com.konakart.blif

Interface SecurityMgrIf

All Known Implementing Classes:

SecurityMgr, SecurityMgrEE, SecurityMgrWond

public interface SecurityMgrIf

SecurityMgrIf Interface which an implementation of this manager must adhere to.

Method Summary

Modifier and Type	Method and Description
void	addCustomDataToSession(java.lang.String sessionId, java.lang.String data, int position) A sessionId is created when a customer logs in to KonaKart using the login() API call.
void	changePassword(java.lang.String sessionId, java.lang.String currentPassword, java.lang.String newPassword) The method ensures that the current password is correct, and then changes it with the new password.
int	checkAdminSession(java.lang.String adminSession, int customerId) If the session of the admin user is valid and refers to an administrator then the id of the admin user is returned.
void	checkFileAccess(java.lang.String fileName) Check that we allow access to this location.
int	checkSession(java.lang.String sessionId) The given sessionId is checked to see whether it exists and whether it is has timed out.
void	enableCustomer(java.lang.String secretKey) This method retrieves the SSO token using the Secret Key.
java.lang.String	encrypt(java.lang.String password) Returns an encrypted password.
ExternalLoginResult	externalLogin(ExternalLoginInputIf loginInfo) Used for logging in customers using a mechanism outside of KonaKart such as social login using Facebook.
java.lang.String	getCustomDataFromSession(java.lang.String sessionId, int position) A sessionId is created when a customer logs in to KonaKart using the login() API call.
java.lang.String	getRandomPassword(int length) If length == 0, the configuration value ENTRY_PASSWORD_MIN_LENGTH is used.
SSOTokenIf	getSSOToken(java.lang.String secretKey, boolean deleteToken) Returns an SSOToken object for the secretKey (UUID).
int	getTimeInSecs() Utility method to return the current time in seconds
java.lang.String	login(int customerId) Login method that assumes that all checks have already been taken.
java.lang.String	login(java.lang.String emailAddr, java.lang.String password) Returns a session id if successful.
java.lang.String	loginByAdmin(java.lang.String adminSession, int customerId) Used to log in to the application as a customer by an Administrator.
LoginResult	loginWithOptions(LoginInputIf input) Returns a LoginResult object containing the result of the login.
void	logout(java.lang.String sessionId) Logout the user with the specified session Id.
void	refreshConfigs() Refresh the configuration of the Security Manager
java.lang.String	saveSSOToken(SSOTokenIf token) Saves the SSOToken in the database and returns a UUID secret key identifier.
void	sendNewPassword(java.lang.String emailAddr, java.lang.String subject, java.lang.String countryCode) Deprecated.
EmailIf	sendNewPassword1(java.lang.String emailAddr, EmailOptionsIf options) If a customer exists with the email address passed in as a parameter, then a new password is generated and sent to the customer.
void	setNewPassword(java.lang.String adminSession, java.lang.String customerEmailAddr, int customerId, java.lang.String newPassword) Used to change the password of a customer.
CaptchaResultIf	validateCaptcha(CaptchaInputIf captchaInfo) Used for validate captcha
boolean	validatePassword(java.lang.String sessionId, java.lang.String password) This method validates the password of a logged in customer and can be used to force the customer to enter his password before allowing certain actions like the modification of the customer's email address.

Method Detail

login

java.lang.String login(java.lang.String emailAddr,
                       java.lang.String password)
                throws java.lang.Exception

Returns a session id if successful. Otherwise returns null.

Parameters:

emailAddr - the emailAddr

password - the password

Returns:

SessionId if OK. Otherwise null.

Throws:

java.lang.Exception - an unexpected exception

loginWithOptions

LoginResult loginWithOptions(LoginInputIf input)
                      throws java.lang.Exception

Returns a LoginResult object containing the result of the login. It returns more information than the login() API call as to why the login may have failed and whether the password needs to be changed.

Parameters:

input - LoginInput object containing the username and password

Returns:

Returns a LoginResult object containing the result of the login.

Throws:

java.lang.Exception - an unexpected exception

login

java.lang.String login(int customerId)
                throws java.lang.Exception

Login method that assumes that all checks have already been taken. If we get to this point, the credentials have matched and so we need to create a random session id, 16 bytes long. Since duplicate session ids may be created, we retry a few times to create a unique session id.

Parameters:

customerId - the customerId

Returns:

Returns the sessionId

Throws:

java.lang.Exception - an unexpected exception

logout

void logout(java.lang.String sessionId)
     throws org.apache.torque.TorqueException,
            com.workingdogs.village.DataSetException,
            com.konakart.app.KKException

Logout the user with the specified session Id. First we check that the sessionId is valid.

Parameters:

sessionId - the sessionId

Throws:

com.workingdogs.village.DataSetException - an unexpected exception due to data in Torque (the database layer)

org.apache.torque.TorqueException - an unexpected exception in Torque (the database layer)

com.konakart.app.KKException - an unexpected KKException exception

getTimeInSecs

int getTimeInSecs()

Utility method to return the current time in seconds

Returns:

Returns the time

checkSession

int checkSession(java.lang.String sessionId)
          throws org.apache.torque.TorqueException,
                 com.workingdogs.village.DataSetException,
                 com.konakart.app.KKException

The given sessionId is checked to see whether it exists and whether it is has timed out. If it is valid, the expiry attribute is updated.

