info.magnolia.cms.security

Class MgnlUserManager

java.lang.Object

info.magnolia.cms.security.RepositoryBackedSecurityManager

info.magnolia.cms.security.MgnlUserManager

All Implemented Interfaces:

UserManager

Direct Known Subclasses:

HierarchicalUserManager, SystemUserManager

public class MgnlUserManager
extends RepositoryBackedSecurityManager
implements UserManager

Manages the users stored in Magnolia itself.

Field Summary

Fields

Modifier and Type	Field and Description
static String	NODE_ACLUSERS
static String	PROPERTY_EMAIL
static String	PROPERTY_ENABLED
static String	PROPERTY_LANGUAGE
static String	PROPERTY_LASTACCESS
static String	PROPERTY_PASSWORD
static String	PROPERTY_TIMEZONE
static String	PROPERTY_TITLE

Fields inherited from class info.magnolia.cms.security.RepositoryBackedSecurityManager

nodeNameHelper

Fields inherited from interface info.magnolia.cms.security.UserManager

ANONYMOUS_USER, SYSTEM_PSWD, SYSTEM_USER

Constructor Summary

Constructors

Constructor and Description
MgnlUserManager() Deprecated. since 5.5.3, use MgnlUserManager(NodeNameHelper) instead.
MgnlUserManager(NodeNameHelper nodeNameHelper) There should be no need to instantiate this class except maybe for testing.

Method Summary

Modifier and Type	Method and Description
User	addGroup(User user, String groupName) Adds user to a group.
User	addRole(User user, String roleName) Grants user role.
protected Set<String>	aggregateDirectAndTransitiveGroups(Collection<String> groups, String name, GroupManager groupManager)
protected Set<String>	aggregateDirectAndTransitiveRoles(Collection<String> roles, Collection<String> allGroups, String name, GroupManager groupManager)
User	changePassword(User user, String newPassword) Sets a new password.
protected Set<String>	collectUniquePropertyNames(javax.jcr.Node rootNode, String subnodeName, String repositoryName, boolean isDeep) Collects all property names of given type, sorting them (case insensitive) and removing duplicates in the process.
User	createUser(String name, String pw) Creates a user without security restrictions.
User	createUser(String path, String name, String pw) Creates a user on given path.
protected Content	createUserNode(String name) Deprecated. since 5.3.2 use createUserNode(String, String, javax.jcr.Session) instead
protected javax.jcr.Node	createUserNode(String path, String userName, javax.jcr.Session session)
protected String	encodePassword(String clearPassword)
void	findAllUsersInFolder(javax.jcr.Node node, Collection<User> addTo) Finds all users located in the provided node or in sub-folders within it and adds them to the given collection.
protected javax.jcr.Node	findPrincipalNode(String name, javax.jcr.Session session) Helper method to find a user in a certain realm.
Map<String,ACL>	getACLs(User user) Sets access control list from a list of roles under the provided content object.
Collection<User>	getAllUsers() Get all users managed by this user manager.
User	getAnonymousUser() SystemUserManager does this.
protected User	getFromRepository(String name)
protected HierarchyManager	getHierarchyManager() Deprecated. since 5.3.2 without replacement
int	getLockTimePeriod() Gets a time period for account lock.
int	getMaxFailedLoginAttempts() Gets a number of failed attempts before locking account.
String	getRealmName()
protected String	getRepositoryName()
User	getSystemUser() SystemUserManager does this.
User	getUser(String name) Get the user object.
User	getUser(Subject subject) Initialize new user using JAAS authenticated/authorized subject.
User	getUserById(String id) Get the user object.
Collection<String>	getUsersWithGroup(String groupName) Returns all users which are the provided group.
Collection<String>	getUsersWithGroup(String groupName, boolean transitive) Returns all users which are in the provided group.
Collection<String>	getUsersWithRole(String roleName)
boolean	isAllowCrossRealmDuplicateNames()
protected User	newUserInstance(javax.jcr.Node privilegedUserNode)
User	removeGroup(User user, String groupName) Removes user from a group.
User	removeRole(User user, String roleName) Removes role from a user.
void	setAllowCrossRealmDuplicateNames(boolean allowCrossRealmDuplicateNames)
void	setLockTimePeriod(int lockTimePeriod) Sets a time period for account lock.
void	setMaxFailedLoginAttempts(int maxFailedLoginAttempts) Sets a number of failed attempts before locking account.
protected void	setPasswordProperty(javax.jcr.Node userNode, String clearPassword)
User	setProperty(User user, String propertyName, String propertyValue) Sets given property for the user and returns updated user object with new value of the property.
User	setProperty(User user, String propertyName, javax.jcr.Value propertyValue) Sets given property for the user.
void	setRealmName(String name)
void	updateLastAccessTimestamp(User user) Updates last access timestamp for the user.
protected void	validateUsername(String name)

Methods inherited from class info.magnolia.cms.security.RepositoryBackedSecurityManager

add, findPrincipalNode, findPrincipalNode, findPrincipalNodes, findUsersOrGroupsHavingAssignedGroupOrRoleWithUid, getACLs, getACLs, getResourceName, hasAny, remove

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface info.magnolia.cms.security.UserManager

hasAny

Field Detail

PROPERTY_EMAIL

public static final String PROPERTY_EMAIL

See Also:

Constant Field Values

PROPERTY_LANGUAGE

public static final String PROPERTY_LANGUAGE

See Also:

Constant Field Values

PROPERTY_LASTACCESS

public static final String PROPERTY_LASTACCESS

See Also:

Constant Field Values

PROPERTY_PASSWORD

public static final String PROPERTY_PASSWORD

See Also:

Constant Field Values

PROPERTY_TITLE

public static final String PROPERTY_TITLE

See Also:

Constant Field Values

PROPERTY_ENABLED

public static final String PROPERTY_ENABLED

See Also:

Constant Field Values

PROPERTY_TIMEZONE

public static final String PROPERTY_TIMEZONE

See Also:

Constant Field Values

NODE_ACLUSERS

public static final String NODE_ACLUSERS

See Also:

Constant Field Values

Constructor Detail

MgnlUserManager

@Inject
public MgnlUserManager(NodeNameHelper nodeNameHelper)

There should be no need to instantiate this class except maybe for testing. Manual instantiation might cause manager not to be initialized properly.

MgnlUserManager

@Deprecated
public MgnlUserManager()

Deprecated. since 5.5.3, use MgnlUserManager(NodeNameHelper) instead.

Method Detail

setMaxFailedLoginAttempts

public void setMaxFailedLoginAttempts(int maxFailedLoginAttempts)

Description copied from interface: UserManager

Sets a number of failed attempts before locking account.

Specified by:

setMaxFailedLoginAttempts in interface UserManager

getMaxFailedLoginAttempts

public int getMaxFailedLoginAttempts()

Description copied from interface: UserManager

Gets a number of failed attempts before locking account.

Specified by:

getMaxFailedLoginAttempts in interface UserManager

getLockTimePeriod

public int getLockTimePeriod()

Description copied from interface: UserManager

Gets a time period for account lock.

Specified by:

getLockTimePeriod in interface UserManager

setLockTimePeriod

public void setLockTimePeriod(int lockTimePeriod)

Description copied from interface: UserManager

Sets a time period for account lock.

Specified by:

setLockTimePeriod in interface UserManager

setProperty

public User setProperty(User user,
                        String propertyName,
                        javax.jcr.Value propertyValue)

Description copied from interface: UserManager

Sets given property for the user.

Specified by:

setProperty in interface UserManager

Parameters:

user - User to be updated. If property doesn't exist yet, it will be created. If the value is null, property will be removed if existing.

propertyName - Name of the property.

propertyValue - Value of the property. Use org.apache.jackrabbit.value.ValueFactoryImpl to convert type to Value.

Returns:

updated user object with new value of the property.

setProperty

public User setProperty(User user,
                        String propertyName,
                        String propertyValue)

Description copied from interface: UserManager

Sets given property for the user and returns updated user object with new value of the property.

Specified by:

setProperty in interface UserManager

setRealmName

public void setRealmName(String name)

getRealmName

public String getRealmName()

setAllowCrossRealmDuplicateNames

public void setAllowCrossRealmDuplicateNames(boolean allowCrossRealmDuplicateNames)

isAllowCrossRealmDuplicateNames

public boolean isAllowCrossRealmDuplicateNames()

getUser

public User getUser(String name)

Get the user object. Uses a search

Specified by:

getUser in interface UserManager

Parameters:

name - name of the user to retrieve

Returns:

the user object

getUserById

public User getUserById(String id)

Get the user object. Uses a search

Specified by:

getUserById in interface UserManager

Parameters:

id - user identifier

Returns:

the user object

getUser

public User getUser(Subject subject)
             throws UnsupportedOperationException

Description copied from interface: UserManager

Initialize new user using JAAS authenticated/authorized subject.

Specified by:

getUser in interface UserManager

Throws:

UnsupportedOperationException - if the current implementation doesn't support this operation

findPrincipalNode

protected javax.jcr.Node findPrincipalNode(String name,
                                           javax.jcr.Session session)
                                    throws javax.jcr.RepositoryException

Helper method to find a user in a certain realm. Uses JCR Query. This will return null if user doesn't exist in realm.

Specified by:

findPrincipalNode in class RepositoryBackedSecurityManager

Throws:

javax.jcr.RepositoryException

getFromRepository

protected User getFromRepository(String name)
                          throws javax.jcr.RepositoryException

Throws:

javax.jcr.RepositoryException

getSystemUser

public User getSystemUser()
                   throws UnsupportedOperationException

SystemUserManager does this.

Specified by:

getSystemUser in interface UserManager

Throws:

UnsupportedOperationException - if the current implementation doesn't support this operation

getAnonymousUser

public User getAnonymousUser()
                      throws UnsupportedOperationException

SystemUserManager does this.

Specified by:

getAnonymousUser in interface UserManager

Throws:

UnsupportedOperationException - if the current implementation doesn't support this operation

getAllUsers

public Collection<User> getAllUsers()

Get all users managed by this user manager.

Specified by:

getAllUsers in interface UserManager

Returns:

collection of User objects

findAllUsersInFolder

public void findAllUsersInFolder(javax.jcr.Node node,
                                 Collection<User> addTo)
                          throws javax.jcr.RepositoryException

Finds all users located in the provided node or in sub-folders within it and adds them to the given collection. As this method bases on a method using jcr queries to find nodes, it might not see nodes that have been created but not saved yet (i.e. during installation of a module).

Throws:

javax.jcr.RepositoryException

createUser

public User createUser(String name,
                       String pw)

Description copied from interface: UserManager

Creates a user without security restrictions.

Specified by:

createUser in interface UserManager

createUser

public User createUser(String path,
                       String name,
                       String pw)
                throws UnsupportedOperationException

Description copied from interface: UserManager

Creates a user on given path.

Specified by:

createUser in interface UserManager

Throws:

UnsupportedOperationException - if the current implementation doesn't support this operation

changePassword

public User changePassword(User user,
                           String newPassword)

Description copied from interface: UserManager

Sets a new password.

Specified by:

changePassword in interface UserManager

Returns:

user object with updated password.

setPasswordProperty

protected void setPasswordProperty(javax.jcr.Node userNode,
                                   String clearPassword)
                            throws javax.jcr.RepositoryException

Throws:

javax.jcr.RepositoryException

encodePassword

protected String encodePassword(String clearPassword)

validateUsername

protected void validateUsername(String name)

createUserNode

@Deprecated
protected Content createUserNode(String name)
                                      throws javax.jcr.RepositoryException

Deprecated. since 5.3.2 use createUserNode(String, String, javax.jcr.Session) instead

Throws:

javax.jcr.RepositoryException

createUserNode

protected javax.jcr.Node createUserNode(String path,
                                        String userName,
                                        javax.jcr.Session session)
                                 throws javax.jcr.RepositoryException

Throws:

javax.jcr.RepositoryException

getHierarchyManager

@Deprecated
protected HierarchyManager getHierarchyManager()

Deprecated. since 5.3.2 without replacement

Return the HierarchyManager for the user workspace (through the system context).

updateLastAccessTimestamp

public void updateLastAccessTimestamp(User user)
                               throws UnsupportedOperationException

Description copied from interface: UserManager

Updates last access timestamp for the user.

Specified by:

updateLastAccessTimestamp in interface UserManager

Throws:

UnsupportedOperationException - if the current implementation doesn't support this operation

newUserInstance

protected User newUserInstance(javax.jcr.Node privilegedUserNode)
                        throws javax.jcr.ValueFormatException,
                               javax.jcr.PathNotFoundException,
                               javax.jcr.RepositoryException

Throws:

javax.jcr.ValueFormatException

javax.jcr.PathNotFoundException

javax.jcr.RepositoryException

getRepositoryName

protected String getRepositoryName()

Specified by:

getRepositoryName in class RepositoryBackedSecurityManager

getACLs

public Map<String,ACL> getACLs(User user)

Sets access control list from a list of roles under the provided content object.

Specified by:

getACLs in interface UserManager

Returns:

all ACLs assigned to the given user.

addRole

public User addRole(User user,
                    String roleName)

Description copied from interface: UserManager

Grants user role.

Specified by:

addRole in interface UserManager

Returns:

user object with the role already granted.

collectUniquePropertyNames

protected Set<String> collectUniquePropertyNames(javax.jcr.Node rootNode,
                                                 String subnodeName,
                                                 String repositoryName,
                                                 boolean isDeep)

Collects all property names of given type, sorting them (case insensitive) and removing duplicates in the process.

addGroup

public User addGroup(User user,
                     String groupName)

Description copied from interface: UserManager

Adds user to a group.

Specified by:

addGroup in interface UserManager

Returns:

user object with the group already assigned.

removeGroup

public User removeGroup(User user,
                        String groupName)

Description copied from interface: UserManager

Removes user from a group.

Specified by:

removeGroup in interface UserManager

Returns:

user object with the group assignment removed.

removeRole

public User removeRole(User user,
                       String roleName)

Description copied from interface: UserManager

Removes role from a user.

Specified by:

removeRole in interface UserManager

Returns:

user object without removed role.

getUsersWithGroup

public Collection<String> getUsersWithGroup(String groupName)

Description copied from interface: UserManager

Returns all users which are the provided group. Note that the method returns only users in exactly this group, users which are in transitive groups will not be returned.

Specified by:

getUsersWithGroup in interface UserManager

Parameters:

groupName - name of the group

getUsersWithRole

public Collection<String> getUsersWithRole(String roleName)

Specified by:

getUsersWithRole in interface UserManager

Returns:

all users having assigned the provided role

getUsersWithGroup

public Collection<String> getUsersWithGroup(String groupName,
                                            boolean transitive)

Description copied from interface: UserManager

Returns all users which are in the provided group. The method can return also users which are in transitive groups of the given group.

Specified by:

getUsersWithGroup in interface UserManager

Parameters:

groupName - name of the group

transitive - whether the method should return also users which are in transitive groups of the given group.

aggregateDirectAndTransitiveRoles

protected Set<String> aggregateDirectAndTransitiveRoles(Collection<String> roles,
                                                        Collection<String> allGroups,
                                                        String name,
                                                        GroupManager groupManager)

Returns:

a Set of all roles, sorting them (case insensitive), directly assigned and transitive for this user.

See Also:

newUserInstance(Node)

aggregateDirectAndTransitiveGroups

protected Set<String> aggregateDirectAndTransitiveGroups(Collection<String> groups,
                                                         String name,
                                                         GroupManager groupManager)

Returns:

a Set of all groups, directly assigned and transitive for this user.

See Also:

newUserInstance(Node)