Package oracle.security.am.asdk

Class UserSession

java.lang.Object
oracle.security.am.asdk.BaseUserSession
oracle.security.am.asdk.UserSession
All Implemented Interfaces:
Cloneable
public final class UserSession extends BaseUserSession implements Cloneable
Represents a session for an authenticated user.

UserSession object represents an authenticated user. A user session object is initially created through a constructor that authenticates the user. This constructor takes an ResourceRequest object and an Hashtable of credentials. The Resource Request determines the authentication scheme that is to be applied to the credentials to authenticate the user. The Resource Request also determines other aspects of authentication policy: success or failure actions A session token string is a serialized representation of the user session. A user session object can be constructed from a valid session token, and a session token can be generated from a user session object.

Elements of a user session object are
- the user identity, for example, the DN of the user's profile entry in a directory,
- the level of the authentication scheme used to authenticate the user,
- the location (IP address) of the user's client,
- a session start time set when the user authenticated,
- a last use time set each time a user request is authorized,
- actions set during authentication and authorization according to OAM policies; each resource type defines a set of action types, for example, "cookie" and "headerVar" for http resources.
- the status of session (logged in, logged out, login failed, or expired),
- an error number from the most recent authentication or authorization.

The isAuthorized() method determines if the user is authorized to request an operation against a resource. Results of the authorization can be obtained through UserSession methods: an error number if the authorization failed, and authorization success or failure policy actions (name-value pairs).

  • Field Details

  • Constructor Details

    • UserSession

      public UserSession() throws AccessException
      Default Constructor for UserSesion Object
      Throws:
      AccessException - In case of failure to create the object.

    • UserSession

      public UserSession<wbr>(AccessClient aClient) throws AccessException
      Constructs a UserSession object
      Parameters:
      aClient - AccessClient object to be used for performing operations.
      Throws:
      AccessException - In case of failure to create the object.

    • UserSession

      public UserSession<wbr>(String sessionToken) throws AccessException
      Constructs a UserSession object with specified token
      Parameters:
      sessionToken - serialized user session object representation, holds session token for NAP 3, and authn token for NAP 4
      Throws:
      AccessException - In case of errors if sessionToken is null.

    • UserSession

      public UserSession<wbr>(AccessClient aClient, String sessionToken) throws AccessException
      Constructs a UserSession object with specified token and AccessClient object
      Parameters:
      aClient - AccessClient object to be used for perfoming operations.
      sessionToken - an ASCII text string that indicates user session token, holds session token for NAP 3, and authn token for NAP 4
      Throws:
      AccessException - In case of errors if sessionToken is null.

    • UserSession

      public UserSession<wbr>(oracle.security.am.asdk.LocalAccessClient aLocalClient, String sessionToken) throws AccessException
      Constructs a UserSession object with specified token and LocalAccessClient object
      Parameters:
      aClient - AccessClient object to be used for perfoming operations.
      sessionToken - an ASCII text string that indicates user session token, holds session token for NAP 3, and authn token for NAP 4
      Throws:
      AccessException - In case of errors if sessionToken is null.

    • UserSession

      public UserSession<wbr>(String sessionToken, boolean lazyload, boolean updateToken) throws AccessException
      Constructs a UserSession object with specified token on demand. When in NAP 4, depending on lazyload value, will either make round trip to server to fully load session info, or only partially validate token locally. updateToken will be ignored in NAP 4.
      Parameters:
      sessionToken - ASCII text string that is parsed to obtain the result of authentication. Holds session token for NAP 3, and authn token for NAP 4.
      lazyload - if true, indicates that the session token is not to be loaded immediately. Relies on getUserIdentity(),getLocation(), getLevel(), getStartTime(), and getEndTime() functions to make calls if the session token information is invalid, and lazyload loads the token on demand.
      updateToken - if true, the token is updated (only applies to NAP 3, will be ignored in NAP 4)
      Throws:
      AccessException - In case of errors if sessionToken is null

