atg.security
Class GenericAccountManager

java.lang.Object
  atg.nucleus.logging.VariableArgumentApplicationLoggingImpl
      atg.nucleus.GenericService
          atg.nucleus.RegisteredService
              atg.security.GenericUserAuthority
                  atg.security.GenericAccountManager

All Implemented Interfaces:

NameContextBindingListener, NameContextElement, NameResolver, AdminableService, ApplicationLogging, atg.nucleus.logging.ApplicationLoggingSender, atg.nucleus.logging.TraceApplicationLogging, atg.nucleus.logging.VariableArgumentApplicationLogging, ComponentNameResolver, Service, ServiceListener, AccountManager, AccountTypes, atg.security.I18nAccountManager, IdUserAuthority, LoginUserAuthority, UserAuthority, UserAuthority2, java.util.EventListener

Direct Known Subclasses:

SerializedAccountManager, XmlAccountManager

public class GenericAccountManager
extends GenericUserAuthority
implements atg.security.I18nAccountManager, AccountTypes, IdUserAuthority, LoginUserAuthority

A generic implementation of an account manager/user authority.

Field Summary

protected static java.lang.String	AUTHENTICATED
protected static java.lang.String	BAD_ACCOUNT_FAILURE
protected static java.lang.String	BAD_PASSWORD_FAILURE
static java.lang.String	CLASS_VERSION
protected static java.lang.String	CREATED_ACCOUNT
protected static java.lang.String	DEFAULT_GROUP_DOESNT_EXIST
protected static java.lang.String	INVALID_ACCOUNT
protected static java.lang.String	LOGIN_DISABLED_FAILURE
protected static java.lang.String	NO_PASSWORD_FAILURE
protected static java.lang.String	REMOVED_ACCOUNT

Fields inherited from class atg.nucleus.GenericService

SERVICE_INFO_KEY

Fields inherited from interface atg.security.AccountTypes

ANY_ACCOUNT, GROUP_ACCOUNT, LOGIN_ACCOUNT, PRIVILEGE_ACCOUNT

Fields inherited from interface atg.nucleus.logging.TraceApplicationLogging

DEFAULT_LOG_TRACE_STATUS

Fields inherited from interface atg.nucleus.logging.ApplicationLogging

DEFAULT_LOG_DEBUG_STATUS, DEFAULT_LOG_ERROR_STATUS, DEFAULT_LOG_INFO_STATUS, DEFAULT_LOG_WARNING_STATUS

Constructor Summary

GenericAccountManager()

GenericAccountManager(java.lang.String pUserAuthorityName)

