|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.sas.iom.WorkspaceFactory
WorkspaceFactory provides a factory for creating and connecting to a remote object on an IOM Server that implements com.sas.iom.SAS.IWorkspace. Information necessary to create a connection can be read out of a JNDI repository (such as LDAP), or it may be provided directly by the caller. The necessary information may be associated with an instance of the factory at the time the factory is instantiated, or it may be provided on a per-method-call basis. If the connection information is provided at the time the factory is instantiated, the factory will provide connection pooling.
If connection pooling is used, then this factory will maintain a configurable number of active connections spread across one or more similar servers. When a caller accesses the factory to request a connection to a workspace object, the factory will allocate a connection from the pool if one is available. Otherwise, the factory will create a new connection for the caller. A connection pool has a configurable maximum service limit. If a caller accesses a factory to request a connection to a workspace object, and the factory has reached its maximum service limit, then the factory will not create a new connection, and it will either throw an exception or it will delay service of the request until another factory caller releases a connection and returns it to the pool.
Connection pooling requires a two-tiered security model because the factory will need to create connections before the ultimate users of the connections can present credentials that authorize them to use the connections. The two security roles that correspond to each tier are called pool administrator and pool user. The administrator is responsible for instantiating the factory and, thus, starting the pool. The user must establish that it is authorized to use connections from the factory before it can call a method on the factory to obtain a connection. If the administrator directly provided the factory with its pooling information upon instantiation, then authorization is granted to any user that merely holds an object reference for the factory. The factory is serializable to allow the administrator to control access to the factory by storing it in a protected repository.
If the information necessary to start and run the connection pool came from
a JNDI respository, then additional security requirements may be placed on the
administrator and the user. To successfully instantiate a factory that reads
connection information from a JNDI repository, the administrator must provide
JNDI credentials that authorize it to read the appropriate server definitions
and login definitions in the repository. To successfully
obtain a connection from the factory, a user must provide JNDI credentials that
are listed in the value of the sasAllowedClientDN
attribute of the
appropriate login definition. The administrator
has the option of making this user authorization step unnecessary.
If the factory tries to connect to a server in the pool and fails to connect, the factory will remove the server from the pool and will not attempt to make any further connections to that server.
Constructor Summary | |
WorkspaceFactory()
NON-POOLING CONSTRUCTOR - constructs a factory that creates a new connection each time createWorkspaceByLogicalName() or createWorkspaceByServer() is called. |
|
WorkspaceFactory(java.lang.Object jndiInformation,
java.lang.String baseDN,
java.lang.String logicalName,
boolean userAuthorizationRequired,
boolean adminAuthorizationRequired,
java.io.PrintWriter logWriter)
JNDI POOLING CONSTRUCTOR - constructs a factory that reads the information necessary to create a pool of live connections to remote workspace objects from a JNDI repository. |
|
WorkspaceFactory(java.util.Properties[] connectionDescriptors,
java.util.Properties poolParameters,
java.io.PrintWriter logWriter)
AD HOC POOLING CONSTRUCTOR - constructs a factory that uses the provided information to create a pool of live connections to remote workspace objects. |
Method Summary | |
com.sas.iom.SAS.IWorkspace |
createWorkspaceByLogicalName(java.lang.String logicalName,
java.lang.String sasReferenceDN,
java.lang.String protocol,
java.lang.String ldapProviderUrl,
java.util.Properties ldapProperties)
Creates a new connection to a workspace object using LDAP information. |
com.sas.iom.SAS.IWorkspace |
createWorkspaceByServer(java.util.Properties serverInfo)
Creates a new IWorkspace object based on Server definitions. |
void |
destroy()
Immediately disconnects all live connections to remote workspace object including allocated connections and connections in progress. |
void |
destroy(java.lang.String adminDN,
java.lang.String adminPassword)
Immediately disconnects all live connections to remote workspace object including allocated connections and connections in progress. |
boolean |
equals(java.lang.Object that)
Compares an object with this factory for equality. |
