntSvcs a ContainerServices valid instance
Returns
  • null, since by default ExternalSecurity won't be taking care of creating the sessions

public AbstractWebLoginProvider getWebLoginProvider (int webLoginMode)

Get the web login provider for a particular web login mode.

Returns
  • AbstractWebLoginProvider

public int handlesAuthenticationRequest (RequestKeys reqKeys, ContainerServices cntSvcs, int reason)

Indicates how ExternalSecurity wants to handle the session (authentication) request

Parameters
reqKeys a RequestKeys valid instance
cntSvcs a ContainerServices valid instance
reason an int value representing the reason why session handling is required
Returns
  • the default USE_MSTR_DEFAULT_LOGIN value

public boolean isRequestAuthorized (RequestKeys reqKeys, ContainerServices cntSvcs, WebIServerSession user)

Determines if the user is authorized to perform the incoming request

Parameters
reqKeys a RequestKeys valid instance
cntSvcs a ContainerServices valid instance
user the WebIServerSession instance representing the current opened session being used for the user request
Returns
  • true, since by default all requests are authorized

public boolean processMSTRLoginForm (RequestKeys reqKeys, ContainerServices cntrSvcs, LoginForm loginForm, int reason)

Manipulates the already created WebIServerSession instance and modifies it if required

Parameters
reqKeys a RequestKeys valid instance
cntrSvcs a ContainerServices valid instance
loginForm LoginForm instance initialized with the current information available for login
reason int value indicating why this session instance was created
Returns
  • a WebIServerSession instance modified if so required. Might return the same instance as the initialSession parameter.

public void setAppSessionManager (WebAppSessionManager appSessionManager)

Set the web web app session manager.

Protected Methods

protected int getPort (RequestKeys reqKeys)

Returns the Port from RequestKeys

Parameters
reqKeys a RequestKeys valid instance
Returns
  • the port

protected String getProject (RequestKeys reqKeys)

Returns the Project Name from RequestKeys

Parameters
reqKeys a RequestKeys valid instance
Returns
  • the Project Name

protected String getServer (RequestKeys reqKeys)

Returns the Server Name from RequestKeys.

Parameters
reqKeys a RequestKeys valid instance
Returns
  • the Server Name