atg.security

Class RepositoryApplicationUserAuthority

java.lang.Object

atg.nucleus.logging.VariableArgumentApplicationLoggingImpl

atg.nucleus.GenericService

atg.nucleus.RegisteredService

atg.security.GenericUserAuthority

atg.security.RepositoryApplicationUserAuthority

All Implemented Interfaces:

atg.core.logging.Logging, atg.core.logging.TraceLogging, atg.naming.AbsoluteNameable, NameContextBindingListener, NameContextElement, atg.naming.NameContextParentable, NameResolver, AdminableService, atg.nucleus.Configured, ApplicationLogging, atg.nucleus.logging.ApplicationLoggingSender, atg.nucleus.logging.TraceApplicationLogging, VariableArgumentApplicationLogging, ComponentNameResolver, Service, ServiceListener, LoginUserAuthority, UserAuthority, UserAuthority2, java.util.EventListener

public class RepositoryApplicationUserAuthority
extends GenericUserAuthority
implements LoginUserAuthority

This LoginUserAuthority implements the bare minimum required to do logins and determine role memberships. It reads its data from a Repository, and must be configured with the names of the repository views and properties that it should use to obtain information such as login names, passwords, etc. It only reads from the Repository - it never writes.

The Persona objects generated by this UserAuthority represent only users, not groups or privileges. Personas are read only, and have no subPersonas or attributes. The only methods implemented for a Persona are getName (which returns the user's login), getUserAuthority, equals, and hasRole.

The repository is expected to contain a repository view representing the users, from which logins and passwords will be read. Presumably this repository view will contain more information about a user, but the UserAuthority only cares about those particular properties.

Optionally, the user's repository view may contain a "roles" property, which is consulted when Persona.hasRole is called. This property may be one of several types:

• String[], or Collection (Set, List, etc.) of Strings - these represent the names of the roles associated with a user
• RepositoryItem[], or Collection (Set, List, etc.) of RepositoryItems - these represent "role" objects associated with a user. In this case, the roleViewRoleNameProperty should be defined, indicating which property of that RepositoryItem contains the role's name.

The following properties are used to configure all of the above:

• userView - the name of the repository view representing users. This property is required.
• userViewLoginProperty - the name of the property in the user's repository view containing the login name of a user. It is presumed (but not enforced) that login names will be unique among users. This property is required.
• userViewPasswordProperty - the name of the property in the user's repository view containing the user's password. If passwordHashingEnabled is true, then the value of this property when it is read should return the hashed value of the password, not the value of the password in plaintext. This property is optional - if it is omitted, then logins are permitted as long as the login name matches an existing login, regardless of password.
• userViewRolesProperty - the name of the property containing the collection or array of roles with which the user is associated. As described above, the type of this property must be a String[], a Collection of Strings, a RepositoryItem[], or a Collection of RepositoryItems.
• roleViewRoleNameProperty - if a userViewRolesProperty is specified and is of type RepositoryItem[] or Collection of RepositoryItems, then this indicates which property of that RepositoryItem contains the role's name.
• passwordHasher - the name of a PasswordHasher component that will handle hashing and encryption of passwords. By default this uses MD5 digest hashing and encodes the result in base-16.

Property Summary

Properties

Type	Property and Description
boolean	hasRoleViewRoleName Returns true if RoleViewRoleNameProperty is specified, false if it is null or empty String
boolean	hasUserViewLogin Returns true if UserViewLoginProperty is specified, false if it is null or empty String
boolean	hasUserViewPassword Returns true if UserViewPasswordProperty is specified, false if it is null or empty String
boolean	hasUserViewRoles Returns true if UserViewRolesProperty is specified, false if it is null or empty String

