Package com.microstrategy.web.app
Class AbstractExternalSecurity
- java.lang.Object
-
- com.microstrategy.web.app.AbstractExternalSecurity
-
- All Implemented Interfaces:
ExternalSecurity
- Direct Known Subclasses:
DefaultExternalSecurity
public abstract class AbstractExternalSecurity extends java.lang.Object implements ExternalSecurity
Title: AbstractExternalSecurity. Default basic implementation of the
ExternalSecurity
interface, indicating the logging process will be handled by the MSTR application, using the credentials as provided by the user.- Since:
- MicroStrategy Web 7.3.1 or earlier
-
-
Field Summary
-
Fields inherited from interface com.microstrategy.web.app.ExternalSecurity
AUTHENTICATION_REQUEST, AUTHORIZATION_REQUEST, COLLECT_SESSION_NOW, INVALID_CREDENTIALS, LOGIN_FIRST, MISMATCHED_PREFERENCES, NO_SESSION_FOUND, SESSION_CLOSED, USE_CUSTOM_LOGIN_PAGE, USE_MSTR_DEFAULT_LOGIN
-
-
Constructor Summary
Constructors Constructor Description AbstractExternalSecurity()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
canReconnectSession(ContainerServices cntSvcs, WebIServerSession currentSession, int reason)
This method will be called each time Microstrategy Web tries to automatically reconnect a session that is still valid.boolean
closeSessionOnLogout(RequestKeys reqKeys, ContainerServices cntSvcs, WebIServerSession user)
Method to be called when the user or system invokes a logout event.WebAppSessionManager
getAppSessionManager()
Get the web web app session manager.java.lang.String
getCustomLoginURL(java.lang.String originalURL, java.lang.String desiredServer, int desiredPort, java.lang.String desiredProject)
Returns the URL of a custom page that will handle the authentication request, in case thehandlesAuthenticationRequest()
method returnedUSE_CUSTOM_LOGIN_PAGE
java.lang.String
getFailureURL(int reqType, ContainerServices cntrSvcs)
Once it has been determined the request has failed, this method will provide the URL information where the user should be taken next.protected int
getPort(RequestKeys reqKeys)
Returns the Port from RequestKeysprotected java.lang.String
getProject(RequestKeys reqKeys)
Returns the Project Name from RequestKeysprotected java.lang.String
getServer(RequestKeys reqKeys)
Returns the Server Name from RequestKeys.WebIServerSession
getWebIServerSession(RequestKeys reqKeys, ContainerServices cntSvcs)
Create a new session object based on the information provided.AbstractWebLoginProvider
getWebLoginProvider(int webLoginMode)
Get the web login provider for a particular web login mode.int
handlesAuthenticationRequest(RequestKeys reqKeys, ContainerServices cntSvcs, int reason)
Indicates how ExternalSecurity wants to handle the session (authentication) requestboolean
isRequestAuthorized(RequestKeys reqKeys, ContainerServices cntSvcs, WebIServerSession user)
Determines if the user is authorized to perform the incoming requestboolean
processMSTRLoginForm(RequestKeys reqKeys, ContainerServices cntrSvcs, LoginForm loginForm, int reason)
Manipulates the already createdWebIServerSession
instance and modifies it if requiredvoid
setAppSessionManager(WebAppSessionManager appSessionManager)
Set the web web app session manager.
-
-
-
Method Detail
-
handlesAuthenticationRequest
public int handlesAuthenticationRequest(RequestKeys reqKeys, ContainerServices cntSvcs, int reason)
Indicates how ExternalSecurity wants to handle the session (authentication) request- Specified by:
handlesAuthenticationRequest
in interfaceExternalSecurity
- Parameters:
reqKeys
- aRequestKeys
valid instancecntSvcs
- aContainerServices
valid instancereason
- anint
value representing the reason why session handling is required- Returns:
- the default
USE_MSTR_DEFAULT_LOGIN
value
-
getWebIServerSession
public WebIServerSession getWebIServerSession(RequestKeys reqKeys, ContainerServices cntSvcs)
Create a new session object based on the information provided.- Specified by:
getWebIServerSession
in interfaceExternalSecurity
- Parameters:
reqKeys
- aRequestKeys
valid instancecntSvcs
- aContainerServices
valid instance- Returns:
null
, since by default ExternalSecurity won't be taking care of creating the sessions
-
getCustomLoginURL
public java.lang.String getCustomLoginURL(java.lang.String originalURL, java.lang.String desiredServer, int desiredPort, java.lang.String desiredProject)
Returns the URL of a custom page that will handle the authentication request, in case thehandlesAuthenticationRequest()
method returnedUSE_CUSTOM_LOGIN_PAGE
- Specified by:
getCustomLoginURL
in interfaceExternalSecurity
- Parameters:
originalURL
- the original url that was being called when the authentication request came updesiredServer
- the server where the user requests to be logged todesiredPort
- the port where the user requests to be logged todesiredProject
- the project where the user requests to be logged to- Returns:
- a null
String
value, since by default Web Universal will use the predefined login page
-
isRequestAuthorized
public boolean isRequestAuthorized(RequestKeys reqKeys, ContainerServices cntSvcs, WebIServerSession user)
Determines if the user is authorized to perform the incoming request- Specified by:
isRequestAuthorized
in interfaceExternalSecurity
- Parameters:
reqKeys
- aRequestKeys
valid instancecntSvcs
- aContainerServices
valid instanceuser
- theWebIServerSession
instance representing the current opened session being used for the user request- Returns:
true
, since by default all requests are authorized
-
processMSTRLoginForm
public boolean processMSTRLoginForm(RequestKeys reqKeys, ContainerServices cntrSvcs, LoginForm loginForm, int reason)
Manipulates the already createdWebIServerSession
instance and modifies it if required- Specified by:
processMSTRLoginForm
in interfaceExternalSecurity
- Parameters:
reqKeys
- aRequestKeys
valid instancecntrSvcs
- aContainerServices
valid instanceloginForm
-LoginForm
instance initialized with the current information available for loginreason
-int
value indicating why this session instance was created- Returns:
- a
WebIServerSession
instance modified if so required. Might return the same instance as theinitialSession
parameter.