static WorkspaceFactory |
getFactory(java.util.Hashtable repositoryProperties,
java.lang.String baseDN,
java.lang.String logicalName)
Searches for a factory that any user can use to obtain a connection to a server described in the JNDI repository identified by repositoryProperties under the given base DN and logical name. |
static WorkspaceFactory |
getFactory(java.lang.String userDN,
java.lang.String userPassword,
java.util.Hashtable repositoryProperties,
java.lang.String baseDN,
java.lang.String logicalName)
Searches for a factory that the given user can use to obtain a connection to a server described in the JNDI repository identified by repositoryProperties under the given base DN and logical name. |
java.util.Properties[] |
getServersByLogicalName(java.lang.String logicalName,
java.lang.String protocol,
java.lang.String ldapProviderUrl,
java.util.Properties ldapProperties)
Gets a list of server definitions matching the logicalName. |
WorkspaceConnector |
getWorkspaceConnector(long waitMilliseconds)
Allocates a connection from an ad hoc pool or a JNDI pool with user authorization turned off. |
WorkspaceConnector |
getWorkspaceConnector(java.lang.String userDN,
java.lang.String userPassword,
long waitMilliseconds)
Allocates a connection from a JNDI pool with user authorization turned on. |
static WorkspaceConnector |
getWorkspaceConnectorByUUID(java.lang.String uuid)
Returns a reference to a previously created workspace connector that encapsulates a workspace object with the given UUID. |
static WorkspaceConnector |
getWorkspaceConnectorByUUID(java.lang.String userDN,
java.lang.String userPassword,
java.lang.String uuid)
Returns a reference to a previously created workspace connector that encapsulates a workspace object with the given UUID. |
void |
shutdown()
Disconnects all unallocated live connections to remote workspace objects. |
void |
shutdown(java.lang.String adminDN,
java.lang.String adminPassword)
Disconnects all unallocated live connections to remote workspace objects. |
Methods inherited from class java.lang.Object |
getClass,
hashCode,
notify,
notifyAll,
toString,
wait,
wait,
wait |
Constructor Detail |
public WorkspaceFactory(java.lang.Object jndiInformation, java.lang.String baseDN, java.lang.String logicalName, boolean userAuthorizationRequired, boolean adminAuthorizationRequired, java.io.PrintWriter logWriter) throws WorkspaceFactoryException
getWorkspaceConnector()
, shutdown()
, and
destroy()
methods also require authorization against the JNDI
repository.
jndiInformation
- an instance of either java.util.Hashtable
or javax.naming.directory.DirContext
. If a
java.util.Hashtable
object, then it is a table of values that
can be used to initialize a javax.naming.directory,DirContext
object.
The information in the table identifies the JNDI repository
that contains the values necessary to start a connection pool and provides
the distinguished name and password of an entity that has read access to that
information. The keys for the values are defined in javax.naming.Context, and
the required keys are listed below.
javax.naming.Context.INITIAL_CONTEXT_FACTORY
javax.naming.Context.PROVIDER_URL
javax.naming.Context.SECURITY_AUTHENTICATION
javax.naming.Context.SECURITY_PRINCIPAL
javax.naming.Context.SECURITY_CREDENTIALS
If jndiInformation is not an instance of java.util.Hashtable
,
then it must be an existing instance of javax.naming.directory.DirContext
that can be used as described above.
baseDN
- a partial JNDI distinguished name that defines the section within
the repository naming hierarchy that contains the pooling information.logicalName
- the value of the sasLogicalName
attribute for all login
definitions and server definitions (relative to the baseDN) in the JNDI
repository that contain information for this factory.userAuthorizationRequired
- true if user access to this factory through
the getWorkspaceConnector() method should
require authorization against the JNDI repository.adminAuthorizationRequired
- true if administative access to this factory through
the shutdown()
and destroy()
methods should
require authorization against the credentials used to construct this factory.logWriter
- a print stream to write log messages to. If null
, then
no log message will be written.public WorkspaceFactory(java.util.Properties[] connectionDescriptors, java.util.Properties poolParameters, java.io.PrintWriter logWriter) throws WorkspaceFactoryException
getWorkspaceConnector()
methods. Access to this factory through the
getWorkspaceConnector()
, shutdown()
, and
destroy()
methods do not require further
authorization so the caller of this constructor should take care to properly
control access to the factory. The factory is serializable to allow the
caller to control access to the factory by storing it in a protected
repository.connectionDescriptors
- an array of tables that describe how to connect to
the servers that participate in the connection pool. The required values for each
table are listed below.
