com.waveset.ui
Class LoginHelper

java.lang.Object
  extended bycom.waveset.ui.LoginHelper

public class LoginHelper
extends java.lang.Object

A class that provides a common set of login services to JSP pages in the end-user application.


Field Summary
static java.lang.String ANON_USER_ATTRIBUTE
          The attibute in the HttpSession where we store the temporary user name, used with the anonymous session.
static java.lang.String code_id
           
static java.lang.String QUESTION_AUTHENTICATION
          The attibute in the HttpSession where we store a flag indicating that an end-user authenticated with questions.
 
Constructor Summary
LoginHelper()
           
 
Method Summary
static void assimilateNonFormData(javax.servlet.http.HttpServletRequest req, GenericObject view, java.lang.String loginMode, java.lang.String appName, ObjectRef lmgRef, int lmIndex)
           
static void clearLoginErrorMessage(javax.servlet.http.HttpSession hs)
           
static void clearLoginInProgressInfo(javax.servlet.http.HttpSession hs)
          Called to remove any login in progress information on the http session.
static boolean containsNonUserAuthnProperties(java.lang.String loginMode, java.lang.String appName, int lmIndex)
           
static boolean containsNonUserAuthnProperties(java.lang.String loginMode, java.lang.String appName, ObjectRef lmgRef, int lmIndex)
           
static java.lang.String getAccountId(RequestState state, java.lang.String appName, ObjectRef lmgRef, java.util.Locale locale)
          Determine the account ID.
static Session getAnonymousSession(javax.servlet.http.HttpSession httpSession, javax.servlet.http.HttpServletResponse response, javax.servlet.jsp.JspWriter out)
          Get an anonymous session.
static java.lang.String getAnonymousUser(javax.servlet.http.HttpSession s)
          Get the currently registered anonymous user name if any.
static java.lang.String getAppName(RequestState state)
           
static java.lang.String getAppType(RequestState state)
           
static java.lang.String getChangePasswordResultsURL(Session session, java.lang.String appName, java.lang.String appType, java.util.Locale locale)
           
static java.lang.String getChangePasswordResultsURL(Session session, java.lang.String appName, java.lang.String appType, java.util.Locale locale, java.lang.Exception except)
           
static java.lang.String getContinueLoginURL(RequestState reqstate, java.lang.String appName, java.lang.String appType, java.util.Locale locale)
          Set's the continueLogin URL (jsp) to the correct one based on the passed in appType and appName.
static Form.Field getField(LoginConfig.LoginConfigEntry.AuthnProperty prop)
          Build a Form.Field suitable for an authentication property.
static boolean getForgotPasswordMode(RequestState state)
           
static java.util.Locale getLocale(javax.servlet.http.HttpServletRequest request, Session session)
          Given an HttpRequest object and a Session object, derives the locale to use as follows: If Internationalization is disabled, default to en-US If there is an explicit query param "lang"/"cntry" use them Else if the session is non-null and has a locale, use it. Else if there is an Accept-Language and our message catalog supports it, use it. Else default to en-US
static void getLoginErrorMessage(javax.servlet.http.HttpSession hs, PageProcessor page)
           
static java.util.Map getLoginInProgressInfo(javax.servlet.http.HttpSession hs)
          Called to retrieve login in progress information on the http session to be used in completing a multi-challenge response login protocol
static java.lang.String getLoginMode(RequestState state)
           
static java.lang.String getLoginURL(RequestState reqstate, java.lang.String appName, java.lang.String appType, java.util.Locale locale)
          Set's the login URL (jsp) to the correct one based on the passed in appType and appName.
static java.lang.String getNextURL(RequestState reqstate, java.lang.String appName, java.lang.String appType, java.util.Locale locale)
          Set's and returns the next page URL
static java.lang.String getQuestionLoginURL(RequestState reqstate, java.lang.String appName, java.lang.String appType, java.lang.String accountId, java.util.Locale locale)
           
static GenericObject getReqStateObj(RequestState state)
          Builds and returns a GenericObject representing the req state
static Session getSession(RequestState reqstate, javax.servlet.jsp.JspWriter out, java.lang.String appName, java.lang.String appType, java.util.Locale locale)
           
