Class: UU::OS::Security::Session

Inherits:
Object
  • Object
show all
Extended by:
Encryption
Defined in:
uu_os_framework-0.29.16/lib/uu/os/security/session.rb

Overview

Service representing session.

Constant Summary

CONTEXT_SCOPE_THREAD =

One of possible values for the :context_scope parameter, see login method. If this value is used (for the :context_scope parameter), an identity is set to authentication context of the current thread after successful login invocation. This value is the default for the context_scope parameter if no value is specified.

Examples:

UU::OS::Security::Session.(
  user_credentials: ['access_code_1', 'access_code_2'],
  context_scope: UU::OS::Security::Session::CONTEXT_SCOPE_THREAD
)
:context_scope_thread
CONTEXT_SCOPE_LOCAL =

One of possible values for the :context_scope parameter, see login method. If this value is used (for the :context_scope parameter), the authentication context of the current thread will not be influenced after successful login method invocation. The login method only returns a session instance which may be used for authentication of other calls (e.g. passing the session as parameter for UU::OS::CMD::CommandClient instance creation).

Examples:

UU::OS::Security::Session.(
  user_credentials: ['access_code_1', 'access_code_2'],
  context_scope: UU::OS::Security::Session::CONTEXT_SCOPE_LOCAL
)
:context_scope_local

Class Method Summary (collapse)

Instance Method Summary (collapse)

Methods included from Encryption

decrypt, encrypt

Class Method Details

+ (UU::OS::Security::Session) current_session

Returns current session (session object representing state after most recent invocation of static #login method).

Returns:



815
816
817
818
 
# File 'uu_os_framework-0.29.16/lib/uu/os/security/session.rb', line 815

def self.current_session
  result = load_session();
  return result;
end

+ (UU::OS::UESURI) get_access_role(territory_uri)

Returns access role URI of authenticated user in given territory. May return nil in case user has no access role in territory.

Parameters:

  • territory_uri (String, UU::OS::UESURI)

    URI of territory for which to get access role

Returns:



379
380
381
382
383
384
385
386
387
388
389
 
# File 'uu_os_framework-0.29.16/lib/uu/os/security/session.rb', line 379

def self.get_access_role(territory_uri)
  svc = UU::OS::REST::RemoteClient.new(Session)
  UU::OS::QoS::QoSHandler.auto_retry do
    res = svc.get(:getAccessRole, territory_uri)
    if (res && res != @@NULL_URI_VALUE)
      return UU::OS::UESURI.new(res)
    else
      return nil
    end
  end
end

+ (UU::OS::Security::SessionAppIdentityAttributes) get_app_identity_attributes

Returns identity of the current application. Returns nil if the application identity is not available.

Returns:



732
733
734
 
# File 'uu_os_framework-0.29.16/lib/uu/os/security/session.rb', line 732

def self.get_app_identity_attributes
  return get_app_identity_attrs(get_authn_token);
end

+ (UU::OS::Security::SessionAppIdentityAttributes) get_client_app_identity_attributes

Returns identity of the client application. Returns nil if the application identity is not available.

Returns:



738
739
740
741
 
# File 'uu_os_framework-0.29.16/lib/uu/os/security/session.rb', line 738

def self.get_client_app_identity_attributes
  session = load_session();
  return session.get_client_app_identity_attributes();
end

+ (UU::OS::UESURI) get_initiator_access_role(territory_uri)

Returns access role URI of user who initiated session in given territory. May return nil in case user has no access role in territory.

Parameters:

  • territory_uri (String, UU::OS::UESURI)

    URI of territory for which to get access role

Returns:



396
397
398
399
400
401
402
403
404
405
406
 
# File 'uu_os_framework-0.29.16/lib/uu/os/security/session.rb', line 396

def self.get_initiator_access_role(territory_uri)
  svc = UU::OS::REST::RemoteClient.new(Session)
  UU::OS::QoS::QoSHandler.auto_retry do
    res = svc.get(:getInitiatorAccessRole, territory_uri)
    if (res && res != @@NULL_URI_VALUE)
      return UU::OS::UESURI.new(res)
    else
      return nil
    end
  end
end

+ (UU::OS::UESURI) get_initiator_personal_role

Returns personal role URI of user who initiated session (did the first login).

Returns:



366
367
368
369
370
371
372
 
# File 'uu_os_framework-0.29.16/lib/uu/os/security/session.rb', line 366

def self.get_initiator_personal_role
  svc = UU::OS::REST::RemoteClient.new(Session)
  UU::OS::QoS::QoSHandler.auto_retry do
    res = svc.get(:getInitiatorPersonalRole)
    return UU::OS::UESURI.new(res)
  end
end

+ (UU::OS::UESURI) get_personal_role

Returns personal role URI of the authenticated user.

