Package org.apache.directory.fortress.core.model

Class User

java.lang.Object

org.apache.directory.fortress.core.model.FortEntity

org.apache.directory.fortress.core.model.User

All Implemented Interfaces:

Serializable, Constraint

Direct Known Subclasses:

UserAnt

public class User
extends FortEntity
implements Constraint, Serializable

All entities (User, Role, Permission, PwPolicy SDSet etc...) are used to carry data between three Fortress layers.starting with the (1) Manager layer down thru middle (2) Process layer and it's processing rules into (3) DAO layer where persistence with the LDAP server occurs.

Fortress Processing Layers

1. Manager layer: AdminMgrImpl, AccessMgrImpl, ReviewMgrImpl,...
2. Process layer: UserP, RoleP, PermP,...
3. DAO layer: UserDAO, RoleDAO, PermDAO,...

Fortress clients must first instantiate the data entity before invoking one of the Manager APIs. The caller must first provide enough information to uniquely identity target record for the particular ldap operation performed.
For example the User entity requires the setUserId(java.lang.String) attribute to be set before calling a Manager API. The unique key to locate a User entity in the Fortress DIT is simply the userId field.
Other ldap operations on User may require additional attributes to be set.

User entity attribute usages include

• setPassword(String) must be set before calling AccessMgrImpl.authenticate(java.lang.String, java.lang.String) and AccessMgrImpl.createSession(User, boolean) (unless trusted).
• setOu(java.lang.String) is required before calling AdminMgrImpl.addUser(User) to add a new user to ldap.
• setRoles(java.util.List<org.apache.directory.fortress.core.model.UserRole>) will be set for AccessMgrImpl.createSession(User, boolean) when selective RBAC Role activation is required.
• setAdminRoles(java.util.List<org.apache.directory.fortress.core.model.UserAdminRole>) will be set for AccessMgrImpl.createSession(User, boolean) when selective Administrative Role activation is required.
• setPwPolicy(java.lang.String) may be set for AdminMgrImpl.updateUser(User) to assign User to a policy PwPolicy.
• password is the only case sensitive attribute on this entity.

Example to create new Fortress User:

 try
 {
  // Instantiate the AdminMgr first
  AdminMgr adminMgr = AdminMgrFactory.createInstance();

  User myUser = new User("myUserId", "myPassword".toCharArray(), myRoleName", "myOU");
  adminMgr.addUser(myUser);
 }
 catch (SecurityException ex)
 {
  // log or throw
 }
 

The above code will persist to LDAP a User object that has a userId of "myUserId", a password of "myPassword", a role assignment to "myRoleName", and assigned to organzational unit named "myOU". This User can be used as a target for subsequent User-Role assignments, User-Permission grants, authentication, authorization and more. This entity aggregates one standard LDAP structural object class, inetOrgPerson see RFC 2798, along with three auxiliary object extensions supplied by Fortress: ftUserAttrs, ftProperties, ftMods. The combination of the standard and custom object classes form a single entry within the directory and is represented in this entity class.

Fortress User Schema

1. InetOrgPerson Structural Object Class.
# The inetOrgPerson represents people who are associated with an
# organization in some way. It is a structural class and is derived
# from the organizationalPerson which is defined in X.521 [X521].

 ------------------------------------------
 objectclass ( 2.16.840.1.113730.3.2.2
  NAME 'inetOrgPerson'
  DESC 'RFC2798: Internet Organizational Person'
  SUP organizationalPerson
  STRUCTURAL
  MAY (
      audio $ businessCategory $ carLicense $ departmentNumber $
      displayName $ employeeNumber $ employeeType $ givenName $
      homePhone $ homePostalAddress $ initials $ jpegPhoto $
      labeledURI $ mail $ manager $ mobile $ o $ pager $ photo $
      roomNumber $ secretary $ uid $ userCertificate $
      x500uniqueIdentifier $ preferredLanguage $
      userSMIMECertificate $ userPKCS12
  )
 )
 ------------------------------------------
 

2. organizationalPerson Structural Object Class.

 ------------------------------------------
 objectclass ( 2.5.6.7
  NAME 'organizationalPerson'
  DESC 'RFC2256: an organizational person'
  SUP person
  STRUCTURAL
  MAY (
      title $ x121Address $ registeredAddress $ destinationIndicator $
      preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
      telephoneNumber $ internationaliSDNNumber $
      facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
      postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l
  )
 )
 ------------------------------------------
 

3. ftProperties AUXILIARY Object Class is used to store client specific name/value pairs on target entity.
# This aux object class can be used to store custom attributes.
# The properties collections consist of name/value pairs and are not constrainted by Fortress.

 ------------------------------------------
 AC2: Fortress Properties Auxiliary Object Class
 objectclass ( 1.3.6.1.4.1.38088.3.2
  NAME 'ftProperties'
  DESC 'Fortress Properties AUX Object Class'
  AUXILIARY
  MAY (
      ftProps
  )
 )
 ------------------------------------------
 

4. ftUserAttrs is used to store user RBAC and Admin role assignment and other security attributes on User entity.

