atg.userprofiling
Class ProfileServices

java.lang.Object
  atg.nucleus.logging.VariableArgumentApplicationLoggingImpl
      atg.nucleus.GenericService
          atg.userprofiling.ProfileServices

All Implemented Interfaces:

NameContextBindingListener, NameContextElement, NameResolver, AdminableService, ApplicationLogging, atg.nucleus.logging.ApplicationLoggingSender, atg.nucleus.logging.TraceApplicationLogging, atg.nucleus.logging.VariableArgumentApplicationLogging, ComponentNameResolver, Service, ServiceListener, atg.userprofiling.ProfileServiceConstants, java.util.EventListener

Direct Known Subclasses:

atg.scenario.userprofiling.ScenarioProfileServices

public class ProfileServices
extends GenericService
implements atg.userprofiling.ProfileServiceConstants

A collection of web services that duplicate common userprofiling functionality provided via form handlers and repository functions

Field Summary

static java.lang.String

CLASS_VERSION Class version string

Fields inherited from class atg.nucleus.GenericService

SERVICE_INFO_KEY

Fields inherited from interface atg.userprofiling.ProfileServiceConstants

ADMIN_UPDATE_NULL_ELEMENT, AUTHENTICATE_HASHKEY_ATTRIBUTE, AUTHENTICATE_TIMER_ATTRIBUTE, CHANGE_PASSWORD_MISMATCH, COPY_NULL_ITEM, CREATE_EXISTING_ITEM_ID, CREATE_EXISTING_ITEM_LOGIN, CREATE_ID_PARAM, CREATE_ID_PARAM_NAME, CREATE_NULL_ITEM, DEFAULT_LOGIN_PROFILE_TYPE, DEFAULT_PROFILE_PATH, DEFAULT_PROFILE_TOOLS_PATH, DEFAULT_REQUEST_LOCALE_PATH, DEFAULT_USER_PATH, DYNAMIC_ALGORITHM_INDICATOR, DYNAMIC_ALGORITHM_METHOD, ENCRYPT_INVALID_PASS_CONVERSATION, ENCRYPT_INVALID_SESSION_ATTRS, ENCRYPT_NULL_HASHKEY, HASHKEY_PARAM, HASHKEY_PARAM_NAME, LOGIN_BAD_ARGS, LOGIN_PARAM, LOGIN_PARAM_NAME, LOGIN_PASSWORD_MISMATCH, LOGOUT_ID_PARAM, LOGOUT_ID_PARAM_NAME, MATCH_PROP_PARAM, MATCH_PROP_PARAM_NAME, NEW_PASSWORD_PARAM, NEW_PASSWORD_PARAM_NAME, NO_ALGORITHM_FOUND, NULL_CURRENT_PROFILE, NULL_PROFILE_BY_ID, NULL_PROFILE_REPOSITORY, NULL_REQUEST, NULL_REQUEST_LOCALE, NULL_REQUEST_PARAMETER, NULL_SENTINEL, OPERATION_END_PARAM, OPERATION_END_PARAM_NAME, PASSWORD_PARAM, PASSWORD_PARAM_NAME, REGISTER_BAD_ARGS, SERVICE_NO_TOOLS, UPDATE_EVENT_PARAM, UPDATE_EVENT_PARAM_NAME, UPDATE_ID_PARAM, UPDATE_ID_PARAM_NAME, UPDATE_INVALID_REP, UPDATE_NO_ARGS, UPDATE_NO_ITEM, XML_ITEM_PARAM, XML_ITEM_PARAM_NAME

Fields inherited from interface atg.nucleus.logging.TraceApplicationLogging

DEFAULT_LOG_TRACE_STATUS

Fields inherited from interface atg.nucleus.logging.ApplicationLogging

DEFAULT_LOG_DEBUG_STATUS, DEFAULT_LOG_ERROR_STATUS, DEFAULT_LOG_INFO_STATUS, DEFAULT_LOG_WARNING_STATUS

Constructor Summary

ProfileServices()

