public abstract class GenericUserManager extends Object implements UserManager
UserManager
.
Provides session handling and roles expansion using profiles (security.profiles).
Modifier and Type | Field and Description |
---|---|
protected sirius.kernel.settings.Extension |
config |
protected List<String> |
defaultRoles |
protected UserInfo |
defaultUser |
protected String |
hashFunction |
protected boolean |
keepLoginEnabled |
protected Duration |
loginCookieTTL |
protected List<String> |
publicRoles |
protected ScopeInfo |
scope |
protected boolean |
ssoEnabled |
protected long |
ssoGraceInterval |
protected String |
ssoSecret |
protected List<String> |
trustedRoles |
Modifier | Constructor and Description |
---|---|
protected |
GenericUserManager(ScopeInfo scope,
sirius.kernel.settings.Extension config) |
Modifier and Type | Method and Description |
---|---|
void |
attachToSession(UserInfo user,
WebContext ctx)
Attaches the given user to the current session.
|
UserInfo |
bindToRequest(WebContext ctx)
Tries to find the current user in the current session or by checking the request for valid credentials
|
protected UserInfo |
buildDefaultUser() |
protected abstract String |
computeLang(WebContext ctx,
String userId)
Compues the langange code of the given user and request.
|
protected abstract Set<String> |
computeRoles(WebContext ctx,
String userId)
Tries to compute the roles for the given user and request.
|
protected String |
computeSSOHashInput(String user,
String timestamp)
Computes the input for the hash function used to generate the auth hash.
|
String |
computeSSOToken(String username)
Computes an auth token which can be used to perform an SSO Login.
|
protected abstract String |
computeTenantname(WebContext ctx,
String tenantId)
Compues the name of the given tenant and request.
|
protected abstract String |
computeUsername(WebContext ctx,
String userId)
Compues the name of the given user and request.
|
void |
detachFromSession(UserInfo user,
WebContext ctx)
Removes all stored user information from the current session.
|
protected Set<String> |
determineRolesOfDefaultUser() |
protected sirius.kernel.commons.Tuple<String,String> |
extractChallengeAndResponse(WebContext ctx) |
UserInfo |
findUserForRequest(WebContext ctx)
Tries to find the current user in the current session.
|
protected UserInfo |
findUserInSession(WebContext ctx)
Tries to fetch the current user from the current session.
|
protected UserSettings |
getScopeSettings()
Boilerplate for fetching the settings of the current scope.
|
protected com.google.common.hash.HashFunction |
getSSOHashFunction()
Determines which hash function is used to compute and verify SSO tokens.
|
protected abstract Object |
getUserObject(UserInfo user)
Resolves the given user info back into the original (underlying) user object.
|
protected UserSettings |
getUserSettings(UserSettings scopeSettings,
UserInfo user)
Fetches the user specific configuration if available.
|
boolean |
isKeepLoginSupported()
Determines if the login can be stored longer than a usual session.
|
boolean |
isLoginSupported()
Determines if a login via username and password is possible.
|
protected boolean |
isUserStillValid(String userId)
Determines if the cached user object for the given ID is still valid.
|
protected void |
log(String pattern,
Object... params)
Used to write a debug log.
|
protected void |
recordUserLogin(WebContext ctx,
UserInfo user)
Provides a method which can track logins of users.
|
protected Set<String> |
transformRoles(Collection<String> roles,
boolean trusted)
Applies profile transformations and adds default roles to the set of given roles.
|
protected void |
updateLoginCookie(WebContext ctx,
UserInfo user)
Updates the lifetime of the login cooke if required.
|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
findUserByCredentials, findUserByName
protected final ScopeInfo scope
protected final sirius.kernel.settings.Extension config
protected final String hashFunction
protected final long ssoGraceInterval
protected boolean ssoEnabled
protected boolean keepLoginEnabled
protected String ssoSecret
protected Duration loginCookieTTL
protected UserInfo defaultUser
protected GenericUserManager(ScopeInfo scope, sirius.kernel.settings.Extension config)
protected UserInfo buildDefaultUser()
protected abstract Object getUserObject(UserInfo user)
user
- the user info which was passed to the outside world.@Nonnull protected UserSettings getUserSettings(@Nonnull UserSettings scopeSettings, UserInfo user)
scopeSettings
- the config of the outside scopeuser
- the user info which identifies the user to fetch the config for@Nonnull public UserInfo bindToRequest(@Nonnull WebContext ctx)
UserManager
bindToRequest
in interface UserManager
ctx
- the request to attach toUserInfo.NOBODY
can be used.@Nonnull public UserInfo findUserForRequest(@Nonnull WebContext ctx)
UserManager
UserManager.bindToRequest(WebContext)
this
will not try to log a user in via credentials found in the request.findUserForRequest
in interface UserManager
ctx
- the request to attach toUserInfo.NOBODY
can be used.protected void recordUserLogin(WebContext ctx, UserInfo user)
ctx
- the current requestuser
- the user which logged inprotected void updateLoginCookie(WebContext ctx, UserInfo user)
ctx
- the current requestuser
- the user that logged inprotected sirius.kernel.commons.Tuple<String,String> extractChallengeAndResponse(WebContext ctx)
public String computeSSOToken(String username)
If enabled, the computed token can be passed in using the token field.
username
- the username to generate a token forprotected com.google.common.hash.HashFunction getSSOHashFunction()
protected String computeSSOHashInput(String user, String timestamp)
user
- the name of the usertimestamp
- the timestamp used as challengeprotected Set<String> transformRoles(Collection<String> roles, boolean trusted)
roles
- the roles granted to a usertrusted
- determines if the user is considered a trusted user
(Usually determined via WebContext.isTrusted()
).protected void log(String pattern, Object... params)
Automatically contains the name of the user manager and the current scope.
pattern
- the pattern used for loggingparams
- the parameters applied to the patternprotected UserInfo findUserInSession(WebContext ctx)
This can be either the client sided session (cookie) or the server session.
ctx
- the current request to use the session fromprotected boolean isUserStillValid(String userId)
The method has to check the session data by itself.
userId
- the user id to checkprotected UserSettings getScopeSettings()
@Nullable protected abstract Set<String> computeRoles(@Nullable WebContext ctx, String userId)
If a server session is available, we try to load the roles from there.
ctx
- the current requestuserId
- the id of the user to fetch roles for@Nonnull protected abstract String computeUsername(@Nullable WebContext ctx, String userId)
ctx
- the current requestuserId
- the id of the user to fetch the name for@Nonnull protected abstract String computeTenantname(@Nullable WebContext ctx, String tenantId)
ctx
- the current requesttenantId
- the id of the tenant to fetch the name for@Nonnull protected abstract String computeLang(WebContext ctx, String userId)
ctx
- the current requestuserId
- the id of the user to fetch the language forpublic void attachToSession(@Nonnull UserInfo user, @Nonnull WebContext ctx)
This will make the login persistent across requests (if session management is enabled).
attachToSession
in interface UserManager
user
- the user to attach to the sessionctx
- the current request to attach the user topublic void detachFromSession(@Nonnull UserInfo user, @Nonnull WebContext ctx)
detachFromSession
in interface UserManager
user
- the current user - passed in, in case a cache etc. has to be clearedctx
- the request to remove all data frompublic boolean isLoginSupported()
UserManager
isLoginSupported
in interface UserManager
public boolean isKeepLoginSupported()
UserManager
isKeepLoginSupported
in interface UserManager
Copyright © 2018. All rights reserved.