public class User extends FortEntity implements Constraint, Serializable
User
, Role
,
Permission
, PwPolicy
SDSet
etc...) are used to carry data between three Fortress
layers.starting with the (1) Manager layer down thru middle (2) Process layer and it's processing rules into
(3) DAO layer where persistence with the OpenLDAP server occurs.
AdminMgrImpl
,
AccessMgrImpl
,
ReviewMgrImpl
,...
UserP
,
RoleP
, PermP
,...
UserDAO
,
RoleDAO
, PermDAO
,...
setUserId(java.lang.String)
attribute to be set before calling a Manager API.
The unique key to locate a User entity in the Fortress DIT is simply the userId field.
setPassword(char[])
must be set before calling
AccessMgrImpl.authenticate(java.lang.String, char[])
and
AccessMgrImpl.createSession(User, boolean)
(unless trusted).
setOu(java.lang.String)
is required before calling AdminMgrImpl.addUser(User)
to add a new user to ldap.
setRoles(java.util.List<org.apache.directory.fortress.core.model.UserRole>)
will be set for
AccessMgrImpl.createSession(User, boolean)
when selective RBAC Role
activation is required.
setAdminRoles(java.util.List<org.apache.directory.fortress.core.model.UserAdminRole>)
will be set for
AccessMgrImpl.createSession(User, boolean)
when selective
Administrative Role activation is required.
setPwPolicy(java.lang.String)
may be set for AdminMgrImpl.updateUser(User)
to
assign User to a policy PwPolicy
.
password
is the only case sensitive attribute on this entity.Example to create new Fortress User:
try { // Instantiate the AdminMgr first AdminMgr adminMgr = AdminMgrFactory.createInstance(); User myUser = new User("myUserId", "myPassword".toCharArray(), myRoleName", "myOU"); adminMgr.addUser(myUser); } catch (SecurityException ex) { // log or throw }The above code will persist to LDAP a User object that has a userId of "myUserId", a password of "myPassword", a role assignment to "myRoleName", and assigned to organzational unit named "myOU". This User can be used as a target for subsequent User-Role assignments, User-Permission grants, authentication, authorization and more. This entity aggregates one standard LDAP structural object class,
inetOrgPerson
see
RFC 2798, along with three auxiliary object extensions supplied by
Fortress: ftUserAttrs
, ftProperties
, ftMods
. The combination of the standard and custom object
classes form a single entry within the directory and is represented in this entity class.
# The inetOrgPerson represents people who are associated with an
# organization in some way. It is a structural class and is derived
# from the organizationalPerson which is defined in X.521 [X521].
------------------------------------------ objectclass ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL MAY ( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ initials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ preferredLanguage $ userSMIMECertificate $ userPKCS12 ) ) ------------------------------------------2. organizationalPerson Structural Object Class.
------------------------------------------ objectclass ( 2.5.6.7 NAME 'organizationalPerson' DESC 'RFC2256: an organizational person' SUP person STRUCTURAL MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) ) ------------------------------------------3. ftProperties AUXILIARY Object Class is used to store client specific name/value pairs on target entity.
# This aux object class can be used to store custom attributes.
# The properties collections consist of name/value pairs and are not constrainted by Fortress.
------------------------------------------ AC2: Fortress Properties Auxiliary Object Class objectclass ( 1.3.6.1.4.1.38088.3.2 NAME 'ftProperties' DESC 'Fortress Properties AUX Object Class' AUXILIARY MAY ( ftProps ) ) ------------------------------------------4. ftUserAttrs is used to store user RBAC and Admin role assignment and other security attributes on User entity.
------------------------------------------ Fortress User Attributes Auxiliary Object Class objectclass ( 1.3.6.1.4.1.38088.3.1 NAME 'ftUserAttrs' DESC 'Fortress User Attribute AUX Object Class' AUXILIARY MUST ( ftId ) MAY ( ftRC $ ftRA $ ftARC $ ftARA $ ftCstr $ ftSystem ) ) ------------------------------------------5. ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity.