Method Summary

void	addProperties(RepositoryItem pGuestUser, RepositoryItem pAuthenticatedUser, java.lang.String[] pPropertiesToAdd) Adds values from multi-valued properties from the guest user to the authenticated user
void	addProperty(java.lang.String pPropertyName, RepositoryItem pGuestUser, RepositoryItem pAuthenticatedUser) Adds a specific multi-valued property's values from the given guest user to the given authenticated user
void	addSwapEventListener(atg.userprofiling.ProfileSwapEventListener pListener) Adds a ProfileSwapEventListener to the list of listeners that care about ProfileSwapEvents
void	addUpdateListener(atg.userprofiling.ProfileUpdateListener pListener) Adds the given update listener to the list of listeners we already know about
RepositoryItem	addXMLItem(java.lang.String pItemAsXML, boolean pPersist) Adds or creates the given pItemAsXML, depending on the value of pPersist.
boolean	canClientEncryptPasswords() Tests to see whether we can allow clients to encrypt their passwords.
protected void	commitTransaction() Commits the current transaction
void	copyProperties(RepositoryItem pGuestUser, RepositoryItem pAuthenticatedUser, java.lang.String[] pPropertiesToCopy) Copies the properties named in pPropertiesToCopy from the pGuestUser to the pAuthenticatedUser
java.lang.String	createUser(java.lang.String pProfileAsXML) Creates a persistent user using the profile values given in pProfileAsXML.
boolean	deleteUser(java.lang.String pProfileId) Deletes a persistent user whose id matches pProfileId.
protected void	doCreateUser(DynamoHttpServletRequest pRequest, DynamoHttpServletResponse pResponse) Creates a user that is present as the request parameter, XML_ITEM_PARAM
protected void	doDeleteUser(DynamoHttpServletRequest pRequest, DynamoHttpServletResponse pResponse) Deletes a user that matches the id present as the request parameter, UPDATE_ID_PARAM.
protected void	doLoginUser(DynamoHttpServletRequest pRequest, DynamoHttpServletResponse pResponse) Logs in a user.
protected void	doLogoutUser(DynamoHttpServletRequest pRequest, DynamoHttpServletResponse pResponse) Called to logout a user.
protected void	doSetPassword(DynamoHttpServletRequest pRequest, DynamoHttpServletResponse pResponse) Called to actually change the current user's password.
void	doStartService() Called when this service starts, after its properties have been set.
protected void	doUpdateUser(DynamoHttpServletRequest pRequest, DynamoHttpServletResponse pResponse) Updates the user that is present as the request parameter, XML_ITEM_PARAM.
void	encryptPassword(MutableRepositoryItem pProfile) Takes the cleartext password of the given profile, encrypts it, and resets it to the encrypted version
boolean	endOperation(DynamoHttpServletRequest pRequest) Checks the given request to see if the OPERATION_END_PARAM is present and set to true
java.lang.Object	endOperationValue(DynamoHttpServletRequest pRequest) Gets the value of the OPERATION_END_PARAM_NAME from the given request.
protected javax.transaction.Transaction	ensureTransaction() This method ensures that a transaction exists before returning.
long	getBadPasswordDelay() Get property badPasswordDelay DEFAULT: 1000 (1 second)
java.lang.String	getCreateProfileType() Get property createProfileType DEFAULT: user
Profile	getCurrentProfile() Gets the profile of the current thread's user
java.lang.String	getCurrentProfileId() Gets the profileId of the current thread's user
PasswordHasher	getLoginPasswordHasher() Gets a password hasher for logging in
java.lang.String	getLoginProfileType() Get property loginProfileType DEFAULT: user
java.lang.String	getLogoutProfileType() Get property logoutProfileType DEFAULT: user
java.lang.String	getMappingFile(Repository pRepository, java.lang.String pItemDescriptorName) Gets a mapping file for a particular repository:itemDescriptorName combination
atg.repository.xml.ItemDescriptorMappingManager	getMappingManager() Get property mappingManager DEFAULT: null
long	getMaxAuthenticationWait() Get property maxAuthenticationWait DEFAULT: 30000 (30 seconds)
java.lang.String	getPasswordHashAlgorithm() Gets the algorithm for the password hasher used by the profile property manager
java.lang.String	getPasswordHashKey() Gets a hashkey for a password.
java.lang.String	getProfile(java.lang.String pProfileId) Gets the profile using the given profile id
java.lang.String	getProfile(java.lang.String pProfileId, java.lang.String pMappingFile) Gets the profile using the given profile id, and applies the given mapping file to the returned Repo2Xml string
java.lang.String	getProfileId(java.lang.String pLogin) Gets the profile id of the person with the given login
java.lang.String	getProfilePath() Get property profilePath DEFAULT: /atg/userprofiling/Profile
ProfileTools	getProfileTools() Get property profileTools DEFAULT: null
java.lang.String[]	getPropertiesToAddOnLogin() Get property propertiesToAddOnLogin DEFAULT: null
java.lang.String[]	getPropertiesToCopyOnLogin() Get property propertiesToCopyOnLogin DEFAULT: null
RepositoryItem	getRepositoryItemFromXML(java.lang.String pItemAsXML) Gets a RepositoryItem object from the given XML representation The item is matched based on the id property in the XML file
RepositoryItem	getRepositoryItemFromXML(java.lang.String pItemAsXML, java.lang.String[] pMatchedProperties) Gets a RepositoryItem object from the given XML representation The item is matched based on the id property in the XML file
java.lang.String	getRequestLocalePath() Get property RequestLocalePath DEFAULT: /atg/dynamo/servlet/RequestLocale
javax.transaction.TransactionManager	getTransactionManager() Get property transactionManager DEFAULT: null
atg.userprofiling.ProfileUpdateListener[]	getUpdateEventListeners() Get property UpdateEventListeners DEFAULT: null
AddService	getXmlAddService() Get property XmlAddService DEFAULT: null
GetService	getXmlGetService() Get property xmlGetService DEFAULT: null
java.lang.String	getXMLItem(RepositoryItem pItem, Repository pRepository, java.lang.String pItemDescriptorName, java.lang.String pMappingFile) Transforms the given repository item into XML, possibly using a mapping file to cull properties
UpdateService	getXmlUpdateService() Get property xmlUpdateService DEFAULT: null
boolean	isAllowEncryptedPasswords() Get property AllowEncryptedPasswords DEFAULT: true
boolean	isExpireSessionOnLogout() Get property expireSessionOnLogout DEFAULT: true
boolean	isGenerateLoginEvents() Get property GenerateLoginEvents DEFAULT: true
boolean	isGenerateLogoutEvents() Get property GenerateLogoutEvents DEFAULT: true
boolean	isGenerateRegisterEvents() Get property GenerateRegisterEvents DEFAULT: true
boolean	isGenerateUpdateEvents() Get property GenerateUpdateEvents DEFAULT: true
boolean	isUseDefaultMappings() Get property UseDefaultMappings DEFAULT: true
boolean	isUsingLDAPProfile() Get property usingLDAPProfile DEFAULT: false
java.lang.String	loginUser(java.lang.String pLogin, java.lang.String pPassword) Attempts to login a user using the given login and password.
java.lang.String	loginUser(java.lang.String pLogin, java.lang.String pPassword, boolean pIsPasswordEncrypted) Attempts to login a user using the given login and password.
void	logoutUser() Logs out the current user.
protected void	postCreateUser(DynamoHttpServletRequest pRequest, DynamoHttpServletResponse pResponse) Called after a new user is created.
protected void	postDeleteUser(DynamoHttpServletRequest pRequest, DynamoHttpServletResponse pResponse) Called after a user is succesfully deleted.
protected void	postLoginUser(DynamoHttpServletRequest pRequest, DynamoHttpServletResponse pResponse) Called after a user is successfully logged in.
protected void	postLogoutUser(DynamoHttpServletRequest pRequest, DynamoHttpServletResponse pResponse) Called after a user is logged out.
protected void	postSetPassword(DynamoHttpServletRequest pRequest, DynamoHttpServletResponse pResponse) Called after the current user's password is setd.
protected void	postUpdateUser(DynamoHttpServletRequest pRequest, DynamoHttpServletResponse pResponse) Called after a user is updated.
protected void	preCreateUser(DynamoHttpServletRequest pRequest, DynamoHttpServletResponse pResponse) Called before a user is created.
protected void	preDeleteUser(DynamoHttpServletRequest pRequest, DynamoHttpServletResponse pResponse) Called before a user is deleted.
protected void	preLoginUser(DynamoHttpServletRequest pRequest, DynamoHttpServletResponse pResponse) Called before a login actually takes place.
protected void	preLogoutUser(DynamoHttpServletRequest pRequest, DynamoHttpServletResponse pResponse) Called before a user is logged out.
protected void	preSetPassword(DynamoHttpServletRequest pRequest, DynamoHttpServletResponse pResponse) Called before the current user's password is changed.
void	removeSwapEventListener(atg.userprofiling.ProfileSwapEventListener pListener) Removes a ProfileSwapEventListener to the list of listeners that care about ProfileSwapEvents
void	removeUpdateListener(atg.userprofiling.ProfileUpdateListener pListener) Removes the given update listener from the list of listeners we already know about
void	sendProfileSwapEvent(int pEventType, RepositoryItem pPreSwapItem, RepositoryItem pPostSwapItem) Sends a ProfileSwapEvent using the given arguments
void	sendUpdateEvent(atg.userprofiling.ProfileUpdateEvent pEvent) Sends the given update event to all of the registered update listeners
void	setAllowEncryptedPasswords(boolean pAllowEncryptedPasswords) Set property AllowEncryptedPasswords DEFAULT: true
void	setBadPasswordDelay(long pBadPasswordDelay) Set property badPasswordDelay DEFAULT: 1000 (1 second)
void	setContactInfo(java.lang.String pProfileId, java.lang.String pContactInfoAsXML) Changes the contact info property for a user.
void	setCreateProfileType(java.lang.String pCreateProfileType) Set property createProfileType DEFAULT: user
void	setExpireSessionOnLogout(boolean pExpireSessionOnLogout) Set property expireSessionOnLogout DEFAULT: true
void	setGenerateLoginEvents(boolean pGenerateLoginEvents) Set property GenerateLoginEvents DEFAULT: true
void	setGenerateLogoutEvents(boolean pGenerateLogoutEvents) Set property GenerateLogoutEvents DEFAULT: true
void	setGenerateRegisterEvents(boolean pGenerateRegisterEvents) Set property GenerateRegisterEvents DEFAULT: true
void	setGenerateUpdateEvents(boolean pGenerateUpdateEvents) Set property GenerateUpdateEvents DEFAULT: true
void	setLocale(java.lang.String pProfileId, java.lang.String pLocaleName) Changes the locale property for a user.
void	setLoginProfileType(java.lang.String pLoginProfileType) Set property loginProfileType DEFAULT: user
void	setLogoutProfileType(java.lang.String pLogoutProfileType) Set property logoutProfileType DEFAULT: user
void	setMappingManager(atg.repository.xml.ItemDescriptorMappingManager pMappingManager) Set property mappingManager DEFAULT: null
void	setMaxAuthenticationWait(long pMaxAuthenticationWait) Set property maxAuthenticationWait DEFAULT: 30000 (30 seconds)
void	setPassword(java.lang.String pProfileId, java.lang.String pOldPassword, java.lang.String pNewPassword) Allows a user to set their own password.
void	setProfilePath(java.lang.String pProfilePath) Set property profilePath DEFAULT: /atg/userprofiling/Profile
void	setProfileTools(ProfileTools pProfileTools) Set property profileTools DEFAULT: null
void	setPropertiesToAddOnLogin(java.lang.String[] pPropertiesToAddOnLogin) Set property propertiesToAddOnLogin DEFAULT: null
void	setPropertiesToCopyOnLogin(java.lang.String[] pPropertiesToCopyOnLogin) Set property propertiesToCopyOnLogin DEFAULT: null
void	setRequestLocalePath(java.lang.String pRequestLocalePath) Set property RequestLocalePath DEFAULT: /atg/dynamo/servlet/RequestLocale
void	setSessionLocale(java.lang.String pLocaleName) Sets the locale of the current session by changing the session-scoped RequestLocale component.
void	setTransactionManager(javax.transaction.TransactionManager pTransactionManager) Set property transactionManager DEFAULT: null
void	setUpdateEventListeners(atg.userprofiling.ProfileUpdateListener[] pUpdateEventListeners) Set property UpdateEventListeners DEFAULT: null
void	setUseDefaultMappings(boolean pUseDefaultMappings) Set property UseDefaultMappings DEFAULT: true
void	setUsingLDAPProfile(boolean pUsingLDAPProfile) Set property usingLDAPProfile DEFAULT: false
void	setXmlAddService(AddService pXmlAddService) Set property XmlAddService DEFAULT: null
void	setXmlGetService(GetService pXmlGetService) Set property xmlGetService DEFAULT: null
void	setXmlUpdateService(UpdateService pXmlUpdateService) Set property xmlUpdateService DEFAULT: null
void	updateLDAPProfileAttributes(MutableRepositoryItem pItem) Updates profile attributes pertaining to LDAP.
void	updateUser(java.lang.String pProfileAsXML) Updates a persistent user using the profile values given in pProfileAsXML.
void	updateUser(java.lang.String pProfileAsXML, java.lang.String[] pMatchProperties) Updates a persistent user using the profile values given in pProfileAsXML.
void	updateXMLItem(java.lang.String pItemAsXML, java.lang.String[] pMatchedProperties) Updates a Repo2Xml item