 ------------------------------------------
 Fortress User Attributes Auxiliary Object Class
 objectclass ( 1.3.6.1.4.1.38088.3.1
  NAME 'ftUserAttrs'
  DESC 'Fortress User Attribute AUX Object Class'
  AUXILIARY
  MUST (
      ftId
  )
  MAY (
      ftRC $
      ftRA $
      ftARC $
      ftARA $
      ftCstr $
      ftSystem
  )
 )
 ------------------------------------------
 

5. ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity.

 ------------------------------------------
 Fortress Audit Modification Auxiliary Object Class
 objectclass ( 1.3.6.1.4.1.38088.3.4
  NAME 'ftMods'
  DESC 'Fortress Modifiers AUX Object Class'
  AUXILIARY
  MAY (
      ftModifier $
      ftModCode $
      ftModId
  )
 )
 ------------------------------------------
 

Author:

Apache Directory Project

See Also:

Serialized Form

Field Summary

Fields inherited from class org.apache.directory.fortress.core.model.FortEntity

adminSession, contextId, modCode, modId, sequenceId

Constructor Summary

Constructors

Constructor	Description
User()	Default constructor not intended for external use and is typically used by internal Fortress classes.
User(String userId)	Construct User given userId.
User(String userId, String password)	Construct User given userId and password.
User(String userId, String password, String roleName)	Construct User given userId and password.
User(String userId, String password, String[] roleNames)	Construct User given userId and password.
User(String userId, String password, String roleName, String ou)	Construct User given userId and password.