    • UserSession

      public UserSession<wbr>(AccessClient aClient, String sessionToken, boolean lazyload, boolean updateToken) throws AccessException
      Constructs a UserSession object with specified token on demand with AccessClient object. When in NAP 4, depending on lazyload value, will either make round trip to server to fully load session info, or only partially validate token locally. updateToken will be ignored in NAP 4.
      Parameters:
      aClient - AccessClient object to be used for perfoming operations.
      sessionToken - ASCII text string that is parsed to obtain the result of authentication. Holds session token for NAP 3, and authn token for NAP 4.
      lazyload - if true, indicates that the session token is not to be loaded immediately. Relies on getUserIdentity(),getLocation(), getLevel(), getStartTime(), and getEndTime() functions to make calls if the session token information is invalid, and lazyload loads the token on demand.
      updateToken - If true, the token is updated (only applies to NAP 3, will be ignored in NAP 4)
      Throws:
      AccessException - In case of errors if sessionToken is null.

    • UserSession

      public UserSession<wbr>(ResourceRequest resReq, Hashtable credentials) throws AccessException
      Constructs a UserSession object by calling the authenticate method
      Parameters:
      resReq - ResourceRequest object representing a requested resource.
      credentials - Hashtable containing the key/value pairs of String type.
      • username : Required for Basic and Form AuthenticationScheme
      • password : Required for Basic and Form AuthenticationScheme
        In case of Form AuthenticationScheme username and password are challenge parameters of AuthenticationScheme.
        For Basic AuthenticationScheme username and password are "userid" and "password"
      • certificate : Required for Certificate AuthenticationScheme. The value for this certificate key should be Base64 Encoded string which represent a valid X.509 certificate.
      • ip (Optional) : IP address, in dotted notation, of the client accessing the resource
      • operation (Optional) : Operation attempted on the resource. For HTTP resources, one of GET,POST,PUT,HEAD,DELETE, TRACE,OPTIONS,CONNECT,OTHER.
      • resource (Optional) : The requested resource identifier. For HTTP resources, the full URL.
      • targethost (Optional) : The host (host:port) to which resource request is sent.
        One or more of the optional parameters above may be required by certain authentication schemes, modules, or plugins as configured in the OAM server. Refer to your OAM server configuration and documentation to determine which parameters to supply.
      Throws:
      AccessException - In case of errors if sessionToken is null

    • UserSession

      public UserSession<wbr>(AccessClient aClient, ResourceRequest resReq, Hashtable credentials) throws AccessException
      Constructs a UserSession object by calling the authenticate method using specified AccessClient object.
      Parameters:
      aClient - AccessClient object to be used for perfoming operations.
      resReq - ResourceRequest object representing a requested resource.
      credentials - Hashtable containing the key/value pairs of String type.
      • userid : Required for Basic and Form AuthenticationScheme
      • password : Required for Basic and Form AuthenticationScheme
        In case of Form AuthenticationScheme username and password are challenge parameters of AuthenticationScheme.
        For Basic AuthenticationScheme username and password are "userid" and "password"
      • certificate : Required for Certificate AuthenticationScheme. The value for this certificate key should be Base64 Encoded string which represent a valid X.509 certificate.
      • ip (Optional) : IP address, in dotted notation, of the client accessing the resource
      • operation (Optional) : Operation attempted on the resource. For HTTP resources, one of GET,POST,PUT,HEAD,DELETE, TRACE,OPTIONS,CONNECT,OTHER.
      • resource (Optional) : The requested resource identifier. For HTTP resources, the full URL.
      • targethost (Optional) : The host (host:port) to which resource request is sent.
        One or more of the optional parameters above may be required by certain authentication schemes, modules, or plugins as configured in the OAM server. Refer to your OAM server configuration and documentation to determine which parameters to supply.
      Throws:
      AccessException - In case of errors if sessionToken is null

    • UserSession

      public UserSession<wbr>(oracle.security.am.asdk.LocalAccessClient aLocalClient, ResourceRequest resReq, Hashtable credentials) throws AccessException
      Throws:
      AccessException