Method Summary

protected void	addAccount(Account pAccount) Adds an account to the set of accounts.
void	clear() Clears out all accounts.
Account	createAccount(java.lang.String pAccountName, int pType, java.util.Map pAttributes) Creates a new account with a given set of attributes.
void	doStartService() When this service starts up, we may want to punch in some new accounts.
Account	getAccount(java.lang.String pAccountName) Retrieves the account object for the account with the given name.
AccountInitializer	getAccountInitializer() Returns the account initializer that will set up our standard accounts, if any.
protected java.util.Iterator	getAccountIterator() Returns an iterator for all accounts.
java.lang.String	getAttributeResourceBundle() Returns the name of the resource bundle used for translating attribute names to resource names.
java.lang.String[]	getDefaultLoginGroups() Returns the set of groups that are assigned to a new login account.
java.lang.String	getDescriptionAttribute() Returns the name of the group or privilege account attribute that describes the account in human-readable terms.
java.lang.String	getDisplayNameForAttribute(java.lang.String pAttributeName) Returns the display name that should be associated with an attribute.
java.lang.String	getFirstNameAttribute() Returns the name of the attribute that contains the first name of the owner of a login account.
java.lang.String	getLastNameAttribute() Returns the name of the attribute that contains the last name of the owner of a login account.
java.lang.String	getPasswordAttribute() Returns the name of the attribute that contains the password for a login account.
PasswordHasher	getPasswordHasher() Returns the password hasher that should be used to manage password encryption.
Persona	getPersona(java.lang.Object pId) Returns a persona for the given ID object.
java.util.Iterator	listAccounts(int pType) Returns an iterator of accounts with a particular set of types.
java.util.Iterator	listMatchingAccounts(java.lang.String pExpression, int pType) Lists accounts that match a given expression.
boolean	login(User pUser, java.lang.String pName, java.lang.String pHashedPassword, java.lang.Object pHashKey) Authenticates a user, populating the User object with appropriate personae.
protected Account	newAccount(java.lang.String pAccountName, int pType, java.util.Map pAttributes) Hook that allows subclasses to override the type of account that we create.
void	removeAccount(java.lang.String pAccountName) Removes an account with the indicated name, if possible.
void	setAccountInitializer(AccountInitializer pInitializer) Changes the account initializer that will set up our standard accounts, if any.
void	setAccountMatchFields(java.lang.String[] pFields) Changes the set of attribute fields that are searched by listMatchingAccounts().
void	setAttributeResourceBundle(java.lang.String pBundleName) Changes the resource bundle used for translating attribute names to resource names.
void	setDefaultLoginGroups(java.lang.String[] pGroups) Changes the set of groups that are assigned to a new login account.
void	setDescriptionAttribute(java.lang.String pDescriptionAttribute) Changes the name of the attribute used for determining the description of a group or privilege account.
void	setFirstNameAttribute(java.lang.String pFirstNameAttribute) Changes the name of the attribute used for determining the first name of a login account owner.
void	setLastNameAttribute(java.lang.String pLastNameAttribute) Changes the name of the attribute used for determining the last name of a login account owner.
void	setPasswordAttribute(java.lang.String pPasswordAttribute) Changes the name of the attribute used for determining the password for a login account.
void	setPasswordHasher(PasswordHasher pHasher) Changes the password hasher used for obfuscating passwords.
boolean	setPersonaeFor(User pUser, java.lang.String pAccountName) Populates a User object with appropriate personae for the user with the indicated ID.
void	setUserAuthorityName(java.lang.String pUserAuthorityName) Changes the name reported for the user authority.

Methods inherited from class atg.security.GenericUserAuthority

addAuthenticationFailedListener, addAuthenticationSucceededListener, addSpecialPersona, fireAuthenticationFailedEvent, fireAuthenticationSucceededEvent, getProxyUserAuthorities, getSpecialPersonae, getSupportsEveryone, getUserAuthorityName, removeAuthenticationFailedListener, removeAuthenticationSucceededListener, removeSpecialPersona, setProxyUserAuthorities, setSpecialPersonae, setSupportsEveryone, userDestroyed

Methods inherited from class atg.nucleus.RegisteredService

addToRegistry, getRegistry, getRegistryName, getServiceName, removeFromRegistry, setRegistryName, setServiceName, startService, stopService

Methods inherited from class atg.nucleus.GenericService

addLogListener, createAdminServlet, doStopService, getAbsoluteName, getAdminServlet, getLoggingForVlogging, getLogListenerCount, getLogListeners, getName, getNameContext, getNucleus, getRoot, getServiceConfiguration, getServiceInfo, isLoggingDebug, isLoggingError, isLoggingInfo, isLoggingTrace, isLoggingWarning, isRunning, logDebug, logDebug, logDebug, logError, logError, logError, logInfo, logInfo, logInfo, logTrace, logTrace, logTrace, logWarning, logWarning, logWarning, nameContextElementBound, nameContextElementUnbound, removeLogListener, resolveName, resolveName, resolveName, resolveName, sendLogEvent, setLoggingDebug, setLoggingError, setLoggingInfo, setLoggingTrace, setLoggingWarning, setNucleus, setServiceInfo

Methods inherited from class atg.nucleus.logging.VariableArgumentApplicationLoggingImpl

vlogDebug, vlogDebug, vlogDebug, vlogDebug, vlogError, vlogError, vlogError, vlogError, vlogInfo, vlogInfo, vlogInfo, vlogInfo, vlogTrace, vlogTrace, vlogTrace, vlogTrace, vlogWarning, vlogWarning, vlogWarning, vlogWarning

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface atg.security.UserAuthority

addAuthenticationFailedListener, addAuthenticationSucceededListener, getUserAuthorityName, removeAuthenticationFailedListener, removeAuthenticationSucceededListener, userDestroyed