Methods inherited from class atg.nucleus.GenericService

addLogListener, createAdminServlet, doStopService, getAbsoluteName, getAdminServlet, getLoggingForVlogging, getLogListenerCount, getLogListeners, getName, getNameContext, getNucleus, getRoot, getServiceConfiguration, getServiceInfo, isLoggingDebug, isLoggingError, isLoggingInfo, isLoggingTrace, isLoggingWarning, isRunning, logDebug, logDebug, logDebug, logError, logError, logError, logInfo, logInfo, logInfo, logTrace, logTrace, logTrace, logWarning, logWarning, logWarning, nameContextElementBound, nameContextElementUnbound, removeLogListener, resolveName, resolveName, resolveName, resolveName, sendLogEvent, setLoggingDebug, setLoggingError, setLoggingInfo, setLoggingTrace, setLoggingWarning, setNucleus, setServiceInfo, startService, stopService

Methods inherited from class atg.nucleus.logging.VariableArgumentApplicationLoggingImpl

vlogDebug, vlogDebug, vlogDebug, vlogDebug, vlogError, vlogError, vlogError, vlogError, vlogInfo, vlogInfo, vlogInfo, vlogInfo, vlogTrace, vlogTrace, vlogTrace, vlogTrace, vlogWarning, vlogWarning, vlogWarning, vlogWarning

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CLASS_VERSION

public static java.lang.String CLASS_VERSION

Class version string

Constructor Detail

ProfileServices

public ProfileServices()

Method Detail

setAllowEncryptedPasswords

public void setAllowEncryptedPasswords(boolean pAllowEncryptedPasswords)

Set property AllowEncryptedPasswords DEFAULT: true

Parameters:

pAllowEncryptedPasswords - true if services that accept or require passwords allow those passwords to be encrypted. This only applies to services that compare password values, not services that set passwords. Services that set passwords should NOT be called with encrypted passwords

isAllowEncryptedPasswords

public boolean isAllowEncryptedPasswords()

Get property AllowEncryptedPasswords DEFAULT: true

Returns:

true if services that accept or require passwords allow those passwords to be encrypted. This only applies to services that compare password values, not services that set passwords. Services that set passwords should NOT be called with encrypted passwords

setUseDefaultMappings

public void setUseDefaultMappings(boolean pUseDefaultMappings)

Set property UseDefaultMappings DEFAULT: true

Parameters:

pUseDefaultMappings - true if services that return Repo2Xml items should use default mapping files supplied by the ItemMappingManager configured for this component. This property is ignored if a mapping file is explicitly passed to the service

isUseDefaultMappings

public boolean isUseDefaultMappings()

Get property UseDefaultMappings DEFAULT: true

Returns:

true if services that return Repo2Xml items should use default mapping files supplied by the ItemMappingManager configured for this component. This property is ignored if a mapping file is explicitly passed to the service

setGenerateLoginEvents

public void setGenerateLoginEvents(boolean pGenerateLoginEvents)

Set property GenerateLoginEvents DEFAULT: true

Parameters:

pGenerateLoginEvents - true if login events should be fired when a login occurs

isGenerateLoginEvents

public boolean isGenerateLoginEvents()

Get property GenerateLoginEvents DEFAULT: true

Returns:

true if login events should be fired when a login occurs

setGenerateUpdateEvents

public void setGenerateUpdateEvents(boolean pGenerateUpdateEvents)

Set property GenerateUpdateEvents DEFAULT: true

Parameters:

pGenerateUpdateEvents - true if update events should be fired when an update occurs

isGenerateUpdateEvents

public boolean isGenerateUpdateEvents()

Get property GenerateUpdateEvents DEFAULT: true

Returns:

true if update events should be fired when an update occurs

setGenerateRegisterEvents

public void setGenerateRegisterEvents(boolean pGenerateRegisterEvents)

Set property GenerateRegisterEvents DEFAULT: true

Parameters:

pGenerateRegisterEvents - true if register events should be fired when someone registers

isGenerateRegisterEvents

public boolean isGenerateRegisterEvents()

Get property GenerateRegisterEvents DEFAULT: true

Returns:

true if register events should be fired when someone registers

setGenerateLogoutEvents

public void setGenerateLogoutEvents(boolean pGenerateLogoutEvents)

Set property GenerateLogoutEvents DEFAULT: true

Parameters:

pGenerateLogoutEvents - true if a logout events should be fired when a user logs out

isGenerateLogoutEvents

public boolean isGenerateLogoutEvents()

Get property GenerateLogoutEvents DEFAULT: true

Returns:

true if a logout events should be fired when a user logs out

setUpdateEventListeners

public void setUpdateEventListeners(atg.userprofiling.ProfileUpdateListener[] pUpdateEventListeners)

Set property UpdateEventListeners DEFAULT: null

Parameters:

pUpdateEventListeners - an array of objects that listen for ProfileUpdateEvents i.e. events that are fired when user updates occur through services in this class

getUpdateEventListeners

public atg.userprofiling.ProfileUpdateListener[] getUpdateEventListeners()

Get property UpdateEventListeners DEFAULT: null

Returns:

an array of objects that listen for ProfileUpdateEvents i.e. events that are fired when user updates occur through services in this class

setRequestLocalePath

public void setRequestLocalePath(java.lang.String pRequestLocalePath)

Set property RequestLocalePath DEFAULT: /atg/dynamo/servlet/RequestLocale

Parameters:

pRequestLocalePath - the path to a session-scoped RequestLocale component, which handles locale-based redirecting on a per-session basis

getRequestLocalePath

public java.lang.String getRequestLocalePath()

Get property RequestLocalePath DEFAULT: /atg/dynamo/servlet/RequestLocale

Returns:

the path to a session-scoped RequestLocale component, which handles locale-based redirecting on a per-session basis

setProfilePath

public void setProfilePath(java.lang.String pProfilePath)

Set property profilePath DEFAULT: /atg/userprofiling/Profile

Parameters:

pProfilePath - the path to the profile component used in all userprofiling operations

getProfilePath

public java.lang.String getProfilePath()

Get property profilePath DEFAULT: /atg/userprofiling/Profile

Returns:

the path to the profile component used in all userprofiling operations

setCreateProfileType

public void setCreateProfileType(java.lang.String pCreateProfileType)

Set property createProfileType DEFAULT: user

Parameters:

pCreateProfileType - when creating a new profile, this it the item type it should be i.e. item descriptor name

getCreateProfileType

public java.lang.String getCreateProfileType()

Get property createProfileType DEFAULT: user

Returns:

when creating a new profile, this it the item type it should be i.e. item descriptor name

setLoginProfileType

public void setLoginProfileType(java.lang.String pLoginProfileType)

Set property loginProfileType DEFAULT: user

Parameters:

pLoginProfileType - when logging in a user, the item type that their profile is expected to be. If there are many possible profile types due to subtyping, then this value should be set to their collective supertype

getLoginProfileType

public java.lang.String getLoginProfileType()

Get property loginProfileType DEFAULT: user

Returns:

when logging in a user, the item type that their profile is expected to be. If there are many possible profile types due to subtyping, then this value should be set to their collective supertype

setLogoutProfileType

public void setLogoutProfileType(java.lang.String pLogoutProfileType)

Set property logoutProfileType DEFAULT: user

Parameters:

pLogoutProfileType - when a user logs out, this is the item type that next guest user will have

getLogoutProfileType

public java.lang.String getLogoutProfileType()

Get property logoutProfileType DEFAULT: user

Returns:

when a user logs out, this is the item type that next guest user will have

setUsingLDAPProfile

public void setUsingLDAPProfile(boolean pUsingLDAPProfile)

Set property usingLDAPProfile DEFAULT: false

Parameters:

pUsingLDAPProfile - true if these userprofiling services act upon an LDAP-based profile (this includes composite profiles with an LDAP component)

isUsingLDAPProfile

public boolean isUsingLDAPProfile()

Get property usingLDAPProfile DEFAULT: false

Returns:

true if these userprofiling services act upon an LDAP-based profile (this includes composite profiles with an LDAP component)

setBadPasswordDelay

public void setBadPasswordDelay(long pBadPasswordDelay)

Set property badPasswordDelay DEFAULT: 1000 (1 second)

Parameters:

pBadPasswordDelay - the number of milliseconds to pause when a login is attempted with a bad password. This value must not be negative

getBadPasswordDelay

public long getBadPasswordDelay()