    • UserSession

      public UserSession<wbr>(ResourceRequest resReq, Hashtable credentials, String location) throws AccessException
      Constructs a UserSession object by calling the authenticate method
      Parameters:
      resReq - ResourceRequest object representing a requested resource.
      credentials - Hashtable containing the key/value pairs of String type.
      • userid : Required for Basic and Form AuthenticationScheme
      • password : Required for Basic and Form AuthenticationScheme
        In case of Form AuthenticationScheme username and password are challenge parameters of AuthenticationScheme.
        For Basic AuthenticationScheme username and password are "userid" and "password"
      • certificate : Required for Certificate AuthenticationScheme. The value for this certificate key should be Base64 Encoded string which represent a valid X.509 certificate.
      • ip (Optional) : IP address, in dotted notation, of the client accessing the resource
      • operation (Optional) : Operation attempted on the resource. For HTTP resources, one of GET,POST,PUT,HEAD,DELETE, TRACE,OPTIONS,CONNECT,OTHER.
      • resource (Optional) : The requested resource identifier. For HTTP resources, the full URL.
      • targethost (Optional) : The host (host:port) to which resource request is sent.
        One or more of the optional parameters above may be required by certain authentication schemes, modules, or plugins as configured in the OAM server. Refer to your OAM server configuration and documentation to determine which parameters to supply.
      location - IP address of the client as specified by the application.
      Throws:
      AccessException - In case of errors if sessionToken is null

    • UserSession

      public UserSession<wbr>(AccessClient aClient, ResourceRequest resReq, Hashtable credentials, String location) throws AccessException
      Constructs a UserSession object by calling the authenticate method using specified AccessClient object.
      Parameters:
      aClient - AccessClient object to be used for perfoming operations.
      resReq - ResourceRequest object representing a requested resource.
      credentials - Hashtable containing the key/value pairs of String type.
      • userid : Required for Basic and Form AuthenticationScheme
      • password : Required for Basic and Form AuthenticationScheme
        In case of Form AuthenticationScheme username and password are challenge parameters of AuthenticationScheme.
        For Basic AuthenticationScheme username and password are "userid" and "password"
      • certificate : Required for Certificate AuthenticationScheme. The value for this certificate key should be Base64 Encoded string which represent a valid X.509 certificate.
      • ip (Optional) : IP address, in dotted notation, of the client accessing the resource
      • operation (Optional) : Operation attempted on the resource. For HTTP resources, one of GET,POST,PUT,HEAD,DELETE, TRACE,OPTIONS,CONNECT,OTHER.
      • resource (Optional) : The requested resource identifier. For HTTP resources, the full URL.
      • targethost (Optional) : The host (host:port) to which resource request is sent.
        One or more of the optional parameters above may be required by certain authentication schemes, modules, or plugins as configured in the OAM server. Refer to your OAM server configuration and documentation to determine which parameters to supply.
      location - IP address of the client as specified by the application.
      Throws:
      AccessException - In case of errors if sessionToken or resource object is null

    • UserSession

      public UserSession<wbr>(oracle.security.am.asdk.LocalAccessClient aLocalClient, ResourceRequest resReq, Hashtable credentials, String location) throws AccessException
      Constructs a UserSession object by calling the authenticate method using specified LocalAccessClient object.
      Parameters:
      aClient - LocalAccessClient object to be used for perfoming operations.
      resReq - ResourceRequest object representing a requested resource.
      credentials - Hashtable containing the key/value pairs of String type.
      • userid : Required for Basic and Form AuthenticationScheme
      • password : Required for Basic and Form AuthenticationScheme
        In case of Form AuthenticationScheme username and password are challenge parameters of AuthenticationScheme.
        For Basic AuthenticationScheme username and password are "userid" and "password"
      • certificate : Required for Certificate AuthenticationScheme. The value for this certificate key should be Base64 Encoded string which represent a valid X.509 certificate.
      • ip (Optional) : IP address, in dotted notation, of the client accessing the resource
      • operation (Optional) : Operation attempted on the resource. For HTTP resources, one of GET,POST,PUT,HEAD,DELETE, TRACE,OPTIONS,CONNECT,OTHER.
      • resource (Optional) : The requested resource identifier. For HTTP resources, the full URL.
      • targethost (Optional) : The host (host:port) to which resource request is sent.
        One or more of the optional parameters above may be required by certain authentication schemes, modules, or plugins as configured in the OAM server. Refer to your OAM server configuration and documentation to determine which parameters to supply.
      location - IP address of the client as specified by the application.
      Throws:
      AccessException - In case of errors if sessionToken or resource object is null

