Package com.avoka.fc.core.security

Class SecurityManagerService

java.lang.Object

com.avoka.fc.core.service.BaseService

com.avoka.fc.core.service.CayenneService

com.avoka.fc.core.security.SecurityManagerService

All Implemented Interfaces:

ISecurityManagerService

public class SecurityManagerService
extends CayenneService
implements ISecurityManagerService

Provides a Security Manager service which is associated with a Security Manager configuration entity.

Since:

3.5.0

See Also:

SecurityManager

Field Summary

Fields

Modifier and Type	Field	Description
static Integer	PERMANENT_LOCKOUT	Provides the 'permanent lockout' property value.

Fields inherited from interface com.avoka.fc.core.security.ISecurityManagerService

SESSION_PORTAL_ID

Constructor Summary

Constructors

Constructor	Description
SecurityManagerService(SecurityManager securityManager, Portal portal)	Create a Security Manager Service with the given security manager configuration entity and portal.

Method Summary

Modifier and Type	Method	Description
org.springframework.security.authentication.AuthenticationProvider	createAuthenticationProvider(AuthenticationProvider providerEntity)	Create an Spring Security AuthenticationProvider instance using the associated Portal and AuthenticationProvider configuration entity.
UserAccount	createUserAndProfile(String loginName, String email, String password, String givenName, String familyName, String mobile, Map<String,String> profileMap, String authenticationDomain, String userType, boolean isSelfRegistration)	Create a new user account and profile
boolean	doesPasswordMatch(String password, UserAccount userAccount)	Return true if the plain text password value matches the local user account password.
boolean	doesUserExist(String userId)	Return true if a user with the given login name already exists.
List<org.springframework.security.authentication.AuthenticationProvider>	getAuthenticationProviders()	Return the list of Spring Security AuthenticationProvider instances.
UserAccount	onFailedLogin(String userId, HttpServletRequest request)	Event listener for unsuccessful user login event.
void	onSessionExpiry(String userId, Date lastAccessTime)	Event listener for the user session expiry or logout.
void	onSessionExpiry(String userId, Date lastAccessTime, String sessionId)	Event listener for the user session expiry or logout.
UserAccount	onSuccessfulLogin(String userId, HttpServletRequest request)	Event listener for successful user login event.
String	validatePassword(String password)	Return null if the password is valid for the security manager configuration, otherwise return an error message.

Methods inherited from class com.avoka.fc.core.service.CayenneService

commitChanges, deleteObject, deleteObjects, findObject, getDataContext, getDataDomain, getObjectForPK, getObjectStore, newObject, performNamedQuery, performNamedQuery, performNamedQuery, performNonSelectingQuery, performNonSelectingQuery, performNonSelectingQuery, performNonSelectingQuery, performQuery, performQuery, refetchEntity, refetchObject, registerNewObject, rollbackChanges, toMap, toMap

Methods inherited from class com.avoka.fc.core.service.BaseService

getLogger

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

PERMANENT_LOCKOUT

public static final Integer PERMANENT_LOCKOUT

Provides the 'permanent lockout' property value.

Constructor Detail

SecurityManagerService

public SecurityManagerService(SecurityManager securityManager,
                              Portal portal)

Create a Security Manager Service with the given security manager configuration entity and portal.

Parameters:

securityManager - the security manager configuration entity

portal - the associated portal

Method Detail

createAuthenticationProvider

public org.springframework.security.authentication.AuthenticationProvider createAuthenticationProvider(AuthenticationProvider providerEntity)

Create an Spring Security AuthenticationProvider instance using the associated Portal and AuthenticationProvider configuration entity.

