Core API 7.8

net.juniper.smgt.sae.portal
Class Ssp

java.lang.Object
  extended by net.juniper.smgt.sae.portal.Ssp

public class Ssp
extends java.lang.Object

The static methods of this class allow an application to log in and log out most types of users, to grant and revoke public IP addresses for DHCP users, to register and unregister equipment and logins for DHCP users, and to modify information in SAE's LDAP directories.


Field Summary
static java.lang.String BASEDN
          Constant used when retrieving the data manager base DN.
 
Method Summary
static void addSubscription(java.lang.String userIp, java.lang.String serviceName, java.lang.String userName, java.lang.String password)
          Deprecated. Use the method User.addSubscription of class User instead.
static void deleteSubscription(java.lang.String userIp, java.lang.String serviceName, java.lang.String userName, java.lang.String password)
          Deprecated. Use the method User.deleteSubscription of class User instead.
static java.util.Set getAllUserDn()
          Get set of DNs, which identify a currently loaded user session
static java.util.Set getAllUserIp()
          Get set of IP addresses, which identify a currently loaded user session
static java.util.Set getIntfUserDns(java.lang.String searchString)
          Returns the LDAP distinguished name (as a String) of every logged in interface user whose LDAP distinguished name contains searchString.
static java.util.List getRegisteredEquipment(java.lang.String loginName, java.lang.String password)
          Returns a list of all the equipment that was registered using the specified loginName and password.
static java.util.List getRegisteredLogins(java.lang.String loginName, java.lang.String password)
          Returns a list of all the registered logins with the specified login name that are stored in the SAE's LDAP directory.
static javax.naming.directory.DirContext getServiceDirectory()
          Returns a javax.naming.DirContext object that can be used to access the directory that stores SAE's service definitions, as specified by the following SAE configuration parameters: Service repository address (i.e.
static java.lang.String[] getServiceNames()
          Deprecated. This method ignores service scopes and returns service names, that may not be valid for a given user. Use User.getAvailableServiceNames() instead.
static javax.naming.directory.DirContext getUserDirectory()
          Returns a javax.naming.DirContext object that can be to access the directory that stores SAE's user profiles, as specified by the following SAE configuration parameters: User repository address (i.e.
static java.util.List getUserIpByInterface(java.lang.String intfName, java.lang.String vrName)
          Return a list of IP addresses of user sessions currently active on given interface.
static java.util.List getUserSessionsByIntfIndex(int intfIndex, java.lang.String vrName)
          Return a list of user sessions currently active on given interface defined by its index and virtual router name.
static java.util.List getUserSessionsByIntfName(java.lang.String intfName, java.lang.String vrName)
          Return a list of user sessions currently active on given interface defined by its index and virtual router name.
static java.util.List getUserSessionsByPrimaryUserName(java.lang.String primaryUserName)
          Return a list of user sessions currently active associated to the given primary user name.
static void grantPublicIp(java.lang.String userIp, java.lang.String loginName, java.lang.String password)
          Deprecated. Use the method User.grantPublicIp of class User instead.
static void grantPublicIp(java.lang.String userIp, java.lang.String loginName, java.lang.String password, DhcpProfile dhcpProfile)
          Deprecated. Use the method User.grantPublicIp of class User instead.
static boolean loginDhcpUser(java.lang.String userIp, java.lang.String loginName, java.lang.String password, boolean makeLoginPersistent)
          Deprecated. This method has been replaced by the loginUser, registerLogin, and registerNextLogin methods.
static boolean loginUser(java.lang.String userIp, java.lang.String loginName, java.lang.String password)
          Logs a user into SAE.
static void logoutDhcpUser(java.lang.String userIp)
          Deprecated. This method has been replaced by the logoutUser and unregisterLogin methods.
static void logoutUser(java.lang.String userIp)
          Deprecated. Use the method User.logout of class User instead.
static void registerCurrentEquipment(java.lang.String userIp)
          Deprecated. This method has been replaced by the registerEquipment and grantPublicIpmethods.
static void registerEquipment(java.lang.String macAddress, java.lang.String equipmentDescription, java.lang.String loginName, java.lang.String password, java.lang.String virtualRouterName, java.lang.String interfaceName)
          Registers the specified client device.
static void registerEquipment(java.lang.String macAddress, java.lang.String equipmentDescription, java.lang.String loginName, java.lang.String password, java.lang.String virtualRouterName, java.lang.String interfaceName, DhcpProfile dhcpProfile)
          Register Equipment.
static void registerLogin(java.lang.String macAddress, java.lang.String loginDescription, java.lang.String loginName, java.lang.String password, java.lang.String virtualRouterName, java.lang.String interfaceName)
          Creates a persistent SAE login.
static void registerLoginCredentials(java.lang.String macAddress, java.lang.String loginDescription, java.lang.String loginName, java.lang.String password, java.lang.String virtualRouterName, java.lang.String interfaceName)
          Creates a persistent SAE login.
static void registerNextLogin(java.lang.String macAddress, java.lang.String loginDescription, java.lang.String loginName, java.lang.String password, java.lang.String virtualRouterName, java.lang.String interfaceName)
          Creates a semi-persistent SAE login.
static void revokePublicIp(java.lang.String userIp)
          Deprecated. Use the method User.revokePublicIp of class User instead.
static void unRegisterCurrentEquipment(java.lang.String userIp)
          Deprecated. This method has been replaced by the unregisterEquipment and revokePublicIp methods.
static void unregisterEquipment(java.lang.String macAddress, java.lang.String loginName, java.lang.String password)
          Unregisters the specified client device.
static void unregisterLogin(java.lang.String macAddress, java.lang.String loginName, java.lang.String password)
          Cancels a persistent SAE login.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