------------------------------------------ Fortress Audit Modification Auxiliary Object Class objectclass ( 1.3.6.1.4.1.38088.3.4 NAME 'ftMods' DESC 'Fortress Modifiers AUX Object Class' AUXILIARY MAY ( ftModifier $ ftModCode $ ftModId ) ) ------------------------------------------
adminSession, contextId, modCode, modId, sequenceId
Constructor and Description |
---|
User()
Default constructor not intended for external use and is typically used by internal Fortress classes.
|
User(String userId)
Construct User given userId.
|
User(String userId,
char[] password)
Construct User given userId and password.
|
User(String userId,
char[] password,
String roleName)
Construct User given userId and password.
|
User(String userId,
char[] password,
String[] roleNames)
Construct User given userId and password.
|
User(String userId,
char[] password,
String roleName,
String ou)
Construct User given userId and password.
|
Modifier and Type | Method and Description |
---|---|
void |
addProperties(Properties props)
Add new collection of name/value pairs to attributes associated with User.
|
void |
addProperty(String key,
String value)
Add name/value pair to list of properties associated with User.
|
void |
delAdminRole(UserAdminRole adminRole)
Removes a user-adminRole object from the list of UserAdminRoles.
|
void |
delRole(UserRole role)
Removes a user-role object from the list of UserRoles.
|
boolean |
equals(Object thatObj)
Matches the userId from two User entities.
|
Address |
getAddress()
Get address data from entity that was persisted in directory as attributes defined by RFC 2798's LDAP inetOrgPerson Object Class:
------------------------------------------
postalAddress
st
postalCode
postOfficeBox
------------------------------------------
|
List<UserAdminRole> |
getAdminRoles()
Return a list of User's Admin Roles.
|
String |
getBeginDate()
Contains the begin date when user is allowed to signon to system.
|
String |
getBeginLockDate()
Contains the begin lock date when user is temporarily not allowed to signon to system.
|
String |
getBeginTime()
Contains the begin time of day user is allowed to signon to system.
|
String |
getCn()
Returns common name associated with User.
|
String |
getDayMask()
Get the daymask that indicates what days of week user is allowed to signon to system.
|
String |
getDescription()
Returns optional description that is associated with User.
|
String |
getDisplayName()
Optional attribute maps to 'displayName' attribute on inetOrgPerson object class.
|
String |
getDn()
Returns distinguished name associated with User.
|
List<String> |
getEmails()
Retrieve multi-occurring email address stored in rfc822Mailbox format associated with
inetOrgPerson object class. |
String |
getEmployeeType()
Used to identify the employer to employee relationship.
|
String |
getEndDate()
Contains the end date when user is allowed to signon to system.
|
String |
getEndLockDate()
Contains the end lock date when user is allowed to signon to system once again.
|
String |
getEndTime()
Contains the end time of day user is allowed to occupy system.
|
String |
getGecos() |
String |
getGidNumber() |
String |
getHomeDirectory() |
String |
getInternalId()
Return the internal userId that is associated with User.
|
byte[] |
getJpegPhoto()
Get one image of a person using the JPEG File Interchange Format [JFIF].
|
String |
getLoginShell() |
List<String> |
getMobiles()
Retrieve multi-occurring
mobile associated with inetOrgPerson object class. |
String |
getName()
This is used internally by Fortress for Constraint operations.
|
char[] |
getNewPassword() |
String |
getOu()
Returns orgUnit name for User.
|
char[] |
getPassword()
Return the optional password attribute for User.
|
List<String> |
getPhones()
Retrieve multi-occurring
telephoneNumber associated with organizationalPerson object class. |
Properties |
getProperties()
Return the collection of name/value pairs to attributes associated with User.
|
String |
getProperty(String key)
Get a name/value pair attribute from list of properties associated with User.
|
Props |
getProps()
Gets the value of the Props property.
|
String |
getPwPolicy()
Return the name of the OpenLDAP password policy that is set for this user.
|
String |
getRawData()
Required by Constraint Interface but not needed for user entity.
|
List<UserRole> |
getRoles()
Return a list of User's RBAC Roles.
|
String |
getSn()
Returns surname associated with User.
|
Integer |
getTimeout()
Return the integer timeout that contains total time (in seconds) that User's session may remain inactive.
|
String |
getTitle()
The honorific prefix(es) of the User, or "Title" in most Western languages (e.g.
|
String |
getUidNumber() |
String |
getUserId()
Return the userId that is associated with User.
|
int |
hashCode()
Override hashcode so User compare operations work in case insensitive manner in collection classes.
|
boolean |
isLocked()
If set to true User's password has been locked by administrator or directory itself due to password policy violations.
|
boolean |
isReset()
If set to true User's password has been reset by administrator.
|
Boolean |
isSystem() |
boolean |
isTemporalSet()
temporal boolean flag is used by internal Fortress components.
|
void |
setAddress(Address address)
Set address data onto entity that stored in directory as attributes defined by RFC 2798's LDAP inetOrgPerson Object Class:
------------------------------------------
postalAddress
st
postalCode
postOfficeBox
------------------------------------------
|
void |
setAdminRole(UserAdminRole role)
Add a single user-adminRole object to the list of UserAdminRoles for User.