Specified by:

createAuthenticationProvider in interface ISecurityManagerService

Parameters:

providerEntity - the AuthenticationProvider configuration entity

Returns:

a Spring Security AuthenticationProvider

See Also:

ISecurityManagerService#createAuthenticationProvider(org.springframework.security.authentication.AuthenticationProvider)

createUserAndProfile

public UserAccount createUserAndProfile(String loginName,
                                        String email,
                                        String password,
                                        String givenName,
                                        String familyName,
                                        String mobile,
                                        Map<String,String> profileMap,
                                        String authenticationDomain,
                                        String userType,
                                        boolean isSelfRegistration)
                                 throws ApplicationException

Create a new user account and profile

Specified by:

createUserAndProfile in interface ISecurityManagerService

Parameters:

loginName - the user id (required)

email - the user email address (optional)

password - the user password (required for Local userType accounts)

givenName - the user first name (optional)

familyName - the user last name (optional)

mobile - the user mobile phone number (optional)

profileMap - the map of user profile names and values to create

authenticationDomain - the authentication domain (not used since 4.2.1)

userType - the type of user account (required)

isSelfRegistration - the flag specifying whether the user self registered

Returns:

the new user account

Throws:

ApplicationException - if an error occur creating the new user account

See Also:

ISecurityManagerService#createUserAndProfile(String, String, String, String, String, String, String, String, Portal, boolean)

getAuthenticationProviders

public List<org.springframework.security.authentication.AuthenticationProvider> getAuthenticationProviders()

Return the list of Spring Security AuthenticationProvider instances.

Specified by:

getAuthenticationProviders in interface ISecurityManagerService

Returns:

the list of Spring Security AuthenticationProvider instances

See Also:

ISecurityManagerService.getAuthenticationProviders()

doesUserExist

public boolean doesUserExist(String userId)

Return true if a user with the given login name already exists.

Specified by:

doesUserExist in interface ISecurityManagerService

Parameters:

userId - the user id or login name (required)

Returns:

true if a user with the given login name already exists

See Also:

ISecurityManagerService.doesUserExist(String)

doesPasswordMatch

public boolean doesPasswordMatch(String password,
                                 UserAccount userAccount)

Return true if the plain text password value matches the local user account password.

Specified by:

doesPasswordMatch in interface ISecurityManagerService

Parameters:

password - plain text password value (required)

userAccount - the local user account, must a 'Local' user type (required)

Returns:

true if the plain text password value matches the local user account password

onSuccessfulLogin

public UserAccount onSuccessfulLogin(String userId,
                                     HttpServletRequest request)

Event listener for successful user login event. This method will update the status of the user account and return the update account.

Specified by:

onSuccessfulLogin in interface ISecurityManagerService

Parameters:

userId - the login userId (login name).

request - the user HTTP request

Returns:

the logged in user account

onFailedLogin

public UserAccount onFailedLogin(String userId,
                                 HttpServletRequest request)

Event listener for unsuccessful user login event. This method will update the status of the user account and return the updated account

Specified by:

onFailedLogin in interface ISecurityManagerService

Parameters:

userId - the login userId (login name).

request - the user HTTP request

Returns:

the failed login user account, or null if no user found

onSessionExpiry

public void onSessionExpiry(String userId,
                            Date lastAccessTime)

Event listener for the user session expiry or logout.

Specified by:

onSessionExpiry in interface ISecurityManagerService

Parameters:

userId - the login userId (login name).

lastAccessTime - the time the user last accessed the application

See Also:

ISecurityManagerService.onSessionExpiry(String, Date)

onSessionExpiry

public void onSessionExpiry(String userId,
                            Date lastAccessTime,
                            String sessionId)

Event listener for the user session expiry or logout.

Specified by:

onSessionExpiry in interface ISecurityManagerService

Parameters:

userId - the login userId (login name).

lastAccessTime - the time the user last accessed the application

sessionId - the user session id

Since:

4.1.3

See Also:

ISecurityManagerService.onSessionExpiry(String, Date, String)

validatePassword

public String validatePassword(String password)

Return null if the password is valid for the security manager configuration, otherwise return an error message.

Specified by:

validatePassword in interface ISecurityManagerService

Parameters:

password - the password value to validate

Returns:

null if the password is valid for the security manager configuration, otherwise return an error message

See Also:

ISecurityManagerService.validatePassword(String)