BASEDN

public static final java.lang.String BASEDN
Constant used when retrieving the data manager base DN.
   A base DN is the DN of an object that serves as the starting point for a directory search. For the directory as a whole, the base DN is o=umc for a default installation of the SDX software; it is the root object of the tree.
   Use the method Ssp.getServiceDirectory or Ssp.getUserDirectory to get the correspondent DirContext. From DirContext use the method DirContext.getEnvironment which returns a Hashtable. From the returned Hashtable, use the method Hashtable.get, providing BASEDN as the key parameter.

See Also:
Constant Field Values
Method Detail

loginUser

public static boolean loginUser(java.lang.String userIp,
                                java.lang.String loginName,
                                java.lang.String password)
                         throws LoginException
Logs a user into SAE. This method will load the user profile specified by loginName from the SAE's LDAP directory, and assign it to the user. The new user profile will replace the user's current user profile. The new user profile is selected by the SAE's user classification script based on the loginName provided here.
   One exception exists: When calling this method for a static IP user, this method does not replace the static IP user's current user profile. Instead, it associates the specified IP address with that already-logged in current user profile. After this is done, JSP pages can initialize a User bean with the static IP user's IP address. Before this is done, initializing a User bean with the static IP user's IP address will result in an UnknownUserException. If the router is overloaded, the user is logged in but some or all of the services marked to be activated on login will fail to start. They will have to be started manually when the router has enough resources available for such operation.

Parameters:
userIp - The user's current IP address (e.g. "192.168.34.4").
loginName - The user's requested identity (e.g. "jsmith@isp3.com"). Leading and trailing whitespace are automatically trimmed from this String.
password - The password required to obtain the user profile specified by the login name. Leading and trailing whitespace are automatically trimmed from this String.
Returns:
false. The return value used to identify an implicit ISP subscription which is no longer supported since SDX version 4.2.0
Throws:
java.lang.IllegalArgumentException - If the userIp string does not contain a parseable IP address, or if the loginName string is null or zero-length, or if the password string is null.
LoginException - If the login fails for any reason. A login will fail if an invalid username and/or password are supplied. A login may also fail for other reasons, such as a network connectivity problem between SAE and the LDAP directory. (To aid in diagnosing repeated login failures, the LoginException contains an English language message explaining the failure. This message is not suitable for presentation to end users on a web page.)

logoutUser

public static void logoutUser(java.lang.String userIp)
                       throws UnknownUserException,
                              SspException
Deprecated. Use the method User.logout of class User instead.

Logs a user out of SAE. This method will load the unauthenticated user profile from the SAE's LDAP directory, and assign it to the user as a replacement for his or her current user profile. All the user's subscriptions will be stopped as part of the logout process.
   Note that if an ISP service is active, it will deactivated like any other service before the logout occurs. In this case, the user's public IP address lease will be revoked, and the user will be assigned a token IP address (along with the unauthenticated user profile).
   Note also that this method does not unregister any login. See registerLogin for details.

Parameters:
userIp - The user's current IP address (e.g. "192.168.34.4").
Throws:
java.lang.IllegalArgumentException - If the userIp string does not contain a parseable IP address.
UnknownUserException - If the user specified by userIp is not currently logged in to SAE, or, in the case of a static IP user, if the user has not yet performed a web login that invokes Ssp.loginUser.
SspException - If this operation fails due to an unexpected error condition in SAE or in an external system upon which SAE depends (e.g. an LDAP directory, a RADIUS server, an E-series router, etc.).

registerLogin

public static void registerLogin(java.lang.String macAddress,
                                 java.lang.String loginDescription,
                                 java.lang.String loginName,
                                 java.lang.String password,
                                 java.lang.String virtualRouterName,
                                 java.lang.String interfaceName)
                          throws LoginException,
                                 SspException
Creates a persistent SAE login. After this method is called, every time the client device which has the specified MAC address obtains an IP address via DHCP, SAE will automatically log in the user profile specified by loginName (i.e. it will associate the user profile with the MAC address). When this method is called, the specified login name and password will be authenticated in exactly the same way as is done with the Ssp.loginUser method. If the authentication fails, a LoginException will be thrown. If the authentication succeeds, the login will be registered.
   Note that this method does nothing except store the client device's MAC address and user profile identifier in SAE's LDAP directory. There will be no noticable effect until the next time the client device which has the specified MAC address obtains a new IP address via DHCP.
   The properties of a User bean that represents a currently logged-in user are a possible source for many of the parameters required by this method.
   If the client device is moved to another location (i.e. its DHCP discover is received on an E-series router interface other than the one specified by this method's interfaceName and virtualRouterName parameters) then this login will be automatically unregistered. This behaviour can be avoided by specifying "*" as the interface name and/or the virtual router name.