|
void |
setAdminRoleName(String roleName)
Add a single user-adminRole object to the list of UserAdminRoles for User.
|
void |
setAdminRoles(List<UserAdminRole> roles)
Add a single user-adminRole object to the list of UserAdminRoles for User.
|
void |
setBeginDate(String beginDate)
Set the beginDate when user is allowed to signon to system.
|
void |
setBeginLockDate(String beginLockDate)
Set the begin lock date when user is temporarily not allowed to signon to system.
|
void |
setBeginTime(String beginTime)
Set the begin time of day user is allowed to signon to system.
|
void |
setCn(String cn)
Set the common name associated with User.
|
void |
setDayMask(String dayMask)
Set the daymask that specifies what days of week user is allowed to signon to system.
|
void |
setDescription(String description)
Sets the optional description that is associated with User.
|
void |
setDisplayName(String displayName)
Optional attribute maps to 'displayName' attribute on inetOrgPerson object class.
|
void |
setDn(String dn)
Set distinguished name associated with User.
|
void |
setEmail(String email)
Set a single email address in rfc822Mailbox format to be assoicated with
inetOrgPerson object class. |
void |
setEmails(List<String> emails)
Set multi-occurring email address to stored in rfc822Mailbox format and associated with
inetOrgPerson object class. |
void |
setEmployeeType(String employeeType)
Used to identify the employer to employee relationship.
|
void |
setEndDate(String endDate)
Set the end date when user is not allowed to signon to system.
|
void |
setEndLockDate(String endLockDate)
Set the end lock date when user is allowed to signon to system once again.
|
void |
setEndTime(String endTime)
Set the end time of day user is allowed to signon to system.
|
void |
setGecos(String gecos) |
void |
setGidNumber(String gidNumber) |
void |
setHomeDirectory(String homeDirectory) |
void |
setInternalId()
Generate an internal userId that is associated with User.
|
void |
setInternalId(String internalId)
Set the internal userId that is associated with User.
|
void |
setJpegPhoto(byte[] jpegPhoto)
Set one image of a person using the JPEG File Interchange Format [JFIF].
|
void |
setLocked(boolean locked)
If set to true User's password has been locked by administrator or directory itself due to password policy violations.
|
void |
setLoginShell(String loginShell) |
void |
setMobile(String mobile)
Set a single
mobile associated with inetOrgPerson object class. |
void |
setMobiles(List<String> mobiles)
Set multi-occurring
mobile associated with inetOrgPerson object class. |
void |
setName(String name)
This is used internally by Fortress for Constraint operations.
|
void |
setNewPassword(char[] newPassword) |
void |
setOu(String ou)
Set the orgUnit name associated with User.
|
void |
setPassword(char[] password)
Set the optional password attribute associated for a User.
|
void |
setPhone(String phone)
Set phone number to stored in rfc822Mailbox format and associated with
inetOrgPerson object class. |
void |
setPhones(List<String> phones)
Set multi-occurring
telephoneNumber number to associated with organizationalPerson object class. |
void |
setProps(Props value)
Sets the value of the Props property.
|
void |
setPwPolicy(String pwPolicy)
Sets the OpenLDAP password policy name to enable for User.
|
void |
setReset(boolean reset)
If set to true User's password has been reset by administrator.
|
void |
setRole(UserRole role)
Add a single user-role object to the list of UserRoles for User.
|
void |
setRoleName(String roleName)
Add a single user-role object to the list of UserRoles for User.
|
void |
setRoles(List<UserRole> roles)
Add a list of RBAC Roles to this entity be considered for later processing:
AccessMgr (user-role activation) or AdminMgr (user-role assignment).
|
void |
setSn(String sn)
Set the surname associated with User.
|
void |
setSystem(Boolean system) |
void |
setTimeout(Integer timeout)
Set the integer timeout that contains max time (in seconds) that User's session may remain inactive.
|
void |
setTitle(String title)
The honorific prefix(es) of the User, or "Title" in most Western languages (e.g.
|
void |
setUidNumber(String uidNumber) |
void |
setUserId(String userId)
Set the userId that is associated with User.
|
String |
toString()
Used to retrieve User's valid userId attribute.