Method Summary

Modifier and Type	Method	Description
void	addProperties(Properties props)	Add new collection of name/value pairs to attributes associated with User.
void	addProperty(String key, String value)	Add name/value pair to list of properties associated with User.
void	delAdminRole(UserAdminRole adminRole)	Removes a user-adminRole object from the list of UserAdminRoles.
void	delRole(UserRole role)	Removes a user-role object from the list of UserRoles.
boolean	equals(Object thatObj)	Matches the userId from two User entities.
Address	getAddress()	Get address data from entity that was persisted in directory as attributes defined by RFC 2798's LDAP inetOrgPerson Object Class: ------------------------------------------ postalAddress st postalCode postOfficeBox ------------------------------------------
List<UserAdminRole>	getAdminRoles()	Return a list of User's Admin Roles.
String	getBeginDate()	Contains the begin date when user is allowed to signon to system.
String	getBeginLockDate()	Contains the begin lock date when user is temporarily not allowed to signon to system.
String	getBeginTime()	Contains the begin time of day user is allowed to signon to system.
String	getCn()	Returns common name associated with User.
List<RoleConstraint>	getConstraints()	Return a list of role constraints on entity.
String	getDayMask()	Get the daymask that indicates what days of week user is allowed to signon to system.
String	getDescription()	Returns optional description that is associated with User.
String	getDisplayName()	Optional attribute maps to 'displayName' attribute on inetOrgPerson object class.
String	getDn()	Returns distinguished name associated with User.
List<String>	getEmails()	Retrieve multi-occurring email address stored in rfc822Mailbox format associated with inetOrgPerson object class.
String	getEmployeeType()	Used to identify the employer to employee relationship.
String	getEndDate()	Contains the end date when user is allowed to signon to system.
String	getEndLockDate()	Contains the end lock date when user is allowed to signon to system once again.
String	getEndTime()	Contains the end time of day user is allowed to occupy system.
String	getGecos()
String	getGidNumber()
String	getHomeDirectory()
String	getInternalId()	Return the internal userId that is associated with User.
byte[]	getJpegPhoto()	Get one image of a person using the JPEG File Interchange Format [JFIF].
String	getLoginShell()
List<String>	getMobiles()	Retrieve multi-occurring mobile associated with inetOrgPerson object class.
String	getName()	This is used internally by Fortress for Constraint operations.
String	getNewPassword()	Get the new password which will be used in a password change.
String	getOu()	Returns orgUnit name for User.
String	getPassword()	Get the optional password attribute associated for a User.
List<String>	getPhones()	Retrieve multi-occurring telephoneNumber associated with organizationalPerson object class.
Properties	getProperties()	Return the collection of name/value pairs to attributes associated with User.
String	getProperty(String key)	Get a name/value pair attribute from list of properties associated with User.
Props	getProps()	Gets the value of the Props property.
String	getPwPolicy()	Return the name of the OpenLDAP password policy that is set for this user.
String	getRawData()	Required by Constraint Interface but not needed for user entity.
List<UserRole>	getRoles()	Return a list of User's RBAC Roles.
String	getSn()	Returns surname associated with User.
Integer	getTimeout()	Return the integer timeout that contains total time ((in minutes)) that User's session may remain inactive.
String	getTitle()	The honorific prefix(es) of the User, or "Title" in most Western languages (e.g.
String	getUidNumber()
String	getUserId()	Return the userId that is associated with User.
int	hashCode()	Override hashcode so User compare operations work in case insensitive manner in collection classes.
boolean	isLocked()	If set to true User's password has been locked by administrator or directory itself due to password policy violations.
boolean	isReset()	If set to true User's password has been reset by administrator.
Boolean	isSystem()
boolean	isTemporalSet()	temporal boolean flag is used by internal Fortress components.
void	setAddress(Address address)	Set address data onto entity that stored in directory as attributes defined by RFC 2798's LDAP inetOrgPerson Object Class: ------------------------------------------ postalAddress st postalCode postOfficeBox ------------------------------------------
void	setAdminRole(UserAdminRole role)	Add a single user-adminRole object to the list of UserAdminRoles for User.
void	setAdminRoleName(String roleName)	Add a single user-adminRole object to the list of UserAdminRoles for User.
void	setAdminRoles(List<UserAdminRole> roles)	Add a single user-adminRole object to the list of UserAdminRoles for User.
void	setBeginDate(String beginDate)	Set the beginDate when user is allowed to signon to system.
void	setBeginLockDate(String beginLockDate)	Set the begin lock date when user is temporarily not allowed to signon to system.
void	setBeginTime(String beginTime)	Set the begin time of day user is allowed to signon to system.
void	setCn(String cn)	Set the common name associated with User.
void	setDayMask(String dayMask)	Set the daymask that specifies what days of week user is allowed to signon to system.
void	setDescription(String description)	Sets the optional description that is associated with User.
void	setDisplayName(String displayName)	Optional attribute maps to 'displayName' attribute on inetOrgPerson object class.
void	setDn(String dn)	Set distinguished name associated with User.
void	setEmail(String email)	Set a single email address in rfc822Mailbox format to be assoicated with inetOrgPerson object class.
void	setEmails(List<String> emails)	Set multi-occurring email address to stored in rfc822Mailbox format and associated with inetOrgPerson object class.
void	setEmployeeType(String employeeType)	Used to identify the employer to employee relationship.
void	setEndDate(String endDate)	Set the end date when user is not allowed to signon to system.
void	setEndLockDate(String endLockDate)	Set the end lock date when user is allowed to signon to system once again.
void	setEndTime(String endTime)	Set the end time of day user is allowed to signon to system.
void	setGecos(String gecos)
void	setGidNumber(String gidNumber)
void	setHomeDirectory(String homeDirectory)
void	setInternalId()	Generate an internal userId that is associated with User.
void	setInternalId(String internalId)	Set the internal userId that is associated with User.
void	setJpegPhoto(byte[] jpegPhoto)	Set one image of a person using the JPEG File Interchange Format [JFIF].
void	setLocked(boolean locked)	If set to true User's password has been locked by administrator or directory itself due to password policy violations.
void	setLoginShell(String loginShell)
void	setMobile(String mobile)	Set a single mobile associated with inetOrgPerson object class.
void	setMobiles(List<String> mobiles)	Set multi-occurring mobile associated with inetOrgPerson object class.
void	setName(String name)	This is used internally by Fortress for Constraint operations.
void	setNewPassword(String newPassword)	Set the new password which will be used in a password change.
void	setOu(String ou)	Set the orgUnit name associated with User.
void	setPassword(String password)	Set the optional password attribute associated for a User.
void	setPhone(String phone)	Set phone number to stored in rfc822Mailbox format and associated with inetOrgPerson object class.
void	setPhones(List<String> phones)	Set multi-occurring telephoneNumber number to associated with organizationalPerson object class.
void	setProps(Props value)	Sets the value of the Props property.
void	setPwPolicy(String pwPolicy)	Sets the OpenLDAP password policy name to enable for User.
void	setReset(boolean reset)	If set to true User's password has been reset by administrator.
void	setRole(UserRole role)	Add a single user-role object to the list of UserRoles for User.
void	setRoleName(String roleName)	Add a single user-role object to the list of UserRoles for User.
void	setRoles(List<UserRole> roles)	Add a list of RBAC Roles to this entity be considered for later processing: AccessMgr (user-role activation) or AdminMgr (user-role assignment).
void	setSn(String sn)	Set the surname associated with User.
void	setSystem(Boolean system)
void	setTimeout(Integer timeout)	Set the integer timeout that contains max time ((in minutes)) that User's session may remain inactive.
void	setTitle(String title)	The honorific prefix(es) of the User, or "Title" in most Western languages (e.g.
void	setUidNumber(String uidNumber)
void	setUserId(String userId)	Set the userId that is associated with User.
String	toString()	Used to retrieve userId attributes concatenated in a comma separated value String..

