Class DirectoryDefault
Extending this class
This class can be extended to authenticate users without using the default directory.
Note that this is not the recommended method and some conditions apply. The proper
method is to extend Directory
.
If overriding one of the authenticateUserFrom...
methods to use an alternative user directory,
user login must be synchronized between this other directory and the ebx-directory
instance.
This means that users login must be present in both directories.
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic interface
Represents a role entity that is, or can be, persisted in the default directory.static interface
Represents a user entity that is, or can be, persisted in the default directory. -
Method Summary
Modifier and TypeMethodDescriptionauthenticateUserFromLoginPassword
(String aLogin, String aPassword) Authenticates a user using the login and password specified.displaySpecificRole
(Role aSpecificRole, Locale aLocale) Returns a label for this specific role.displayUser
(UserReference aUserReference, Locale aLocale) Returns a label for the specified user.displayUserWithSalutation
(UserReference aUserReference, Locale aLocale) Returns a label for the specified user so that it can be used in the user interface.static String
Returns the encrypted string corresponding to the "clear" password specified.static String
Returns the encrypted string corresponding to the 'clear-text' password specified, as per releases prior to 6.0.2.Returns all the specific roles defined by this directory.Returns all the users defined by this directory.static DirectoryDefault
getInstance
(Repository aRepository) Returns the default internal directory instance that is delivered with EBX®.getProfiles
(ProfileListContext aProfileContext) Returns a list of all profiles according to the specified context.getRoleDescription
(Role aRole, Locale aLocale) Returns the specific role description.getRoleEmail
(Role aRole) Returns the email address of the specified role.getRolesForUser
(UserReference userReference) Returns the specific roles of the specified user.getUserAvatarURI
(UserReference aUserReference) Returns the URL to the image associated with the specified user.getUserEmail
(UserReference aUserReference) Returns the email address of the specified user,null
if unknown.getUserInitials
(UserReference aUserReference, Locale aLocale) Returns the initials defined in the user record.getUsersInRole
(Role aRole) Returns all users that belong to the specified role.static String
hashPassword
(String login, String password) Returns the SHA-512 hash of the password, and uses the login as salt.boolean
hasUsersInRole
(Role aRole) Returnstrue
if one or more users have the specified role.boolean
isRoleStrictlyIncluded
(Role aRole, Role anotherRole) Returns true when aRole is included in anotherRole.boolean
isSpecificRoleDefined
(Role aRole) Returnstrue
if the specific role exists in this directory.boolean
isUserDefined
(UserReference aUserReference) Returnstrue
if the specified user actually exists in this directory.boolean
isUserInRole
(UserReference aUserReference, Role aRole) Returnstrue
if the user has the specified role.Methods inherited from class com.orchestranetworks.service.directory.Directory
authenticateUserFromArray, authenticateUserFromHttpRequest, authenticateUserFromSOAPHeader, displayBuiltInRole, getBackedUpUsers, getBackingUpUsers, getUserAuthenticationURI
-
Method Details
-
getInstance
Returns the default internal directory instance that is delivered with EBX®. Returnsnull
if a custom directory implementation is used.- Parameters:
aRepository
- EBX® repository.
-
encryptString
Returns the encrypted string corresponding to the "clear" password specified. This is the default encryption function used by this directory (seeauthenticateUserFromLoginPassword(String, String)
), and also by the user interface component associated with the data typeosd:password
.A SHA-512 algorithm is used. The value to be hash should already have been salted if needed before calling this method.
- See Also:
-
hashPassword
Returns the SHA-512 hash of the password, and uses the login as salt.- Since:
- 6.0.2
-
formerEncryptString
Returns the encrypted string corresponding to the 'clear-text' password specified, as per releases prior to 6.0.2. This was the default encryption function used by this directory, and also by the user interface component associated with the data typeosd:password
in previous versions. This method must not be used outside the purpose of checking old stored encryption. In particular, this method may not be used with a string having a length greater than 60, as there are some risks of hash collision.- Since:
- 6.0.2
- See Also:
-
getAllSpecificRoles
Returns all the specific roles defined by this directory.- Returns:
- a
List
ofRole
instances.
-
getAllUserReferences
Returns all the users defined by this directory.- Returns:
- a
List
ofUserReference
instances.
