Create and close sessions at the UserManager. More...
#include <IPasswordAuthenticationService.hpp>
Public Types | |
| using | Ptr = std::shared_ptr< IPasswordAuthenticationService > |
 Public Types inherited from Arp::System::Rsc::Services::IRscService | |
| typedef std::shared_ptr< IRscService > | Ptr |
Public Member Functions | |
| IPasswordAuthenticationService (void)=default | |
| Constructs an IPasswordAuthenticationService instance. | |
| virtual AuthenticationError | CreateSession (const RscString< 64 > &userName, const SecureString< 128 > &password, const ChannelInformation &channelInformation, SecurityToken &securityToken, uint32 &penaltyDelayMillis, uint32 &initialTimeOutMillis)=0 |
| Creates a new Session against the UserManager. More... | |
| virtual void | ProlongSession (SecurityToken securityToken, uint32 &newTimeOutMillis)=0 |
| Prolongs the timeout of the current session (as referenced by the Ade.CommonRemoting.Security.SecurityToken within an extended Remoting header). This command only works on sessions, which are active, meaning: More... | |
| virtual void | CloseSession (SecurityToken securityToken)=0 |
| Close the current session (as referenced by the Ade.CommonRemoting.Security.SecurityToken within an extended Remoting header) explictly. This is considered best practice after the session is not needed anymore. After closing, the SecurityToken is considered invalid and may not be reused. | |
| Public Member Functions inherited from Arp::System::Rsc::Services::IRscService | |
| IRscService (void)=default | |
| Constructs an IRscService instance. | |
| virtual | ~IRscService (void)=default |
| Destructs this instance and frees all resouces. | |
Static Public Member Functions | |
| static IRscServiceProxyFactory & | GetProxyFactory (void) |
| Static Public Member Functions inherited from Arp::System::Rsc::Services::IRscService | |
| static IRscServiceProxyFactory & | GetProxyFactory (void) |
| Returns a reference to service proxy factory to create a proxy instance of the service More... | |
Detailed Description
Create and close sessions at the UserManager.
This service is intended to be used by gateways which authenticate users before they are allowed to access the insides of the PLCnext technology driven device. Examples for gateways are the Remoting Service Call gateway (RSC-gateway) when it authenticates users at the other end of TCP-based Remoting channels and the built-in OPC UA server when it authenticates users during the establishment of a session with the client.
This service is defined in library Arp.System.Um.
Realtime Usage: This API call does not have to be deterministic in runtime behaviour, so an asynchronous execution should be considered.
Member Function Documentation
◆ CreateSession()
|
pure virtual |
Creates a new Session against the UserManager.
This method allows other components such as the RSC-gateway to create sessions under a username and password. It returns a Ade.CommonRemoting.Security.SecurityToken which is to be used within extended Remoting headers in subsequent remoting calls, to authorize these calls or to check for authorization with the Arp.System.Um.Services.IAuthorizationInfoService.
- Parameters
-
userName username to use for the authentication for the new session password password corresponding to the username channelInformation describes properties of the channel Arp.System.Um.Services.ChannelInformation, which has been used to create a session with. These properties are used internally. Ex: The UserManager will ensure that a session from an RSC-Gateway cannot be used from another channel. securityToken If and only if this method returns with Arp.System.Um.Services.AuthenticationError.None then value of this parameter is valid. It is a value which shall be used within extended Remoting headers in subsequent Remoting calls. penaltyDelayMillis If and only if this method returns with Arp.System.Um.Services.AuthenticationError.PenaltyDelayActive then the value of this parameter is valid. It describes a delay in milliseconds which must pass before the next authentication attempt due to this or a former authentication failure. The penalty is enforced by the UserManager. The penalty delay may be enforced per user or global - depending on the security policy which is implemented by the UserManager. initialTimeOutMillis Each session is created with a limited lifetime. After exeeding this lifetime, the session is considered to be 'timed out'. It will be closed automatically by the system and the corrosponding Ade.CommonRemoting.Security.SecurityToken is invalid for further calls. The lifetime can be prolonged with a call to Arp.System.Um.Services.IPasswordAuthenticationService.ProlongSession. The initial lifetime for each session is configured by the UserManager and will be returned by this out parameter expressed in milliseconds. To modify this inital lifetime, please check the UserManager-SessionPolicy configuration.
- Returns
- Arp.System.Um.Services.AuthenticationError.None if the Session was successfully created, otherwise an enumvalue which represents the issue. Please check Arp.System.Um.Services.AuthenticationError for a full list of values with explanations.
◆ ProlongSession()
|
pure virtual |
Prolongs the timeout of the current session (as referenced by the Ade.CommonRemoting.Security.SecurityToken within an extended Remoting header). This command only works on sessions, which are active, meaning:
- Sessionlifetime larger than zero
- Session was not explictly closed Arp.System.Um.Services.IPasswordAuthenticationService.CloseSession This can be checked by using Arp.System.Um.Services.ISessionService.IsSessionActive
- Parameters
-
securityToken The Ade.CommonRemoting.Security.SecurityToken of the session which is to be prolonged newTimeOutMillis The new timeout set for this session is returned by this out parameter expressed in milliseconds.
The documentation for this class was generated from the following file:
- Arp/System/Um/Services/IPasswordAuthenticationService.hpp
