Class User
- java.lang.Object
-
- org.apache.directory.fortress.core.model.FortEntity
-
- org.apache.directory.fortress.core.model.User
-
- All Implemented Interfaces:
Serializable
,Constraint
- Direct Known Subclasses:
UserAnt
public class User extends FortEntity implements Constraint, Serializable
All entities (User
,Role
,Permission
,PwPolicy
SDSet
etc...) are used to carry data between three Fortress layers.starting with the (1) Manager layer down thru middle (2) Process layer and it's processing rules into (3) DAO layer where persistence with the LDAP server occurs.Fortress Processing Layers
-
Manager layer:
AdminMgrImpl
,AccessMgrImpl
,ReviewMgrImpl
,... -
Process layer:
UserP
,RoleP
,PermP
,... -
DAO layer:
UserDAO
,RoleDAO
,PermDAO
,...
For example the User entity requires thesetUserId(java.lang.String)
attribute to be set before calling a Manager API. The unique key to locate a User entity in the Fortress DIT is simply the userId field.
Other ldap operations on User may require additional attributes to be set.User entity attribute usages include
-
setPassword(String)
must be set before callingAccessMgrImpl.authenticate(java.lang.String, java.lang.String)
andAccessMgrImpl.createSession(User, boolean)
(unless trusted). -
setOu(java.lang.String)
is required before callingAdminMgrImpl.addUser(User)
to add a new user to ldap. -
setRoles(java.util.List<org.apache.directory.fortress.core.model.UserRole>)
will be set forAccessMgrImpl.createSession(User, boolean)
when selective RBAC Role activation is required. -
setAdminRoles(java.util.List<org.apache.directory.fortress.core.model.UserAdminRole>)
will be set forAccessMgrImpl.createSession(User, boolean)
when selective Administrative Role activation is required. -
setPwPolicy(java.lang.String)
may be set forAdminMgrImpl.updateUser(User)
to assign User to a policyPwPolicy
. password
is the only case sensitive attribute on this entity.
Example to create new Fortress User:
try { // Instantiate the AdminMgr first AdminMgr adminMgr = AdminMgrFactory.createInstance(); User myUser = new User("myUserId", "myPassword".toCharArray(), myRoleName", "myOU"); adminMgr.addUser(myUser); } catch (SecurityException ex) { // log or throw }
The above code will persist to LDAP a User object that has a userId of "myUserId", a password of "myPassword", a role assignment to "myRoleName", and assigned to organzational unit named "myOU". This User can be used as a target for subsequent User-Role assignments, User-Permission grants, authentication, authorization and more. This entity aggregates one standard LDAP structural object class,inetOrgPerson
see RFC 2798, along with three auxiliary object extensions supplied by Fortress:ftUserAttrs
,ftProperties
,ftMods
. The combination of the standard and custom object classes form a single entry within the directory and is represented in this entity class.Fortress User Schema
1. InetOrgPerson Structural Object Class.
# The inetOrgPerson represents people who are associated with an
# organization in some way. It is a structural class and is derived
# from the organizationalPerson which is defined in X.521 [X521].
------------------------------------------ objectclass ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL MAY ( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ initials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ preferredLanguage $ userSMIMECertificate $ userPKCS12 ) ) ------------------------------------------
2. organizationalPerson Structural Object Class.------------------------------------------ objectclass ( 2.5.6.7 NAME 'organizationalPerson' DESC 'RFC2256: an organizational person' SUP person STRUCTURAL MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) ) ------------------------------------------
3. ftProperties AUXILIARY Object Class is used to store client specific name/value pairs on target entity.
