org.apache.jetspeed.services.security.turbine
Class TurbineUserManagement

java.lang.Object
  extended byorg.apache.turbine.services.BaseInitable
      extended byorg.apache.turbine.services.BaseService
          extended byorg.apache.turbine.services.TurbineBaseService
              extended byorg.apache.jetspeed.services.security.turbine.TurbineUserManagement
All Implemented Interfaces:
CredentialsManagement, org.apache.turbine.services.Initable, org.apache.turbine.services.Service, UserManagement

public class TurbineUserManagement
extends org.apache.turbine.services.TurbineBaseService
implements UserManagement, CredentialsManagement

Default Jetspeed-Turbine User Management implementation

Version:
$Id: TurbineUserManagement.java,v 1.14 2005/05/13 20:48:30 taylor Exp $
Author:
David Sean Taylor, Mark Orciuch

Field Summary
protected static java.lang.String CONFIG_NEWUSER_ROLES
           
protected static java.lang.String CONFIG_SECURE_PASSWORDS_ALGORITHM
           
protected static java.lang.String CONFIG_SECURE_PASSWORDS_KEY
           
protected static java.lang.String CONFIG_SYSTEM_USERS
           
protected static java.lang.String[] DEFAULT_CONFIG_NEWUSER_ROLES
           
protected static JetspeedLogger logger
          Static initialization of the logger for this class
protected  java.lang.String passwordsAlgorithm
           
protected  java.lang.String[] roles
           
protected  JetspeedRunDataService runDataService
          The JetspeedRunData Service.
protected  boolean securePasswords
           
protected  java.util.Vector systemUsers
           
 
Fields inherited from class org.apache.turbine.services.BaseService
configuration, name, properties, serviceBroker
 
Fields inherited from class org.apache.turbine.services.BaseInitable
initableBroker, isInitialized
 
Fields inherited from interface org.apache.jetspeed.services.security.UserManagement
SERVICE_NAME
 
Constructor Summary
TurbineUserManagement()
           
 
Method Summary
protected  boolean accountExists(JetspeedUser user)
          Check whether a specified user's account exists.
protected  boolean accountExists(JetspeedUser user, boolean checkUniqueId)
           
protected  void addDefaultPSML(JetspeedUser user)
           
 void addUser(JetspeedUser user)
          Adds a JetspeedUser into permanent storage.
 void changePassword(JetspeedUser user, java.lang.String oldPassword, java.lang.String newPassword)
          Allows for a user to change their own password.
 java.lang.String encryptPassword(java.lang.String password)
          This method provides client-side encryption of passwords.
 void forcePassword(JetspeedUser user, java.lang.String password)
          Forcibly sets new password for a User.
protected  JetspeedRunData getRunData()
           
 JetspeedUser getUser(java.security.Principal principal)
          Retrieves a JetspeedUser given the primary principle.
 java.util.Iterator getUsers()
          Retrieves a collection of all JetspeedUsers.
 java.util.Iterator getUsers(java.lang.String filter)
          Retrieves a collection of JetspeedUsers filtered by a security provider-specific query string.
 void init(javax.servlet.ServletConfig conf)
          This is the early initialization method called by the Turbine Service framework
 void removeUser(java.security.Principal principal)
          Removes a JetspeedUser from the permanent store.
 void saveUser(JetspeedUser user)
          Saves a JetspeedUser's attributes into permanent storage.
 