    • UserSession

      public UserSession<wbr>(String sessionToken, boolean lazyload) throws AccessException
      Constructs a UserSession object by calling the authenticate method. When in NAP 4, depending on lazyload value, will either make round trip to server to fully load session info, or only partially validate token locally.
      Parameters:
      sessionToken - ASCII text string that is parsed to obtain the result of authentication, holds session token for NAP 3, and authn token for NAP 4
      lazyload - if true, indicates that the session token is not to be loaded immediately. Relies on getUserIdentity(), getLocation(), getLevel(), getStartTime(), and getLastUseTime() functions to make calls if the session token information is invalid, and lazyload loads the token on demand.
      Throws:
      AccessException - In case of errors if sessionToken is null

    • UserSession

      public UserSession<wbr>(AccessClient aClient, String sessionToken, boolean lazyload) throws AccessException
      Constructs a UserSession object by calling the authenticate method using the specified AccessClient object. When in NAP 4, depending on lazyload value, will either make round trip to server to fully load session info, or only partially validate token locally.
      Parameters:
      aClient - AccessClient object to be used for perfoming operations.
      sessionToken - ASCII text string that is parsed to obtain the result of authentication, holds session token for NAP 3, and authn token for NAP 4
      lazyload - if true, indicates that the session token is not to be loaded immediately. Relies on getUserIdentity(), getLocation(), getLevel(), getStartTime(), and getLastUseTime() functions to make calls if the session token information is invalid, and lazyload loads the token on demand.
      Throws:
      AccessException - In case of errors if sessionToken is null

  • Method Details

    • getStartTime

      public int getStartTime() throws AccessException
      Returns time in seconds from Jan 1, 1970 till authenticated user session was started. This value is used to determine when a session expires.
      Returns:
      Time in seconds from Jan 1, 1970 till authenticated user session was started.
      Throws:
      AccessException - If failed to retrieve session information

    • getSessionToken

      public String getSessionToken() throws AccessException
      Returns the saved, encrypted ASCII string representing the user session.
      Returns:
      String representing user session.
      Throws:
      AccessException - If ASDK is not initialized or fails to initialize.

    • getScopedSessionToken

      public String getScopedSessionToken<wbr>(Map<String,<wbr>String> scopeDescriptor) throws AccessException, OperationNotPermittedException
      Returns String object representing the scoped session token.

      The session token contained in this object is scoped to a different agent. This API can be leveraged to obtain a token that can be used by a different (target) agent. The invoker agent should have sufficient privileges to use this API.

      Parameters:
      scopeDescriptor - A map containing these key-value pairs of String type
      Possible keys:
      TARGET_RESOURCE (Required):The absolute URL that the end client will access
      TARGET_AGENT_CTX (Required):The request context obtained from the agent protecting the target resource
      Throws:
      AccessException - In case of errors
      OperationNotPermittedException - Invoker agent has insufficient privileges to perform this operation.

    • getLastUseTime

      public int getLastUseTime()
      Returns the time in seconds from Jan 1, 1970 till the most recent user request was authorized. This value is used to determine when an idle session expires.
      Returns:
      Time in seconds from Jan 1, 1970 till the most recent user request was authorized. NOTE: If failed to retrieve session information, an AccessException will be thrown and this API should add a throws clause. However, since this is already released without throws clause for PS1, we'll be throwing RuntimeException instead. At next opportunity for a major change in this interface, we should add a "throws AccessException" clause.