Parameters:

sessionId - the sessionId

Returns:

Returns customerId

Throws:

org.apache.torque.TorqueException - an unexpected exception in Torque (the database layer)

com.workingdogs.village.DataSetException - an unexpected exception due to data in Torque (the database layer)

com.konakart.app.KKException - an unexpected KKException exception

encrypt

java.lang.String encrypt(java.lang.String password)
                  throws java.security.NoSuchAlgorithmException

Returns an encrypted password.

Parameters:

password - the password

Returns:

Returns an encrypted password

Throws:

java.security.NoSuchAlgorithmException - an unexpected NoSuchAlgorithmException exception

changePassword

void changePassword(java.lang.String sessionId,
                    java.lang.String currentPassword,
                    java.lang.String newPassword)
             throws java.lang.Exception

The method ensures that the current password is correct, and then changes it with the new password. It allows any password length and relies on the application to ensure that a minimum length is guaranteed.

Parameters:

sessionId - the sessionId

currentPassword - the currentPassword

newPassword - the newPassword

Throws:

java.lang.Exception - an unexpected exception

getRandomPassword

java.lang.String getRandomPassword(int length)
                            throws java.lang.Exception

If length == 0, the configuration value ENTRY_PASSWORD_MIN_LENGTH is used.

Parameters:

length - the length

Returns:

Returns a random password

Throws:

java.lang.Exception - an unexpected exception

sendNewPassword

@Deprecated
void sendNewPassword(java.lang.String emailAddr,
                                 java.lang.String subject,
                                 java.lang.String countryCode)
                          throws java.security.NoSuchAlgorithmException,
                                 java.lang.Exception

Deprecated.

If a customer exists with the email address passed in as a parameter, then a new password is generated and sent to the customer.

Parameters:

emailAddr - the emailAddr

subject - the subject

countryCode - the countryCode

Throws:

java.security.NoSuchAlgorithmException - an unexpected NoSuchAlgorithmException exception

java.lang.Exception - an unexpected exception

sendNewPassword1

EmailIf sendNewPassword1(java.lang.String emailAddr,
                         EmailOptionsIf options)
                  throws java.security.NoSuchAlgorithmException,
                         java.lang.Exception

If a customer exists with the email address passed in as a parameter, then a new password is generated and sent to the customer.

Parameters:

emailAddr - the emailAddr

options - the options

Returns:

An Email object containing only the email address specified

Throws:

java.security.NoSuchAlgorithmException - an unexpected NoSuchAlgorithmException exception

java.lang.Exception - an unexpected exception

loginByAdmin

java.lang.String loginByAdmin(java.lang.String adminSession,
                              int customerId)
                       throws java.lang.Exception

Used to log in to the application as a customer by an Administrator. This is useful for Call Center type applications where the Call Center person can log into the application as the customer without requiring the customer's credentials, in order to perform some action on behalf of the customer. The adminSession must contain the session of a logged in Administrator User. The customerId must contain the Id of the customer to login as.

Parameters:

adminSession - The session of a logged in administrator user

customerId - The id of the customer to login as

Returns:

Returns the sessionId for the customer's session

Throws:

java.lang.Exception - an unexpected exception

addCustomDataToSession

void addCustomDataToSession(java.lang.String sessionId,
                            java.lang.String data,
                            int position)
                     throws org.apache.torque.TorqueException,
                            com.konakart.app.KKException

A sessionId is created when a customer logs in to KonaKart using the login() API call. This sessionId is persisted in the database in a table which has 5 custom fields. This method allows you to store data in these custom fields which can later be retrieved by using the sessionId as the key.

Parameters:

sessionId - The sessionId

data - The data to be saved

position - This must be in the range of 1-5 to identify custom1 to custom5

Throws:

org.apache.torque.TorqueException - an unexpected exception in Torque (the database layer)

com.konakart.app.KKException - an unexpected KKException exception

getCustomDataFromSession

java.lang.String getCustomDataFromSession(java.lang.String sessionId,
                                          int position)
                                   throws com.konakart.app.KKException,
                                          org.apache.torque.TorqueException,
                                          com.workingdogs.village.DataSetException

A sessionId is created when a customer logs in to KonaKart using the login() API call. This sessionId is persisted in the database in a table which has 5 custom fields. This method allows you to retrieve the data in these custom fields by passing the sessionId as the key and a pointer to identify the custom field to be used.

Parameters:

sessionId - The sessionId

position - This must be in the range of 1-5 to identify custom1 to custom5

Returns:

Returns the custom data

Throws:

com.konakart.app.KKException - an unexpected KKException exception

org.apache.torque.TorqueException - an unexpected exception in Torque (the database layer)

com.workingdogs.village.DataSetException - an unexpected exception due to data in Torque (the database layer)

saveSSOToken

java.lang.String saveSSOToken(SSOTokenIf token)
                       throws java.lang.Exception

Saves the SSOToken in the database and returns a UUID secret key identifier.

