com.force.sdk.oauth.context
Class SecurityContextServiceImpl

java.lang.Object
  com.force.sdk.oauth.context.SecurityContextServiceImpl

All Implemented Interfaces:

SecurityContextService

public class SecurityContextServiceImpl
extends Object
implements SecurityContextService

The security context service provides the basic functionality for managing a security context in the session of the authenticated user. The implementation provided here is customizable because it delegates user data retrieval to a UserDataRetrievalService and the security context storage to a SecurityContextStorageService. The implementation used for each of these can vary depending on if a custom user data retriever is being used and whether server side session or browser cookie based security context storage is used.

Author:

John Simone

Constructor Summary

SecurityContextServiceImpl()

Method Summary

void	clearSecurityContext(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Clear the security context from the security context store and use the SecurityContextUtil to clear the other security related cookies.
SecretKeySpec	getSecretKey() Return the secret key if one is being used.
SecurityContext	getSecurityContextFromSession(javax.servlet.http.HttpServletRequest request) This method retrieves the security context.
void	setSecurityContextStorageService(SecurityContextStorageService securityContextStorageService)
void	setSecurityContextToSession(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, SecurityContext sc) Use the SecurityContextStorageService to store the security context.
void	setUserDataRetrievalService(UserDataRetrievalService userDataRetrievalService)
SecurityContext	verifyAndRefreshSecurityContext(SecurityContext sc, javax.servlet.http.HttpServletRequest request) Verify the passed in security context against the browser cookies.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SecurityContextServiceImpl

public SecurityContextServiceImpl()

Method Detail

setUserDataRetrievalService

public void setUserDataRetrievalService(UserDataRetrievalService userDataRetrievalService)

setSecurityContextStorageService

public void setSecurityContextStorageService(SecurityContextStorageService securityContextStorageService)

setSecurityContextToSession

public void setSecurityContextToSession(javax.servlet.http.HttpServletRequest request,
                                        javax.servlet.http.HttpServletResponse response,
                                        SecurityContext sc)

Use the SecurityContextStorageService to store the security context. Sets the security context to the session.

Specified by:

setSecurityContextToSession in interface SecurityContextService

Parameters:

request - HttpServletRequest

response - HttpServletResponse

sc - SecurityContext

getSecurityContextFromSession

public SecurityContext getSecurityContextFromSession(javax.servlet.http.HttpServletRequest request)

This method retrieves the security context. The security context will either come out of the session or will be built from a call to the partner api. The partner api will be called if: - There is no security context in the session, but there is a session id available in a cookie - There is a security context in the session, but the session id that it contains doesn't match the one available in the cookie This method retrieves the security context. The security context will either come out of the session or will be built from a call to the partner api. The partner api will be called if: - There is no security context in the session, but there is a session id available in a cookie - There is a security context in the session, but the session id that it contains doesn't match the one available in the cookie

Specified by:

getSecurityContextFromSession in interface SecurityContextService

Parameters:

request - HttpServletRequest

Returns:

SecurityContext

verifyAndRefreshSecurityContext

public SecurityContext verifyAndRefreshSecurityContext(SecurityContext sc,
                                                       javax.servlet.http.HttpServletRequest request)

Verify the passed in security context against the browser cookies. This will make sure that the necessary cookies exist and that the values match those in the security context. It will create a fresh security context with data from the partner API if necessary. Verify the passed in security context against the browser cookies. This will make sure that the necessary cookies exist and that the values match those in the security context. It will create a fresh security context with data from the partner API if necessary.

Specified by:

verifyAndRefreshSecurityContext in interface SecurityContextService

Parameters:

sc - SecurityContext

request - HttpServletRequest

Returns:

SecurityContext

clearSecurityContext

public void clearSecurityContext(javax.servlet.http.HttpServletRequest request,
                                 javax.servlet.http.HttpServletResponse response)

Clear the security context from the security context store and use the SecurityContextUtil to clear the other security related cookies. Clears the security context from the context store.

Specified by:

clearSecurityContext in interface SecurityContextService

Parameters:

request - HttpServletRequest

response - HttpServletResponse

getSecretKey

public SecretKeySpec getSecretKey()
                           throws ForceEncryptionException

Description copied from interface: SecurityContextService

Return the secret key if one is being used.

Specified by:

getSecretKey in interface SecurityContextService

Returns:

SecretKeySpec

Throws:

ForceEncryptionException - ForceEncryptionException