Parameters:
macAddress - The MAC address of the client device for which an SAE login is to be registered (e.g. "A0:34:03:FF:3D:30").
loginDescription - An arbitrary string intended to describe the registered login. Can be null.
loginName - The login name that specifies the user profile to be assigned to the client device (e.g. "jsmith@isp3.com"). Leading and trailing whitespace are automatically trimmed from this String.
password - The clear text password required to obtain the user profile specified by loginName. Leading and trailing whitespace are automatically trimmed from this String.
virtualRouterName - The name of the E-series virtual router that will receive the client device's request for an IP address. This may be "*", which matches any virtual router.
interfaceName - The name of the E-series router interface that will receive the client device's request for an IP address. This may be "*", which matches any interface. Or this may be "@expression=value", please check your JUNOSe documentation for details.
Throws:
java.lang.IllegalArgumentException - If the macAddress string does not contain a parseable MAC address, if the password string is null, or if the loginName, virtualRouterName, or interfaceName strings are null or zero-length.
LoginException - If authentication of the specified SAE login name and password fails.
SspException - If this operation fails due to an unexpected error condition in SAE or in an external system upon which SAE depends (e.g. an LDAP directory, a RADIUS server, an E-series router, etc.).
See Also:
User.getMacAddress(), User.getVrName(), User.getIntfName()

registerLoginCredentials

public static void registerLoginCredentials(java.lang.String macAddress,
                                            java.lang.String loginDescription,
                                            java.lang.String loginName,
                                            java.lang.String password,
                                            java.lang.String virtualRouterName,
                                            java.lang.String interfaceName)
                                     throws LoginException,
                                            SspException
Creates a persistent SAE login. After this method is called, every time the client device which has the specified MAC address obtains an IP address via DHCP, SAE will automatically log in the user profile specified by loginName (i.e. it will associate the user profile with the MAC address). When this method is called, the specified login name and password will be authenticated in exactly the same way as is done with the Ssp.loginUser method. If the authentication fails, a LoginException will be thrown. If the authentication succeeds, the login will be registered.
   Note that this method does nothing except store the client device's MAC address and user profile identifier in SAE's LDAP directory. There will be no noticable effect until the next time the client device which has the specified MAC address obtains a new IP address via DHCP.
   The properties of a User bean that represents a currently logged-in user are a possible source for many of the parameters required by this method.
   If the client device is moved to another location (i.e. its DHCP discover is received on an E-series router interface other than the one specified by this method's interfaceName and virtualRouterName parameters) then this login will be automatically unregistered. This behaviour can be avoided by specifying "*" as the interface name and/or the virtual router name.

Parameters:
macAddress - The MAC address of the client device for which an SAE login is to be registered (e.g. "A0:34:03:FF:3D:30").
loginDescription - An arbitrary string intended to describe the registered login. Can be null.
loginName - The login name that specifies the user profile to be assigned to the client device (e.g. "jsmith@isp3.com"). Leading and trailing whitespace are automatically trimmed from this String.
password - The clear text password required to obtain the user profile specified by loginName. Leading and trailing whitespace are automatically trimmed from this String.
virtualRouterName - The name of the E-series virtual router that will receive the client device's request for an IP address. This may be "*", which matches any virtual router.
interfaceName - The name of the E-series router interface that will receive the client device's request for an IP address. This may be "*", which matches any interface. Or this may be "@expression=value", please check your JUNOSe documentation for details.
Throws:
java.lang.IllegalArgumentException - If the macAddress string does not contain a parseable MAC address, if the password string is null, or if the loginName, virtualRouterName, or interfaceName strings are null or zero-length.
LoginException - If authentication of the specified SAE login name and password fails.
SspException - If this operation fails due to an unexpected error condition in SAE or in an external system upon which SAE depends (e.g. an LDAP directory, a RADIUS server, an E-series router, etc.).
See Also:
User.getMacAddress(), User.getVrName(), User.getIntfName()

registerNextLogin

public static void registerNextLogin(java.lang.String macAddress,
                                     java.lang.String loginDescription,
                                     java.lang.String loginName,
                                     java.lang.String password,
                                     java.lang.String virtualRouterName,
                                     java.lang.String interfaceName)
                              throws LoginException,
                                     SspException
Creates a semi-persistent SAE login. Calling this method has exactly the same effect as calling the registerLogin method, with one critical difference: it affects only the next time the client device which has the specified MAC address obtains an IP address via DHCP.
   This type of registered login expires after an amount of time that is specified as part of the SAE's configuration. If the client device does not request a new IP address via DHCP before this time elapses, SAE will behave as if this method was never called.
   Note that this method does nothing except store the client device's MAC address and user profile identifier in memory (i.e. not in the SAE's LDAP directory). There will be no noticable effect until the next time the client device which has the specified MAC address obtains a new IP address via DHCP.
   The properties of a User bean that represents a currently logged-in user are a possible source for many of the parameters required by this method.
   If the client device is moved to another location (i.e. its DHCP discover is received on an E-series router interface other than the one specified by this method's interfaceName and virtualRouterName parameters) then this login will be automatically unregistered. This behaviour can be avoided by specifying "*" as the interface name and/or the virtual router name.

Parameters:
macAddress - The MAC address of the client device for which an SAE login is to be registered (e.g. "A0:34:03:FF:3D:30").
loginDescription - An arbitrary string intended to describe the login. Can be null.
loginName - The login name that specifies the user profile to be assigned to the client device (e.g. "jsmith@isp3.com"). Leading and trailing whitespace are automatically trimmed from this String.
password - The clear text password required to obtain the user profile specified by loginName. Leading and trailing whitespace are automatically trimmed from this String.
virtualRouterName - The name of the E-series virtual router that will receive the client device's request for an IP address. This may be "*", which matches any virtual router.
interfaceName - The name of the E-series interface that will receive the client device's request for an IP address. This may be "*", which matches any interface.
Throws:
java.lang.IllegalArgumentException - If the macAddress string does not contain a parseable MAC address, if the password string is null, or if the loginName, virtualRouterName, or interfaceName strings are null or zero-length.
LoginException - If authentication of the specified SAE login name and password fails.
SspException - If this operation fails due to an unexpected error condition in SAE or in an external system upon which SAE depends (e.g. an LDAP directory, a RADIUS server, an E-series router, etc.).
See Also:
registerLogin(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String)

unregisterLogin

public static void unregisterLogin(java.lang.String macAddress,
                                   java.lang.String loginName,
                                   java.lang.String password)
                            throws LoginException,
                                   SspException
Cancels a persistent SAE login. After this method is called, every time the client device which has the specified MAC address obtains an IP address via DHCP, SAE will assign it the unauthenticated user profile. If loginName is null, then the registration will be cancelled without any authentication taking place. If loginName is not null, then loginName and password will be authenticated in exactly the same way as is done with the Ssp.loginUser method. If the authentication fails, a LoginException will be thrown. If the authentication succeeds, and if the login name specified here matches the login name specified at login registration time, then the login registration will be cancelled.
   Note that this method does nothing except delete the client device's MAC address and user profile identifier from SAE's LDAP directory. There will be no noticable effect until the next time the client device which has the specified MAC address obtains a new IP address via DHCP.

Parameters:
macAddress - The MAC address of the client device for which an SAE login is currently registered (e.g. "A0:34:03:FF:3D:30").
loginName - The login name that was specified at login registration time (e.g. "jsmith@isp3.com"), or null. Leading and trailing whitespace are automatically trimmed from this String.
password - The clear text password that is currently used to log in to SAE when using loginName. This may be different from the password that was specified when the login was registered. This argument may be null. Leading and trailing whitespace are automatically trimmed from this String.
Throws:
java.lang.IllegalArgumentException - If the macAddress string does not contain a parseable MAC address.
LoginException - If authentication of the specified login name and password fails, or if the login name does not match the login name specified at registration time.
SspException - If this operation fails due to an unexpected error condition in SAE or in an external system upon which SAE depends (e.g. an LDAP directory, a RADIUS server, an E-series router, etc.).
See Also:
registerLogin(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String)

getRegisteredLogins

public static java.util.List getRegisteredLogins(java.lang.String loginName,
                                                 java.lang.String password)
                                          throws LoginException,
                                                 SspException
Returns a list of all the registered logins with the specified login name that are stored in the SAE's LDAP directory. If password is not null, the specified login name and password will be authenticated in exactly the same way as is done with the Ssp.loginUser method. If this authentication fails, a LoginException will be thrown. If this authentication succeeds, a list of all login registrations that use loginName will be returned. If password is null, a list of all login registrations that use loginName will be returned, without any authentication taking place.

Parameters:
loginName - The login name that was specified when the logins were registered. Leading and trailing whitespace are automatically trimmed from this String.
password - The clear text password that is currently used to log in to SAE when using loginName. This may be different from the password that was specified when the login was registered. This argument may be null. Leading and trailing whitespace are automatically trimmed from this String.
Returns:
Returns a List of Registration objects, each of which describes the persistent login for one client device.
Throws:
java.lang.IllegalArgumentException - If the loginName string is null or zero-length.
LoginException - If authentication of the specified login name and password fail.
SspException - If this operation fails due to an unexpected error condition in SAE or in an external system upon which SAE depends (e.g. an LDAP directory, a RADIUS server, an E-series router, etc.).
See Also:
Registration, registerLogin(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String)

grantPublicIp

public static void grantPublicIp(java.lang.String userIp,
                                 java.lang.String loginName,
                                 java.lang.String password)
                          throws UnknownUserException,
                                 ServiceAuthenticationException,
                                 SspException
Deprecated. Use the method User.grantPublicIp of class User instead.

