4.1 - CreateSession
Session createSession(User user, boolean isTrusted) throws SecurityException
Perform user authentication and role activations in one method. This method must be called once per user prior to calling other methods within this class. The successful result is Session that contains target user’s RBAC roles. In addition to checking user password validity it will apply configured password policy checks.
Parameters:
- user - Contains User.userId, User.password (optional if isTrusted is ‘true’), optional User.roles, optional User.adminRoles
- isTrusted - For Single-sign-on scenarios. if true, password is not required.
Returns:
- Session object will contain:
- authentication result code Session.errorId
- RBAC role activations Session.getRoles()
- Admin Role activations Session.getAdminRoles()
- Password policy codes Session.warnings, Session.expirationSeconds, Session.graceLogins
- User entity information Session.getUser()
Throws:
- SecurityException - in the event of data validation failure, security policy violation or DAO error.
createSession
import org.apache.directory.fortress.core.AccessMgr;
import org.apache.directory.fortress.core.AccessMgrFactory;
import org.apache.directory.fortress.core.SecurityException;
import org.apache.directory.fortress.core.model.Session;
import org.apache.directory.fortress.core.model.User;
@test
public void createSessionTest(String userId, String password)
{
String szLocation = ".createSession";
try
{
// Instantiate the AccessMgr implementation which perform runtime RBAC operations.
AccessMgr accessMgr = AccessMgrFactory.createInstance();
// The User entity is used to pass data into the createSession API.
User user = new User(userId, password);
// This API will return a Session object that contains the User's activated Roles and other info.
Session session = accessMgr.createSession(user, false);
}
catch (SecurityException ex)
{
LOG.error(szLocation + " userId [" + userId + "] caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}