# This aux object class can be used to store custom attributes.
# The properties collections consist of name/value pairs and are not constrainted by Fortress.
------------------------------------------ AC2: Fortress Properties Auxiliary Object Class objectclass ( 1.3.6.1.4.1.38088.3.2 NAME 'ftProperties' DESC 'Fortress Properties AUX Object Class' AUXILIARY MAY ( ftProps ) ) ------------------------------------------
4. ftUserAttrs is used to store user RBAC and Admin role assignment and other security attributes on User entity.------------------------------------------ Fortress User Attributes Auxiliary Object Class objectclass ( 1.3.6.1.4.1.38088.3.1 NAME 'ftUserAttrs' DESC 'Fortress User Attribute AUX Object Class' AUXILIARY MUST ( ftId ) MAY ( ftRC $ ftRA $ ftARC $ ftARA $ ftCstr $ ftSystem ) ) ------------------------------------------
5. ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity.------------------------------------------ Fortress Audit Modification Auxiliary Object Class objectclass ( 1.3.6.1.4.1.38088.3.4 NAME 'ftMods' DESC 'Fortress Modifiers AUX Object Class' AUXILIARY MAY ( ftModifier $ ftModCode $ ftModId ) ) ------------------------------------------
- Author:
- Apache Directory Project
- See Also:
- Serialized Form
-
-
Field Summary
-
Fields inherited from class org.apache.directory.fortress.core.model.FortEntity
adminSession, contextId, modCode, modId, sequenceId
-
-
Constructor Summary
Constructors Constructor Description User()
Default constructor not intended for external use and is typically used by internal Fortress classes.User(String userId)
Construct User given userId.User(String userId, String password)
Construct User given userId and password.User(String userId, String password, String roleName)
Construct User given userId and password.User(String userId, String password, String[] roleNames)
Construct User given userId and password.User(String userId, String password, String roleName, String ou)
Construct User given userId and password.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addProperties(Properties props)
Add new collection of name/value pairs to attributes associated with User.void
addProperty(String key, String value)
Add name/value pair to list of properties associated with User.void
delAdminRole(UserAdminRole adminRole)
Removes a user-adminRole object from the list of UserAdminRoles.void
delRole(UserRole role)
Removes a user-role object from the list of UserRoles.boolean
equals(Object thatObj)
Matches the userId from two User entities.Address
getAddress()
Get address data from entity that was persisted in directory as attributes defined by RFC 2798's LDAP inetOrgPerson Object Class: ------------------------------------------postalAddress
st
postalCode
postOfficeBox
------------------------------------------List<UserAdminRole>
getAdminRoles()
Return a list of User's Admin Roles.String
getBeginDate()
Contains the begin date when user is allowed to signon to system.String
getBeginLockDate()
Contains the begin lock date when user is temporarily not allowed to signon to system.String
getBeginTime()
Contains the begin time of day user is allowed to signon to system.String
getCn()
Returns common name associated with User.List<RoleConstraint>
getConstraints()
Return a list of role constraints on entity.String
getDayMask()
Get the daymask that indicates what days of week user is allowed to signon to system.String
getDescription()
Returns optional description that is associated with User.String
getDisplayName()
Optional attribute maps to 'displayName' attribute on inetOrgPerson object class.String
getDn()
Returns distinguished name associated with User.List<String>
getEmails()
Retrieve multi-occurring email address stored in rfc822Mailbox format associated withinetOrgPerson
object class.String
getEmployeeType()
Used to identify the employer to employee relationship.String
getEndDate()
Contains the end date when user is allowed to signon to system.String
getEndLockDate()
Contains the end lock date when user is allowed to signon to system once again.String
getEndTime()
Contains the end time of day user is allowed to occupy system.String
getGecos()
String
getGidNumber()
String
getHomeDirectory()
String
getInternalId()
Return the internal userId that is associated with User.byte[]
getJpegPhoto()
Get one image of a person using the JPEG File Interchange Format [JFIF].String
getLoginShell()
List<String>
getMobiles()
Retrieve multi-occurringmobile
associated withinetOrgPerson
object class.String
getName()
This is used internally by Fortress for Constraint operations.String
getNewPassword()
Get the new password which will be used in a password change.String
getOu()
Returns orgUnit name for User.String
getPassword()
Get the optional password attribute associated for a User.List<String>
getPhones()
Retrieve multi-occurringtelephoneNumber
associated withorganizationalPerson
object class.Properties
getProperties()
Return the collection of name/value pairs to attributes associated with User.String
getProperty(String key)
Get a name/value pair attribute from list of properties associated with User.Props
getProps()
Gets the value of the Props property.String
getPwPolicy()
Return the name of the OpenLDAP password policy that is set for this user.String
getRawData()
Required by Constraint Interface but not needed for user entity.List<UserRole>
getRoles()
Return a list of User's RBAC Roles.String
getSn()
Returns surname associated with User.Integer
getTimeout()
Return the integer timeout that contains total time ((in minutes)) that User's session may remain inactive.String
getTitle()
The honorific prefix(es) of the User, or "Title" in most Western languages (e.g.String
getUidNumber()
String
getUserId()
Return the userId that is associated with User.int
hashCode()
Override hashcode so User compare operations work in case insensitive manner in collection classes.boolean
isLocked()
If set to true User's password has been locked by administrator or directory itself due to password policy violations.boolean