Methods inherited from class org.apache.directory.fortress.core.model.FortEntity

getAdminSession, getContextId, getModCode, getModId, getSequenceId, setAdminSession, setContextId, setModCode, setSequenceId

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

User

public User()

Default constructor not intended for external use and is typically used by internal Fortress classes. User entity constructed in this manner cannot be used by other until additional attributes (i.e. userId) are set.

User

public User(String userId)

Construct User given userId. Once loaded this entity can be passed to AccessMgr.createSession iff trusted == 'true'..

Parameters:

userId - String validated using simple length test and optional regular expression, i.e. safe text.

User

public User(String userId,
            String password)

Construct User given userId and password. Once loaded this entity can be passed to AccessMgr.createSession.

Parameters:

userId - String validated using simple length test and optional regular expression, i.e. safe text.

password - validated using simple length test and OpenLDAP password policies.

User

public User(String userId,
            String password,
            String roleName)

Construct User given userId and password. Once loaded this entity can be passed to AccessMgr.createSession.

Parameters:

userId - String validated using simple length test and optional regular expression, i.e. safe text.

password - validated using simple length test and OpenLDAP password policies.

roleName - contains role that caller is requesting activation.

User

public User(String userId,
            String password,
            String[] roleNames)

Construct User given userId and password. Once loaded this entity can be passed to AccessMgr.createSession.

Parameters:

userId - String validated using simple length test and optional regular expression, i.e. safe text.

password - validated using simple length test and OpenLDAP password policies.

roleNames - contains array of roleNames that caller is requesting activation.

User

public User(String userId,
            String password,
            String roleName,
            String ou)

Construct User given userId and password. Once loaded this entity can be passed to AccessMgr.createSession.

Parameters:

userId - String validated using simple length test and optional regular expression, i.e. safe text.

password - validated using simple length test and OpenLDAP password policies.

roleName - contains role that caller is requesting activation (see AccessMgr.createSession(User, boolean)) or assignment (see AdminMgr.addUser(User)).

ou - org unit name that caller is requesting assigned to newly created User (see AdminMgr.addUser(User)).

Method Detail

getUidNumber

public String getUidNumber()

setUidNumber

public void setUidNumber(String uidNumber)

getGidNumber

public String getGidNumber()

setGidNumber

public void setGidNumber(String gidNumber)

getHomeDirectory

public String getHomeDirectory()

setHomeDirectory

public void setHomeDirectory(String homeDirectory)

getLoginShell

public String getLoginShell()

setLoginShell

public void setLoginShell(String loginShell)

getGecos

public String getGecos()

setGecos

public void setGecos(String gecos)

toString

public String toString()

Used to retrieve userId attributes concatenated in a comma separated value String..

Overrides:

toString in class Object

Returns:

String value containing attributes in CSV format.

getRawData

public String getRawData()

Required by Constraint Interface but not needed for user entity. Not intended for external use.

Specified by:

getRawData in interface Constraint

Returns:

String containing constraint data ready for ldap.

getName

public String getName()

This is used internally by Fortress for Constraint operations.

Specified by:

getName in interface Constraint

Returns:

String contains name attribute used internally for constraint checking.

setName

public void setName(String name)

This is used internally by Fortress for Constraint operations. Values set here by external caller will be ignored.

Specified by:

setName in interface Constraint

Parameters:

name - contains attribute used internally for constraint checking.

getEmployeeType

public String getEmployeeType()

Used to identify the employer to employee relationship. Typical values used will be "Contractor", "Employee", "Intern", "Temp", "External", and "Unknown" but any value may be used.

Returns:

attribute maps to 'employeeType' attribute in 'inetOrgPerson' object class.

setEmployeeType

public void setEmployeeType(String employeeType)

Used to identify the employer to employee relationship. Typical values used will be "Contractor", "Employee", "Intern", "Temp", "External", and "Unknown" but any value may be used.

Parameters:

employeeType - maps to 'employeeType' attribute in 'inetOrgPerson' object class.

getTitle

public String getTitle()

The honorific prefix(es) of the User, or "Title" in most Western languages (e.g. Ms. given the full name Ms. Barbara Jane Jensen, III.).

Returns:

maps to 'title' attribute in 'inetOrgPerson' objectclass.

setTitle

public void setTitle(String title)

The honorific prefix(es) of the User, or "Title" in most Western languages (e.g. Ms. given the full name Ms. Barbara Jane Jensen, III.).

Parameters:

title - maps to 'title' attribute in 'inetOrgPerson' objectclass.

getPwPolicy

public String getPwPolicy()

Return the name of the OpenLDAP password policy that is set for this user. This attribute may be null. The attribute maps to 'pwdPolicySubentry' attribute from pwpolicy ldap object class.

Returns:

name maps to name of OpenLDAP policy in effect for User.

setPwPolicy

public void setPwPolicy(String pwPolicy)

Sets the OpenLDAP password policy name to enable for User. This attribute is optional but if set, will be validated to ensure contains actual OpenLDAP password policy name.