    • getStatus

      public int getStatus() throws AccessException
      Provides integer value representing the current status of the session. The return value of this function can be checked against below constants exposed by this class.
      • 0 for AWAITINGLOGIN
      • 1 for LOGGEDIN
      • 2 for LOGGEDOUT
      • 3 for LOGINFAILED
      • 4 for EXPIRED
      Overrides:
      getStatus in class BaseUserSession
      Returns:
      Status information of this user session.
      Throws:
      AccessException - In case if it fails to create user session.

    • logoff

      public void logoff() throws AccessException
      Logs off the authenticated user and terminates the session.
      Throws:
      AccessException - If error occurs during operation

    • clone

      public Object clone() throws CloneNotSupportedException
      Used to clone UserSession Objects. When using this function care must be taken to use finalize() to clean up any unused old references
      Throws:
      CloneNotSupportedException

    • getSessionIds

      public static Set getSessionIds<wbr>(String userId) throws AccessException, OperationNotPermittedException
      Get the SessionIds for the given LDAP userid.
      Parameters:
      userId - LDAP userid of the user whose session ids are to be retrieved
      Returns:
      Set list of sessionIds.
      Throws:
      AccessException - If userId is null
      OperationNotPermittedException - Insufficient privileges to perform this operation.

    • getSessionIds

      public static Set getSessionIds<wbr>(AccessClient aClient, String userId) throws AccessException, OperationNotPermittedException
      Get the SessionIds of the given LDAP userid using the specified AccessClient object.
      Parameters:
      aClient - AccessClient object to be used for perfoming operations.
      userId - LDAP userid of the user whose session ids are to be retrieved
      Returns:
      Set list of sessionIds.
      Throws:
      AccessException - If userId is null
      OperationNotPermittedException - Insufficient privileges to perform this operation.

    • getSessionIds

      public static Set getSessionIds<wbr>(oracle.security.am.asdk.LocalAccessClient aLocalClient, String userId) throws AccessException, OperationNotPermittedException
      Get the SessionIds of the given LDAP userid using the specified LocalAccessClient object.
      Parameters:
      aClient - AccessClient object to be used for perfoming operations.
      userId - LDAP userid of the user whose session ids are to be retrieved
      Returns:
      Set list of sessionIds.
      Throws:
      AccessException - If userId is null
      OperationNotPermittedException - Insufficient privileges to perform this operation.

    • terminateSession

      public static void terminateSession<wbr>(String sessionId) throws AccessException, OperationNotPermittedException
      Terminate the session for the given sessionId
      Parameters:
      sessionId - id of session which needs to be terminated
      Throws:
      AccessException - If session id is null
      OperationNotPermittedException - Insufficient privileges to perform this operation.

    • terminateSession

      public static void terminateSession<wbr>(AccessClient aClient, String sessionId) throws AccessException, OperationNotPermittedException
      Terminate the session of the given sessionId using the specified AccessClient object.
      Parameters:
      aClient - AccessClient object to be used for perfoming operations.
      sessionId - id of session which needs to be terminated
      Throws:
      AccessException - If session id is null
      OperationNotPermittedException - Insufficient privileges to perform this operation.

    • terminateSession

      public static void terminateSession<wbr>(oracle.security.am.asdk.LocalAccessClient aLocalClient, String sessionId) throws AccessException, OperationNotPermittedException
      Terminate the session of the given sessionId using the specified LocalAccessClient object.
      Parameters:
      aClient - AccessClient object to be used for perfoming operations.
      sessionId - id of session which needs to be terminated
      Throws:
      AccessException - If session id is null
      OperationNotPermittedException - Insufficient privileges to perform this operation.

    • setSessionAttributes

      public static boolean setSessionAttributes<wbr>(String sessionId, Hashtable sessionDetails) throws AccessException, OperationNotPermittedException
      Set the session details for the given sessionId
      Parameters:
      sessionId - id of session which needs to be updated with the new attributes
      sessionDetails - Hashtable containing the attribute name(String) and the attribute value(String) to be updated in the session.
      Returns:
      Boolean true if operation is successful
      Throws:
      AccessException - If session id is null or session details are null
      OperationNotPermittedException - Insufficient privileges to perform this operation.