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	CLASS_VERSION

Fields inherited from class atg.nucleus.GenericService

SERVICE_INFO_KEY

Fields inherited from interface atg.nucleus.logging.TraceApplicationLogging

DEFAULT_LOG_TRACE_STATUS

Fields inherited from interface atg.nucleus.logging.ApplicationLogging

DEFAULT_LOG_DEBUG_STATUS, DEFAULT_LOG_ERROR_STATUS, DEFAULT_LOG_INFO_STATUS, DEFAULT_LOG_WARNING_STATUS

Constructor Summary

Constructors

Constructor and Description
RepositoryApplicationUserAuthority() Constructor

Method Summary

Methods

Modifier and Type	Method and Description
void	doStartService() This is called after a Service has been created, placed into the naming hierarchy, and initialized with its configured property values.
PasswordHasher	getAlternateUserPasswordHasher() Returns the password hasher object used in case the user password hasher is not present in the user Profile.
PasswordHasher	getPasswordHasher() Returns the password hasher object used to encrypt password text to whatever format is required by login().
Persona	getPersona(java.lang.Object pLoginName) Returns a persona for the given login name.
Repository	getRepository()
java.lang.String	getRoleViewRoleNameProperty()
javax.transaction.TransactionManager	getTransactionManager()
java.lang.String	getUserView()
java.lang.String	getUserViewLoginProperty()
java.lang.String	getUserViewPasswordProperty()
java.lang.String	getUserViewRolesProperty()
boolean	hasRole(RepositoryItem pUserItem, java.lang.String pLoginName, java.lang.String pRoleName) Determine if the specified user's item has the specified role name.
boolean	hasRoleViewRoleNameProperty() Returns true if RoleViewRoleNameProperty is specified, false if it is null or empty String
boolean	hasUserView() Returns true if UserView is specified, false if it is null or empty String
boolean	hasUserViewLoginProperty() Returns true if UserViewLoginProperty is specified, false if it is null or empty String
boolean	hasUserViewPasswordProperty() Returns true if UserViewPasswordProperty is specified, false if it is null or empty String
boolean	hasUserViewRolesProperty() Returns true if UserViewRolesProperty is specified, false if it is null or empty String
boolean	login(User pUser, java.lang.String pName, java.lang.String pPassword, java.lang.Object pHashKey) Authenticates a user, populating the User object with appropriate personae.
boolean	loginWithUserPasswordHasher(User user, java.lang.String name, java.lang.String hashedPassword, java.lang.Object hashKey, PasswordHasher pHasher) Authenticates a user using user specific Password Hasher, populating the User object with appropriate personae.
void	setPasswordHasher(PasswordHasher pPasswordHasher) Sets the password hasher object used to encrypt password text to whatever format is required by login().
void	setRepository(Repository pRepository)
void	setRoleViewRoleNameProperty(java.lang.String pRoleViewRoleNameProperty)
void	setTransactionManager(javax.transaction.TransactionManager pTransactionManager)
void	setUserView(java.lang.String pUserView)
void	setUserViewLoginProperty(java.lang.String pUserViewLoginProperty)
void	setUserViewPasswordProperty(java.lang.String pUserViewPasswordProperty)
void	setUserViewRolesProperty(java.lang.String pUserViewRolesProperty)

Methods inherited from class atg.security.GenericUserAuthority

addAuthenticationFailedListener, addAuthenticationSucceededListener, addSpecialPersona, fireAuthenticationFailedEvent, fireAuthenticationSucceededEvent, getProxyUserAuthorities, getSpecialPersonae, getSupportsEveryone, getUserAuthorityName, removeAuthenticationFailedListener, removeAuthenticationSucceededListener, removeSpecialPersona, setProxyUserAuthorities, setSpecialPersonae, setSupportsEveryone, setUserAuthorityName, userDestroyed

Methods inherited from class atg.nucleus.RegisteredService

addToRegistry, getRegistry, getRegistryName, getServiceName, removeFromRegistry, setRegistryName, setServiceName, startService, stopService

Methods inherited from class atg.nucleus.GenericService

addLogListener, createAdminServlet, doStopService, getAbsoluteName, getAdminServlet, getAdminServletOutputStreamEncoding, getLoggingForVlogging, getLogListenerCount, getLogListeners, getName, getNameContext, getNucleus, getRoot, getServiceConfiguration, getServiceInfo, isAdminServletUseServletOutputStream, isLoggingDebug, isLoggingError, isLoggingInfo, isLoggingTrace, isLoggingWarning, isRunning, logDebug, logDebug, logDebug, logError, logError, logError, logInfo, logInfo, logInfo, logTrace, logTrace, logTrace, logWarning, logWarning, logWarning, nameContextElementBound, nameContextElementUnbound, removeLogListener, reResolveThis, resolveName, resolveName, resolveName, resolveName, sendLogEvent, setAdminServletOutputStreamEncoding, setAdminServletUseServletOutputStream, setLoggingDebug, setLoggingError, setLoggingInfo, setLoggingTrace, setLoggingWarning, setNucleus, setServiceInfo

Methods inherited from class atg.nucleus.logging.VariableArgumentApplicationLoggingImpl

vlogDebug, vlogDebug, vlogDebug, vlogDebug, vlogDebugTrace, vlogError, vlogError, vlogError, vlogError, vlogInfo, vlogInfo, vlogInfo, vlogInfo, vlogTrace, vlogTrace, vlogTrace, vlogTrace, vlogWarning, vlogWarning, vlogWarning, vlogWarning

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface atg.security.UserAuthority

addAuthenticationFailedListener, addAuthenticationSucceededListener, getUserAuthorityName, removeAuthenticationFailedListener, removeAuthenticationSucceededListener, userDestroyed