-
getRoleDescription
Returns the specific role description. -
getRoleEmail
Returns the email address of the specified role.- Overrides:
getRoleEmail
in classDirectory
- Since:
- 5.7.0
-
getRolesForUser
Returns the specific roles of the specified user.- See Also:
-
isUserDefined
Description copied from class:Directory
Returnstrue
if the specified user actually exists in this directory.- Specified by:
isUserDefined
in classDirectory
- See Also:
-
isSpecificRoleDefined
Description copied from class:Directory
Returnstrue
if the specific role exists in this directory.- Specified by:
isSpecificRoleDefined
in classDirectory
- See Also:
-
authenticateUserFromLoginPassword
Description copied from class:Directory
Authenticates a user using the login and password specified.Note: For the EBX® user interface, the full authentication process is detailed in the class
UIHttpManagerComponent
. This method can also be called by a client application throughRepository.createSessionFromLoginPassword(String, String)
.- Specified by:
authenticateUserFromLoginPassword
in classDirectory
- Returns:
- the user reference corresponding to the specified login/password,
or
null
if login does not exist or password is incorrect.
-
isUserInRole
Returnstrue
if the user has the specified role. The method must returnfalse
if the user does not exist.Warning: If this method is to be overridden, built-in roles must not be omitted.
- Specified by:
isUserInRole
in classDirectory
- See Also:
-
isRoleStrictlyIncluded
Returns true when aRole is included in anotherRole.- Overrides:
isRoleStrictlyIncluded
in classDirectory
- See Also:
-
getUserEmail
Description copied from class:Directory
Returns the email address of the specified user,null
if unknown.The default implementation of this method always returns
null
.- Overrides:
getUserEmail
in classDirectory
-
getProfiles
Description copied from class:Directory
Returns a list of all profiles according to the specified context.Postconditions:
The profiles returned have some restrictions:
- For defining permissions (see
ProfileListContext.isForDefiningPermission()
), the list must not contain the ADMINISTRATOR built-in role. - For owning a dataspace, snapshot, or dataset (see
ProfileListContext.isForSelectingBranchOwner()
andProfileListContext.isForSelectingInstanceOwner()
), the list must not contain the built-in role OWNER. - For workflows (see
ProfileListContext.isForWorkflow()
, the list must not contain the built-in role OWNER. - For defining views (see
ProfileListContext.isForDefiningViews()
, the list must not contain the built-in role OWNER.
- Specified by:
getProfiles
in classDirectory
- Returns:
- a
List
ofprofiles
- For defining permissions (see
-
getUsersInRole
Description copied from class:Directory
Returns all users that belong to the specified role.Default implementation throws an exception: this method must be overridden.
- Overrides:
getUsersInRole
in classDirectory
- Returns:
- a List of
UserReference
, each respondingtrue
to methodDirectory.isUserInRole(UserReference, Role)
.
-
hasUsersInRole
Description copied from class:Directory
Returnstrue
if one or more users have the specified role.Default implementation is not optimized as it is equivalent to calling:
!getUsersInRole(aRole).isEmpty()
This method should be overridden in case of performance issues.
- Overrides:
hasUsersInRole
in classDirectory
-
displaySpecificRole
Description copied from class:Directory
Returns a label for this specific role.Any implementation of this method should handle the case where the role no longer exists in the directory (due to having been deleted). In this case, this method is expected to return a label indicating that the specified role is unknown.
The default implementation of this method uses the name of the role.
- Overrides:
displaySpecificRole
in classDirectory
- See Also:
-
displayUser
Description copied from class:Directory
Returns a label for the specified user.Implementation recommendations:
- Since the returned label is used in lists, for example for setting permissions
or ownership, it is recommended for it to contain at least
the
identifier
of the user. - Any implementation of this method should handle the case where the user no longer exists in the directory (due to having been removed from the directory). In this case, it is expected for this method to return a particular label indicating that the specified user is unknown.
The default implementation of this method simply displays the
identifier
of the user (and mentions that it is "unknown", if the user is not defined).- Overrides:
displayUser
in classDirectory
- See Also:
- Since the returned label is used in lists, for example for setting permissions
or ownership, it is recommended for it to contain at least
the
-
displayUserWithSalutation
Description copied from class:Directory
Returns a label for the specified user so that it can be used in the user interface. For example, it is displayed by the EBX® user interface in the user interface header.The default implementation of this method invokes the method
Directory.displayUser(UserReference, Locale)
.A custom implementation could display a salutation with first and last names, for example "Mr. Andrew Smith".
- Overrides:
displayUserWithSalutation
in classDirectory
-
getUserAvatarURI
Description copied from class:Directory
Returns the URL to the image associated with the specified user. If this method returnsnull
, the user's initials are usually used as the user avatar.The image must be a square format, there is no size limitation. Accepted image formats are the formats supported by the browser.
Default implementation returns
null
.- Overrides:
getUserAvatarURI
in classDirectory
- See Also:
-
getUserInitials
Returns the initials defined in the user record.If not defined, returns the first letter of the first name and the last name.
- Overrides:
getUserInitials
in classDirectory
- Since:
- 5.7.0
- See Also:
-