Parameters:

pwPolicy - parameter must contain valid OpenLDAP policy name.

getRoles

public List<UserRole> getRoles()

Return a list of User's RBAC Roles.

Returns:

List containing User's RBAC roles. This list may be empty if User not assigned RBAC.

setRoles

public void setRoles(List<UserRole> roles)

Add a list of RBAC Roles to this entity be considered for later processing: AccessMgr (user-role activation) or AdminMgr (user-role assignment).

Parameters:

roles - List of type UserRole that contains at minimum UserId and Role name.

setRole

public void setRole(UserRole role)

Add a single user-role object to the list of UserRoles for User.

Parameters:

role - UserRole contains UserRole.name to target for activation into Session.

setRoleName

public void setRoleName(String roleName)

Add a single user-role object to the list of UserRoles for User.

Parameters:

roleName - contains role name to target for activation into Session.

delRole

public void delRole(UserRole role)

Removes a user-role object from the list of UserRoles.

Parameters:

role - UserRole must contain userId and role name.

getAdminRoles

public List<UserAdminRole> getAdminRoles()

Return a list of User's Admin Roles.

Returns:

List containing User's Admin roles. This list may be empty if User not assigned Administrative role.

setAdminRoles

public void setAdminRoles(List<UserAdminRole> roles)

Add a single user-adminRole object to the list of UserAdminRoles for User.

Parameters:

roles - UserAdminRole contains at least userId and admin role name (activation) and additional constraints (assignment)

setAdminRole

public void setAdminRole(UserAdminRole role)

Add a single user-adminRole object to the list of UserAdminRoles for User.

Parameters:

role - UserAdminRole contains at least userId and adminRole name (activation) and additional constraints (assignment)

setAdminRoleName

public void setAdminRoleName(String roleName)

Add a single user-adminRole object to the list of UserAdminRoles for User.

Parameters:

roleName - contrains adminRole name.

delAdminRole

public void delAdminRole(UserAdminRole adminRole)

Removes a user-adminRole object from the list of UserAdminRoles.

Parameters:

adminRole - UserAdminRole must contain userId and adminRole name.

getUserId

public String getUserId()

Return the userId that is associated with User. UserId is required attribute and must be set on add, update, delete, createSession, authenticate, etc..

Returns:

attribute maps to 'uid' in 'inetOrgPerson' object class.

setUserId

public void setUserId(String userId)

Set the userId that is associated with User. UserId is required attribute and must be set on add, update, delete, createSession, authenticate, etc..

Parameters:

userId - maps to 'uid' attribute in 'inNetOrgPerson' object class.

getInternalId

public String getInternalId()

Return the internal userId that is associated with User. This attribute is generated automatically by Fortress when new User is added to directory and is not known or changeable by external client.

Returns:

attribute maps to 'ftId' in 'ftUserAttrs' object class.

setInternalId

public void setInternalId(String internalId)

Set the internal userId that is associated with User. This method is used by DAO class and is generated automatically by Fortress. Attribute stored in LDAP cannot be changed by external caller. This method can be used by client for search purposes only.

Parameters:

internalId - maps to 'ftId' in 'ftUserAttrs' object class.

setInternalId

public void setInternalId()

Generate an internal userId that is associated with User. This method is used by DAO class and is not available to outside classes. The generated attribute maps to 'ftId' in 'ftUserAttrs' object class.

getDescription

public String getDescription()

Returns optional description that is associated with User. This attribute is validated but not constrained by Fortress.

Returns:

value that is mapped to 'description' in 'inetOrgPerson' object class.

setDescription

public void setDescription(String description)

Sets the optional description that is associated with User. This attribute is validated but not constrained by Fortress.

Parameters:

description - that is mapped to same name in 'inetOrgPerson' object class.

getPassword

public String getPassword()

Get the optional password attribute associated for a User. Note, this value is required before User will pass Fortress authentication in AccessMgrImpl.createSession(User, boolean). Even though password is char[] format here it will be stored on the ldap server (using server-side controls) in configurable and standard hashed formats.

Returns:

value maps to 'userPassword' attribute in 'inetOrgPerson' object class.

setPassword

public void setPassword(String password)

Set the optional password attribute associated for a User. Note, this value is required before User will pass Fortress authentication in AccessMgrImpl.createSession(User, boolean). Even though password is char[] format here it will be stored on the ldap server (using server-side controls) in configurable and standard hashed formats.

Parameters:

password - maps to 'userPassword' attribute in 'inetOrgPerson' object class.

getNewPassword

public String getNewPassword()

Get the new password which will be used in a password change.

Returns:

value maps to a new 'userPassword' attribute in 'inetOrgPerson' object class.

setNewPassword

public void setNewPassword(String newPassword)

Set the new password which will be used in a password change.