Property Detail

hasUserViewLogin

Returns true if UserViewLoginProperty is specified, false if it is null or empty String

hasUserViewPassword

Returns true if UserViewPasswordProperty is specified, false if it is null or empty String

hasUserViewRoles

Returns true if UserViewRolesProperty is specified, false if it is null or empty String

hasRoleViewRoleName

Returns true if RoleViewRoleNameProperty is specified, false if it is null or empty String

Field Detail

CLASS_VERSION

public static java.lang.String CLASS_VERSION

Constructor Detail

RepositoryApplicationUserAuthority

public RepositoryApplicationUserAuthority()

Constructor

Method Detail

getRepository

public Repository getRepository()

setRepository

public void setRepository(Repository pRepository)

getTransactionManager

public javax.transaction.TransactionManager getTransactionManager()

setTransactionManager

public void setTransactionManager(javax.transaction.TransactionManager pTransactionManager)

getUserView

public java.lang.String getUserView()

setUserView

public void setUserView(java.lang.String pUserView)

getUserViewLoginProperty

public java.lang.String getUserViewLoginProperty()

setUserViewLoginProperty

public void setUserViewLoginProperty(java.lang.String pUserViewLoginProperty)

getUserViewPasswordProperty

public java.lang.String getUserViewPasswordProperty()

setUserViewPasswordProperty

public void setUserViewPasswordProperty(java.lang.String pUserViewPasswordProperty)

getUserViewRolesProperty

public java.lang.String getUserViewRolesProperty()

setUserViewRolesProperty

public void setUserViewRolesProperty(java.lang.String pUserViewRolesProperty)

getRoleViewRoleNameProperty

public java.lang.String getRoleViewRoleNameProperty()

setRoleViewRoleNameProperty

public void setRoleViewRoleNameProperty(java.lang.String pRoleViewRoleNameProperty)

hasRole

public boolean hasRole(RepositoryItem pUserItem,
              java.lang.String pLoginName,
              java.lang.String pRoleName)

Determine if the specified user's item has the specified role name.

hasUserView

public boolean hasUserView()

Returns true if UserView is specified, false if it is null or empty String

hasUserViewLoginProperty

public boolean hasUserViewLoginProperty()

Returns true if UserViewLoginProperty is specified, false if it is null or empty String

hasUserViewPasswordProperty

public boolean hasUserViewPasswordProperty()

Returns true if UserViewPasswordProperty is specified, false if it is null or empty String

hasUserViewRolesProperty

public boolean hasUserViewRolesProperty()

Returns true if UserViewRolesProperty is specified, false if it is null or empty String

hasRoleViewRoleNameProperty

public boolean hasRoleViewRoleNameProperty()

Returns true if RoleViewRoleNameProperty is specified, false if it is null or empty String

getPersona

public Persona getPersona(java.lang.Object pLoginName)

Returns a persona for the given login name. Returns null if there is no persona for the indicated login name.

Specified by:

getPersona in interface UserAuthority

Overrides:

getPersona in class GenericUserAuthority

getPasswordHasher

public PasswordHasher getPasswordHasher()

Returns the password hasher object used to encrypt password text to whatever format is required by login().

Specified by:

getPasswordHasher in interface LoginUserAuthority

setPasswordHasher

public void setPasswordHasher(PasswordHasher pPasswordHasher)

Sets the password hasher object used to encrypt password text to whatever format is required by login(). By default, this will be an instance of DigestPasswordHasher.

login

public boolean login(User pUser,
            java.lang.String pName,
            java.lang.String pPassword,
            java.lang.Object pHashKey)

Authenticates a user, populating the User object with appropriate personae.

Specified by:

login in interface LoginUserAuthority

See Also:

PasswordHasher

doStartService

public void doStartService()
                    throws ServiceException

Description copied from class: GenericService

This is called after a Service has been created, placed into the naming hierarchy, and initialized with its configured property values. The Service should override this method to start any processes it requires.

Overrides:

doStartService in class GenericService

Throws:

ServiceException - if the Service had a problem starting up

getAlternateUserPasswordHasher

public PasswordHasher getAlternateUserPasswordHasher()

Description copied from interface: LoginUserAuthority

Returns the password hasher object used in case the user password hasher is not present in the user Profile. This is used for authentication if user profile doesn't have any associated password hasher component meta data

Specified by:

getAlternateUserPasswordHasher in interface LoginUserAuthority

loginWithUserPasswordHasher

public boolean loginWithUserPasswordHasher(User user,
                                  java.lang.String name,
                                  java.lang.String hashedPassword,
                                  java.lang.Object hashKey,
                                  PasswordHasher pHasher)

Description copied from interface: LoginUserAuthority

Authenticates a user using user specific Password Hasher, populating the User object with appropriate personae.

Specified by:

loginWithUserPasswordHasher in interface LoginUserAuthority

See Also:

PasswordHasher