The optional values for each table are listed below.
none
, optional
, or
required
. The default value is none
. If the specified
value is not none
, then the client and server will attempt to
agree upon an encryption algorithm and what should be encrypted. If that
negotiation fails and the value is required
, then the connection
will fail. If the value is optional
, then the connection will
continue with no encryption unless the server is configured to require
encryption. In that case, the connection will fail.
sasproprietary
, rc2
, rc4
,
des
, and tripledes
. To use any algorithm other than
sasproprietary
, SAS/SECURE software must be installed on both the
client and server. Furthermore, use of des
, and
tripledes
may be restricted outside the USA due to export law.
The connection will use the first algorithm on this list that is also
supported by the server. If no value is specified, the connection will use the
first value suggested by the server that the client is capable of supporting.
all
(the default; encrypt all messages) and
authentication
(encrypt only message that contain user name and
password information). The default is all
. If the server requires a
higher level of encryption than is specified by this value, the connection
will fail.
0
.
If the value is 0
, then the connection can be reused any
number of times. The default value is 0
.
true
or false
. If the value is false
, then unallocated live
connections will be disconnected after a period of time (determined by the value
of sas-ServerShutdownAfter) unless they are allocated to a user before
that period of time passes. Otherwise, unallocated live connections will remain
alive indefinitely. The default value is true
.
true
. The value must not be less than 0
, and it must
not be greater than 1440
(the number of minutes in a day). The
default value is 3
. If the value is 0
, then a
connection returned to a pool by a user will be disconnected immediately unless
another user is waiting for a connection from the pool.
poolParameters
- a table of values that describe how the connection pool
should behave. Possible values are listed below. All values are optional.
This parameter may be null
if the default is desired for all
values.
logWriter
- a print stream to write log messages to. If null
, then
no log message will be written.public WorkspaceFactory()
destroy()
.Method Detail |
public boolean equals(java.lang.Object that)
that
- the object to compare with this object.public static WorkspaceFactory getFactory(java.util.Hashtable repositoryProperties, java.lang.String baseDN, java.lang.String logicalName)
repositoryProperties
- The information in the table identifies the JNDI repository
that contains the values necessary to start a connection pool. The keys for the
values are defined in javax.naming.Context, and
the required keys are listed below.
javax.naming.Context.INITIAL_CONTEXT_FACTORY
javax.naming.Context.PROVIDER_URL
Other values that are not required but are significant when searching are
javax.naming.Context.DNS_URL
javax.naming.Context.OBJECT_FACTORIES
javax.naming.Context.URL_PKG_PREFIXES
Values that describe a user identity for security purposes including
javax.naming.Context.SECURITY_AUTHENTICATION
,
javax.naming.Context.SECURITY_PRINCIPAL
, and
javax.naming.Context.SECURITY_CREDENTIALS
, are not necessary
because this method only searches for factories that all users can use.
baseDN
- a partial JNDI distinguished name that defines the section within
the repository naming hierarchy that contains the pooling information.logicalName
- the value of the sasLogicalName
attribute for all login
definitions and server definitions (relative to the baseDN) in the JNDI
repository that contain information for starting a connection pool.public static WorkspaceFactory getFactory(java.lang.String userDN, java.lang.String userPassword, java.util.Hashtable repositoryProperties, java.lang.String baseDN, java.lang.String logicalName)
userDN
- the distinguished name of some object in the given JNDI directory
that has a userPassword
attribute. If this method finds a factory
that meets all the other search criteria specified in the arguments, and that
factory has set userAuthorizationRequired to true
, then
This object's DN must be a value of (or be a member of a group whose DN is a
value of) the
sasAllowedClientDN
attribute of one of
the login definitions used to create that factory. If the factory does not
require user authorization, then this parameter is ignored.userPassword
- the value of the userPassword
attribute for the
object identified with userDN. This value may be in plain text or it
may be base64 encoded. If it is base64 encoded, it must begin with the tag
{base64}
.repositoryProperties
- The information in the table identifies the JNDI repository
that contains the values necessary to start a connection pool. The keys for the
values are defined in javax.naming.Context, and
the required keys are listed below.
