public class TenantUserManager
extends sirius.web.security.GenericUserManager
UserManager
for Tenant
and UserAccount
.
The user managed can be installed by setting the manager property of the scope to tenants in the system config.
This is the default user manager for the default scope in sirius-biz.
Modifier and Type | Class and Description |
---|---|
static class |
TenantUserManager.Factory
Creates a new user manager for the given scope and configuration.
|
Modifier and Type | Field and Description |
---|---|
static String |
PERMISSION_MANAGE_SYSTEM
Contains the permission required to manage the system.
|
static String |
PERMISSION_SELECT_TENANT
Contains the permission required to switch the tenant.
|
static String |
PERMISSION_SELECT_USER_ACCOUNT
Contains the permission required to switch the user account.
|
static String |
PERMISSION_SPY_USER
This flag indicates that the current user either has taken control over another tenant or uses account.
|
static String |
PERMISSION_SYSTEM_TENANT
This flag permission is granted to all users which belong to the system tenant.
|
static String |
SPY_ID_SUFFIX
If a session-value named
UserContext.getCurrentUser().getUserId() + TenantUserManager.SPY_ID_SUFFIX
is present, the user with the given ID will be used, instead of the current one. |
static String |
TENANT_SPY_ID_SUFFIX
If a session-value named
UserContext.getCurrentScope().getScopeId() +
TenantUserManager.TENANT_SPY_ID_SUFFIX
is present, the user will belong to the given tenant and not to his own one. |
Modifier | Constructor and Description |
---|---|
protected |
TenantUserManager(sirius.web.security.ScopeInfo scope,
sirius.kernel.settings.Extension config) |
Modifier and Type | Method and Description |
---|---|
protected sirius.web.security.UserInfo |
asUser(UserAccount account,
List<String> extraRoles) |
void |
attachToSession(sirius.web.security.UserInfo user,
sirius.web.http.WebContext ctx) |
boolean |
checkPassword(UserAccount userAccount,
String password)
Checks if the given password of the given
UserAccount is correct. |
protected String |
computeLang(sirius.web.http.WebContext ctx,
String userId) |
protected Set<String> |
computeRoles(sirius.web.http.WebContext ctx,
String userId) |
protected String |
computeTenantname(sirius.web.http.WebContext ctx,
String tenantId) |
protected String |
computeUsername(sirius.web.http.WebContext ctx,
String userId) |
sirius.web.security.UserInfo |
createUserWithTenant(sirius.web.security.UserInfo originalUser,
String tenantId)
Creates a copy of the given UserInfo with a new tenant id.
|
sirius.web.security.UserInfo |
findUserByCredentials(sirius.web.http.WebContext ctx,
String user,
String password) |
sirius.web.security.UserInfo |
findUserByName(sirius.web.http.WebContext ctx,
String user) |
sirius.web.security.UserInfo |
findUserByUserId(String accountId)
Tries to find a
UserInfo for the given unique object name of a UserAccount . |
protected sirius.web.security.UserInfo |
findUserInSession(sirius.web.http.WebContext ctx) |
static void |
flushCacheForTenant(Tenant tenant)
Flushes all cahes for the given tenant.
|
static void |
flushCacheForUserAccount(UserAccount account)
Flushes all caches for the given account.
|
String |
getOriginalTenantId(sirius.web.http.WebContext ctx) |
protected Object |
getUserObject(sirius.web.security.UserInfo userInfo) |
protected sirius.web.security.UserSettings |
getUserSettings(sirius.web.security.UserSettings scopeSettings,
sirius.web.security.UserInfo userInfo) |
protected boolean |
isUserStillValid(String userId) |
void |
recordLogin(sirius.web.security.UserInfo user,
boolean external)
Records a login which has either happened within this user manager or externally.
|
protected void |
recordUserLogin(sirius.web.http.WebContext ctx,
sirius.web.security.UserInfo user) |
bindToRequest, buildDefaultUser, computeSSOHashInput, computeSSOToken, detachFromSession, determineRolesOfDefaultUser, extractChallengeAndResponse, findUserForRequest, getScopeSettings, getSSOHashFunction, isKeepLoginSupported, isLoginSupported, log, transformRoles, updateLoginCookie
public static final String PERMISSION_SYSTEM_TENANT
The id of the system tenant can be set in the scope config. The system tenant usually is the administrative company which owns / runs the system.