Methods inherited from class org.apache.turbine.services.TurbineBaseService
init, init, init, shutdown
 
Methods inherited from class org.apache.turbine.services.BaseService
getConfiguration, getName, getProperties, getServiceBroker, setName, setServiceBroker
 
Methods inherited from class org.apache.turbine.services.BaseInitable
getInit, getInitableBroker, setInit, setInitableBroker
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface org.apache.turbine.services.Service
getConfiguration, getName, getProperties, setName, setServiceBroker
 
Methods inherited from interface org.apache.turbine.services.Initable
getInit, init, init, setInitableBroker, shutdown
 

Field Detail

logger

protected static final JetspeedLogger logger
Static initialization of the logger for this class


CONFIG_SECURE_PASSWORDS_KEY

protected static final java.lang.String CONFIG_SECURE_PASSWORDS_KEY
See Also:
Constant Field Values

CONFIG_SECURE_PASSWORDS_ALGORITHM

protected static final java.lang.String CONFIG_SECURE_PASSWORDS_ALGORITHM
See Also:
Constant Field Values

CONFIG_SYSTEM_USERS

protected static final java.lang.String CONFIG_SYSTEM_USERS
See Also:
Constant Field Values

securePasswords

protected boolean securePasswords

passwordsAlgorithm

protected java.lang.String passwordsAlgorithm

systemUsers

protected java.util.Vector systemUsers

CONFIG_NEWUSER_ROLES

protected static final java.lang.String CONFIG_NEWUSER_ROLES
See Also:
Constant Field Values

DEFAULT_CONFIG_NEWUSER_ROLES

protected static final java.lang.String[] DEFAULT_CONFIG_NEWUSER_ROLES

roles

protected java.lang.String[] roles

runDataService

protected JetspeedRunDataService runDataService
The JetspeedRunData Service.

Constructor Detail

TurbineUserManagement

public TurbineUserManagement()
Method Detail

getUser

public JetspeedUser getUser(java.security.Principal principal)
                     throws JetspeedSecurityException
Retrieves a JetspeedUser given the primary principle. The principal can be any valid Jetspeed Security Principal: org.apache.jetspeed.om.security.UserNamePrincipal org.apache.jetspeed.om.security.UserIdPrincipal The security service may optionally check the current user context to determine if the requestor has permission to perform this action.

Specified by:
getUser in interface UserManagement
Parameters:
principal - a principal identity to be retrieved.
Returns:
a JetspeedUser associated to the principal identity.
Throws:
UserException - when the security provider has a general failure retrieving a user.
UnknownUserException - when the security provider cannot match the principal identity to a user.
InsufficientPrivilegeException - when the requestor is denied due to insufficient privilege
JetspeedSecurityException

getUsers

public java.util.Iterator getUsers()
                            throws JetspeedSecurityException
Retrieves a collection of all JetspeedUsers. The security service may optionally check the current user context to determine if the requestor has permission to perform this action.

Specified by:
getUsers in interface UserManagement
Returns:
a collection of JetspeedUser entities.
Throws:
UserException - when the security provider has a general failure retrieving users.
InsufficientPrivilegeException - when the requestor is denied due to insufficient privilege
JetspeedSecurityException

getUsers

public java.util.Iterator getUsers(java.lang.String filter)
                            throws JetspeedSecurityException
Retrieves a collection of JetspeedUsers filtered by a security provider-specific query string. For example SQL, OQL, JDOQL. The security service may optionally check the current user context to determine if the requestor has permission to perform this action.

Specified by:
getUsers in interface UserManagement
Returns:
a collection of JetspeedUser entities.
Throws:
UserException - when the security provider has a general failure retrieving users.
InsufficientPrivilegeException - when the requestor is denied due to insufficient privilege
JetspeedSecurityException

saveUser

public void saveUser(JetspeedUser user)
              throws JetspeedSecurityException
Saves a JetspeedUser's attributes into permanent storage. The user's account is required to exist in the storage. The security service may optionally check the current user context to determine if the requestor has permission to perform this action.

Specified by:
saveUser in interface UserManagement
Throws:
UserException - when the security provider has a general failure retrieving users.
InsufficientPrivilegeException - when the requestor is denied due to insufficient privilege
JetspeedSecurityException

addUser

public void addUser(JetspeedUser user)
             throws JetspeedSecurityException
Adds a JetspeedUser into permanent storage. The security service can throw a NotUniqueUserException when the public credentials fail to meet the security provider-specific unique constraints. The security service may optionally check the current user context to determine if the requestor has permission to perform this action.