Get property badPasswordDelay DEFAULT: 1000 (1 second)

Returns:

the number of milliseconds to pause when a login is attempted with a bad password

setExpireSessionOnLogout

public void setExpireSessionOnLogout(boolean pExpireSessionOnLogout)

Set property expireSessionOnLogout DEFAULT: true

Parameters:

pExpireSessionOnLogout - true if a person's entire session should be expired after they logout

isExpireSessionOnLogout

public boolean isExpireSessionOnLogout()

Get property expireSessionOnLogout DEFAULT: true

Returns:

true if a person's entire session should be expired after they logout

setPropertiesToCopyOnLogin

public void setPropertiesToCopyOnLogin(java.lang.String[] pPropertiesToCopyOnLogin)

Set property propertiesToCopyOnLogin DEFAULT: null

Parameters:

pPropertiesToCopyOnLogin - an array of properties that should be copied from a guest user to a persistent user upon login. Both single-value and multi-valued properties will be copied entirely i.e. any previous values are overwritten

getPropertiesToCopyOnLogin

public java.lang.String[] getPropertiesToCopyOnLogin()

Get property propertiesToCopyOnLogin DEFAULT: null

Returns:

an array of properties that should be copied from a guest user to a persistent user upon login. Both single-value and multi-valued properties will be copied entirely i.e. any previous values are overwritten

setPropertiesToAddOnLogin

public void setPropertiesToAddOnLogin(java.lang.String[] pPropertiesToAddOnLogin)

Set property propertiesToAddOnLogin DEFAULT: null

Parameters:

pPropertiesToAddOnLogin - an array of multi-valued properties whose values should be added from a guest user to the existing values of a persistent user when the guest logs in

getPropertiesToAddOnLogin

public java.lang.String[] getPropertiesToAddOnLogin()

Get property propertiesToAddOnLogin DEFAULT: null

Returns:

an array of multi-valued properties whose values should be added from a guest user to the existing values of a persistent user when the guest logs in

setMappingManager

public void setMappingManager(atg.repository.xml.ItemDescriptorMappingManager pMappingManager)

Set property mappingManager DEFAULT: null

Parameters:

pMappingManager - the service that controls mapping files for all item descriptors. This is used to provide default mapping files for particular repository:itemDescriptor pairs, so if a service returns Repo2Xml items of a type that has had an ItemDescriptorMapping defined for it, that mapping will automatically be applied before the Repo2Xml item is returned (unless useDefaultMappings is false)

getMappingManager

public atg.repository.xml.ItemDescriptorMappingManager getMappingManager()

Get property mappingManager DEFAULT: null

Returns:

the service that controls mapping files for all item descriptors. This is used to provide default mapping files for particular repository:itemDescriptor pairs, so if a service returns Repo2Xml items of a type that has had an ItemDescriptorMapping defined for it, that mapping will automatically be applied before the Repo2Xml item is returned (unless useDefaultMappings is false)

setXmlAddService

public void setXmlAddService(AddService pXmlAddService)

Set property XmlAddService DEFAULT: null

Parameters:

pXmlAddService - a service that knows how to add Repo2Xml items to a repository

getXmlAddService

public AddService getXmlAddService()

Get property XmlAddService DEFAULT: null

Returns:

a service that knows how to add Repo2Xml items to a repository

setXmlGetService

public void setXmlGetService(GetService pXmlGetService)

Set property xmlGetService DEFAULT: null

Parameters:

pXmlGetService - the service that turns a RepositoryItem into an xml representation (known as a Repo2Xml item)

getXmlGetService

public GetService getXmlGetService()

Get property xmlGetService DEFAULT: null

Returns:

the service that turns a RepositoryItem into an xml representation (known as a Repo2Xml item)

setXmlUpdateService

public void setXmlUpdateService(UpdateService pXmlUpdateService)

Set property xmlUpdateService DEFAULT: null

Parameters:

pXmlUpdateService - a service that knows how to add Repo2Xml items to a repository

getXmlUpdateService

public UpdateService getXmlUpdateService()

Get property xmlUpdateService DEFAULT: null

Returns:

a service that knows how to add Repo2Xml items to a repository

setProfileTools

public void setProfileTools(ProfileTools pProfileTools)

Set property profileTools DEFAULT: null

Parameters:

pProfileTools - a collection of utility methods that help perform common funtions used by several profile services

getProfileTools

public ProfileTools getProfileTools()

Get property profileTools DEFAULT: null

Returns:

a collection of utility methods that help perform common funtions used by several profile services

setTransactionManager

public void setTransactionManager(javax.transaction.TransactionManager pTransactionManager)

Set property transactionManager DEFAULT: null

Parameters:

pTransactionManager - the transaction manager for all web services

getTransactionManager

public javax.transaction.TransactionManager getTransactionManager()

Get property transactionManager DEFAULT: null

Returns:

the transaction manager for all web services

setMaxAuthenticationWait

public void setMaxAuthenticationWait(long pMaxAuthenticationWait)

Set property maxAuthenticationWait DEFAULT: 30000 (30 seconds)

Parameters:

pMaxAuthenticationWait - the number of milliseconds allowed before an encrypted login conversation becomes invalid. An encrypted login conversation requires a client to call several methods in order to correctly encrypt a password to be passed to the login web service. The timer for this conversation is started when getPasswordHashKey is called, since this hashkey is intended to be temporary and unique for one login attempt. The timer ends when loginUser is called. The difference in time between those two calls should not exceed pMaxAuthenticationWait, otherwise the login attempt is considered invalid.

getMaxAuthenticationWait

public long getMaxAuthenticationWait()

Get property maxAuthenticationWait DEFAULT: 30000 (30 seconds)

Returns:

the number of milliseconds allowed before an encrypted login conversation becomes invalid. An encrypted login conversation requires a client to call several methods in order to correctly encrypt a password to be passed to the login web service. The timer for this conversation is started when getPasswordHashKey is called, since this hashkey is intended to be temporary and unique for one login attempt. The timer ends when loginUser is called. The difference in time between those two calls should not exceed pMaxAuthenticationWait, otherwise the login attempt is considered invalid.

addSwapEventListener

public void addSwapEventListener(atg.userprofiling.ProfileSwapEventListener pListener)

Adds a ProfileSwapEventListener to the list of listeners that care about ProfileSwapEvents

Parameters:

pListener - the ProfileSwapEventListener to add

removeSwapEventListener

public void removeSwapEventListener(atg.userprofiling.ProfileSwapEventListener pListener)

Removes a ProfileSwapEventListener to the list of listeners that care about ProfileSwapEvents

Parameters:

pListener - the ProfileSwapEventListener to remove

setSessionLocale

public void setSessionLocale(java.lang.String pLocaleName)
                      throws javax.servlet.ServletException

Sets the locale of the current session by changing the session-scoped RequestLocale component. This method does NOT change the value of the "locale" profile property for the current profile. Use the setLocale to accomplish this. This method is also intended to be called in the context of an HTTP request.

Parameters:

pLocaleName - the locale to change to for the length of the session. If this is null, then the current locale will be set to the default locale for the RequestLocale component

Throws:

javax.servlet.ServletException - if an error occurs trying to change the locale, or this method is not called in the context of an HTTP request

setPassword

public void setPassword(java.lang.String pProfileId,
                        java.lang.String pOldPassword,
                        java.lang.String pNewPassword)
                 throws javax.servlet.ServletException

Allows a user to set their own password. Specifically, the password property of the given user will be set to the pNewPassword supplied. This "password property" is defined as the profile property whose name matches the profileTools.propertyManager.passwordPropertyName property value. The password that is to be changed should belong to the current session's profile.

This method is not intended to be used by an admin changing someone else's password, use adminSetPassword if you wish to do this.

This method calls preSetPassword, doSetPassword , and postSetPassword in turn, to do the actual property change.

The following request parameters are set in this method PASSWORD_PARAM - for the old password NEW_PASSWORD_PARAM - for the new password UPDATE_ID_PARAM - the id of the profile being updated

Extensions of this class, or of the preSet, doSet, and postSet methods can use these parameters to get access to this methods original arguments This method is expected to be called in the context of an HTTP request. Also, a transaction is required when executing this method. If no transaction is in place, a new one is started and committed before this method returns.