Parameters:

newPassword - maps to a new 'userPassword' attribute in 'inetOrgPerson' object class.

getCn

public String getCn()

Returns common name associated with User. This attribute is validated but not constrained by Fortress. cn is not required but if not supplied by caller on create, will default to same value as userId attribute.

Returns:

value that is mapped to 'cn' in 'inetOrgPerson' object class.

setCn

public void setCn(String cn)

Set the common name associated with User. This attribute is validated but not constrained by Fortress. cn is not required but if not supplied by caller on create, will default to same value as userId attribute.

Parameters:

cn - mapped to same name in 'inetOrgPerson' object class.

getSn

public String getSn()

Returns surname associated with User. This attribute is validated but not constrained by Fortress. sn is not required but if not supplied by caller on create, will default to same value as userId attribute.

Returns:

value that is mapped to 'sn' in 'inetOrgPerson' object class.

setSn

public void setSn(String sn)

Set the surname associated with User. This attribute is validated but not constrained by Fortress. sn is not required but if not supplied by caller on create, will default to same value as userId attribute.

Parameters:

sn - mapped to same name in 'inetOrgPerson' object class.

getDn

public String getDn()

Returns distinguished name associated with User. This attribute is generated by DAO and is not allowed for outside classes to modify. This attribute is for internal user only and need not be processed by external clients.

Returns:

value that is mapped to 'dn' in 'inetOrgPerson' object class.

setDn

public void setDn(String dn)

Set distinguished name associated with User. This attribute is used by DAO and is not allowed for outside classes. This attribute cannot be set by external callers.

Parameters:

dn - that is mapped to same name in 'inetOrgPerson' object class.

getOu

public String getOu()

Returns orgUnit name for User. This attribute is validated and constrained by Fortress and must contain name of existing User OU. This attribute is required on AdminMgrImpl.addUser(User) but not on ReviewMgrImpl.readUser(User).

Returns:

value that is mapped to 'ou' in 'inetOrgPerson' object class.

setOu

public void setOu(String ou)

Set the orgUnit name associated with User. This attribute is validated and constrained by Fortress and must contain name of existing User OU. This attribute is required on AdminMgrImpl.addUser(User) but not on ReviewMgrImpl.readUser(User).

Parameters:

ou - mapped to same name in 'inetOrgPerson' object class.

getDisplayName

public String getDisplayName()

Optional attribute maps to 'displayName' attribute on inetOrgPerson object class.

Returns:

value that is mapped to 'displayName' in 'inetOrgPerson' object class.

setDisplayName

public void setDisplayName(String displayName)

Optional attribute maps to 'displayName' attribute on inetOrgPerson object class.

Parameters:

displayName - maps to attribute of same name in 'inetOrgPerson' object class.

isTemporalSet

public boolean isTemporalSet()

temporal boolean flag is used by internal Fortress components.

Specified by:

isTemporalSet in interface Constraint

Returns:

boolean indicating if temporal constraints are placed on user.

getBeginTime

public String getBeginTime()

Contains the begin time of day user is allowed to signon to system. The format is military time - HHMM, i.e. 0800 (8:00 am) or 1700 (5:00 p.m.). This attribute is optional but if set will be validated for reasonableness.

Specified by:

getBeginTime in interface Constraint

Returns:

attribute maps to 'ftCstr' attribute in 'ftUserAttrs' object class.

setBeginTime

public void setBeginTime(String beginTime)

Set the begin time of day user is allowed to signon to system. The format is military time - HHMM, i.e. 0800 (8:00 am) or 1700 (5:00 p.m.). This attribute is optional but if set will be validated for reasonableness.

Specified by:

setBeginTime in interface Constraint

Parameters:

beginTime - maps to 'ftCstr' attribute in 'ftUserAttrs' object class.

getEndTime

public String getEndTime()

Contains the end time of day user is allowed to occupy system. The format is military time - HHMM, i.e. 0000 (12:00 am) or 2359 (11:59 p.m.). This attribute is optional but if set will be validated for reasonableness.

Specified by:

getEndTime in interface Constraint

Returns:

attribute maps to 'ftCstr' attribute in 'ftUserAttrs' object class.

setEndTime

public void setEndTime(String endTime)

Set the end time of day user is allowed to signon to system. The format is military time - HHMM, i.e. 0000 (12:00 am) or 2359 (11:59 p.m.). This attribute is optional but if set will be validated for reasonableness.

Specified by:

setEndTime in interface Constraint

Parameters:

endTime - maps to 'ftCstr' attribute in 'ftUserAttrs' object class.

getBeginDate

public String getBeginDate()

Contains the begin date when user is allowed to signon to system. The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010). This attribute is optional but if set will be validated for reasonableness.

Specified by:

getBeginDate in interface Constraint

Returns:

attribute maps to 'ftCstr' attribute in 'ftUserAttrs' object class.

setBeginDate

public void setBeginDate(String beginDate)

Set the beginDate when user is allowed to signon to system. The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010). This attribute is optional but if set will be validated for reasonableness.