Assigns a public IP address to the specified user. The loginName and password parameters will immediately be sent to the E-series router, which will authenticate them against a RADIUS server. The E-series requires that the loginName contain an "@" character followed by a domain name. If the authentication succeeds, the user's 'token' IP address lease will no longer be renewed. Once the 'token' IP address lease expires, the user will be assigned a new public IP address. Depending on the E-series router's configuration, this public IP address may come from a pool of IP addresses that is associated with the domain name found inside the loginName parameter (i.e. everything after the '@' character),
   Every time a user's IP address changes, he is logged out of SAE and then logged back into SAE. This means all his active subscriptions will be deactivated, and then all his ACTIVATE_ON_LOGIN subscriptions will be activated.
   Note that this operation is not permanent. The next time the user's client device requests a new IP address via DHCP it will receive a token IP address rather than a public IP address. Use the registerEquipment method to always assign a public IP address to a client device every time it requests a new IP address via DHCP.

Parameters:
userIp - The user's current IP address (e.g. "192.168.34.4").
loginName - The login name to be authenticated via RADIUS before the new public IP address is granted (e.g. "jsmith@isp3.com"). Leading and trailing whitespace are automatically trimmed from this String.
password - The clear text password to be authenticated via RADIUS before the new public IP address is granted. Leading and trailing whitespace are automatically trimmed from this String.
Throws:
java.lang.IllegalArgumentException - If the userIp string does not contain a parseable IP address, or if there is no user ID followed by an "@" character followed by a domain name (e.g. "jsmith@isp3.com") in the loginName string, or if the password string is null.
java.lang.IllegalStateException - If the user specified by userIp is not currently a token DHCP user.
ServiceAuthenticationException - If authentication of the loginName and password fails.
SspException - If this operation fails due to an unexpected error condition in SAE or in an external system upon which SAE depends (e.g. an LDAP directory, a RADIUS server, an E-series router, etc.). This includes the case where the specified login name and password can not be authenticated by the E-series router.
UnknownUserException - If the user specified by userIp is not currently logged in to SAE.
See Also:
User.isTokenDhcpUser(), registerEquipment(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String)

grantPublicIp

public static void grantPublicIp(java.lang.String userIp,
                                 java.lang.String loginName,
                                 java.lang.String password,
                                 DhcpProfile dhcpProfile)
                          throws UnknownUserException,
                                 ServiceAuthenticationException,
                                 SspException
Deprecated. Use the method User.grantPublicIp of class User instead.

Assigns a public IP address to the specified user. The loginName and password parameters will be authenticated and if authentication was successful the dhcpProfile will be used to assign the new address.
   Every time a user's IP address changes, he is logged out of SAE and then logged back into SAE. This means all his active subscriptions will be deactivated, and then all his ACTIVATE_ON_LOGIN subscriptions will be activated.
   Note that this operation is not permanent. The next time the user's client device requests a new IP address via DHCP it will receive a token IP address rather than a public IP address. Use the registerEquipment method to always assign a public IP address to a client device every time it requests a new IP address via DHCP.

Parameters:
userIp - The user's current IP address (e.g. "192.168.34.4").
loginName - The login name to be authenticated before the new public IP address is granted (e.g. "jsmith@isp3.com"). Leading and trailing whitespace are automatically trimmed from this String.
password - The clear text password to be authenticated via RADIUS before the new public IP address is granted. Leading and trailing whitespace are automatically trimmed from this String.
dhcpProfile - additional data used to modify the DHCP offer sent to the user. Note: not all versions of JUNOSe honor the data contained in the dhcpProfile, please check your JUNOSe documenation for details.
Throws:
java.lang.IllegalArgumentException - If the userIp string does not contain a parseable IP address
ServiceAuthenticationException - If authentication of the loginName and password fails.
SspException - If this operation fails due to an unexpected error condition in SAE or in an external system upon which SAE depends (e.g. an LDAP directory, a RADIUS server, an E-series router, etc.). This includes the case where the specified login name and password can not be authenticated by the E-series router.
UnknownUserException - If the user specified by userIp is not currently logged in to SAE.
Since:
4.2
See Also:
grantPublicIp(String, String, String), registerEquipment(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String)

revokePublicIp

public static void revokePublicIp(java.lang.String userIp)
                           throws UnknownUserException,
                                  SspException
Deprecated. Use the method User.revokePublicIp of class User instead.

Revokes the public IP address held by the specified user. The user's public IP address lease will no longer be renewed. Once the public IP address lease expires, the user will be assigned a new 'token' IP address.
   Every time a user's IP address changes, he is logged out of SAE and then logged back into SAE. This means all his active subscriptions will be deactivated, and then all his ACTIVATE_ON_LOGIN subscriptions will be activated.

Parameters:
userIp - The user's current IP address (e.g. "192.168.34.4").
Throws:
java.lang.IllegalArgumentException - If the userIp string does not contain a parseable IP address.
UnknownUserException - If the user specified by userIp is not currently logged in to SAE.
SspException - If this operation fails due to an unexpected error condition in SAE or in an external system upon which SAE depends (e.g. an LDAP directory, a RADIUS server, an E-series router, etc.).
See Also:
grantPublicIp(java.lang.String, java.lang.String, java.lang.String), User.isPublicDhcpUser()