javax.naming.Context.INITIAL_CONTEXT_FACTORY
javax.naming.Context.PROVIDER_URL
Other values that are not required but are significant when searching are
javax.naming.Context.DNS_URL
javax.naming.Context.OBJECT_FACTORIES
javax.naming.Context.URL_PKG_PREFIXES
Values that describe a user identity for security purposes including
javax.naming.Context.SECURITY_AUTHENTICATION
,
javax.naming.Context.SECURITY_PRINCIPAL
, and
javax.naming.Context.SECURITY_CREDENTIALS
, are not necessary
because security information is provided with the userDN and
userPassword parameters.
baseDN
- a partial JNDI distinguished name that defines the section within
the repository naming hierarchy that contains the pooling information.logicalName
- the value of the sasLogicalName
attribute for all login
definitions and server definitions (relative to the baseDN) in the JNDI
repository that contain information for starting a connection pool.public WorkspaceConnector getWorkspaceConnector(long waitMilliseconds) throws WorkspaceFactoryException
waitMilliseconds
- used if this factory has reached its maximum
use limit at the time of this method call. If that is the case, then this method
will behave in one of the three following ways based on the value of
waitMilliseconds
:
waitMilliseconds
) before either returning a workspace connector or
throwing an exception.
public WorkspaceConnector getWorkspaceConnector(java.lang.String userDN, java.lang.String userPassword, long waitMilliseconds) throws WorkspaceFactoryException
userDN
- the distinguished name of some object in the JNDI directory used
to instantiate this factory that has a userPassword
attribute. This
object's DN must be a value of (or be a member of a group whose DN is a value of)
the sasAllowedClientDN
attribute of one of
the login definitions used to create this factory. If this factory does not
require user authorization, then this parameter is ignored.userPassword
- the value of the userPassword
attribute for the
object identified with userDN. This value may be in plain text or it
may be base64 encoded. If it is base64 encoded, it must begin with the tag
{base64}
. If this factory does not require user
authorization, then this parameter is ignored.waitMilliseconds
- used if this factory has reached its maximum
use limit at the time of this method call. If that is the case, then this method
will behave in one of the three following ways based on the value of
waitMilliseconds
:
waitMilliseconds
) before either returning a workspace connector or
throwing an exception.
public static WorkspaceConnector getWorkspaceConnectorByUUID(java.lang.String uuid)
UniqueIdentifier()
method. If no such workspace connector
has been created,
or if such a connector has been created but has already been closed, this method
returns null
.uuid
- the UUID of the desired workspacepublic static WorkspaceConnector getWorkspaceConnectorByUUID(java.lang.String userDN, java.lang.String userPassword, java.lang.String uuid) throws WorkspaceFactoryException
UniqueIdentifier()
method. If no such workspace connector
has been created,
or if such a connector has been created but has already been closed, this method
returns null
.userDN
- the distinguished name of some object in the given JNDI directory
that has a userPassword
attribute. If this method finds a factory
that meets all the other search criteria specified in the arguments, and that
factory has set userAuthorizationRequired to true
, then
This object's DN must be a value of (or be a member of a group whose DN is a
value of) the
sasAllowedClientDN
attribute of one of
the login definitions used to create that factory. If the factory does not
require user authorization, then this parameter is ignored.userPassword
- the value of the userPassword
attribute for the
object identified with userDN. This value may be in plain text or it
may be base64 encoded. If it is base64 encoded, it must begin with the tag
{base64}
.uuid
- the UUID of the desired workspacepublic com.sas.iom.SAS.IWorkspace createWorkspaceByLogicalName(java.lang.String logicalName, java.lang.String sasReferenceDN, java.lang.String protocol, java.lang.String ldapProviderUrl, java.util.Properties ldapProperties) throws WorkspaceFactoryException
sasDomainName
attribute.