Parameters:

pProfileId - the id of the current profile, whose password is being changed. This argument is used by the ProfileOwnerPolicy to ensure that the person who calls this service is the person who is in the current session, if this security policy is applied. This argument must not be null

pOldPassword - the old password that is being changed. This is needed to verify the credentials of the current profile before changing the password. This argument can be null (if your profile repository allows null passwords)

pNewPassword - the new value for the user's password property. This argument can be null (if your profile repository allows null passwords)

Throws:

javax.servlet.ServletException - if an error occurs changing the password

preSetPassword

protected void preSetPassword(DynamoHttpServletRequest pRequest,
                              DynamoHttpServletResponse pResponse)
                       throws javax.servlet.ServletException

Called before the current user's password is changed. This implementation does nothing

Parameters:

pRequest - the current request, which is guaranteed to contain the following parameters:

PASSWORD_PARAM - for the old password

NEW_PASSWORD_PARAM - for the new password

UPDATE_ID_PARAM - the id of the profile being updated

pResponse - the current response

Throws:

javax.servlet.ServletException - if an error occurs here

doSetPassword

protected void doSetPassword(DynamoHttpServletRequest pRequest,
                             DynamoHttpServletResponse pResponse)
                      throws javax.servlet.ServletException

Called to actually change the current user's password. The parameter in the given request that contains the password will be encrypted before being set on the user. This encryption is performed by the profileTools.propertyManager.passwordHasher object

Parameters:

pRequest - the current request, which is guaranteed to contain the following parameters:

PASSWORD_PARAM - for the old password

NEW_PASSWORD_PARAM - for the new password

UPDATE_ID_PARAM - the id of the profile being updated

pResponse - the current response

Throws:

javax.servlet.ServletException - occurs in the following cases:

• If there is no current profile i.e. we are not in the context of a request or session
• If the old password set as a parameter in pRequest does not match the given profile's current password (note that the password in the request will be encrypted before comparing its value with the current profile's password)
• If the value of the UPDATE_ID_PARAM request parameter does not refer to a valid repository item
• If there is a repository error while trying to set the new password

postSetPassword

protected void postSetPassword(DynamoHttpServletRequest pRequest,
                               DynamoHttpServletResponse pResponse)
                        throws javax.servlet.ServletException

Called after the current user's password is setd. This implementation does nothing

Parameters:

pRequest - the current request, which is guaranteed to contain the following parameters:

PASSWORD_PARAM - for the old password

NEW_PASSWORD_PARAM - for the new password

UPDATE_ID_PARAM - the id of the profile being updated

pResponse - the current response

Throws:

javax.servlet.ServletException - if an error occurs here

getProfile

public java.lang.String getProfile(java.lang.String pProfileId)
                            throws RepositoryException

Gets the profile using the given profile id

A transaction is required when executing this method. If no transaction is in place, a new one is started and committed before this method returns.

Parameters:

pProfileId - the id of the profile to get. If null is entered for this argument, then null is returned

Returns:

an Repo2Xml representation of the found profile, or null if no profile was found with that id. Depending on the value of useDefaultMappings, a default mapping file could be applied to the resulting Repo2Xml

Throws:

RepositoryException - if an error occurs trying to retrieve the item

getProfile

public java.lang.String getProfile(java.lang.String pProfileId,
                                   java.lang.String pMappingFile)
                            throws RepositoryException

Gets the profile using the given profile id, and applies the given mapping file to the returned Repo2Xml string

A transaction is required when executing this method. If no transaction is in place, a new one is started and committed before this method returns.

Parameters:

pProfileId - the id of the profile to get. If null is entered for this argument, then this method returns null

pMappingFile - a mapping file that dictates what profile properties are returned in the resulting XML. If null is entered for this argument, then a default mapping file could be applied, depending on the value of useDefaultMappings

Returns:

an Repo2Xml representation of the found profile, or null if no profile was found with that id

Throws:

RepositoryException - if any of the following occurs:

• No valid profile repository is found
• The profile repository throws an error trying to retrieve the item

getProfileId

public java.lang.String getProfileId(java.lang.String pLogin)
                              throws RepositoryException

Gets the profile id of the person with the given login

A transaction is required when executing this method. If no transaction is in place, a new one is started and committed before this method returns.

Parameters:

pLogin - the login to find the id for. If this argument is null, then null is returned

Returns:

the profile id of the person with given login, or null if no profile exists with that login

Throws:

RepositoryException - if an error occurs trying to find the person. This error will come from the profile repository directly, and not from this method

updateUser

public void updateUser(java.lang.String pProfileAsXML)
                throws javax.servlet.ServletException

Updates a persistent user using the profile values given in pProfileAsXML. It's intended that this service be used by users to update their own profile, and certain session actions will take place based on that assumption i.e. cookie handling, locale changing, etc. Admins that want to update other users' profiles should use adminUpdateUser, and not this method.

This method calls preUpdateUser, doUpdateUser , and postUpdateUser in turn

This method is expected to be called in the context of an HTTP request. Also, a transaction is required when executing this method. If no transaction is in place, a new one is started and committed before this method returns.

The following request parameter is set in this method XML_ITEM_PARAM - the current Repo2Xml item that is being updated

Parameters:

pProfileAsXML - the profile with updated values, as a Repo2Xml item

Throws:

javax.servlet.ServletException - if any of the following occurs:

• The pProfileAsXML argument is null or empty
• This method is not executed in the context of an HTTP request
• A ServletException is thrown by preUpdateUser, doUpdateUser, or postUpdateUser

updateUser

public void updateUser(java.lang.String pProfileAsXML,
                       java.lang.String[] pMatchProperties)
                throws javax.servlet.ServletException

Updates a persistent user using the profile values given in pProfileAsXML. It's intended that this service be used by users to update their own profile, and certain session actions will take place based on that assumption i.e. cookie handling, locale changing, etc. Admins that want to update other users' profiles should use adminUpdateUser, and not this method.

This method calls preUpdateUser, doUpdateUser , and postUpdateUser in turn

This method is expected to be called in the context of an HTTP request. Also, a transaction is required when executing this method. If no transaction is in place, a new one is started and committed before this method returns.

The following request parameter is set in this method XML_ITEM_PARAM - the current Repo2Xml item that is being updated

Parameters:

pProfileAsXML - the profile with updated values, as a Repo2Xml item

pMatchProperties - an array of properties present in the given xml items whose values will be used to find their persistent counterparts in the repository. The Repo2Xml values for all the given property names must exactly match the values or a corresponding repository item in order for the item to be properly updated

Throws:

javax.servlet.ServletException - if any of the following occurs:

• The pProfileAsXML argument is null or empty
• This method is not executed in the context of an HTTP request
• A ServletException is thrown by preUpdateUser, doUpdateUser, or postUpdateUser

doUpdateUser

protected void doUpdateUser(DynamoHttpServletRequest pRequest,
                            DynamoHttpServletResponse pResponse)
                     throws javax.servlet.ServletException

Updates the user that is present as the request parameter, XML_ITEM_PARAM.

Parameters:

pRequest - the current request, expected to have the following parameter:

XML_ITEM_PARAM - the xml item that is to be updated

And can optionally have the following parameter:

UPDATE_EVENT_PARAM - a map of property names to values, which represents a snapshot of the item-to-update before the update occurs

pResponse - the current response

Throws:

javax.servlet.ServletException - if any of the following errors occur:

• The XML_ITEM_PARAM request parameter is not present in pRequest
• A RepositoryException occurs updating the RepositoryItem

postUpdateUser

protected void postUpdateUser(DynamoHttpServletRequest pRequest,
                              DynamoHttpServletResponse pResponse)
                       throws javax.servlet.ServletException

Called after a user is updated. This implementations sends an update event, if configured to do so. It uses the current profile (retrieved by resolving the configure Profile component using the current request) to expire or send cookies based on changes in the autoLogin property (if one exists), and also changes the locale for the current session if the user's locale property has changed (if one exists).

Parameters:

pRequest - the current request, expected to have the following parameter:

XML_ITEM_PARAM - the xml item that is to be updated

And can optionally have the following parameter:

UPDATE_EVENT_PARAM - a map of property names to values, which represents a snapshot of the item-to-update before the update occurs

pRequest - the current response

pResponse - the current response

Throws:

javax.servlet.ServletException - if any of the following occur:

• XML_ITEM_PARAM does not resolve to a valid RepositoryItem
• A RepositoryException occurs when trying to create an update event

setContactInfo

public void setContactInfo(java.lang.String pProfileId,
                           java.lang.String pContactInfoAsXML)
                    throws RepositoryException

Changes the contact info property for a user. This service requires the existence of a profileTools.propertyManager.contactInfoPropertyName value that resolves to an actual profile property. This property must also be of type atg.repository.RepositoryItem

A transaction is required when executing this method. If no transaction is in place, a new one is started and committed before this method returns.

Parameters:

pProfileId - the profile id of the user whose contactInfo property is to be changed. This argument must not be null.

pContactInfoAsXML - a Repo2Xml item of the contact info that the user's contactInfo property should be set to. This argument can be null.

Throws:

RepositoryException - if any of the following occurs:

• pProfileId is null
• No profile is found whose id equals pProfileId
• A RepositoryException occurs when setting the contact info property

setLocale

public void setLocale(java.lang.String pProfileId,
                      java.lang.String pLocaleName)
               throws RepositoryException

Changes the locale property for a user. This service requires the existence of a profileTools.propertyManager.localePropertyName value that resolves to an actual profile property. This property must also be of type java.lang.String

A transaction is required when executing this method. If no transaction is in place, a new one is started and committed before this method returns.

Parameters:

pProfileId - the profile id of the user whose contactInfo property is to be changed. This argument must not be null.

pLocaleName - The locale string that represents the locale that the user's locale property should be set to e.g. en_EN. This argument can be null.

Throws:

RepositoryException - if any of the following occurs:

• pProfileId is null
• No profile is found whose id equals pProfileId
• A RepositoryException occurs when setting the contact info property

loginUser

public java.lang.String loginUser(java.lang.String pLogin,
                                  java.lang.String pPassword)
                           throws javax.servlet.ServletException

Attempts to login a user using the given login and password. The password passed in is expected to be cleartext. As such, it is strongly advised that all clients using this service method, do so using https

This method calls preLogin, doLoginUser , and postLoginUser in turn

This method is expected to be called in the context of an HTTP request. Also, a transaction is required when executing this method. If no transaction is in place, a new one is started and committed before this method returns.

The following request parameters are set in this method:

• LOGIN_PARAM - the login of the user
• PASSWORD_PARAM - the password of the user

Parameters:

pLogin - the login of the user to login. This argument cannot be null

pPassword - the cleartext password of the user to login. This argument can be null

Returns:

the profile id of the logged in user, or null if no profile could be found for the given login/password combination

Throws:

javax.servlet.ServletException - if any of the following errors occur:

• pLogin is null
• This method is not called in the context of a request
• A ServletException is thrown by preLoginUser, doLoginUser, or postLoginUser

loginUser

public java.lang.String loginUser(java.lang.String pLogin,
                                  java.lang.String pPassword,
                                  boolean pIsPasswordEncrypted)
                           throws javax.servlet.ServletException

Attempts to login a user using the given login and password. An extra flag indicates whether the password was encrypted before being passed here. If the password is encrypted, it is expected that the getPasswordHashKey() method was called prior to this method in order to get a temporary hashkey used to encrypt the password on the method caller's end. Password encryption on the client side is an option when using this service with a non-secure protocol, such as http. It should be stressed in triplicate that this mechanism for encryption is not meant to be un-hackable. If you really want password security, then use https when calling this service. Just for completeness, here is the required conversation for logging in a user with client-side password encryption (this conversation must be handled in a timely fasion, since there is a timer starting when getPasswordHashKey is called, and ending when this method is called. The time between these method calls cannot exceed the value of maxAuthenticationWait in milliseconds): 1) Client calls canClientEncryptPasswords 2) If canClientEncryptPasswords returns false, client should use https and send the password as cleartext. Currently, only the MD5PasswordHasher is a supported for encrypted passwords. Client should call loginUser(login, cleartext_password, false) 3) If canClientEncryptPasswords returns true, client calls getPasswordHashAlgorithm 4) Client encrypts the user's password using the rules required by the returned algorithm. These rules vary depending on the password hasher being used for a given application. Consult the documentation for specifics. 5) Client calls getPasswordHashKey - note that the conversation timer is started here. Clients have maxAuthenticationWait milliseconds to call loginUser. If loginUser is not called quickly enough, an error is thrown when it is eventually called 6) Client further encrypts the user's password using the returned hash key. The order and manner in which this encryption occurs is based on the rules of the password hasher being used. Consult the documentation for specifics. 7) Client calls loginUser(login, encrypted_password_from_step_6, true) As you can see, encrypting passwords on the client side is tricky, and not 100% safe. It is strongly recommended that you call this service using https and cleartext passwords

This method calls preLogin, doLoginUser , and postLoginUser in turn

This method is expected to be called in the context of an HTTP request. Also, a transaction is required when executing this method. If no transaction is in place, a new one is started and committed before this method returns.

The following request parameters are set in this method:

• LOGIN_PARAM - the login of the user
• PASSWORD_PARAM - the password of the user

If this method is called by a user that is already logged in, then that user's login is returned (assuming the credentials match)

Parameters:

pLogin - the login of the user. This argument cannot be null

pPassword - the password of the user to login. This argument can be null

pIsPasswordEncrypted - true if the given password is encrypted according to the rules above, false if the password is cleartext

Returns:

the profile id of the logged in user, or null if no profile could be found for the given login/password combination

Throws:

javax.servlet.ServletException - if any of the following errors occur:

• pLogin is null
• This method is not called in the context of a request
• A ServletException is thrown by preLoginUser, doLoginUser, or postLoginUser

preLoginUser

protected void preLoginUser(DynamoHttpServletRequest pRequest,
                            DynamoHttpServletResponse pResponse)
                     throws javax.servlet.ServletException

Called before a login actually takes place. This implementation checks to see if the current session's profile is not transient and acts according to the following behavioral rules:

1. If the current profile's login does not match the login that was passed to the web service, then the current profile is logged out and its session is expired. We then attempt to login using the login/password given to the web service
2. If the login/password given to the web service matches that of the current profile, then it's assumed that the same user is logging in twice (for whatever reason). In this case, we throw an exception caught by loginUser(String, String) so that we do not resend login events, profile cookies, etc. In this case, we also reset the securityStatus of the profile to the login securityStatus (if securityStatus is enabled)
3. If the password passed to the web service does not match for the given login, then a ServletException is thrown

Parameters:

pRequest - the current request, expected to have the following parameters:

• LOGIN_PARAM - the login of the user
• PASSWORD_PARAM - the password of the user

Also, this request could optionally have the following parameter:

• HASHKEY_PARAM - the hashkey that was given to the client if they called getPasswordHashKey. Note that this only applies in the case that the client signaled that this authentication attempt used an encrypted password

pResponse - the current response

Throws:

javax.servlet.ServletException - if any of the following occur:

• This method is not executed in the context of a request
• There is no profile found in the current session

doLoginUser

protected void doLoginUser(DynamoHttpServletRequest pRequest,
                           DynamoHttpServletResponse pResponse)
                    throws javax.servlet.ServletException

Logs in a user. The user is defined by a login/password pair set as parameters in the given request. If either propertiesToCopyOnLogin or propertiesToAddOnLogin are set, then those properties will be copied/added from the un-logged in profile to the logged-in profile

Parameters:

pRequest - the current request, expected to have the following parameters:

• LOGIN_PARAM - the login of the user
• PASSWORD_PARAM - the password of the user

Also, this request could optionally have the following parameter:

• HASHKEY_PARAM - the hashkey that was given to the client if they called getPasswordHashKey. Note that this only applies in the case that the client signaled that this authentication attempt used an encrypted password

pResponse - the current response

Throws:

javax.servlet.ServletException - if the password used to login is incorrect, or an error occurs doing repository operations associated with logging in

postLoginUser

protected void postLoginUser(DynamoHttpServletRequest pRequest,
                             DynamoHttpServletResponse pResponse)
                      throws javax.servlet.ServletException

Called after a user is successfully logged in. This implementation is responsible for sending profile cookies, if the system is set up to do so, sending a login event, setting the persona of the current session-scoped User, setting the security status on the logged in profile, and potentially changing the request locale to reflect the logged in person's locale.

Parameters:

pRequest - the current request, expected to have the following parameters:

• LOGIN_PARAM - the login of the user
• PASSWORD_PARAM - the password of the user

Also, this request could optionally have the following parameter:

• HASHKEY_PARAM - the hashkey that was given to the client if they called getPasswordHashKey. Note that this only applies in the case that the client signaled that this authentication attempt used an encrypted password

pResponse - the current response

Throws:

javax.servlet.ServletException - if there is a problem sending cookies, or changing the security status

logoutUser

public void logoutUser()
                throws javax.servlet.ServletException

Logs out the current user.

This method calls preLogoutUser, doLogoutUser , and postLogoutUser in turn

This method is expected to be called in the context of an HTTP request. Also, a transaction is required when executing this method. If no transaction is in place, a new one is started and committed before this method returns.