registerEquipment

public static void registerEquipment(java.lang.String macAddress,
                                     java.lang.String equipmentDescription,
                                     java.lang.String loginName,
                                     java.lang.String password,
                                     java.lang.String virtualRouterName,
                                     java.lang.String interfaceName)
                              throws SspException
Registers the specified client device. Registered equipment that requests a new IP address via DHCP will be assigned a public IP address. Unregistered equipment that requests a new IP address will be assigned a 'token' IP address.
   Whenever the specified client device requests a new IP address via DHCP, the loginName and password parameters will be sent to the E-series router, which will authenticate them against a RADIUS server. The E-series router requires that the loginName contain an "@" character followed by a domain name. If the authentication fails, the client device will be assigned a token IP address. If the authentication succeeds, the client device will be assigned a public IP address. Depending on the E-series router's configuration, this public IP address may come from a pool of IP addresses that is associated with the domain name found inside the loginName parameter (i.e. everything after the '@' character),
   Note that this method does nothing except store the client device's MAC address and credentials in SAE's LDAP directory. There will be no noticable effect until the next time the client device which has the specified MAC address obtains a new IP address via DHCP. To immediately assign a public IP address to a user, call the grantPublicIp method.
   The properties of a User bean that represents a currently logged-in user are a possible source for many of the parameters required by this method.
   If a registered client device is moved to another location (i.e. its DHCP discover is received on an E-series router interface other than the one specified by this method's interfaceName and virtualRouterName parameters) then the equipment will be automatically unregistered. This behaviour can be avoided by specifying "*" as the interface name and/or the virtual router name.

Parameters:
macAddress - The MAC address of the client device to be registered (e.g. "A0:34:03:FF:3D:30").
equipmentDescription - An arbitrary string intended to describe the equipment being registered. Can be null.
loginName - The login name to be authenticated via RADIUS every time the client device requests a new IP address via DHCP (e.g. "jsmith@isp3.com"). Leading and trailing whitespace are automatically trimmed from this String.
password - The clear text password authenticated via RADIUS every time a new IP address is requested. Leading and trailing whitespace are automatically trimmed from this String.
virtualRouterName - The name of the E-series virtual router that will receive the client device's request for an IP address. This may be "*", which matches any virtual router.
interfaceName - The name of the E-series router interface that will receive the client device's request for an IP address. This may be "*", which matches any interface. Or this may be "@expression=value", please check your JUNOSe documentation for details.
Throws:
java.lang.IllegalArgumentException - If the macAddress string does not contain a parseable MAC address, or if there is no user ID followed by an "@" character followed by a domain name (e.g. "jsmith@isp3.com") in the loginName string, or if the password string is null, or if the virtualRouterName or interfaceName strings are null or zero-length.
SspException - If this operation fails due to an unexpected error condition in SAE or in an external system upon which SAE depends (e.g. an LDAP directory, a RADIUS server, an E-series router, etc.).
See Also:
grantPublicIp(java.lang.String, java.lang.String, java.lang.String), User.getMacAddress(), User.getVrName(), User.getIntfName()

registerEquipment

public static void registerEquipment(java.lang.String macAddress,
                                     java.lang.String equipmentDescription,
                                     java.lang.String loginName,
                                     java.lang.String password,
                                     java.lang.String virtualRouterName,
                                     java.lang.String interfaceName,
                                     DhcpProfile dhcpProfile)
                              throws SspException
Register Equipment.

The method creates a "dhcpProfile" object in the directory, which will be used the next time the registered equipment requests and new IP address via DHCP.

The difference to registerEquipment is that this method will authorize the request immediately. If the authorization was successful the registration object is created and there will be no authorization when the equipment requests an IP address.

Parameters:
macAddress - The MAC address of the client device to be registered (e.g. "A0:34:03:FF:3D:30").
equipmentDescription - An arbitrary string intended to describe the equipment being registered. Can be null.
loginName - The login name to be authenticated every time the client device requests a new IP address via DHCP (e.g. "jsmith@isp3.com"). Leading and trailing * whitespace are automatically trimmed from this String.
password - The clear text password authenticated every time a new IP address is requested. Leading and trailing whitespace are automatically trimmed from this String.
virtualRouterName - The name of the E-series virtual router that will receive the client device's request for an IP address. This may be "*", which matches any virtual router.
interfaceName - The name of the E-series router interface that will receive the client device's request for an IP address. This may be "*", which matches any interface. Or this may be "@expression=value", please check your JUNOSe documentation for details.
dhcpProfile - DHCP profile information used to handle the DHCP request.
Throws:
java.lang.IllegalArgumentException - If the macAddress string does not contain a parseable MAC address, or if there is no user ID followed by an "@" character followed by a domain name (e.g. "jsmith@isp3.com") in the loginName string, or if the password string is null, or if the virtualRouterName or interfaceName strings are null or zero-length.
SspException - If this operation fails due to an unexpected error condition in SAE or in an external system upon which SAE depends (e.g. an LDAP directory, a RADIUS server, an E-series router, etc.).
Since:
4.2
See Also:
grantPublicIp(java.lang.String, java.lang.String, java.lang.String), User.getMacAddress(), User.getVrName()

unregisterEquipment

public static void unregisterEquipment(java.lang.String macAddress,
                                       java.lang.String loginName,
                                       java.lang.String password)
                                throws SspException
Unregisters the specified client device. Unregistered equipment that requests a new IP address via DHCP will be assigned a 'token' IP address.
   If the loginName is null, then the specified client device will be unregistered without any authentication taking place. If loginName is not null, then loginName and password will be compared against the login name and password supplied when the equipment was registered. If they match, the equipment will be unregistered. If they differ, an exception will be thrown.
   Note that this method does nothing except delete the client device's MAC address and credentials from SAE's LDAP directory. There will be no noticable effect until the next time the client device which has the specified MAC address obtains a new IP address via DHCP. To immediately cancel a public IP address lease, use the revokePublicIp method.