public static final String PERMISSION_MANAGE_SYSTEM
If this permission is granted for user accounts that belong to the system tenant, the PERMISSION_SYSTEM_TENANT flag is added to the users roles
public static final String PERMISSION_SPY_USER
public static final String PERMISSION_SELECT_USER_ACCOUNT
public static final String PERMISSION_SELECT_TENANT
public static final String TENANT_SPY_ID_SUFFIX
UserContext.getCurrentScope().getScopeId() +
TenantUserManager.TENANT_SPY_ID_SUFFIX
is present, the user will belong to the given tenant and not to his own one.
This is used by support and administrative tasks. Beware, that the id is not checked, so the one who installs the ID has to verify that the user is allowed to switch to this tenant.
public static final String SPY_ID_SUFFIX
UserContext.getCurrentUser().getUserId() + TenantUserManager.SPY_ID_SUFFIX
is present, the user with the given ID will be used, instead of the current one.
This is used by support and administrative tasks. Beware, that the id is not checked, so the one who installs the ID has to verify that the user is allowed to become this user.
protected TenantUserManager(sirius.web.security.ScopeInfo scope, sirius.kernel.settings.Extension config)
public static void flushCacheForUserAccount(UserAccount account)
account
- the account to flushpublic static void flushCacheForTenant(Tenant tenant)
tenant
- the tenant to flushprotected sirius.web.security.UserInfo findUserInSession(sirius.web.http.WebContext ctx)
findUserInSession
in class sirius.web.security.GenericUserManager
public sirius.web.security.UserInfo createUserWithTenant(sirius.web.security.UserInfo originalUser, String tenantId)
As a user can switch to other tenants, we must be able to create a "fake" user info, which contains the given tenant data.
originalUser
- the user which is actually logged intenantId
- the id of the tenant to becomepublic String getOriginalTenantId(sirius.web.http.WebContext ctx)
public void attachToSession(@Nonnull sirius.web.security.UserInfo user, @Nonnull sirius.web.http.WebContext ctx)
attachToSession
in interface sirius.web.security.UserManager
attachToSession
in class sirius.web.security.GenericUserManager
public sirius.web.security.UserInfo findUserByName(@Nullable sirius.web.http.WebContext ctx, String user)
@Nullable public sirius.web.security.UserInfo findUserByUserId(String accountId)
UserInfo
for the given unique object name of a UserAccount
.accountId
- the unique object name of an UserAccount to resolve into a UserInfoprotected sirius.web.security.UserInfo asUser(UserAccount account, List<String> extraRoles)
public sirius.web.security.UserInfo findUserByCredentials(@Nullable sirius.web.http.WebContext ctx, String user, String password)
public boolean checkPassword(UserAccount userAccount, String password)
UserAccount
is correct.userAccount
- the user account to validate the password forpassword
- the password to validateprotected void recordUserLogin(sirius.web.http.WebContext ctx, sirius.web.security.UserInfo user)
recordUserLogin
in class sirius.web.security.GenericUserManager
public void recordLogin(sirius.web.security.UserInfo user, boolean external)
user
- the user which logged inexternal
- true if the login was performed via an external system like SAML, false otherwiseprotected Object getUserObject(sirius.web.security.UserInfo userInfo)
getUserObject
in class sirius.web.security.GenericUserManager
protected sirius.web.security.UserSettings getUserSettings(sirius.web.security.UserSettings scopeSettings, sirius.web.security.UserInfo userInfo)
getUserSettings
in class sirius.web.security.GenericUserManager
protected boolean isUserStillValid(String userId)
isUserStillValid
in class sirius.web.security.GenericUserManager
protected Set<String> computeRoles(sirius.web.http.WebContext ctx, String userId)
computeRoles
in class sirius.web.security.GenericUserManager
@Nonnull protected String computeUsername(@Nullable sirius.web.http.WebContext ctx, String userId)
computeUsername
in class sirius.web.security.GenericUserManager
@Nonnull protected String computeTenantname(@Nullable sirius.web.http.WebContext ctx, String tenantId)
computeTenantname
in class sirius.web.security.GenericUserManager
Copyright © 2018. All rights reserved.