Throws:

javax.servlet.ServletException - if this method is not called within the context of a request, or is propagated up from preLogoutUser, doLogoutUser, or postLogoutUser

preLogoutUser

protected void preLogoutUser(DynamoHttpServletRequest pRequest,
                             DynamoHttpServletResponse pResponse)
                      throws javax.servlet.ServletException

Called before a user is logged out. In this implementation, we save the id of the current profile in a request parameter so that we can generate a logout event with that id in postLogoutUser. Even though the profile is still valid in postLogoutUser, subclasses of this class may change that by the time postLogoutUser is reached, so we do this here to ensure that the logout event is safe. We also remove the persona associated with the current profile from the current session-scoped user

If logout events are to be fired (generateLogoutEvents is true), the following request parameter is set in this method LOGOUT_ID_PARAM - the id of the person that is being logged out. This needs to be saved so we can fire the event after the person is sucessfully logged out

Parameters:

pRequest - the current request

pResponse - the current response

Throws:

javax.servlet.ServletException - if we're setting up a logout event and there is no current profile to get the id from

doLogoutUser

protected void doLogoutUser(DynamoHttpServletRequest pRequest,
                            DynamoHttpServletResponse pResponse)
                     throws javax.servlet.ServletException

Called to logout a user. This implementation is empty, and most of the actually logging out is done in postLogoutUser. This is to make sure the code flow of our ProfileFormHandler is left intact. Customers who might currently subclass handleLogout and who have extra logic in between preLogout and postLogout can use this method to handle that logic.

Parameters:

pRequest - the current request, which could have the following parameter:

LOGOUT_ID_PARAM - the id of the person that is being logged out

pRequest - the current request

pResponse - the current response

Throws:

javax.servlet.ServletException - if a user-defined error occurs

postLogoutUser

protected void postLogoutUser(DynamoHttpServletRequest pRequest,
                              DynamoHttpServletResponse pResponse)
                       throws javax.servlet.ServletException

Called after a user is logged out. This implementation sends out a logout event, and either expires the current session or replaces the current profile data source with either a new repository item or null, depending on whether logoutProfileType is set.

Parameters:

pRequest - the current request, which could have the following parameter:

LOGOUT_ID_PARAM - the id of the person that is being logged out

pResponse - the current response

Throws:

javax.servlet.ServletException - in the case where we do not expire the current session, and get an error trying to create a new RepositoryItem for the profile's data source

createUser

public java.lang.String createUser(java.lang.String pProfileAsXML)
                            throws javax.servlet.ServletException

Creates a persistent user using the profile values given in pProfileAsXML. It's intended that this service be used by users to create their own profile, and certain session actions will take place based on that assumption i.e. cookie handling, locale changing, etc. Admins that want to create other users' profiles should use adminCreateUserService, and not this method.

This method calls preCreateUser, doCreateUser , and postCreateUser in turn

This method is expected to be called in the context of an HTTP request. Also, a transaction is required when executing this method. If no transaction is in place, a new one is started and committed before this method returns.

The following request parameter is set in this method XML_ITEM_PARAM - the current Repo2Xml item that is being created

Parameters:

pProfileAsXML - the profile of the new persistent user. NOTE: Any password present in this XML should not have been pre-encrypted by the client. It will be encrypted in this operation. This argument may not be null

Returns:

the id of the newly created user

Throws:

javax.servlet.ServletException - if any of the following occurs:

• The pProfileAsXML argument is null or empty
• This method is not executed in the context of an HTTP request
• A ServletException is thrown by preCreateUser, doCreateUser, or postCreateUser

preCreateUser

protected void preCreateUser(DynamoHttpServletRequest pRequest,
                             DynamoHttpServletResponse pResponse)
                      throws javax.servlet.ServletException

Called before a user is created. This implementation checks to see the given XML_ITEM_PARAM refers to an existing user's id, and throws an error if so.

Parameters:

pRequest - the current request, expected to have the following parameter:

XML_ITEM_PARAM - the current item that is to be created

pResponse - the current response

Throws:

javax.servlet.ServletException - if an error occurs.

doCreateUser

protected void doCreateUser(DynamoHttpServletRequest pRequest,
                            DynamoHttpServletResponse pResponse)
                     throws javax.servlet.ServletException

Creates a user that is present as the request parameter, XML_ITEM_PARAM

Parameters:

pRequest - the current request, expected to have the following parameter:

XML_ITEM_PARAM - the current item that is to be created

pResponse - the current response

Throws:

javax.servlet.ServletException - if any of the following errors occur:

• The XML_ITEM_PARAM request parameter is not present in pRequest
• The XML_ITEM_PARAM parameter does not resolve to a valid RepositoryItem
• A RepositoryException occurs creating the RepositoryItem

postCreateUser

protected void postCreateUser(DynamoHttpServletRequest pRequest,
                              DynamoHttpServletResponse pResponse)
                       throws javax.servlet.ServletException

Called after a new user is created. This implementation sends an admin register event, if configured to do so

Parameters:

pRequest - the current request, expected to have the following parameter:

XML_ITEM_PARAM - the current item that is to be created

pResponse - the current response

Throws:

javax.servlet.ServletException - if an error occurs

deleteUser

public boolean deleteUser(java.lang.String pProfileId)
                   throws javax.servlet.ServletException

Deletes a persistent user whose id matches pProfileId. It's intended that this service be used by users to delete their own profile.

This method calls preDeleteUser, doDeleteUser , and postDeleteUser in turn

This method is expected to be called in the context of an HTTP request. Also, a transaction is required when executing this method. If no transaction is in place, a new one is started and committed before this method returns.

The following request parameter is set in this method UPDATE_ID_PARAM - the id of the profile that is to be deleted

Parameters:

pProfileId - the profile of the user to delete. This argument may not be null

Returns:

true if the user was successfully deleted, false otherwise

Throws:

javax.servlet.ServletException - if any of the following occurs:

• The pProfileId argument is null or empty
• This method is not executed in the context of an HTTP request
• A ServletException is thrown by preDeleteUser, doDeleteUser, or postDeleteUser

preDeleteUser

protected void preDeleteUser(DynamoHttpServletRequest pRequest,
                             DynamoHttpServletResponse pResponse)
                      throws javax.servlet.ServletException

Called before a user is deleted. This implementation is a stub and does not do any work

Parameters:

pRequest - the current request, expected to have the following parameter:

UPDATE_ID_PARAM - the id of the user to be deleted

pResponse - the current response

Throws:

javax.servlet.ServletException - if an error occurs.

postDeleteUser

protected void postDeleteUser(DynamoHttpServletRequest pRequest,
                              DynamoHttpServletResponse pResponse)
                       throws javax.servlet.ServletException

Called after a user is succesfully deleted. This implementation is a stub and does not do any work

Parameters:

pRequest - the current request, expected to have the following parameter:

UPDATE_ID_PARAM - the id of the user to be deleted

pResponse - the current response

Throws:

javax.servlet.ServletException - if an error occurs.

doDeleteUser

protected void doDeleteUser(DynamoHttpServletRequest pRequest,
                            DynamoHttpServletResponse pResponse)
                     throws javax.servlet.ServletException

Deletes a user that matches the id present as the request parameter, UPDATE_ID_PARAM. The type of the item that is to be deleted will be of the value specified in the createProfileType property

Parameters:

pRequest - the current request, expected to have the following parameter:

UPDATE_ID_PARAM - the id of the user to be deleted

pResponse - the current response

Throws:

javax.servlet.ServletException - if any of the following errors occur:

• The UPDATE_ID_PARAM request parameter is not present in pRequest
• A RepositoryException occurs deleting the RepositoryItem

getPasswordHashKey

public java.lang.String getPasswordHashKey()
                                    throws javax.servlet.ServletException

Gets a hashkey for a password. This uses the PasswordHasher set for on profileTools property. If this PasswordHasher does not support adding hashkeys for extra encryption, this method will return null and any web service clients using this call during a login conversation should not encrypt their passwords i.e. use https. In the case where a non-null hashkey is generated, this method starts the login conversation for a login attempt with an encrypted password.

Returns:

a temporary hash key used to further encrypt a password before attempting to login, or null if the configured PasswordHasher does not support extra encryption.