static boolean interactiveLoginMode(java.lang.String loginMode)
           
static boolean isAnonymous(Session s)
          Return true if this is an anonymous session.
static boolean isUserInputRequired(java.lang.String loginMode, java.lang.String appName, int lmIndex)
           
static boolean isUserInputRequired(java.lang.String loginMode, java.lang.String appName, ObjectRef lmgRef, int lmIndex)
           
static void poolSession(Session session, javax.servlet.http.HttpSession httpSession, PageInformation pageInfo)
          Return a session to the pool.
static void redirect(RequestState state, javax.servlet.jsp.JspWriter out, java.lang.String url)
          Redirect to another page, pooling the session obtained with getSession.
static boolean redirectIfAppIsDisabled(RequestState state)
           
static void saveLoginErrorMessage(javax.servlet.http.HttpSession hs, java.lang.String msg)
          Called to put any login error messages (like invalid password, etc.) on the http session where they will later be displayed in the UI
static void saveLoginInProgressInfo(javax.servlet.http.HttpSession hs, Session s)
          Called to serialize/persist login in progress information on the http session where it can be retrieved for use in completing a multi-challenge response login protocol
static void saveLoginWarningMessage(javax.servlet.http.HttpSession hs, Message msg)
          Called to put any login messages (like a password close to expiration) on the http session where they will later be displayed in the UI (currently in the page footer in yellow).
static void saveLoginWarningMessage(javax.servlet.http.HttpSession hs, java.lang.String msg)
          Called to put any login messages (like a password close to expiration) on the http session where they will later be displayed in the UI (currently in the page footer in yellow).
static void saveLoginWarningMessages(javax.servlet.http.HttpSession hs, Session s)
          Called to put any login messages (like a password close to expiration) on the http session where they will later be displayed in the UI (currently in the page footer in yellow).
static void saveSubject(javax.servlet.http.HttpSession hs, Session session)
          After a succesful construction of a new authenticated session, save the subject token on the HttpSession for later use.
static void setAnonymousUser(javax.servlet.http.HttpSession s, java.lang.String value)
          Set the currently registered anonymous user name.
static void setInteractiveLoginFormSubTitle(Form form, java.lang.String appName, ObjectRef lmgRef, int lceIndex, java.lang.String loginMode, boolean forgotPasswordMode, java.util.Locale locale)
           
static void setInteractiveLoginFormTitle(Form form, java.lang.String appName, ObjectRef lmgRef, int lceIndex, java.lang.String loginMode, java.util.Locale locale)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

code_id

public static final java.lang.String code_id
See Also:
Constant Field Values

ANON_USER_ATTRIBUTE

public static final java.lang.String ANON_USER_ATTRIBUTE
The attibute in the HttpSession where we store the temporary user name, used with the anonymous session.

See Also:
Constant Field Values

QUESTION_AUTHENTICATION

public static final java.lang.String QUESTION_AUTHENTICATION
The attibute in the HttpSession where we store a flag indicating that an end-user authenticated with questions. This serves two purposes, if it is present, it indicates that question authentication was performed. Its value is also the number of attempts that were made before authenticating. This is how we track the number of attempts to implement account lock if they fail authentication some number of times.

See Also:
Constant Field Values
Constructor Detail

LoginHelper

public LoginHelper()
Method Detail

getSession

public static Session getSession(RequestState reqstate,
                                 javax.servlet.jsp.JspWriter out,
                                 java.lang.String appName,
                                 java.lang.String appType,
                                 java.util.Locale locale)

redirect

public static void redirect(RequestState state,
                            javax.servlet.jsp.JspWriter out,
                            java.lang.String url)
Redirect to another page, pooling the session obtained with getSession.


poolSession

public static void poolSession(Session session,
                               javax.servlet.http.HttpSession httpSession,
                               PageInformation pageInfo)
Return a session to the pool.


getReqStateObj

public static GenericObject getReqStateObj(RequestState state)
                                    throws WavesetException
Builds and returns a GenericObject representing the req state

Throws:
WavesetException

getLoginURL

public static java.lang.String getLoginURL(RequestState reqstate,
                                           java.lang.String appName,
                                           java.lang.String appType,
                                           java.util.Locale locale)
Set's the login URL (jsp) to the correct one based on the passed in appType and appName. Append the nextPage parameter if there so we carry it along during the login cycle


getContinueLoginURL

public static java.lang.String getContinueLoginURL(RequestState reqstate,
                                                   java.lang.String appName,
                                                   java.lang.String appType,
                                                   java.util.Locale locale)
Set's the continueLogin URL (jsp) to the correct one based on the passed in appType and appName. Append the nextPage parameter if there so we carry it along during the login cycle


getQuestionLoginURL

public static java.lang.String getQuestionLoginURL(RequestState reqstate,
                                                   java.lang.String appName,
                                                   java.lang.String appType,
                                                   java.lang.String accountId,
                                                   java.util.Locale locale)

getChangePasswordResultsURL

public static java.lang.String getChangePasswordResultsURL(Session session,
                                                           java.lang.String appName,
                                                           java.lang.String appType,
                                                           java.util.Locale locale)

getChangePasswordResultsURL

public static java.lang.String getChangePasswordResultsURL(Session session,
                                                           java.lang.String appName,
                                                           java.lang.String appType,
                                                           java.util.Locale locale,
                                                           java.lang.Exception except)

getNextURL

public static java.lang.String getNextURL(RequestState reqstate,
                                          java.lang.String appName,
                                          java.lang.String appType,
                                          java.util.Locale locale)
                                   throws WavesetException
Set's and returns the next page URL

Throws:
WavesetException

saveSubject

public static void saveSubject(javax.servlet.http.HttpSession hs,
                               Session session)
After a succesful construction of a new authenticated session, save the subject token on the HttpSession for later use. Also save any warning messages left behind in the new session.


saveLoginWarningMessages

public static void saveLoginWarningMessages(javax.servlet.http.HttpSession hs,
                                            Session s)
Called to put any login messages (like a password close to expiration) on the http session where they will later be displayed in the UI (currently in the page footer in yellow).


saveLoginWarningMessage

public static void saveLoginWarningMessage(javax.servlet.http.HttpSession hs,
                                           Message msg)
Called to put any login messages (like a password close to expiration) on the http session where they will later be displayed in the UI (currently in the page footer in yellow).


saveLoginWarningMessage

public static void saveLoginWarningMessage(javax.servlet.http.HttpSession hs,
                                           java.lang.String msg)
Called to put any login messages (like a password close to expiration) on the http session where they will later be displayed in the UI (currently in the page footer in yellow).


saveLoginErrorMessage

public static void saveLoginErrorMessage(javax.servlet.http.HttpSession hs,
                                         java.lang.String msg)
Called to put any login error messages (like invalid password, etc.) on the http session where they will later be displayed in the UI


getLoginErrorMessage

public static void getLoginErrorMessage(javax.servlet.http.HttpSession hs,
                                        PageProcessor page)

clearLoginErrorMessage

public static void clearLoginErrorMessage(javax.servlet.http.HttpSession hs)

getAppName

public static java.lang.String getAppName(RequestState state)
                                   throws WavesetException
Throws:
WavesetException

getAppType

public static java.lang.String getAppType(RequestState state)
                                   throws WavesetException
Throws:
WavesetException

getAccountId

public static java.lang.String getAccountId(RequestState state,
                                            java.lang.String appName,
                                            ObjectRef lmgRef,
                                            java.util.Locale locale)
                                     throws WavesetException
Determine the account ID.