    • setSessionAttributes

      public boolean setSessionAttributes<wbr>(Hashtable sessionDetails) throws AccessException
      Set attributes for current user session.
      Parameters:
      sessionDetails - Hashtable containing the attribute name(String) and the attribute value(String) to be updated in the session.
      Returns:
      Boolean true if operation is successful
      Throws:
      AccessException - If session id is null or session details are null
      OperationNotPermittedException - Insufficient privileges to perform this operation.

    • setSessionAttributes

      public boolean setSessionAttributes<wbr>(AccessClient aClient, Hashtable sessionDetails) throws AccessException
      Sets attributes for current user session.
      Parameters:
      aClient - AccessClient object to be used for perfoming operations.
      sessionDetails - Hashtable containing the attribute name(String) and the attribute value(String) to be updated in the session.
      Returns:
      Boolean true if operation is successful
      Throws:
      AccessException - If session id is null or session details are null
      OperationNotPermittedException - Insufficient privileges to perform this operation.

    • setSessionAttributes

      public boolean setSessionAttributes<wbr>(oracle.security.am.asdk.LocalAccessClient aLocalClient, Hashtable sessionDetails) throws AccessException
      Sets attributes for current user session.
      Parameters:
      aLocalClient - LocalAccessClient object to be used for perfoming operations.
      sessionDetails - Hashtable containing the attribute name(String) and the attribute value(String) to be updated in the session.
      Returns:
      Boolean true if operation is successful
      Throws:
      AccessException - If session id is null or session details are null
      OperationNotPermittedException - Insufficient privileges to perform this operation.

    • setSessionAttributes

      public static boolean setSessionAttributes<wbr>(oracle.security.am.asdk.LocalAccessClient aLocalClient, String sessionId, Hashtable sessionDetails) throws AccessException, OperationNotPermittedException
      Set the session attributes for the given sessionId using the specified LocalAccessClient.
      Parameters:
      aLocalClient - LocalAccessClient object to be used for perfoming operations.
      sessionId - id of session which needs to be updated with the new attributes
      sessionDetails - Hashtable containing the attribute name(String) and the attribute value(String) to be updated in the session, for example, attribute name is email-id.
      Returns:
      Boolean true if operation is successful
      Throws:
      AccessException - If session id is null or session details are null
      OperationNotPermittedException - Insufficient privileges to perform this operation.

    • setSessionAttributes

      public static boolean setSessionAttributes<wbr>(AccessClient aClient, String sessionId, Hashtable sessionDetails) throws AccessException, OperationNotPermittedException
      Set the session attributes for the given sessionId using the specified AccessClient.
      Parameters:
      aClient - AccessClient object to be used for perfoming operations.
      sessionId - id of session which needs to be updated with the new attributes
      sessionDetails - Hashtable containing the attribute name(String) and the attribute value(String) to be updated in the session, for example, attribute name is email-id.
      Returns:
      Boolean true if operation is successful
      Throws:
      AccessException - If session id is null or session details are null
      OperationNotPermittedException - Insufficient privileges to perform this operation.

    • getSessionAttributes

      public static Hashtable getSessionAttributes<wbr>(String sessionId) throws AccessException, OperationNotPermittedException
      Get the attributes for the given sessionId
      Parameters:
      sessionId - id of sessiodn whose attributes are required
      Returns:
      Hashtable containing the attribute names and attribute values of String type.
      Throws:
      AccessException - If session id is null
      OperationNotPermittedException - Insufficient privileges to perform this operation.

    • getSessionAttributes

      public Hashtable getSessionAttributes() throws AccessException
      Get the attributes of current user session.
      Returns:
      Hashtable containing the attribute names and attribute values of String type.
      Throws:
      AccessException - If session id is null
      OperationNotPermittedException - Insufficient privileges to perform this operation.

    • getSessionAttributes

      public Hashtable getSessionAttributes<wbr>(AccessClient aClient) throws AccessException
      Get the attributes of current user session.
      Parameters:
      aClient - AccessClient object to be used for perfoming operations.
      Returns:
      Hashtable containing the attribute names and attribute values of String type.
      Throws:
      AccessException - If session id is null
      OperationNotPermittedException - Insufficient privileges to perform this operation.