This method throws an exception if it is called after a call to destroy()
.
logicalName
- A valid logical name of the server.sasReferenceDN
- A reference DN for the user to match with the domain name
to get a login definition.protocol
- Protocol to communicate with the server. Currently, the only
valid value is bridge
.ldapProviderUrl
- A url specifying the location of an LDAP provider.
This value typically takes the form ldap://host:port
ldapProperties
- A Properties object containing the following LDAP
properties:
baseDN
ldapUserName
ldapPassword
authentication
public com.sas.iom.SAS.IWorkspace createWorkspaceByServer(java.util.Properties serverInfo) throws WorkspaceFactoryException
This method throws an exception if it is called after a call to destroy()
.
serverInfo
- A properties object containing the following server definitions and a valid
username and password :
host
port
protocol
userName
password
userName
property.
Note that the server's encryption policy is, by default, optional so no special action is needed to prepare an IOM BRIDGE server to use encryption. However, it is possible to set up the server so that encryption is required. Consult IOM BRIDGE server documentation for details.
name
description
transcodingPreference
client
server
Note : The only time user sets the value to server is when he/she knows that the Java environment does not have a converter that converts between Unicode and the encoding appropriate for SAS specific locale.
The default value is client
. If the Java environment is not capable of performing
the required conversions, then the transcoding responsibilities will automatically be shifted to
SAS.
public java.util.Properties[] getServersByLogicalName(java.lang.String logicalName, java.lang.String protocol, java.lang.String ldapProviderUrl, java.util.Properties ldapProperties) throws WorkspaceFactoryException
logicalName
- A valid logical name of the server.protocol
- Protocol to communicate with the server. Valid values are bridge or corba.ldapProviderUrl
- A valid url specifying and LDAP server and its port to make connection of the form :
"ldap://host:port".ldapProperties
- A Properties object containing the following LDAP properties :
baseDN
ldapUserName
ldapPassword
authentication
The properties returned contains the following server definitions.
host
port
protocol
name
description
public void shutdown() throws WorkspaceFactoryException
shutdown()
will do nothing, but calls
getWorkspaceConnector()
will result in an exception.public void shutdown(java.lang.String adminDN, java.lang.String adminPassword) throws WorkspaceFactoryException
shutdown()
will do nothing, but calls
getWorkspaceConnector()
will result in an exception.adminDN
- the distinguished name of some object in the JNDI directory used
to instantiate this factory that has a userPassword
attribute. This
object must have read access to the pool parameters object that was
named when this factory was instantiated. If this factory does not require administrator
authorization, then this parameter is ignored.adminPassword
- the value of the userPassword
attribute for the
object identified with adminDN. This value may be in plain text or it
may be base64 encoded. If it is base64 encoded, it must begin with the tag
{base64}
. If this factory does not require administrator
authorization, then this parameter is ignored.public void destroy() throws WorkspaceFactoryException
shutdown()
and destroy()
will do nothing, but calls
getWorkspaceConnector()
will result in an exception.public void destroy(java.lang.String adminDN, java.lang.String adminPassword) throws WorkspaceFactoryException
shutdown()
and destroy()
will do nothing, but calls
getWorkspaceConnector()
will result in an exception.adminDN
- the distinguished name of some object in the JNDI directory used
to instantiate this factory that has a userPassword
attribute. This
object must have read access to the pool parameters object that was
named when this factory was instantiated. If this factory does not require administrator
authorization, then this parameter is ignored.adminPassword
- the value of the userPassword
attribute for the
object identified with adminDN. This value may be in plain text or it
may be base64 encoded. If it is base64 encoded, it must begin with the tag
{base64}
. If this factory does not require administrator
authorization, then this parameter is ignored.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |