public class DirectoryDefault extends Directory
This class can be extended to authenticate users without using the default directory.
Note that this is not the recommended method and some conditions apply. The proper
method is to extend Directory
.
If overriding one of the authenticateUserFrom...
methods to use an alternative user directory,
user login must be synchronized between this other directory and the ebx-directory
instance.
This means that users login must be present in both directories.
DirectoryDefaultHelper
Modifier and Type | Class and Description |
---|---|
static interface |
DirectoryDefault.RoleEntity
Represents a role entity that is, or can be, persisted in the default directory.
|
static interface |
DirectoryDefault.UserEntity
Represents a user entity that is, or can be, persisted in the default directory.
|
Modifier and Type | Method and Description |
---|---|
UserReference |
authenticateUserFromLoginPassword(String aLogin,
String aPassword)
Authenticates a user using the login and password specified.
|
String |
displaySpecificRole(Role aSpecificRole,
Locale aLocale)
Returns a label for this specific role.
|
String |
displayUser(UserReference aUserReference,
Locale aLocale)
Returns a label for the specified user.
|
String |
displayUserWithSalutation(UserReference aUserReference,
Locale aLocale)
Returns a label for the specified user so that it can be used in the user interface.
|
static String |
encryptString(String s)
Returns the encrypted string corresponding to the "clear"
password specified.
|
static String |
formerEncryptString(String s)
Returns the encrypted string corresponding to the 'clear-text'
password specified, as per releases prior to 6.0.2.
|
List<Role> |
getAllSpecificRoles()
Returns all the specific roles defined by this directory.
|
List<UserReference> |
getAllUserReferences()
Returns all the users defined by this directory.
|
static DirectoryDefault |
getInstance(Repository aRepository)
Returns the default internal directory instance that is delivered with EBX®.
|
List<Profile> |
getProfiles(ProfileListContext aProfileContext)
Returns a list of all profiles according to the specified context.
|
String |
getRoleDescription(Role aRole,
Locale aLocale)
Returns the specific role description.
|
String |
getRoleEmail(Role aRole)
Returns the email address of the specified role.
|
List<Role> |
getRolesForUser(UserReference userReference)
Returns the specific roles of the specified user.
|
URI |
getUserAvatarURI(UserReference aUserReference)
Returns the URL to the image associated with the specified user.
|
String |
getUserEmail(UserReference aUserReference)
Returns the email address of the specified user,
null if unknown. |
String |
getUserInitials(UserReference aUserReference,
Locale aLocale)
Returns the initials defined in the user record.
|
List<UserReference> |
getUsersInRole(Role aRole)
Returns all users that belong to the specified role.
|
static String |
hashPassword(String login,
String password)
Returns the SHA-512 hash of the password, and uses the login as salt.
|
boolean |
isRoleStrictlyIncluded(Role aRole,
Role anotherRole)
Returns true when aRole is included in anotherRole.
|
boolean |
isSpecificRoleDefined(Role aRole)
Returns
true if the specific role exists in this
directory. |
boolean |
isUserDefined(UserReference aUserReference)
Returns
true if the specified user actually exists in this
directory. |
boolean |
isUserInRole(UserReference aUserReference,
Role aRole)
Returns
true if the user has the specified role. |
authenticateUserFromArray, authenticateUserFromHttpRequest, authenticateUserFromSOAPHeader, displayBuiltInRole, getBackedUpUsers, getBackingUpUsers, getUserAuthenticationURI
public static DirectoryDefault getInstance(Repository aRepository)
null
if a custom directory implementation is used.aRepository
- EBX® repository.public static String encryptString(String s)
authenticateUserFromLoginPassword(String, String)
),
and also by the user interface component associated with
the data type osd:password
.
A SHA-512 algorithm is used. The value to be hash should already have been salted if needed before calling this method.
Encryption
public static String hashPassword(String login, String password)
public static String formerEncryptString(String s)
osd:password
in previous versions.
This method must not be used outside the purpose of checking old stored encryptions.
In particular, this method may not be used with a string having a length greater than 60,
as there are some risks of hash collision.Encryption
public List<Role> getAllSpecificRoles()
List
of Role
instances.public List<UserReference> getAllUserReferences()
List
of UserReference
instances.public String getRoleDescription(Role aRole, Locale aLocale)
public String getRoleEmail(Role aRole)
getRoleEmail
in class Directory
public List<Role> getRolesForUser(UserReference userReference)
Role
public boolean isUserDefined(UserReference aUserReference)
Directory
true
if the specified user actually exists in this
directory.isUserDefined
in class Directory
DirectoryHandler.isProfileDefined(Profile)
public boolean isSpecificRoleDefined(Role aRole)
Directory
true
if the specific role exists in this
directory.isSpecificRoleDefined
in class Directory
DirectoryHandler.isProfileDefined(Profile)
public UserReference authenticateUserFromLoginPassword(String aLogin, String aPassword)
Directory
Note: For the EBX® user interface, the full authentication process is detailed in the class
UIHttpManagerComponent
. This method can also be called by a client application
through Repository.createSessionFromLoginPassword(String, String)
.
authenticateUserFromLoginPassword
in class Directory
null
if login does not exist or password is incorrect.public boolean isUserInRole(UserReference aUserReference, Role aRole)
true
if the user has the specified role.
The method must return false
if the user does not exist.
Warning: If this method is to be overridden, built-in roles must not be omitted.
isUserInRole
in class Directory
Session.isUserInRole(Profile)
,
DirectoryHandler.isUserInRole(UserReference, Role)
public boolean isRoleStrictlyIncluded(Role aRole, Role anotherRole)
isRoleStrictlyIncluded
in class Directory
DirectoryHandler.isRoleStrictlyIncluded(Role, Role)
public String getUserEmail(UserReference aUserReference)
Directory
null
if unknown.
The default implementation of this method always returns null
.
getUserEmail
in class Directory
public List<Profile> getProfiles(ProfileListContext aProfileContext)
Directory
The profiles returned have some restrictions:
ProfileListContext.isForDefiningPermission()
),
the list must not contain the ADMINISTRATOR built-in role.
ProfileListContext.isForSelectingBranchOwner()
and ProfileListContext.isForSelectingInstanceOwner()
),
the list must not contain the built-in role OWNER.
ProfileListContext.isForWorkflow()
,
the list must not contain the built-in role OWNER.
ProfileListContext.isForDefiningViews()
,
the list must not contain the built-in role OWNER.
getProfiles
in class Directory
List
of profiles
public List<UserReference> getUsersInRole(Role aRole)
Directory
Default implementation throws an exception: this method must be overridden.
getUsersInRole
in class Directory
UserReference
, each responding true
to method Directory.isUserInRole(UserReference, Role)
.public String displaySpecificRole(Role aSpecificRole, Locale aLocale)
Directory
Any implementation of this method should handle the case where the role no longer exists in the directory (due to having been deleted). In this case, this method is expected to return a label indicating that the specified role is unknown.
The default implementation of this method uses the name of the role.
displaySpecificRole
in class Directory
DirectoryHandler.displayProfile(Profile, Locale)
public String displayUser(UserReference aUserReference, Locale aLocale)
Directory
Implementation recommendations:
identifier
of the user.
The default implementation of this method simply displays the
identifier
of the user
(and mentions that it is "unknown", if the user is not defined).
displayUser
in class Directory
DirectoryHandler.displayProfile(Profile, Locale)
public String displayUserWithSalutation(UserReference aUserReference, Locale aLocale)
Directory
The default implementation of this method invokes the method
Directory.displayUser(UserReference, Locale)
.
A custom implementation could display a salutation with first and last names, for example "Mr. Andrew Smith".
displayUserWithSalutation
in class Directory
public URI getUserAvatarURI(UserReference aUserReference)
Directory
null
, the
user's initials
are usually used as the user avatar.
The image must be a square format, there is no size limitation. Accepted image formats are the formats supported by the browser.
Default implementation returns null
.
getUserAvatarURI
in class Directory
UIComponentWriter.addUserAvatar(UserReference)
public String getUserInitials(UserReference aUserReference, Locale aLocale)
If not defined, returns the first letter of the first name and the last name.
getUserInitials
in class Directory
Directory.getUserAvatarURI(UserReference)