sirius.biz.jdbc.tenants

Class TenantUserManager

java.lang.Object

sirius.web.security.GenericUserManager

sirius.biz.jdbc.tenants.TenantUserManager

All Implemented Interfaces:

sirius.web.security.UserManager

public class TenantUserManager
extends sirius.web.security.GenericUserManager

Provides a UserManager for Tenant and UserAccount.

The user managed can be installed by setting the manager property of the scope to tenants in the system config.

This is the default user manager for the default scope in sirius-biz.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	TenantUserManager.Factory Creates a new user manager for the given scope and configuration.

Field Summary

Fields

Modifier and Type	Field and Description
static String	PERMISSION_MANAGE_SYSTEM Contains the permission required to manage the system.
static String	PERMISSION_SELECT_TENANT Contains the permission required to switch the tenant.
static String	PERMISSION_SELECT_USER_ACCOUNT Contains the permission required to switch the user account.
static String	PERMISSION_SPY_USER This flag indicates that the current user either has taken control over another tenant or uses account.
static String	PERMISSION_SYSTEM_TENANT This flag permission is granted to all users which belong to the system tenant.
static String	SPY_ID_SUFFIX If a session-value named UserContext.getCurrentUser().getUserId() + TenantUserManager.SPY_ID_SUFFIX is present, the user with the given ID will be used, instead of the current one.
static String	TENANT_SPY_ID_SUFFIX If a session-value named UserContext.getCurrentScope().getScopeId() + TenantUserManager.TENANT_SPY_ID_SUFFIX is present, the user will belong to the given tenant and not to his own one.

Fields inherited from class sirius.web.security.GenericUserManager

config, defaultRoles, defaultUser, hashFunction, keepLoginEnabled, loginCookieTTL, publicRoles, scope, ssoEnabled, ssoGraceInterval, ssoSecret, trustedRoles

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	TenantUserManager(sirius.web.security.ScopeInfo scope, sirius.kernel.settings.Extension config)

Method Summary

Modifier and Type	Method and Description
protected sirius.web.security.UserInfo	asUser(UserAccount account, List<String> extraRoles)
void	attachToSession(sirius.web.security.UserInfo user, sirius.web.http.WebContext ctx)
boolean	checkPassword(UserAccount userAccount, String password) Checks if the given password of the given UserAccount is correct.
protected String	computeLang(sirius.web.http.WebContext ctx, String userId)
protected Set<String>	computeRoles(sirius.web.http.WebContext ctx, String userId)
protected String	computeTenantname(sirius.web.http.WebContext ctx, String tenantId)
protected String	computeUsername(sirius.web.http.WebContext ctx, String userId)
sirius.web.security.UserInfo	createUserWithTenant(sirius.web.security.UserInfo originalUser, String tenantId) Creates a copy of the given UserInfo with a new tenant id.
sirius.web.security.UserInfo	findUserByCredentials(sirius.web.http.WebContext ctx, String user, String password)
sirius.web.security.UserInfo	findUserByName(sirius.web.http.WebContext ctx, String user)
sirius.web.security.UserInfo	findUserByUserId(String accountId) Tries to find a UserInfo for the given unique object name of a UserAccount.
protected sirius.web.security.UserInfo	findUserInSession(sirius.web.http.WebContext ctx)
static void	flushCacheForTenant(Tenant tenant) Flushes all cahes for the given tenant.
static void	flushCacheForUserAccount(UserAccount account) Flushes all caches for the given account.
String	getOriginalTenantId(sirius.web.http.WebContext ctx)
protected Object	getUserObject(sirius.web.security.UserInfo userInfo)
protected sirius.web.security.UserSettings	getUserSettings(sirius.web.security.UserSettings scopeSettings, sirius.web.security.UserInfo userInfo)
protected boolean	isUserStillValid(String userId)
void	recordLogin(sirius.web.security.UserInfo user, boolean external) Records a login which has either happened within this user manager or externally.
protected void	recordUserLogin(sirius.web.http.WebContext ctx, sirius.web.security.UserInfo user)

Methods inherited from class sirius.web.security.GenericUserManager

bindToRequest, buildDefaultUser, computeSSOHashInput, computeSSOToken, detachFromSession, determineRolesOfDefaultUser, extractChallengeAndResponse, findUserForRequest, getScopeSettings, getSSOHashFunction, isKeepLoginSupported, isLoginSupported, log, transformRoles, updateLoginCookie

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

PERMISSION_SYSTEM_TENANT

public static final String PERMISSION_SYSTEM_TENANT

This flag permission is granted to all users which belong to the system tenant.

The id of the system tenant can be set in the scope config. The system tenant usually is the administrative company which owns / runs the system.

See Also:

Constant Field Values

PERMISSION_MANAGE_SYSTEM

public static final String PERMISSION_MANAGE_SYSTEM

Contains the permission required to manage the system.

If this permission is granted for user accounts that belong to the system tenant, the PERMISSION_SYSTEM_TENANT flag is added to the users roles

See Also:

Constant Field Values

PERMISSION_SPY_USER

public static final String PERMISSION_SPY_USER

This flag indicates that the current user either has taken control over another tenant or uses account.

See Also:

Constant Field Values

PERMISSION_SELECT_USER_ACCOUNT

public static final String PERMISSION_SELECT_USER_ACCOUNT

Contains the permission required to switch the user account.

