Interface ExternalSecurity
-
- All Known Implementing Classes:
AbstractExternalSecurity
,DefaultExternalSecurity
public interface ExternalSecurity
Title: ExternalSecurity.
Description: Out of the box, the Web Universal application provides its own built-in login page. For customers wishing to integrate Web Universal into a portal, they may opt to redirect the request to another custom login page. Finally, if an Intelligence Server session has already been established, then customers may want that existing session to be reused.
Prior to Web Universal, the existing form of security customization was offered through the Security Plug-in concept. In this approach, credentials were still collected through the MicroStrategy Login page, however, the external security agent had the ability to interpret these values in arbitrary ways. That is, instead of referring to an Intelligence Server user, the customer could interpret the user name supplied as a key into an employee database. The security plug-in was responsible for mapping these credentials to valid Intelligence Server user credentials. This form of security optimization is offered through the ExternalSecurity interface.
The other form of security enforcement is Authorization. This refers to the process of checking the validity of each individual request. In the context of the MicroStrategy Web application, this means checking whether a given user may proceed with a specific HTTP request.
ExternalSecurity is based on the notion of a single programming interface that is implemented by the client. Clients codify their security policies into an object (or set of objects) that implements this public interface. This interface represents the pact between the Web Universal application and the external security agent.- Since:
- MicroStrategy Web 7.3.1 or earlier
-
-
Field Summary
Fields Modifier and Type Field Description static int
AUTHENTICATION_REQUEST
Indicates the request type was for authenticationstatic int
AUTHORIZATION_REQUEST
Indicates the request type was for authorizationstatic int
COLLECT_SESSION_NOW
Value that thehandlesAuthenticationRequest()
method might return if the session should be handled by ExternalSecurity methodsstatic int
INVALID_CREDENTIALS
Reason why thehandlesAuthenticationRequest()
should be called: the session that was aviailable for use has wrong credential informationstatic int
LOGIN_FIRST
Reason why thehandlesAuthenticationRequest()
should be called: There is no login first session or the login first session is invalid.static int
MISMATCHED_PREFERENCES
Reason why the Web ask for reconnect session.static int
NO_SESSION_FOUND
Reason why thehandlesAuthenticationRequest()
should be called: there was no session available for the application to usestatic int
SESSION_CLOSED
Reason why thehandlesAuthenticationRequest()
should be called: the session that was available for use has expiredstatic int
USE_CUSTOM_LOGIN_PAGE
Value that thehandlesAuthenticationRequest()
method might return if the session should be prepared first by a custom login page specified by the ExternalSecurity componentstatic int
USE_MSTR_DEFAULT_LOGIN
Value that thehandlesAuthenticationRequest()
method might return if the session should be handled by Web Universal
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description boolean
canReconnectSession(ContainerServices cntSvcs, WebIServerSession currentSession, int reason)
This method will be called each time Microstrategy Web tries to automatically reconnect a session that is still valid.boolean
closeSessionOnLogout(RequestKeys reqKeys, ContainerServices cntSvcs, WebIServerSession user)
Method to be called when the user or system invokes a logout event.java.lang.String
getCustomLoginURL(java.lang.String originalURL, java.lang.String desiredServer, int desiredPort, java.lang.String desiredProject)
Returns the URL of a custom page that will handle the authentication request, in case thehandlesAuthenticationRequest()
method returnedUSE_CUSTOM_LOGIN_PAGE
java.lang.String
getFailureURL(int reqType, ContainerServices cntrSvcs)
Once it has been determined the request has failed, this method will provide the URL information where the user should be taken next.WebIServerSession
getWebIServerSession(RequestKeys reqKeys, ContainerServices cntSvcs)
Create a new session object based on the information provided.int
handlesAuthenticationRequest(RequestKeys reqKeys, ContainerServices cntSvcs, int reason)
Indicates how ExternalSecurity wants to handle the session (authentication) requestboolean
isRequestAuthorized(RequestKeys reqKeys, ContainerServices cntSvcs, WebIServerSession user)
Determines if the user is authorized to perform the incoming requestboolean
processMSTRLoginForm(RequestKeys reqKeys, ContainerServices cntrSvcs, LoginForm loginForm, int reason)
Manipulates the already createdWebIServerSession
instance and modifies it if required
-
-
-
Field Detail
-
USE_MSTR_DEFAULT_LOGIN
static final int USE_MSTR_DEFAULT_LOGIN
Value that thehandlesAuthenticationRequest()
method might return if the session should be handled by Web Universal- See Also:
- Constant Field Values
-
COLLECT_SESSION_NOW
static final int COLLECT_SESSION_NOW
Value that thehandlesAuthenticationRequest()
method might return if the session should be handled by ExternalSecurity methods- See Also:
- Constant Field Values
-
USE_CUSTOM_LOGIN_PAGE
static final int USE_CUSTOM_LOGIN_PAGE
Value that thehandlesAuthenticationRequest()
method might return if the session should be prepared first by a custom login page specified by the ExternalSecurity component- See Also:
- Constant Field Values
-
NO_SESSION_FOUND
static final int NO_SESSION_FOUND
Reason why thehandlesAuthenticationRequest()
should be called: there was no session available for the application to use- See Also:
- Constant Field Values
-
SESSION_CLOSED
static final int SESSION_CLOSED