Throws:

javax.servlet.ServletException - if we're already in the middle of a login conversation and we've exceeded the conversation time limit, as specified by maxAuthenticationWait

getPasswordHashAlgorithm

public java.lang.String getPasswordHashAlgorithm()
                                          throws javax.servlet.ServletException

Gets the algorithm for the password hasher used by the profile property manager

Throws:

javax.servlet.ServletException

canClientEncryptPasswords

public boolean canClientEncryptPasswords()

Tests to see whether we can allow clients to encrypt their passwords. This is based on what password hasher DPS is using. At this point we can only handle non-salted hashers, and hashers whose getPasswordHashKey() method returns a non-null value

Returns:

true if the client can encrypt their passwords, false otherwise

updateXMLItem

public void updateXMLItem(java.lang.String pItemAsXML,
                          java.lang.String[] pMatchedProperties)
                   throws RepositoryException

Updates a Repo2Xml item

Parameters:

pItemAsXML - the item to update in XML format. The name of the repository and the item's type are present in the XML format, so those do not need to be supplied as arguments. This method will determine which known RepositoryItem to update based on the values of the properties listed in pMatchedProperties present in the pItemAsXML, or if that argument is null, the repositoryId will be used to match items. If there is no existing item which matches those property values, then the item will be added to the repository if the xmlUpdateService component has its addWhenNoMatchedItems flag set to true.

pMatchedProperties - an array of property names that will be used to match up values between the given pItemAsXML and an existing RepositoryItem object (note: use "repositoryId" to specify the matching of ids)

Throws:

RepositoryException - if an error occurs updating the item in the repository

getXMLItem

public java.lang.String getXMLItem(RepositoryItem pItem,
                                   Repository pRepository,
                                   java.lang.String pItemDescriptorName,
                                   java.lang.String pMappingFile)
                            throws RepositoryException

Transforms the given repository item into XML, possibly using a mapping file to cull properties

Parameters:

pItem - the item to transform

pRepository - the repository that holds the item, used to determine a mapping file

pItemDescriptorName - the name of the item descriptor that describes the given item, used to determine a mapping file

pMappingFile - the mapping file to use when turning the item into an XML document

Returns:

the RepositoryItem in XML form

Throws:

RepositoryException - if an error occurs transforming the item

addXMLItem

public RepositoryItem addXMLItem(java.lang.String pItemAsXML,
                                 boolean pPersist)
                          throws RepositoryException

Adds or creates the given pItemAsXML, depending on the value of pPersist. This method uses the configured xmlAddService to add or create the item.

Parameters:

pItemAsXML - the item to add or create

pPersist - if true, the given item will be added, otherwise it will just be created

Returns:

the added or newly created item

Throws:

RepositoryException - if an error occurs adding or creating the item

getMappingFile

public java.lang.String getMappingFile(Repository pRepository,
                                       java.lang.String pItemDescriptorName)

Gets a mapping file for a particular repository:itemDescriptorName combination

Parameters:

pRepository - the repository that contains the given item descriptor

pItemDescriptorName - the name of the item descriptor to get the mapping file for

Returns:

the pathname of the mapping file for the given item descriptor, or null if none exists

getRepositoryItemFromXML

public RepositoryItem getRepositoryItemFromXML(java.lang.String pItemAsXML)
                                        throws RepositoryException

Gets a RepositoryItem object from the given XML representation The item is matched based on the id property in the XML file

Parameters:

pItemAsXML - the repository item in XML form

Returns:

the RepositoryItem object that is represented by pItemAsXML, or null if no such object is found

Throws:

RepositoryException

getRepositoryItemFromXML

public RepositoryItem getRepositoryItemFromXML(java.lang.String pItemAsXML,
                                               java.lang.String[] pMatchedProperties)
                                        throws RepositoryException

Gets a RepositoryItem object from the given XML representation The item is matched based on the id property in the XML file

Parameters:

pItemAsXML - the repository item in XML form

pMatchedProperties - an array of property names whose values are used to find the pItemAsXML objects match in the repository

Returns:

the RepositoryItem object that is represented by pItemAsXML, or null if no such object is found

Throws:

RepositoryException

ensureTransaction

protected javax.transaction.Transaction ensureTransaction()

This method ensures that a transaction exists before returning. If there is an existing transaction, it returns a reference to it. This is a performance thing so it is not very intuitive, but you should use this returned transaction both as a signal that we did NOT create the transaction, and you can use that to avoid having to get the current transaction again (thus saving a hashtable lookup which may add up for methods like getPropertyValue).

commitTransaction

protected void commitTransaction()

Commits the current transaction

doStartService

public void doStartService()
                    throws ServiceException

Called when this service starts, after its properties have been set. In this override, we make sure there's a valid profile tools instance available

Overrides:

doStartService in class GenericService

Throws:

ServiceException - if there is no ProfileTools component to be found

getLoginPasswordHasher

public PasswordHasher getLoginPasswordHasher()

Gets a password hasher for logging in

Returns:

a password hasher used to compare login values

getCurrentProfileId

public java.lang.String getCurrentProfileId()

Gets the profileId of the current thread's user

Returns:

the profileId of the current thread's user, or null if there is none

getCurrentProfile

public Profile getCurrentProfile()

Gets the profile of the current thread's user

Returns:

the profile of the current thread's user, or null if there is none

updateLDAPProfileAttributes

public void updateLDAPProfileAttributes(MutableRepositoryItem pItem)
                                 throws RepositoryException

Updates profile attributes pertaining to LDAP. Specifically, this sets the "fullName" property out of the first and last name of the given item. This is so that forms that create LDAP items don't have to have a fullName field in addition to firstName and lastName (fullName is a required property in LDAP). The other way to do this would be to ask for just the users full name and then split that up in this method to set the first name and last name property for the user as well

Parameters:

pItem - the item to change values on

Throws:

RepositoryException

copyProperties

public void copyProperties(RepositoryItem pGuestUser,
                           RepositoryItem pAuthenticatedUser,
                           java.lang.String[] pPropertiesToCopy)
                    throws RepositoryException

Copies the properties named in pPropertiesToCopy from the pGuestUser to the pAuthenticatedUser

Parameters:

pGuestUser - the user to get values from

pAuthenticatedUser - the user to copy values to

pPropertiesToCopy - the properties that should be copied

Throws:

RepositoryException - if an error occurs updating the authenticated user

addProperties

public void addProperties(RepositoryItem pGuestUser,
                          RepositoryItem pAuthenticatedUser,
                          java.lang.String[] pPropertiesToAdd)
                   throws RepositoryException

Adds values from multi-valued properties from the guest user to the authenticated user

Parameters:

pGuestUser - the user to copy values from

pAuthenticatedUser - the user to copy values to

pPropertiesToAdd - names of multi-valued properties whose values should be added from the guest to the authenticated user

Throws:

RepositoryException - if an error occurs updating the authenticated user with the added properties

addProperty

public void addProperty(java.lang.String pPropertyName,
                        RepositoryItem pGuestUser,
                        RepositoryItem pAuthenticatedUser)
                 throws RepositoryException

Adds a specific multi-valued property's values from the given guest user to the given authenticated user

Parameters:

pGuestUser - the user to copy values from

pAuthenticatedUser - the user to copy values to

pPropertyName - the name of a multi-valued property whose values will be copied from the guest user and added to the authenticated user

Throws:

RepositoryException

addUpdateListener

public void addUpdateListener(atg.userprofiling.ProfileUpdateListener pListener)

Adds the given update listener to the list of listeners we already know about

Parameters:

pListener - the listener to add

removeUpdateListener

public void removeUpdateListener(atg.userprofiling.ProfileUpdateListener pListener)

Removes the given update listener from the list of listeners we already know about

Parameters:

pListener - the listener to remove

sendUpdateEvent

public void sendUpdateEvent(atg.userprofiling.ProfileUpdateEvent pEvent)

Sends the given update event to all of the registered update listeners

Parameters:

pEvent - the event to send

encryptPassword

public void encryptPassword(MutableRepositoryItem pProfile)
                     throws RepositoryException

Takes the cleartext password of the given profile, encrypts it, and resets it to the encrypted version

Parameters:

pProfile - the profile to encrypt the password of

Throws:

RepositoryException

endOperation

public boolean endOperation(DynamoHttpServletRequest pRequest)

Checks the given request to see if the OPERATION_END_PARAM is present and set to true

Parameters:

pRequest - the request to examine

Returns:

true if the OPERATION_END_PARAM is present

endOperationValue

public java.lang.Object endOperationValue(DynamoHttpServletRequest pRequest)

Gets the value of the OPERATION_END_PARAM_NAME from the given request. This value is what should be returned by an operation that is to be ended, if that operation returns anything.

Parameters:

pRequest - the request to be examined

Returns:

the value that should be returned by the ended operation. If the operation does not return anything, then this value is ignored

sendProfileSwapEvent

public void sendProfileSwapEvent(int pEventType,
                                 RepositoryItem pPreSwapItem,
                                 RepositoryItem pPostSwapItem)

Sends a ProfileSwapEvent using the given arguments

Parameters:

pEventType - the type of operation that was performed when the profiles were swapped

pPreSwapItem - the data source of the profile before the swap was performed

pPostSwapItem - the data source of the profile after the swap was performed