Throws:
WavesetException

getLoginMode

public static java.lang.String getLoginMode(RequestState state)
                                     throws WavesetException
Throws:
WavesetException

interactiveLoginMode

public static boolean interactiveLoginMode(java.lang.String loginMode)

containsNonUserAuthnProperties

public static boolean containsNonUserAuthnProperties(java.lang.String loginMode,
                                                     java.lang.String appName,
                                                     int lmIndex)
                                              throws WavesetException
Throws:
WavesetException

containsNonUserAuthnProperties

public static boolean containsNonUserAuthnProperties(java.lang.String loginMode,
                                                     java.lang.String appName,
                                                     ObjectRef lmgRef,
                                                     int lmIndex)
                                              throws WavesetException
Throws:
WavesetException

isUserInputRequired

public static boolean isUserInputRequired(java.lang.String loginMode,
                                          java.lang.String appName,
                                          int lmIndex)
                                   throws WavesetException
Throws:
WavesetException

isUserInputRequired

public static boolean isUserInputRequired(java.lang.String loginMode,
                                          java.lang.String appName,
                                          ObjectRef lmgRef,
                                          int lmIndex)
                                   throws WavesetException
Throws:
WavesetException

assimilateNonFormData

public static void assimilateNonFormData(javax.servlet.http.HttpServletRequest req,
                                         GenericObject view,
                                         java.lang.String loginMode,
                                         java.lang.String appName,
                                         ObjectRef lmgRef,
                                         int lmIndex)
                                  throws WavesetException
Throws:
WavesetException

clearLoginInProgressInfo

public static void clearLoginInProgressInfo(javax.servlet.http.HttpSession hs)
Called to remove any login in progress information on the http session. Typically called to clear existing fields before saving new info.


saveLoginInProgressInfo

public static void saveLoginInProgressInfo(javax.servlet.http.HttpSession hs,
                                           Session s)
Called to serialize/persist login in progress information on the http session where it can be retrieved for use in completing a multi-challenge response login protocol


getLoginInProgressInfo

public static java.util.Map getLoginInProgressInfo(javax.servlet.http.HttpSession hs)
                                            throws WavesetException
Called to retrieve login in progress information on the http session to be used in completing a multi-challenge response login protocol

Throws:
WavesetException

setInteractiveLoginFormTitle

public static void setInteractiveLoginFormTitle(Form form,
                                                java.lang.String appName,
                                                ObjectRef lmgRef,
                                                int lceIndex,
                                                java.lang.String loginMode,
                                                java.util.Locale locale)
                                         throws WavesetException
Throws:
WavesetException

setInteractiveLoginFormSubTitle

public static void setInteractiveLoginFormSubTitle(Form form,
                                                   java.lang.String appName,
                                                   ObjectRef lmgRef,
                                                   int lceIndex,
                                                   java.lang.String loginMode,
                                                   boolean forgotPasswordMode,
                                                   java.util.Locale locale)
                                            throws WavesetException
Throws:
WavesetException

getAnonymousSession

public static Session getAnonymousSession(javax.servlet.http.HttpSession httpSession,
                                          javax.servlet.http.HttpServletResponse response,
                                          javax.servlet.jsp.JspWriter out)
                                   throws WavesetException
Get an anonymous session.

Throws:
WavesetException

isAnonymous

public static boolean isAnonymous(Session s)
Return true if this is an anonymous session.


getAnonymousUser

public static java.lang.String getAnonymousUser(javax.servlet.http.HttpSession s)
Get the currently registered anonymous user name if any.


setAnonymousUser

public static void setAnonymousUser(javax.servlet.http.HttpSession s,
                                    java.lang.String value)
Set the currently registered anonymous user name.


getField

public static Form.Field getField(LoginConfig.LoginConfigEntry.AuthnProperty prop)
Build a Form.Field suitable for an authentication property.


getForgotPasswordMode

public static boolean getForgotPasswordMode(RequestState state)
Returns:
true if we are allowing forgotPassword, false otherwise.

getLocale

public static java.util.Locale getLocale(javax.servlet.http.HttpServletRequest request,
                                         Session session)
Given an HttpRequest object and a Session object, derives the locale to use as follows:
  1. If Internationalization is disabled, default to en-US
  2. If there is an explicit query param "lang"/"cntry" use them
  3. Else if the session is non-null and has a locale, use it.
  4. Else if there is an Accept-Language and our message catalog supports it, use it.
  5. Else default to en-US


redirectIfAppIsDisabled

public static boolean redirectIfAppIsDisabled(RequestState state)
                                       throws WavesetException
Throws:
WavesetException