-
getFailureURL
public java.lang.String getFailureURL(int reqType, ContainerServices cntrSvcs)
Once it has been determined the request has failed, this method will provide the URL information where the user should be taken next.- Specified by:
getFailureURL
in interfaceExternalSecurity
- Parameters:
reqType
- anint
value indicating which request was the one that failed:AUTHENTICATION_REQUEST
orAUTHORIZATION_REQUEST
cntrSvcs
-ContainerServices
initialized instance- Returns:
- a
String
with the URL to use for redirecting the user.
-
closeSessionOnLogout
public boolean closeSessionOnLogout(RequestKeys reqKeys, ContainerServices cntSvcs, WebIServerSession user)
Method to be called when the user or system invokes a logout event. This method can also be used to perform any custom operations when the user is logged out and before the session is closed.- Specified by:
closeSessionOnLogout
in interfaceExternalSecurity
- Parameters:
reqKeys
- aRequestKeys
valid instancecntSvcs
- aContainerServices
valid instanceuser
- theWebIServerSession
instance representing the current opened session being used for the user request and the one from which the user is about to be logged out.- Returns:
- a
boolean
value indicating if the session should be disconnected from the IServer and project or not. - Since:
- MicroStrategy Web 8.0.0
-
canReconnectSession
public boolean canReconnectSession(ContainerServices cntSvcs, WebIServerSession currentSession, int reason)
This method will be called each time Microstrategy Web tries to automatically reconnect a session that is still valid. At this point, it is always related to user preferences not matching the session values. There are certain user preferences that need to be applied at the time the session is created, namely:- Number and Date Locale
- Session flags (cancel or remove pending jobs on logout)
- Specified by:
canReconnectSession
in interfaceExternalSecurity
- Parameters:
cntSvcs
- aContainerServices
valid instancecurrentSession
- theWebIServerSession
instance representing the current opened session.reason
- The reason this method is called. Currently, there is only one reasonExternalSecurity.MISMATCHED_PREFERENCES
- Returns:
- If the ESM returns false, the session will not be reconnected and user-preferences will be used as-is.
- Since:
- MicroStrategy Web 8.0.2
-
setAppSessionManager
public void setAppSessionManager(WebAppSessionManager appSessionManager)
Set the web web app session manager.- Type Parameters:
code
- WebAppSessionManager projectList
-
getAppSessionManager
public WebAppSessionManager getAppSessionManager()
Get the web web app session manager.- Returns:
WebAppSessionManager
-
getWebLoginProvider
public AbstractWebLoginProvider getWebLoginProvider(int webLoginMode)
Get the web login provider for a particular web login mode.- Parameters:
webLoginMode
-- Returns:
AbstractWebLoginProvider
-
getServer
protected java.lang.String getServer(RequestKeys reqKeys)
Returns the Server Name from RequestKeys.- Parameters:
reqKeys
- aRequestKeys
valid instance- Returns:
- the Server Name
- Since:
- MicroStrategy Web 9.0.0
-
getProject
protected java.lang.String getProject(RequestKeys reqKeys)
Returns the Project Name from RequestKeys- Parameters:
reqKeys
- aRequestKeys
valid instance- Returns:
- the Project Name
- Since:
- MicroStrategy Web 9.0.0
-
getPort
protected int getPort(RequestKeys reqKeys)
Returns the Port from RequestKeys- Parameters:
reqKeys
- aRequestKeys
valid instance- Returns:
- the port
- Since:
- MicroStrategy Web 9.0.0
-
-