Methods inherited from interface atg.security.UserAuthority

addAuthenticationFailedListener, addAuthenticationSucceededListener, getUserAuthorityName, removeAuthenticationFailedListener, removeAuthenticationSucceededListener, userDestroyed

Field Detail

CLASS_VERSION

public static java.lang.String CLASS_VERSION

AUTHENTICATED

protected static final java.lang.String AUTHENTICATED

BAD_ACCOUNT_FAILURE

protected static final java.lang.String BAD_ACCOUNT_FAILURE

BAD_PASSWORD_FAILURE

protected static final java.lang.String BAD_PASSWORD_FAILURE

CREATED_ACCOUNT

protected static final java.lang.String CREATED_ACCOUNT

DEFAULT_GROUP_DOESNT_EXIST

protected static final java.lang.String DEFAULT_GROUP_DOESNT_EXIST

INVALID_ACCOUNT

protected static final java.lang.String INVALID_ACCOUNT

LOGIN_DISABLED_FAILURE

protected static final java.lang.String LOGIN_DISABLED_FAILURE

NO_PASSWORD_FAILURE

protected static final java.lang.String NO_PASSWORD_FAILURE

REMOVED_ACCOUNT

protected static final java.lang.String REMOVED_ACCOUNT

Constructor Detail

GenericAccountManager

public GenericAccountManager()

GenericAccountManager

public GenericAccountManager(java.lang.String pUserAuthorityName)

Method Detail

getAccountInitializer

public AccountInitializer getAccountInitializer()

Returns the account initializer that will set up our standard accounts, if any.

setAccountInitializer

public void setAccountInitializer(AccountInitializer pInitializer)

Changes the account initializer that will set up our standard accounts, if any.

setAccountMatchFields

public void setAccountMatchFields(java.lang.String[] pFields)

Changes the set of attribute fields that are searched by listMatchingAccounts().

See Also:

listMatchingAccounts(java.lang.String, int)

getAttributeResourceBundle

public java.lang.String getAttributeResourceBundle()

Returns the name of the resource bundle used for translating attribute names to resource names.

setAttributeResourceBundle

public void setAttributeResourceBundle(java.lang.String pBundleName)

Changes the resource bundle used for translating attribute names to resource names.

getDefaultLoginGroups

public java.lang.String[] getDefaultLoginGroups()

Returns the set of groups that are assigned to a new login account.

setDefaultLoginGroups

public void setDefaultLoginGroups(java.lang.String[] pGroups)

Changes the set of groups that are assigned to a new login account.

setDescriptionAttribute

public void setDescriptionAttribute(java.lang.String pDescriptionAttribute)

Changes the name of the attribute used for determining the description of a group or privilege account.

setFirstNameAttribute

public void setFirstNameAttribute(java.lang.String pFirstNameAttribute)

Changes the name of the attribute used for determining the first name of a login account owner.

setLastNameAttribute

public void setLastNameAttribute(java.lang.String pLastNameAttribute)

Changes the name of the attribute used for determining the last name of a login account owner.

setPasswordAttribute

public void setPasswordAttribute(java.lang.String pPasswordAttribute)

Changes the name of the attribute used for determining the password for a login account.

setPasswordHasher

public void setPasswordHasher(PasswordHasher pHasher)

Changes the password hasher used for obfuscating passwords.

setUserAuthorityName

public void setUserAuthorityName(java.lang.String pUserAuthorityName)

Changes the name reported for the user authority.

Overrides:

setUserAuthorityName in class GenericUserAuthority

addAccount

protected void addAccount(Account pAccount)

Adds an account to the set of accounts.

clear

public void clear()

Clears out all accounts.

getAccountIterator

protected java.util.Iterator getAccountIterator()

Returns an iterator for all accounts. This is useful for a "save" operation.

newAccount

protected Account newAccount(java.lang.String pAccountName,
                             int pType,
                             java.util.Map pAttributes)

Hook that allows subclasses to override the type of account that we create.

getPersona

public Persona getPersona(java.lang.Object pId)

Returns a persona for the given ID object. This is typically used by an ACL parser, where the ID is usually a string. Returns null if there is no persona for the indicated ID. Warning: This does not attempt to keep persona and account information consistent. Changes made to the account will not become effective until the next time getPersona() is called.

This means, for instance, that a change to a group will not take effect for any user who has an active persona.