Specified by:
addUser in interface UserManagement
Throws:
UserException - when the security provider has a general failure retrieving users.
NotUniqueUserException - when the public credentials fail to meet the security provider-specific unique constraints.
InsufficientPrivilegeException - when the requestor is denied due to insufficient privilege
JetspeedSecurityException

addDefaultPSML

protected void addDefaultPSML(JetspeedUser user)
                       throws JetspeedSecurityException
Throws:
JetspeedSecurityException

removeUser

public void removeUser(java.security.Principal principal)
                throws JetspeedSecurityException
Removes a JetspeedUser from the permanent store. The security service may optionally check the current user context to determine if the requestor has permission to perform this action.

Specified by:
removeUser in interface UserManagement
Parameters:
principal - the principal identity to be retrieved.
Throws:
UserException - when the security provider has a general failure retrieving a user.
UnknownUserException - when the security provider cannot match the principal identity to a user.
InsufficientPrivilegeException - when the requestor is denied due to insufficient privilege
JetspeedSecurityException

changePassword

public void changePassword(JetspeedUser user,
                           java.lang.String oldPassword,
                           java.lang.String newPassword)
                    throws JetspeedSecurityException
Allows for a user to change their own password.

Specified by:
changePassword in interface CredentialsManagement
Parameters:
user - the JetspeedUser to change password
oldPassword - the current password supplied by the user.
newPassword - the current password requested by the user.
Throws:
UserException - when the security provider has a general failure retrieving a user.
UnknownUserException - when the security provider cannot match the principal identity to a user.
InsufficientPrivilegeException - when the requestor is denied due to insufficient privilege
JetspeedSecurityException

forcePassword

public void forcePassword(JetspeedUser user,
                          java.lang.String password)
                   throws JetspeedSecurityException
Forcibly sets new password for a User. Provides an administrator the ability to change the forgotten or compromised passwords. Certain implementatations of this feature would require administrative level access to the authenticating server / program.

Specified by:
forcePassword in interface CredentialsManagement
Parameters:
user - the user to change the password for.
password - the new password.
Throws:
UserException - when the security provider has a general failure retrieving a user.
UnknownUserException - when the security provider cannot match the principal identity to a user.
InsufficientPrivilegeException - when the requestor is denied due to insufficient privilege
JetspeedSecurityException

encryptPassword

public java.lang.String encryptPassword(java.lang.String password)
                                 throws JetspeedSecurityException
This method provides client-side encryption of passwords. If secure.passwords are enabled in JetspeedSecurity properties, the password will be encrypted, if not, it will be returned unchanged. The secure.passwords.algorithm property can be used to chose which digest algorithm should be used for performing the encryption. SHA is used by default.

Specified by:
encryptPassword in interface CredentialsManagement
Parameters:
password - the password to process
Returns:
processed password
Throws:
JetspeedSecurityException

init

public void init(javax.servlet.ServletConfig conf)
          throws org.apache.turbine.services.InitializationException
This is the early initialization method called by the Turbine Service framework

Parameters:
conf - The ServletConfig
Throws:
throws - a InitializationException if the service fails to initialize
org.apache.turbine.services.InitializationException

accountExists

protected boolean accountExists(JetspeedUser user)
                         throws UserException
Check whether a specified user's account exists. The login name is used for looking up the account.

Parameters:
user - the user to be checked.
Returns:
true if the specified account exists
Throws:
UserException - if there was a general db access error

accountExists

protected boolean accountExists(JetspeedUser user,
                                boolean checkUniqueId)
                         throws UserException
Throws:
UserException

getRunData

protected JetspeedRunData getRunData()


Copyright © 2000-2005 Apache Software Foundation. All Rights Reserved.