Returns:



355
356
357
358
359
360
361
 
# File 'uu_os_framework-0.29.16/lib/uu/os/security/session.rb', line 355

def self.get_personal_role
  svc = UU::OS::REST::RemoteClient.new(Session)
  UU::OS::QoS::QoSHandler.auto_retry do
    res = svc.get(:getPersonalRole)
    return UU::OS::UESURI.new(res)
  end
end

+ (Boolean) logged_in?

Check if user is logged in.

Returns:

  • (Boolean) 


344
345
346
347
348
349
350
 
# File 'uu_os_framework-0.29.16/lib/uu/os/security/session.rb', line 344

def self.logged_in?
  if (Thread.current[@@AUTHN_TOKEN_PARAM]) && (Thread.current[@@AUTHN_TOKEN_PARAM].size > 0)
    true
  else
    false
  end
end

+ (TrueClass, UU::OS::Security::Session) login(*credentials)

Log user in.

Examples:

credentials = Hash.new
credentials[:user_credentials] = ['accessCode1', 'accessCode2']
credentials[:app_credentials] = ['/etc/password_file']
credentials[:context_scope] = UU::OS::Security::Session::CONTEXT_SCOPE_LOCAL
UU::OS::Security::Session.(credentials)

Parameters:

  • credentials (*String, Hash)

    Valid parameters are:

    • Security realm, access code 1, access code 2

    • access code 1, access code 2 (uses default security realm)

    • Path to password file (absolute or relative to uu home)

    • HTTP authorization token

    • Hash with user (:user_credentials) and application (:app_credentials) credentials. Both values are optional and if specified, it can be formed from parameters valid for non-hash parameter variants. If no application credentials are given, the system will check whether exist the <%uu-home%>/app_identity file and loads application credentials from the file.

      The next optional hash parameter is context scope (:context_scope). This parameter affects settings of the authentication context after successful login method call. If the context scope parameter is set to the CONTEXT_SCOPE_THREAD value, an identity will be set on the authentication context of the current thread. If the value is set to the CONTEXT_SCOPE_LOCAL, a session instance will be returned. The session instance may be used for authentication of next calls (e.g. passing the session as parameter for UU::OS::CMD::CommandClient instance creation).

Returns:



159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
 
# File 'uu_os_framework-0.29.16/lib/uu/os/security/session.rb', line 159

def self.(*credentials)
  result = nil;

  ();
  begin
    is_thread_scope = CONTEXT_SCOPE_THREAD == get_context_scope(credentials);

    session = (get_authn_token(), *credentials);
    session.send(:previous_session, load_session());
    if (is_thread_scope)
      store_session(session);
    end

    result = is_thread_scope ? true : session;
  ensure
    ();
  end

  return result;
end

+ (Object) logout(all = false)

Log user out.

Parameters:

  • all (TrueClass, FalseClass) (defaults to: false)

    If true, logout removes all tokens (otherwise only the last one)



411
412
413
414
415
416
417
418
419
420
 
# File 'uu_os_framework-0.29.16/lib/uu/os/security/session.rb', line 411

def self.logout(all = false)
  # TODO We should also call logout on server once service is implemented.
  if all
    Thread.current[@@AUTHN_TOKEN_PARAM] = nil
  elsif self.logged_in?
    Thread.current[@@AUTHN_TOKEN_PARAM][-1] = nil
    Thread.current[@@AUTHN_TOKEN_PARAM].compact!
  end
  return
end

+ (true, false) verify(token)

Verify the specified authentication token via calling handshake web-service. As opposite to the login() method, this method does not change authentication token.

Parameters:

  • token (String)

    authentication token to be verified via web-service call

Returns:

  • (true, false)

    true if the token is valid; false otherwise



312
313
314
315
316
317
318
319
320
321
322
323
324
325
 
# File 'uu_os_framework-0.29.16/lib/uu/os/security/session.rb', line 312

def self.verify(token)
  result = true;
  begin
    # TODO Until UDS and AppLog relies on application URI in JWT
    # token, we cannot generate new chained JTW token replacing
    # existing one. So we only evaluate original token.
    svc = UU::OS::REST::RemoteClient.new(UU::OS::Security, @@HANDSHAKE_PATH)
    svc.auth_token=token
    svc.get(:handshake, nil)
  rescue => e
    result = false;
  end
  return result;
end

Instance Method Details

- (UU::OS::UESURI) get_access_role(territory_uri)

Returns access role URI of authenticated user in given territory. May return nil in case user has no access role in territory.