Specified by:

setBeginDate in interface Constraint

Parameters:

beginDate - maps to 'ftCstr' attribute in 'ftUserAttrs' object class.

getEndDate

public String getEndDate()

Contains the end date when user is allowed to signon to system. The format is - YYYYMMDD, i.e. 20101231 (December 31, 2010). This attribute is optional but if set will be validated for reasonableness.

Specified by:

getEndDate in interface Constraint

Returns:

attribute maps to 'ftCstr' attribute in 'ftUserAttrs' object class.

setEndDate

public void setEndDate(String endDate)

Set the end date when user is not allowed to signon to system. The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010). This attribute is optional but if set will be validated for reasonableness.

Specified by:

setEndDate in interface Constraint

Parameters:

endDate - maps to 'ftCstr' attribute in 'ftUserAttrs' object class.

getBeginLockDate

public String getBeginLockDate()

Contains the begin lock date when user is temporarily not allowed to signon to system. The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010). This attribute is optional but if set will be validated for reasonableness.

Specified by:

getBeginLockDate in interface Constraint

Returns:

attribute maps to 'ftCstr' attribute in 'ftUserAttrs' object class.

setBeginLockDate

public void setBeginLockDate(String beginLockDate)

Set the begin lock date when user is temporarily not allowed to signon to system. The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010). This attribute is optional but if set will be validated for reasonableness.

Specified by:

setBeginLockDate in interface Constraint

Parameters:

beginLockDate - maps to 'ftCstr' attribute in 'ftUserAttrs' object class.

getEndLockDate

public String getEndLockDate()

Contains the end lock date when user is allowed to signon to system once again. The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010). This attribute is optional but if set will be validated for reasonableness.

Specified by:

getEndLockDate in interface Constraint

Returns:

attribute maps to 'ftCstr' attribute in 'ftUserAttrs' object class.

setEndLockDate

public void setEndLockDate(String endLockDate)

Set the end lock date when user is allowed to signon to system once again. The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010). This attribute is optional but if set will be validated for reasonableness.

Specified by:

setEndLockDate in interface Constraint

Parameters:

endLockDate - maps to 'ftCstr' attribute in 'ftUserAttrs' object class.

getDayMask

public String getDayMask()

Get the daymask that indicates what days of week user is allowed to signon to system. The format is 1234567, i.e. 23456 (Monday, Tuesday, Wednesday, Thursday, Friday). This attribute is optional but if set will be validated for reasonableness.

Specified by:

getDayMask in interface Constraint

Returns:

attribute maps to 'ftCstr' attribute in 'ftUserAttrs' object class.

setDayMask

public void setDayMask(String dayMask)

Set the daymask that specifies what days of week user is allowed to signon to system. The format is 1234567, i.e. 23456 (Monday, Tuesday, Wednesday, Thursday, Friday). This attribute is optional but if set will be validated for reasonableness.

Specified by:

setDayMask in interface Constraint

Parameters:

dayMask - maps to 'ftCstr' attribute in 'ftUserAttrs' object class.

getTimeout

public Integer getTimeout()

Return the integer timeout that contains total time ((in minutes)) that User's session may remain inactive. This attribute is optional but if set will be validated for reasonableness.

Specified by:

getTimeout in interface Constraint

Returns:

attribute maps to 'ftCstr' attribute in 'ftUserAttrs' object class.

setTimeout

public void setTimeout(Integer timeout)

Set the integer timeout that contains max time ((in minutes)) that User's session may remain inactive. This attribute is optional but if set will be validated for reasonableness.

Specified by:

setTimeout in interface Constraint

Parameters:

timeout - maps to 'ftCstr' attribute in 'ftUserAttrs' object class.

getConstraints

public List<RoleConstraint> getConstraints()

Description copied from interface: Constraint

Return a list of role constraints on entity.

Specified by:

getConstraints in interface Constraint

Returns:

isReset

public boolean isReset()

If set to true User's password has been reset by administrator. This attribute will be ignored if set by external callers.

Returns:

boolean value maps to 'pwdResetTime' in OpenLDAP's pwpolicy object class.

setReset

public void setReset(boolean reset)

If set to true User's password has been reset by administrator. This attribute will be ignored if set by external callers.

Parameters:

reset - contains boolean value which maps to 'pwdResetTime' in OpenLDAP's pwpolicy object class.

isLocked

public boolean isLocked()

If set to true User's password has been locked by administrator or directory itself due to password policy violations. This attribute will be ignored if set by external callers.

Returns:

boolean value maps to 'pwdLockedTime' in OpenLDAP's pwpolicy object class.

setLocked

public void setLocked(boolean locked)

If set to true User's password has been locked by administrator or directory itself due to password policy violations. This attribute will be ignored if set by external callers.

Parameters:

locked - contains boolean value which maps to 'pwdResetTime' in OpenLDAP's pwpolicy object class.

getProps

public Props getProps()

Gets the value of the Props property. This method is used by Fortress Core and Rest and should not be called by external programs.