Parameters:
macAddress - The MAC address of the client device to be unregistered (e.g. "A0:34:03:FF:3D:30").
loginName - The login name that was specified when the equipment was registered, or null. Leading and trailing whitespace are automatically trimmed from this String.
password - The clear text password that was specified when the equipment was registered, or null. Leading and trailing whitespace are automatically trimmed from this String.
Throws:
java.lang.IllegalArgumentException - If the macAddress string does not contain a parseable MAC address.
SspException - If this operation fails due to an unexpected error condition in SAE or in an external system upon which SAE depends (e.g. an LDAP directory, a RADIUS server, an E-series router, etc.).
See Also:
registerEquipment(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String)

getRegisteredEquipment

public static java.util.List getRegisteredEquipment(java.lang.String loginName,
                                                    java.lang.String password)
                                             throws SspException
Returns a list of all the equipment that was registered using the specified loginName and password. If the password argument is null, a list of all equipment registered using the specified login name and any password will be returned.

Parameters:
loginName - The login name that was specified when the equipment was registered. Leading and trailing whitespace are automatically trimmed from this String.
password - The clear text password that was specified when the equipment was registered, or null. Leading and trailing whitespace are automatically trimmed from this String.
Returns:
Returns a List of Registration objects, each of which describes one registered client device.
Throws:
java.lang.IllegalArgumentException - If the loginName string is null or zero-length.
SspException - If this operation fails due to an unexpected error condition in SAE or in an external system upon which SAE depends (e.g. an LDAP directory, a RADIUS server, an E-series router, etc.).
See Also:
Registration, registerEquipment(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String)

addSubscription

public static void addSubscription(java.lang.String userIp,
                                   java.lang.String serviceName,
                                   java.lang.String userName,
                                   java.lang.String password)
                            throws UnknownUserException,
                                   UnknownServiceException,
                                   ServiceAuthenticationException,
                                   SspException
Deprecated. Use the method User.addSubscription of class User instead.

Subscribes the currently logged in user specified by userIp to the service specified by serviceName. This method creates a new subscription entry in SAE's LDAP user directory or revokes its DELETED attribute if the subscription already existed with the DELETED attribute marked as true. All configured subscription authorization plug-ins must authorize the subscription. If any plug-in rejects the subscription, a ServiceAuthenticationException will be thrown.

Parameters:
userIp - The user's current IP address (e.g. "192.168.34.4").
serviceName - The desired service's name (e.g. "Video Gold").
userName - The user name passed to the subscription authorization plugin.
password - The password passed to the subscription authorization plugin.
Throws:
java.lang.IllegalArgumentException - If the userIp string does not contain a parseable IP address.
UnknownUserException - If the user specified by userIp is not currently logged in to SAE.
UnknownServiceException - If the service specified by the serviceName argument is not currently loaded into SAE.
ServiceAuthenticationException - If any subscription plug-in denies the subscription, or if the service serviceName is not currently available for subscription.
SspException - If the user with userIp address is already subscribed to the service serviceName or if failed to add the subscription to its LDAP directory or if failed to revoke the subscription's DELETED attribute.
Since:
3.0
See Also:
deleteSubscription(java.lang.String, java.lang.String, java.lang.String, java.lang.String)

deleteSubscription

public static void deleteSubscription(java.lang.String userIp,
                                      java.lang.String serviceName,
                                      java.lang.String userName,
                                      java.lang.String password)
                               throws UnknownUserException,
                                      UnknownServiceException,
                                      UnknownSubscriptionException,
                                      ServiceAuthenticationException,
                                      SspException
Deprecated. Use the method User.deleteSubscription of class User instead.

Unsubscribes the currently logged in user specified by userIp from the service specified by serviceName. This method marks the subscription's attribute DELETED as true from SAE's LDAP user directory. All configured subscription authorization plug-ins must authorize the deletion of the subscription. If any plug-in rejects the deletion, a ServiceAuthenticationException will be thrown.

Parameters:
userIp - The user's current IP address (e.g. "192.168.34.4").
serviceName - The desired service's name (e.g. "Video Gold").
userName - The user name passed to the subscription authorization plugin.
password - The password passed to the subscription authorization plugin.
Throws:
java.lang.IllegalArgumentException - If the userIp string does not contain a parseable IP address.
UnknownUserException - If the user specified by userIp is not currently logged in to SAE.
UnknownServiceException - If the service specified by the serviceName argument is not currently loaded into SAE.
UnknownSubscriptionException - If the user with userIp address is not currently subscribed to the service serviceName.
ServiceAuthenticationException - If any subscription plug-in denies the subscription deletion.
SspException - If failed to mark the subscription's attribute DELETED as true on its LDAP directory.
Since:
3.0
See Also:
deleteSubscription(java.lang.String, java.lang.String, java.lang.String, java.lang.String)

getServiceNames

public static java.lang.String[] getServiceNames()
Deprecated. This method ignores service scopes and returns service names, that may not be valid for a given user. Use User.getAvailableServiceNames() instead.