|
getAdminSession, getContextId, getModCode, getModId, getSequenceId, setAdminSession, setContextId, setModCode, setSequenceId
public User()
public User(String userId)
userId
- String validated using simple length test and optional regular expression, i.e. safe text.public User(String userId, char[] password)
userId
- String validated using simple length test and optional regular expression, i.e. safe text.password
- validated using simple length test and OpenLDAP password policies.public User(String userId, char[] password, String roleName)
userId
- String validated using simple length test and optional regular expression, i.e. safe text.password
- validated using simple length test and OpenLDAP password policies.roleName
- contains role that caller is requesting activation.public User(String userId, char[] password, String[] roleNames)
userId
- String validated using simple length test and optional regular expression, i.e. safe text.password
- validated using simple length test and OpenLDAP password policies.roleNames
- contains array of roleNames that caller is requesting activation.public User(String userId, char[] password, String roleName, String ou)
userId
- String validated using simple length test and optional regular expression, i.e. safe text.password
- validated using simple length test and OpenLDAP password policies.roleName
- contains role that caller is requesting activation (see AccessMgr.createSession(User, boolean)
) or assignment (see AdminMgr.addUser(User)
).ou
- org unit name that caller is requesting assigned to newly created User (see AdminMgr.addUser(User)
).public String getUidNumber()
public void setUidNumber(String uidNumber)
public String getGidNumber()
public void setGidNumber(String gidNumber)
public String getHomeDirectory()
public void setHomeDirectory(String homeDirectory)
public String getLoginShell()
public void setLoginShell(String loginShell)
public String getGecos()
public void setGecos(String gecos)
public String toString()
public String getRawData()
getRawData
in interface Constraint
public String getName()
getName
in interface Constraint
public void setName(String name)
setName
in interface Constraint
name
- contains attribute used internally for constraint checking.public String getEmployeeType()
public void setEmployeeType(String employeeType)
employeeType
- maps to 'employeeType' attribute in 'inetOrgPerson' object class.public String getTitle()
public void setTitle(String title)
title
- maps to 'title' attribute in 'inetOrgPerson' objectclass.public String getPwPolicy()
public void setPwPolicy(String pwPolicy)
pwPolicy
- parameter must contain valid OpenLDAP policy name.public List<UserRole> getRoles()
public void setRoles(List<UserRole> roles)
roles
- List of type UserRole that contains at minimum UserId and Role name.public void setRole(UserRole role)
role
- UserRole contains UserRole.name
to target for activation into Session
.public void setRoleName(String roleName)
roleName
- contains role name to target for activation into Session
.public void delRole(UserRole role)
role
- UserRole must contain userId and role name.public List<UserAdminRole> getAdminRoles()
public void setAdminRoles(List<UserAdminRole> roles)
roles
- UserAdminRole contains at least userId and admin role name (activation) and additional constraints (assignment)public void setAdminRole(UserAdminRole role)
role
- UserAdminRole contains at least userId and adminRole name (activation) and additional constraints (assignment)public void setAdminRoleName(String roleName)
roleName
- contrains adminRole name.public void delAdminRole(UserAdminRole adminRole)
adminRole
- UserAdminRole must contain userId and adminRole name.public String getUserId()
public void setUserId(String userId)
userId
- maps to 'uid' attribute in 'inNetOrgPerson' object class.public String getInternalId()
public void setInternalId(String internalId)
internalId
- maps to 'ftId' in 'ftUserAttrs' object class.public void setInternalId()
public String getDescription()
public void setDescription(String description)
description
- that is mapped to same name in 'inetOrgPerson' object class.public char[] getPassword()
public void setPassword(char[] password)
AccessMgrImpl.createSession(User, boolean)
.