    • getSessionAttributes

      public Hashtable getSessionAttributes<wbr>(oracle.security.am.asdk.LocalAccessClient aLocalClient) throws AccessException
      Get the attributes of current user session.
      Parameters:
      aClient - AccessClient object to be used for perfoming operations.
      Returns:
      Hashtable containing the attribute names and attribute values of String type.
      Throws:
      AccessException - If session id is null
      OperationNotPermittedException - Insufficient privileges to perform this operation.

    • getSessionAttributes

      public static Hashtable getSessionAttributes<wbr>(AccessClient aClient, String sessionId) throws AccessException, OperationNotPermittedException
      Get the attributes for the given sessionId using the specified AccessClient object.
      Parameters:
      aClient - AccessClient object to be used for perfoming operations.
      sessionId - id of sessiodn whose attributes are required
      Returns:
      Hashtable containing the attribute names and attribute values of String type.
      Throws:
      AccessException - If session id is null
      OperationNotPermittedException - Insufficient privileges to perform this operation.

    • getSessionAttributes

      public static Hashtable getSessionAttributes<wbr>(oracle.security.am.asdk.LocalAccessClient aLocalClient, String sessionId) throws AccessException, OperationNotPermittedException
      Get the attributes for the given sessionId using the specified AccessClient object.
      Parameters:
      aClient - AccessClient object to be used for perfoming operations.
      sessionId - id of sessiodn whose attributes are required
      Returns:
      Hashtable containing the attribute names and attribute values of String type.
      Throws:
      AccessException - If session id is null
      OperationNotPermittedException - Insufficient privileges to perform this operation.

    • getScopedSessionToken

      public static String getScopedSessionToken<wbr>(AccessClient aClient, String userIdentityAssertion, Map<String,<wbr>String> scopeDescriptor) throws AccessException, OperationNotPermittedException
      Returns String object representing the scoped session token

      The session information present in the identity assertion is used to create a new token. This API can be leveraged to obtain a token that can be used by a different (target) agent based on identity assertion. The invoker agent should have sufficient privileges to use this API. Additionally, the requesting application should also be authorized to issue tokens for the target resource.

      Parameters:
      aClient - AccessClient object to be used for performing operations
      userIdentityAssertion - propagated user identity (This can be a SAML assertion)
      scopeDescriptor - a map containing these key-value pairs of String type
      Possible keys:
      TARGET_RESOURCE (Required):The absolute URL that the end client will access
      TARGET_AGENT_CTX (Required):The request context obtained from the agent protecting the target resource
      REQUESTOR_TOKEN (Required):The session token of the requesting entity/application
      Throws:
      AccessException - In case of errors
      OperationNotPermittedException - Invoker agent has insufficient privileges to perform this operation.

    • getScopedSessionToken

      public static String getScopedSessionToken<wbr>(oracle.security.am.asdk.LocalAccessClient aLocalClient, String userIdentityAssertion, Map<String,<wbr>String> scopeDescriptor) throws AccessException, OperationNotPermittedException
      Throws:
      AccessException
      OperationNotPermittedException

    • getLevel

      public int getLevel() throws AccessException
      Returns authentication scheme level at which user is authenticated.
      Overrides:
      getLevel in class BaseUserSession
      Returns:
      Authentication scheme level
      Throws:
      AccessException - If failed to retreive session information.

    • getUserIdentity

      public String getUserIdentity() throws AccessException
      Returns the DN of the user's profile entry in the user directory.
      Overrides:
      getUserIdentity in class BaseUserSession
      Returns:
      DN of the user's profile entry in the user directory.
      Throws:
      AccessException - If failed to retreive session information.

    • getLocation

      public String getLocation() throws AccessException
      Returns the IP address of the user's client
      Overrides:
      getLocation in class BaseUserSession
      Returns:
      IP address of the user's client
      Throws:
      AccessException - If error occurs during operation