Returns the name of every service currently known to this SAE (i.e. every service that has been loaded into SAE from the SAE's LDAP service directory).

Returns:
Each String in the returned array is the name of one service.
Since:
3.0

getIntfUserDns

public static java.util.Set getIntfUserDns(java.lang.String searchString)
Returns the LDAP distinguished name (as a String) of every logged in interface user whose LDAP distinguished name contains searchString. In general, interface users are those users who are automatically logged in to SAE in response to an E-series router interface coming up, and who are uniquely identified by their distinguished name (i.e. for a given DN, only one interface user can be logged in to an SAE at a time). An interface user's IP address may or may not be known to SAE. See the SAE documentation for further details about interface users.

Parameters:
searchString - The substring to be searched for within all interface users' DNs. The search is case insensitive.
Returns:
The set of all interface user DNs that contain searchString.
Since:
3.0

getServiceDirectory

public static javax.naming.directory.DirContext getServiceDirectory()
Returns a javax.naming.DirContext object that can be used to access the directory that stores SAE's service definitions, as specified by the following SAE configuration parameters: The returned DirContext object must not be modified. Modifying the returned DirContext object may affect the stability of the SAE server.

Since:
3.0

getUserDirectory

public static javax.naming.directory.DirContext getUserDirectory()
Returns a javax.naming.DirContext object that can be to access the directory that stores SAE's user profiles, as specified by the following SAE configuration parameters: The returned DirContext object must not be modified. Modifying the returned DirContext object may affect the stability of the SAE server.

Since:
3.0

loginDhcpUser

public static boolean loginDhcpUser(java.lang.String userIp,
                                    java.lang.String loginName,
                                    java.lang.String password,
                                    boolean makeLoginPersistent)
                             throws LoginException
Deprecated. This method has been replaced by the loginUser, registerLogin, and registerNextLogin methods.

Throws:
LoginException

logoutDhcpUser

public static void logoutDhcpUser(java.lang.String userIp)
                           throws UnknownUserException,
                                  SspException
Deprecated. This method has been replaced by the logoutUser and unregisterLogin methods.

Throws:
UnknownUserException
SspException

registerCurrentEquipment

public static void registerCurrentEquipment(java.lang.String userIp)
                                     throws SspException
Deprecated. This method has been replaced by the registerEquipment and grantPublicIpmethods.

Throws:
SspException

unRegisterCurrentEquipment

public static void unRegisterCurrentEquipment(java.lang.String userIp)
                                       throws SspException
Deprecated. This method has been replaced by the unregisterEquipment and revokePublicIp methods.

Throws:
SspException

getAllUserIp

public static java.util.Set getAllUserIp()
Get set of IP addresses, which identify a currently loaded user session

Returns:
Set of Strings, where each element identifies a user
Since:
4.1

getAllUserDn

public static java.util.Set getAllUserDn()
Get set of DNs, which identify a currently loaded user session

Returns:
Set of Strings, where each element identifies a user
Since:
4.1

getUserIpByInterface

public static java.util.List getUserIpByInterface(java.lang.String intfName,
                                                  java.lang.String vrName)
Return a list of IP addresses of user sessions currently active on given interface.

Parameters:
intfName - Name of the interface, e.g. "FastEthernet2/1"
vrName - Name of the virtual router, e.g. "default@erx-node1"
Returns:
List of IP addresses as quad-decimal strings. E.g. "10.0.0.1, 10.0.0.2"
Since:
4.1

getUserSessionsByIntfIndex

public static java.util.List getUserSessionsByIntfIndex(int intfIndex,
                                                        java.lang.String vrName)
Return a list of user sessions currently active on given interface defined by its index and virtual router name.

Parameters:
intfIndex - name of the interface
vrName - virtual router name.
Returns:
List of user sessions associated to the interface defined by it's given index and virtual router name. Returns null if the virtual router is not managed by SAE or there is no mapping between the interface index and a managed interface.
Since:
4.2

getUserSessionsByIntfName

public static java.util.List getUserSessionsByIntfName(java.lang.String intfName,
                                                       java.lang.String vrName)
Return a list of user sessions currently active on given interface defined by its index and virtual router name.

Parameters:
intfName - Interface Name that uniquely identify an interface on a virtual router. It is the snmp if index.
vrName - virtual router name.
Returns:
List of user sessions associated to the interface defined by it's given index and virtual router name. Returns null if the virtual router is not managed by SAE or there is no mapping between the interface index and a managed interface.
Since:
5.0

getUserSessionsByPrimaryUserName

public static java.util.List getUserSessionsByPrimaryUserName(java.lang.String primaryUserName)
Return a list of user sessions currently active associated to the given primary user name.

Parameters:
primaryUserName -
Returns:
List of user sessions associated to the primaryUserName.
Since:
4.2

Core API 7.8