Parameters:

  • territory_uri (String, UU::OS::UESURI)

    URI of territory for which to get access role

Returns:



908
909
910
911
912
913
914
915
916
917
918
919
 
# File 'uu_os_framework-0.29.16/lib/uu/os/security/session.rb', line 908

def get_access_role(territory_uri)
  svc = UU::OS::REST::RemoteClient.new(Session)
  svc.auth_token = @access_token
  UU::OS::QoS::QoSHandler.auto_retry do
    res = svc.get(:getAccessRole, territory_uri)
    if (res && res != @@NULL_URI_VALUE)
      return UU::OS::UESURI.new(res)
    else
      return nil
    end
  end
end

- (UU::OS::Security::SessionAppIdentityAttributes) get_app_identity_attributes

Returns identity of the current application. Returns nil if the application identity is not available.

Returns:



822
823
824
 
# File 'uu_os_framework-0.29.16/lib/uu/os/security/session.rb', line 822

def get_app_identity_attributes
  return self.class.send(:get_app_identity_attrs, @access_token);
end

- (UU::OS::Security::SessionAppIdentityAttributes) get_client_app_identity_attributes

Returns identity of the client application. Returns nil if the application identity is not available.

Returns:



828
829
830
831
832
833
834
835
836
 
# File 'uu_os_framework-0.29.16/lib/uu/os/security/session.rb', line 828

def get_client_app_identity_attributes
  result = nil;
  if ( @original_client_uid || @original_app_code )
    result = UU::OS::Security::SessionAppIdentityAttributes.new();
    result.universe_id = @original_client_uid;
    result.app_code = @original_app_code;
  end
  return result;
end

- (UU::OS::UESURI) get_initiator_access_role(territory_uri)

Returns access role URI of user who initiated session (created the first session object) in given territory. May return nil in case user has no access role in territory.

Parameters:

  • territory_uri (String, UU::OS::UESURI)

    URI of territory for which to get access role

Returns:



926
927
928
929
930
931
932
933
934
935
936
937
 
# File 'uu_os_framework-0.29.16/lib/uu/os/security/session.rb', line 926

def get_initiator_access_role(territory_uri)
  svc = UU::OS::REST::RemoteClient.new(Session)
  svc.auth_token = @access_token
  UU::OS::QoS::QoSHandler.auto_retry do
    res = svc.get(:getInitiatorAccessRole, territory_uri)
    if (res && res != @@NULL_URI_VALUE)
      return UU::OS::UESURI.new(res)
    else
      return nil
    end
  end
end

- (UU::OS::UESURI) get_initiator_personal_role

Returns personal role URI of user who initiated session (created the first session object).

Returns:



894
895
896
897
898
899
900
901
 
# File 'uu_os_framework-0.29.16/lib/uu/os/security/session.rb', line 894

def get_initiator_personal_role
  svc = UU::OS::REST::RemoteClient.new(Session)
  svc.auth_token = @access_token
  UU::OS::QoS::QoSHandler.auto_retry do
    res = svc.get(:getInitiatorPersonalRole)
    return UU::OS::UESURI.new(res)
  end
end

- (UU::OS::UESURI) get_personal_role

Returns personal role URI of the authenticated user.

Returns:



882
883
884
885
886
887
888
889
 
# File 'uu_os_framework-0.29.16/lib/uu/os/security/session.rb', line 882

def get_personal_role
  svc = UU::OS::REST::RemoteClient.new(Session)
  svc.auth_token = @access_token
  UU::OS::QoS::QoSHandler.auto_retry do
    res = svc.get(:getPersonalRole)
    return UU::OS::UESURI.new(res)
  end
end

- (UU::OS::Security::Session) login(*credentials)

Log user in. Unlike calling static #login, using this method does not add new token into authentication stack and therefore does not modify global context (returned session object must be used for command invocation in order to invoke command as newly authenticated user).

Examples:

credentials = Hash.new
credentials[:user_credentials] = ['accessCode1', 'accessCode2']
credentials[:app_credentials] = ['/etc/password_file']
UU::OS::Security::Session.(credentials)

Parameters:

  • credentials (*String, Hash)

    Valid parameters are:

    • Security realm, access code 1, access code 2

    • access code 1, access code 2 (uses default security realm)

    • Path to password file (absolute or relative to uu home)

    • HTTP authorization token

    • Hash with user (:user_credentials) and application (:app_credentials) credentials. Both values are optional and if specified, it can be formed from parameters valid for non-hash parameter variants. If no application credentials are given, the system will check whether exist the <%uu-home%>/app_identity file and loads application credentials from the file.

Returns:



863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
 
# File 'uu_os_framework-0.29.16/lib/uu/os/security/session.rb', line 863

def (*credentials)
  session = nil;

  self.class.send(:init_login_mdc);
  begin
    self.class.send(:trace_login, "Current access token: %s", self.class.send(:clean_token_out, @access_token));

    session = self.class.send(:process_login, @access_token, *credentials);
    session.send(:previous_session, self);
  ensure
    self.class.send(:clear_login_mdc);
  end

  return session;
end