See Also:

Constant Field Values

PERMISSION_SELECT_TENANT

public static final String PERMISSION_SELECT_TENANT

Contains the permission required to switch the tenant.

See Also:

Constant Field Values

TENANT_SPY_ID_SUFFIX

public static final String TENANT_SPY_ID_SUFFIX

If a session-value named UserContext.getCurrentScope().getScopeId() + TenantUserManager.TENANT_SPY_ID_SUFFIX is present, the user will belong to the given tenant and not to his own one.

This is used by support and administrative tasks. Beware, that the id is not checked, so the one who installs the ID has to verify that the user is allowed to switch to this tenant.

See Also:

Constant Field Values

SPY_ID_SUFFIX

public static final String SPY_ID_SUFFIX

If a session-value named UserContext.getCurrentUser().getUserId() + TenantUserManager.SPY_ID_SUFFIX is present, the user with the given ID will be used, instead of the current one.

This is used by support and administrative tasks. Beware, that the id is not checked, so the one who installs the ID has to verify that the user is allowed to become this user.

See Also:

Constant Field Values

Constructor Detail

TenantUserManager

protected TenantUserManager(sirius.web.security.ScopeInfo scope,
                            sirius.kernel.settings.Extension config)

Method Detail

flushCacheForUserAccount

public static void flushCacheForUserAccount(UserAccount account)

Flushes all caches for the given account.

Parameters:

account - the account to flush

flushCacheForTenant

public static void flushCacheForTenant(Tenant tenant)

Flushes all cahes for the given tenant.

Parameters:

tenant - the tenant to flush

findUserInSession

protected sirius.web.security.UserInfo findUserInSession(sirius.web.http.WebContext ctx)

Overrides:

findUserInSession in class sirius.web.security.GenericUserManager

createUserWithTenant

public sirius.web.security.UserInfo createUserWithTenant(sirius.web.security.UserInfo originalUser,
                                                         String tenantId)

Creates a copy of the given UserInfo with a new tenant id.

As a user can switch to other tenants, we must be able to create a "fake" user info, which contains the given tenant data.

Parameters:

originalUser - the user which is actually logged in

tenantId - the id of the tenant to become

Returns:

a new user object, with the original user data but a modified tenant id and object

getOriginalTenantId

public String getOriginalTenantId(sirius.web.http.WebContext ctx)

attachToSession

public void attachToSession(@Nonnull
                            sirius.web.security.UserInfo user,
                            @Nonnull
                            sirius.web.http.WebContext ctx)

Specified by:

attachToSession in interface sirius.web.security.UserManager

Overrides:

attachToSession in class sirius.web.security.GenericUserManager

findUserByName

public sirius.web.security.UserInfo findUserByName(@Nullable
                                                   sirius.web.http.WebContext ctx,
                                                   String user)

findUserByUserId

@Nullable
public sirius.web.security.UserInfo findUserByUserId(String accountId)

Tries to find a UserInfo for the given unique object name of a UserAccount.

Parameters:

accountId - the unique object name of an UserAccount to resolve into a UserInfo

Returns:

the UserInfo representing the given account (will utilize caches if available) or null if no such user exists

asUser

protected sirius.web.security.UserInfo asUser(UserAccount account,
                                              List<String> extraRoles)

findUserByCredentials

public sirius.web.security.UserInfo findUserByCredentials(@Nullable
                                                          sirius.web.http.WebContext ctx,
                                                          String user,
                                                          String password)

checkPassword

public boolean checkPassword(UserAccount userAccount,
                             String password)

Checks if the given password of the given UserAccount is correct.

Parameters:

userAccount - the user account to validate the password for

password - the password to validate

Returns:

true if the password is valid, false otherwise

recordUserLogin

protected void recordUserLogin(sirius.web.http.WebContext ctx,
                               sirius.web.security.UserInfo user)

Overrides:

recordUserLogin in class sirius.web.security.GenericUserManager

recordLogin

public void recordLogin(sirius.web.security.UserInfo user,
                        boolean external)

Records a login which has either happened within this user manager or externally.

Parameters:

user - the user which logged in

external - true if the login was performed via an external system like SAML, false otherwise

getUserObject

protected Object getUserObject(sirius.web.security.UserInfo userInfo)

Specified by:

getUserObject in class sirius.web.security.GenericUserManager

getUserSettings

protected sirius.web.security.UserSettings getUserSettings(sirius.web.security.UserSettings scopeSettings,
                                                           sirius.web.security.UserInfo userInfo)

Overrides:

getUserSettings in class sirius.web.security.GenericUserManager

isUserStillValid

protected boolean isUserStillValid(String userId)

Overrides:

isUserStillValid in class sirius.web.security.GenericUserManager

computeRoles

protected Set<String> computeRoles(sirius.web.http.WebContext ctx,
                                   String userId)

Specified by:

computeRoles in class sirius.web.security.GenericUserManager

computeUsername

@Nonnull
protected String computeUsername(@Nullable
                                          sirius.web.http.WebContext ctx,
                                          String userId)

Specified by:

computeUsername in class sirius.web.security.GenericUserManager

computeTenantname

@Nonnull
protected String computeTenantname(@Nullable
                                            sirius.web.http.WebContext ctx,
                                            String tenantId)

Specified by:

computeTenantname in class sirius.web.security.GenericUserManager

computeLang

@Nonnull
protected String computeLang(sirius.web.http.WebContext ctx,
                                      String userId)

Specified by:

computeLang in class sirius.web.security.GenericUserManager