Even though password is char[] format here it will be stored on the ldap server (using server-side controls) in configurable and standard hashed formats.password
- maps to 'userPassword' attribute in 'inetOrgPerson' object class.public char[] getNewPassword()
public void setNewPassword(char[] newPassword)
public String getCn()
userId
attribute.public void setCn(String cn)
userId
attribute.cn
- mapped to same name in 'inetOrgPerson' object class.public String getSn()
userId
attribute.public void setSn(String sn)
userId
attribute.sn
- mapped to same name in 'inetOrgPerson' object class.public String getDn()
public void setDn(String dn)
dn
- that is mapped to same name in 'inetOrgPerson' object class.public String getOu()
AdminMgrImpl.addUser(User)
but not on ReviewMgrImpl.readUser(User)
.public void setOu(String ou)
AdminMgrImpl.addUser(User)
but not on ReviewMgrImpl.readUser(User)
.ou
- mapped to same name in 'inetOrgPerson' object class.public String getDisplayName()
public void setDisplayName(String displayName)
displayName
- maps to attribute of same name in 'inetOrgPerson' object class.public boolean isTemporalSet()
isTemporalSet
in interface Constraint
public String getBeginTime()
getBeginTime
in interface Constraint
public void setBeginTime(String beginTime)
setBeginTime
in interface Constraint
beginTime
- maps to 'ftCstr' attribute in 'ftUserAttrs' object class.public String getEndTime()
getEndTime
in interface Constraint
public void setEndTime(String endTime)
setEndTime
in interface Constraint
endTime
- maps to 'ftCstr' attribute in 'ftUserAttrs' object class.public String getBeginDate()
getBeginDate
in interface Constraint
public void setBeginDate(String beginDate)
setBeginDate
in interface Constraint
beginDate
- maps to 'ftCstr' attribute in 'ftUserAttrs' object class.public String getEndDate()
getEndDate
in interface Constraint
public void setEndDate(String endDate)
setEndDate
in interface Constraint
endDate
- maps to 'ftCstr' attribute in 'ftUserAttrs' object class.public String getBeginLockDate()
getBeginLockDate
in interface Constraint
public void setBeginLockDate(String beginLockDate)
setBeginLockDate
in interface Constraint
beginLockDate
- maps to 'ftCstr' attribute in 'ftUserAttrs' object class.public String getEndLockDate()
getEndLockDate
in interface Constraint
public void setEndLockDate(String endLockDate)
setEndLockDate
in interface Constraint
endLockDate
- maps to 'ftCstr' attribute in 'ftUserAttrs' object class.public String getDayMask()
getDayMask
in interface Constraint
public void setDayMask(String dayMask)
setDayMask
in interface Constraint
dayMask
- maps to 'ftCstr' attribute in 'ftUserAttrs' object class.public Integer getTimeout()
getTimeout
in interface Constraint
public void setTimeout(Integer timeout)
setTimeout
in interface Constraint
timeout
- maps to 'ftCstr' attribute in 'ftUserAttrs' object class.public boolean isReset()
public void setReset(boolean reset)
reset
- contains boolean value which maps to 'pwdResetTime' in OpenLDAP's pwpolicy object class.public boolean isLocked()
public void setLocked(boolean locked)
locked
- contains boolean value which maps to 'pwdResetTime' in OpenLDAP's pwpolicy object class.public Props getProps()
Props
public void setProps(Props value)
value
- allowed object is Props
public void addProperty(String key, String value)
key
- contains property name and maps to 'ftProps' attribute in 'ftProperties' aux object class.value
- The property value to addpublic String getProperty(String key)
key
- contains property name and maps to 'ftProps' attribute in 'ftProperties' aux object class.public void addProperties(Properties props)
props
- contains collection of name/value pairs and maps to 'ftProps' attribute in 'ftProperties' aux object class.public Properties getProperties()
public Address getAddress()
postalAddress
st
postalCode
postOfficeBox
Address
public void setAddress(Address address)
postalAddress
st
postalCode
postOfficeBox
address
- The addreess to setpublic List<String> getPhones()
telephoneNumber
associated with organizationalPerson
object class.public void setPhones(List<String> phones)
telephoneNumber
number to associated with organizationalPerson
object class.phones
- contains an ArrayList of type String with zero or more phone numbers associated with the user.public void setPhone(String phone)
inetOrgPerson
object class.phone
- contains String bound to telephoneNumber
attribute on organizationalPerson
object class.public List<String> getMobiles()
mobile
associated with inetOrgPerson
object class.public void setMobiles(List<String> mobiles)
mobile
associated with inetOrgPerson
object class.mobiles
- contains an ArrayList of type String with zero or more mobile phone numbers associated with the user.public void setMobile(String mobile)
mobile
associated with inetOrgPerson
object class.mobile
- contains a String containing mobile phone numbers associated with the user.public List<String> getEmails()
inetOrgPerson
object class.public void setEmails(List<String> emails)
inetOrgPerson
object class.emails
- contains an ArrayList of type String with zero or more email addresses associated with the user.public void setEmail(String email)
inetOrgPerson
object class.email
- contains a String to be stored as email address on user.public Boolean isSystem()
public void setSystem(Boolean system)
system
- the SYSTEM flag to setpublic byte[] getJpegPhoto()
public void setJpegPhoto(byte[] jpegPhoto)
jpegPhoto
- contains the jpeg image stored as byte array.public int hashCode()
Copyright © 2003-2016, The Apache Software Foundation. All Rights Reserved. Generated 20160718-1621