Reason why thehandlesAuthenticationRequest()
should be called: the session that was available for use has expired- See Also:
- Constant Field Values
-
INVALID_CREDENTIALS
static final int INVALID_CREDENTIALS
Reason why thehandlesAuthenticationRequest()
should be called: the session that was aviailable for use has wrong credential information- See Also:
- Constant Field Values
-
LOGIN_FIRST
static final int LOGIN_FIRST
Reason why thehandlesAuthenticationRequest()
should be called: There is no login first session or the login first session is invalid.- Since:
- MicroStrategy Web 8.0.2
- See Also:
- Constant Field Values
-
MISMATCHED_PREFERENCES
static final int MISMATCHED_PREFERENCES
Reason why the Web ask for reconnect session.- Since:
- MicroStrategy Web 8.0.2
- See Also:
- Constant Field Values
-
AUTHENTICATION_REQUEST
static final int AUTHENTICATION_REQUEST
Indicates the request type was for authentication- See Also:
- Constant Field Values
-
AUTHORIZATION_REQUEST
static final int AUTHORIZATION_REQUEST
Indicates the request type was for authorization- See Also:
- Constant Field Values
-
-
Method Detail
-
handlesAuthenticationRequest
int handlesAuthenticationRequest(RequestKeys reqKeys, ContainerServices cntSvcs, int reason)
Indicates how ExternalSecurity wants to handle the session (authentication) request- Parameters:
reqKeys
- aRequestKeys
valid instancecntSvcs
- aContainerServices
valid instancereason
- anint
value representing the reason why session handling is required- Returns:
- an
int
value indicating how the session handling should be processed
-
getWebIServerSession
WebIServerSession getWebIServerSession(RequestKeys reqKeys, ContainerServices cntSvcs)
Create a new session object based on the information provided.- Parameters:
reqKeys
- aRequestKeys
valid instancecntSvcs
- aContainerServices
valid instance- Returns:
- a new
WebIServerSession
object to use as session for the current user request.
-
getCustomLoginURL
java.lang.String getCustomLoginURL(java.lang.String originalURL, java.lang.String desiredServer, int desiredPort, java.lang.String desiredProject)
Returns the URL of a custom page that will handle the authentication request, in case thehandlesAuthenticationRequest()
method returnedUSE_CUSTOM_LOGIN_PAGE
- Parameters:
originalURL
- the original url that was being called when the authentication request came updesiredServer
- the server where the user requests to be logged todesiredPort
- the port where the user requests to be logged todesiredProject
- the project where the user requests to be logged to- Returns:
- a
String
value with the url where the use should be redirected to
-
isRequestAuthorized
boolean isRequestAuthorized(RequestKeys reqKeys, ContainerServices cntSvcs, WebIServerSession user)
Determines if the user is authorized to perform the incoming request- Parameters:
reqKeys
- aRequestKeys
valid instancecntSvcs
- aContainerServices
valid instanceuser
- theWebIServerSession
instance representing the current opened session being used for the user request- Returns:
true
if the request is authorized. Otherwise, returnsfalse
-
processMSTRLoginForm
boolean processMSTRLoginForm(RequestKeys reqKeys, ContainerServices cntrSvcs, LoginForm loginForm, int reason)
Manipulates the already createdWebIServerSession
instance and modifies it if required- Parameters:
reqKeys
- aRequestKeys
valid instancecntrSvcs
- aContainerServices
valid instanceloginForm
- aLoginForm
instance with the information used for generating the session by the applicationreason
-int
value indicating why this session instance was created- Returns:
True
if the login was successfully processed - session to use will be available with thegetWebIServerSession()
method on this instance - orFalse
if it failed.
-
getFailureURL
java.lang.String getFailureURL(int reqType, ContainerServices cntrSvcs)
Once it has been determined the request has failed, this method will provide the URL information where the user should be taken next.- Parameters:
reqType
- anint
value indicating which request was the one that failed:AUTHENTICATION_REQUEST
orAUTHORIZATION_REQUEST
cntrSvcs
-ContainerServices
initialized instance- Returns:
- a
String
with the URL to use for redirecting the user.
-
closeSessionOnLogout
boolean closeSessionOnLogout(RequestKeys reqKeys, ContainerServices cntSvcs, WebIServerSession user)
Method to be called when the user or system invokes a logout event. This method can also be used to perform any custom operations when the user is logged out and before the session is closed.- Parameters:
reqKeys
- aRequestKeys
valid instancecntSvcs
- aContainerServices
valid instanceuser
- theWebIServerSession
instance representing the current opened session being used for the user request and the one from which the user is about to be logged out.- Returns:
- a
boolean
value indicating if the session should be disconnected from the IServer and project or not. - Since:
- MicroStrategy Web 8.0.0
-
canReconnectSession
boolean canReconnectSession(ContainerServices cntSvcs, WebIServerSession currentSession, int reason)
This method will be called each time Microstrategy Web tries to automatically reconnect a session that is still valid. At this point, it is always related to user preferences not matching the session values. There are certain user preferences that need to be applied at the time the session is created, namely:- Number and Date Locale
- Session flags (cancel or remove pending jobs on logout)
- Parameters:
cntSvcs
- aContainerServices
valid instancecurrentSession
- theWebIServerSession
instance representing the current opened session.reason
- The reason this method is called. Currently, there is only one reasonMISMATCHED_PREFERENCES
- Returns:
- If the ESM returns false, the session will not be reconnected and user-preferences will be used as-is.
- Since:
- MicroStrategy Web 8.0.2
-
-