Specified by:

getPersona in interface UserAuthority

Overrides:

getPersona in class GenericUserAuthority

See Also:

Persona

doStartService

public void doStartService()

When this service starts up, we may want to punch in some new accounts.

Overrides:

doStartService in class GenericService

listAccounts

public java.util.Iterator listAccounts(int pType)

Returns an iterator of accounts with a particular set of types. You may logical-or the account types together to select a union.

Specified by:

listAccounts in interface AccountManager

Parameters:

pType - The account type(s) to list. You may logical-or the types togeter to select a union.

See Also:

AccountTypes

listMatchingAccounts

public java.util.Iterator listMatchingAccounts(java.lang.String pExpression,
                                               int pType)

Lists accounts that match a given expression.

Specified by:

listMatchingAccounts in interface AccountManager

Parameters:

pExpression - The expression to use to determine which accounts to list. Currently the language used for the expression is undefined.

pType - The account type(s) to match against. You may logical-or the types togeter to select a union.

See Also:

AccountTypes

getAccount

public Account getAccount(java.lang.String pAccountName)

Retrieves the account object for the account with the given name.

Specified by:

getAccount in interface AccountManager

Parameters:

pAccountName - The name of the account to retrieve.

createAccount

public Account createAccount(java.lang.String pAccountName,
                             int pType,
                             java.util.Map pAttributes)
                      throws AccountExistsException,
                             InvalidAttributeException,
                             PermissionDeniedException

Creates a new account with a given set of attributes.

Specified by:

createAccount in interface AccountManager

Parameters:

pAccountName - The name of the account to create.

pAttributes - Set of attributes that should be set in the new account. Usually at least "password" is required. All attribute values must be strings.

pType - The type of the account to create.

Throws:

AccountExistsException

InvalidAttributeException

PermissionDeniedException

See Also:

AccountTypes

removeAccount

public void removeAccount(java.lang.String pAccountName)
                   throws NoSuchAccountException

Removes an account with the indicated name, if possible.

Specified by:

removeAccount in interface AccountManager

Throws:

NoSuchAccountException

getDescriptionAttribute

public java.lang.String getDescriptionAttribute()

Returns the name of the group or privilege account attribute that describes the account in human-readable terms.

Specified by:

getDescriptionAttribute in interface AccountManager

getFirstNameAttribute

public java.lang.String getFirstNameAttribute()

Returns the name of the attribute that contains the first name of the owner of a login account.

Specified by:

getFirstNameAttribute in interface AccountManager

getLastNameAttribute

public java.lang.String getLastNameAttribute()

Returns the name of the attribute that contains the last name of the owner of a login account.

Specified by:

getLastNameAttribute in interface AccountManager

getPasswordAttribute

public java.lang.String getPasswordAttribute()

Returns the name of the attribute that contains the password for a login account.

Specified by:

getPasswordAttribute in interface AccountManager

getPasswordHasher

public PasswordHasher getPasswordHasher()

Returns the password hasher that should be used to manage password encryption.

Specified by:

getPasswordHasher in interface AccountManager

Specified by:

getPasswordHasher in interface LoginUserAuthority

getDisplayNameForAttribute

public java.lang.String getDisplayNameForAttribute(java.lang.String pAttributeName)

Returns the display name that should be associated with an attribute. If the name is not available this will return null. This should not be used by applications; use I18nAccount.getDisplayNameForAttribute instead.

Specified by:

getDisplayNameForAttribute in interface atg.security.I18nAccountManager

setPersonaeFor

public boolean setPersonaeFor(User pUser,
                              java.lang.String pAccountName)

Populates a User object with appropriate personae for the user with the indicated ID.

Warning: This does not attempt to keep persona and account information consistent. Changes made to the account will not become effective until the next time setPersonaeFor() is called.

Specified by:

setPersonaeFor in interface IdUserAuthority

login

public boolean login(User pUser,
                     java.lang.String pName,
                     java.lang.String pHashedPassword,
                     java.lang.Object pHashKey)

Authenticates a user, populating the User object with appropriate personae. Note that the password must have been previously hashed using the PasswordHasher returned by getPasswordHasher().

Specified by:

login in interface LoginUserAuthority

See Also:

PasswordHasher