Parameters:

token - The SSO token to be saved

Returns:

Returns a UUID secret key identifier for the token

Throws:

java.lang.Exception - an unexpected exception

getSSOToken

SSOTokenIf getSSOToken(java.lang.String secretKey,
                       boolean deleteToken)
                throws org.apache.torque.TorqueException,
                       com.workingdogs.village.DataSetException

Returns an SSOToken object for the secretKey (UUID). Null is returned if no token is found. If the deleteToken parameter is set to true, the token is deleted from the database after having been read.

Parameters:

secretKey - The UUID secretKey used to identify the token

deleteToken - The token is deleted from the database after being read

Returns:

Returns an SSOToken

Throws:

org.apache.torque.TorqueException - an unexpected exception in Torque (the database layer)

com.workingdogs.village.DataSetException - an unexpected exception due to data in Torque (the database layer)

enableCustomer

void enableCustomer(java.lang.String secretKey)
             throws java.lang.Exception

This method retrieves the SSO token using the Secret Key. Once read, the token is deleted. The customer id read from the token is used to identify and enable the customer. An exception is thrown if a customer doesn't exist for the customer id found in the token.

If the custom1 attribute of the SSO token object is set to true then the emailVerified attribute of the customer is also set.

Parameters:

secretKey - the secretKey

Throws:

java.lang.Exception - an unexpected exception

validatePassword

boolean validatePassword(java.lang.String sessionId,
                         java.lang.String password)
                  throws java.lang.Exception

This method validates the password of a logged in customer and can be used to force the customer to enter his password before allowing certain actions like the modification of the customer's email address.

The method returns true if the password validates against the session. If either the session is invalid or the password and session don't match, then the method returns false.

Parameters:

sessionId - the sessionId

password - the password

Returns:

Returns true if the password validates

Throws:

java.lang.Exception - an unexpected exception

externalLogin

ExternalLoginResult externalLogin(ExternalLoginInputIf loginInfo)
                           throws java.lang.Exception

Used for logging in customers using a mechanism outside of KonaKart such as social login using Facebook. The ExternalLoginInput parameter contains the class name of the module that will perform the login. This module ( which implements com.konakart.bl.modules.others.ExternalLoginInterface) must be present in the system and must have been installed and activated.

The function of this method is to instantiate the module, to call its externalLogin method and to return the result from the module which should contain a KonaKart sessionId if the login was successful.

Parameters:

loginInfo - Contains the information required by the module to perform the login

Returns:

Returns an ExternalLoginResult method containing a KonaKart sessionId if the login was successful

Throws:

java.lang.Exception - an unexpected exception

checkAdminSession

int checkAdminSession(java.lang.String adminSession,
                      int customerId)
               throws java.lang.Exception

If the session of the admin user is valid and refers to an administrator then the id of the admin user is returned. Otherwise an exception is thrown.

Parameters:

adminSession - Session of the admin user

customerId - Used when the admin user is of type CUST_TYPE_B2B_COMPANY_ADMIN to ensure that the customer the admin user is logging in for, is actually a child of the admin user

Returns:

Returns the id of the admin user

Throws:

java.lang.Exception - an unexpected exception

setNewPassword

void setNewPassword(java.lang.String adminSession,
                    java.lang.String customerEmailAddr,
                    int customerId,
                    java.lang.String newPassword)
             throws java.lang.Exception

Used to change the password of a customer.

For security purposes, the session id of a KonaKart administrator must be passed in as a parameter. This session id is checked to ensure that it applies to a logged in administrator.

If customerEmailAddr is set then the customer is looked up from the email address. Otherwise the customerId is used to look up the customer. If the customer isn't found, an exception is thrown.

Parameters:

adminSession - The session id of an administrator

customerEmailAddr - The email address of the customer

customerId - The id of the customer. Only used if customerEmailAddr is null

newPassword - The new password

Throws:

java.lang.Exception - an unexpected exception

checkFileAccess

void checkFileAccess(java.lang.String fileName)
              throws java.lang.Exception

Check that we allow access to this location. Permitted locations are specified in the konakart.properties file

Parameters:

fileName - the file to be accessed (read or written)

Throws:

java.lang.Exception - an unexpected exception if access to the filepath isn't permitted an Exception is thrown otherwise the method returns successfully.

refreshConfigs

void refreshConfigs()
             throws com.konakart.app.KKException

Refresh the configuration of the Security Manager

Throws:

com.konakart.app.KKException - unexpected exception in the KonaKart Storefront Engine

validateCaptcha

CaptchaResultIf validateCaptcha(CaptchaInputIf captchaInfo)
                         throws java.lang.Exception

Used for validate captcha

Parameters:

captchaInfo - Contains the information required by the module to perform the validation

Returns:

Returns an CaptchaResult if the validation was successful

Throws:

java.lang.Exception - an unexpected exception