AuthUtil ("WEBNMS_5 API Docs")

Overview

Package

Class

Tree

Deprecated

Index

Help

"WEBNMS_5 API Docs"

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.adventnet.security
Class AuthUtil

java.lang.Object
  com.adventnet.security.AuthUtil

public class AuthUtil
extends java.lang.Object
extends java.lang.Object

Provides utility methods that can be used by applications to perform authentication-related operations. This class cannot be instantiated. It has only static methods.

The following code snippet explains the role of AuthUtil in the Challenge-Handshake authentication mechanism.

To generate a secured random number.

 String secretKey = AuthUtil.getChallenge();

To validate the username by checking if any restricted special characters are presented.
```
 boolean result = AuthUtil.isValid( "username");
 
```

To encrypt and decrypt the given plain text and cipher text respectively based on the given shared secret key .

 String cipher = AuthUtil.encryptString("plainText", secretKey);
 String plain = AuthUtil.decryptString("cipherText", secretKey);

To calculate the "digest" or "key" of the given parameters using the Message Digest

 String challenge = authenapi.getChallenge("userName");
 String key = AuthUtil.getChallengeKey("userName" , "passWord" , challenge);

After calculating the key, using the verifyCredentials method of AuthenticationAPI, authenticity of the user can be verified as given below:

        if(authenapi.verifyCredentials("userName",key))
        System.out.println("Authenticated.");
  else
      System.out.println("Authentication Failed.");

where authenapi is the handle of AuthenticationAPI.

Since:: 2.3
See Also:: AuthenticationAPI

Method Summary
`static java.lang.String`	`decryptString(java.lang.String cipherText, java.lang.String key)` Method to decrypt the cipher text using the symmetric key decryption
`static java.lang.String`	`encryptString(java.lang.String plainText, java.lang.String key)` Method to encrypt the plain text using the symmetric key encryption.
`static java.lang.String`	`getChallenge()` Method to get a secured random number which can be used as a shared key to encrypt and decrypt a plain and cipher respectively.
`static java.lang.String`	`getChallengeKey(java.lang.String userName, java.lang.String password, java.lang.String challenge)` Use this method to calculate the key which is required by the Challenge Handshake mechanism to verify the user credentials .
`static boolean`	`isValid(java.lang.String text)` Method to validate whether the String has any special character.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Method Detail

getChallengeKey

public static java.lang.String getChallengeKey(java.lang.String userName,
                                               java.lang.String password,
                                               java.lang.String challenge)
                                        throws AuthenticationException

Use this method to calculate the key which is required by the Challenge Handshake mechanism to verify the user credentials . By using this key, transmitting the password in plain text to the remote authentication server ( over wire ) can be avoided.

Parameters:: userName - The name of the user who is to be authenticated.; password - The password for the user.; challenge - The challenge for the user got by the AuthenticationAPI.getChallenge(userName).
Returns:: a String that contains digested UserName + Password + Challenge.
Throws:: AuthenticationException - In case of any exception while calculating the "digest" or "key".
Since:: 2.3
See Also:: AuthenticationAPI

getChallenge

public static java.lang.String getChallenge()

Method to get a secured random number which can be used as a shared key to encrypt and decrypt a plain and cipher respectively.

Returns:: a String that contains the secured random number.

encryptString

public static java.lang.String encryptString(java.lang.String plainText,
                                             java.lang.String key)

Method to encrypt the plain text using the symmetric key encryption.

Parameters:: plainText - The String which is to be encrypted.; key - The secret key got from the getChallenge method.
Returns:: String which is encrypted.

decryptString

public static java.lang.String decryptString(java.lang.String cipherText,
                                             java.lang.String key)

Method to decrypt the cipher text using the symmetric key decryption

Parameters:: cipherText - which is got from encryptString method.; key - The key which was used to encrypt the string.
Returns:: a String that contains the plain text.

isValid

public static boolean isValid(java.lang.String text)

Method to validate whether the String has any special character. The below are the restricted characters in the user name. "'*' , '/' , '\' , '>' , '<' , '&' , '"' , '?' , ':' , '|' and ' '".

Parameters:: text - The String to be validated for restricted special characters.
Returns:: true if the String has valid characters. Otherwise false.