Returns:

possible object is Props

setProps

public void setProps(Props value)

Sets the value of the Props property. This method is used by Fortress Core and Rest and should not be called by external programs.

Parameters:

value - allowed object is Props

addProperty

public void addProperty(String key,
                        String value)

Add name/value pair to list of properties associated with User. These values are not constrained by Fortress. Properties are optional.

Parameters:

key - contains property name and maps to 'ftProps' attribute in 'ftProperties' aux object class.

value - The property value to add

getProperty

public String getProperty(String key)

Get a name/value pair attribute from list of properties associated with User. These values are not constrained by Fortress. Properties are optional.

Parameters:

key - contains property name and maps to 'ftProps' attribute in 'ftProperties' aux object class.

Returns:

value containing name/value pair that maps to 'ftProps' attribute in 'ftProperties' aux object class.

addProperties

public void addProperties(Properties props)

Add new collection of name/value pairs to attributes associated with User. These values are not constrained by Fortress. Properties are optional.

Parameters:

props - contains collection of name/value pairs and maps to 'ftProps' attribute in 'ftProperties' aux object class.

getProperties

public Properties getProperties()

Return the collection of name/value pairs to attributes associated with User. These values are not constrained by Fortress. Properties are optional.

Returns:

Properties contains collection of name/value pairs and maps to 'ftProps' attribute in 'ftProperties' aux object class.

getAddress

public Address getAddress()

Get address data from entity that was persisted in directory as attributes defined by RFC 2798's LDAP inetOrgPerson Object Class:

• ------------------------------------------
• postalAddress
• st
• postalCode
• postOfficeBox
• ------------------------------------------

Returns:

Address

setAddress

public void setAddress(Address address)

Set address data onto entity that stored in directory as attributes defined by RFC 2798's LDAP inetOrgPerson Object Class:

• ------------------------------------------
• postalAddress
• st
• postalCode
• postOfficeBox
• ------------------------------------------

Parameters:

address - The addreess to set

getPhones

public List<String> getPhones()

Retrieve multi-occurring telephoneNumber associated with organizationalPerson object class.

Returns:

List of type String that contains zero or more phone numbers associated with the user.

setPhones

public void setPhones(List<String> phones)

Set multi-occurring telephoneNumber number to associated with organizationalPerson object class.

Parameters:

phones - contains an ArrayList of type String with zero or more phone numbers associated with the user.

setPhone

public void setPhone(String phone)

Set phone number to stored in rfc822Mailbox format and associated with inetOrgPerson object class.

Parameters:

phone - contains String bound to telephoneNumber attribute on organizationalPerson object class.

getMobiles

public List<String> getMobiles()

Retrieve multi-occurring mobile associated with inetOrgPerson object class.

Returns:

List of type String that contains zero or more mobile phone numbers associated with the user.

setMobiles

public void setMobiles(List<String> mobiles)

Set multi-occurring mobile associated with inetOrgPerson object class.

Parameters:

mobiles - contains an ArrayList of type String with zero or more mobile phone numbers associated with the user.

setMobile

public void setMobile(String mobile)

Set a single mobile associated with inetOrgPerson object class.

Parameters:

mobile - contains a String containing mobile phone numbers associated with the user.

getEmails

public List<String> getEmails()

Retrieve multi-occurring email address stored in rfc822Mailbox format associated with inetOrgPerson object class.

Returns:

List of type String that contains zero or more email addresses associated with the user.

setEmails

public void setEmails(List<String> emails)

Set multi-occurring email address to stored in rfc822Mailbox format and associated with inetOrgPerson object class.

Parameters:

emails - contains an ArrayList of type String with zero or more email addresses associated with the user.

setEmail

public void setEmail(String email)

Set a single email address in rfc822Mailbox format to be assoicated with inetOrgPerson object class.

Parameters:

email - contains a String to be stored as email address on user.

isSystem

public Boolean isSystem()

Returns:

true if the SYSTEM flag is set

setSystem

public void setSystem(Boolean system)

Parameters:

system - the SYSTEM flag to set

getJpegPhoto

public byte[] getJpegPhoto()

Get one image of a person using the JPEG File Interchange Format [JFIF]. ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )

Returns:

byte array containing the jpeg image.

setJpegPhoto

public void setJpegPhoto(byte[] jpegPhoto)

Set one image of a person using the JPEG File Interchange Format [JFIF]. ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )

Parameters:

jpegPhoto - contains the jpeg image stored as byte array.

hashCode

public int hashCode()

Override hashcode so User compare operations work in case insensitive manner in collection classes.

Overrides:

hashCode in class Object

Returns:

int

equals

public boolean equals(Object thatObj)

Matches the userId from two User entities.

Overrides:

equals in class Object

Parameters:

thatObj - contains a User entity.

Returns:

boolean indicating both objects contain matching userIds.