isReset()
If set to true User's password has been reset by administrator.Boolean
isSystem()
boolean
isTemporalSet()
temporal boolean flag is used by internal Fortress components.void
setAddress(Address address)
Set address data onto entity that stored in directory as attributes defined by RFC 2798's LDAP inetOrgPerson Object Class: ------------------------------------------postalAddress
st
postalCode
postOfficeBox
------------------------------------------void
setAdminRole(UserAdminRole role)
Add a single user-adminRole object to the list of UserAdminRoles for User.void
setAdminRoleName(String roleName)
Add a single user-adminRole object to the list of UserAdminRoles for User.void
setAdminRoles(List<UserAdminRole> roles)
Add a single user-adminRole object to the list of UserAdminRoles for User.void
setBeginDate(String beginDate)
Set the beginDate when user is allowed to signon to system.void
setBeginLockDate(String beginLockDate)
Set the begin lock date when user is temporarily not allowed to signon to system.void
setBeginTime(String beginTime)
Set the begin time of day user is allowed to signon to system.void
setCn(String cn)
Set the common name associated with User.void
setDayMask(String dayMask)
Set the daymask that specifies what days of week user is allowed to signon to system.void
setDescription(String description)
Sets the optional description that is associated with User.void
setDisplayName(String displayName)
Optional attribute maps to 'displayName' attribute on inetOrgPerson object class.void
setDn(String dn)
Set distinguished name associated with User.void
setEmail(String email)
Set a single email address in rfc822Mailbox format to be assoicated withinetOrgPerson
object class.void
setEmails(List<String> emails)
Set multi-occurring email address to stored in rfc822Mailbox format and associated withinetOrgPerson
object class.void
setEmployeeType(String employeeType)
Used to identify the employer to employee relationship.void
setEndDate(String endDate)
Set the end date when user is not allowed to signon to system.void
setEndLockDate(String endLockDate)
Set the end lock date when user is allowed to signon to system once again.void
setEndTime(String endTime)
Set the end time of day user is allowed to signon to system.void
setGecos(String gecos)
void
setGidNumber(String gidNumber)
void
setHomeDirectory(String homeDirectory)
void
setInternalId()
Generate an internal userId that is associated with User.void
setInternalId(String internalId)
Set the internal userId that is associated with User.void
setJpegPhoto(byte[] jpegPhoto)
Set one image of a person using the JPEG File Interchange Format [JFIF].void
setLocked(boolean locked)
If set to true User's password has been locked by administrator or directory itself due to password policy violations.void
setLoginShell(String loginShell)
void
setMobile(String mobile)
Set a singlemobile
associated withinetOrgPerson
object class.void
setMobiles(List<String> mobiles)
Set multi-occurringmobile
associated withinetOrgPerson
object class.void
setName(String name)
This is used internally by Fortress for Constraint operations.void
setNewPassword(String newPassword)
Set the new password which will be used in a password change.void
setOu(String ou)
Set the orgUnit name associated with User.void
setPassword(String password)
Set the optional password attribute associated for a User.void
setPhone(String phone)
Set phone number to stored in rfc822Mailbox format and associated withinetOrgPerson
object class.void
setPhones(List<String> phones)
Set multi-occurringtelephoneNumber
number to associated withorganizationalPerson
object class.void
setProps(Props value)
Sets the value of the Props property.void
setPwPolicy(String pwPolicy)
Sets the OpenLDAP password policy name to enable for User.void
setReset(boolean reset)
If set to true User's password has been reset by administrator.void
setRole(UserRole role)
Add a single user-role object to the list of UserRoles for User.void
setRoleName(String roleName)
Add a single user-role object to the list of UserRoles for User.void
setRoles(List<UserRole> roles)
Add a list of RBAC Roles to this entity be considered for later processing: AccessMgr (user-role activation) or AdminMgr (user-role assignment).void
setSn(String sn)
Set the surname associated with User.void
setSystem(Boolean system)
void
setTimeout(Integer timeout)
Set the integer timeout that contains max time ((in minutes)) that User's session may remain inactive.void
setTitle(String title)
The honorific prefix(es) of the User, or "Title" in most Western languages (e.g.void
setUidNumber(String uidNumber)
void
setUserId(String userId)
Set the userId that is associated with User.String
toString()
Used to retrieve userId attributes concatenated in a comma separated value String..-
Methods inherited from class org.apache.directory.fortress.core.model.FortEntity
getAdminSession, getContextId, getModCode, getModId, getSequenceId, setAdminSession, setContextId, setModCode, setSequenceId
-
-
-
-
Constructor Detail
-
User
public User()
Default constructor not intended for external use and is typically used by internal Fortress classes. User entity constructed in this manner cannot be used by other until additional attributes (i.e. userId) are set.
-
User
public User(String userId)
Construct User given userId. Once loaded this entity can be passed to AccessMgr.createSession iff trusted == 'true'..- Parameters:
userId
- String validated using simple length test and optional regular expression, i.e. safe text.
-
User
public User(String userId, String password)
Construct User given userId and password. Once loaded this entity can be passed to AccessMgr.createSession.- Parameters:
userId
- String validated using simple length test and optional regular expression, i.e. safe text.password
- validated using simple length test and OpenLDAP password policies.
-
User
public User(String userId, String password, String roleName)
Construct User given userId and password. Once loaded this entity can be passed to AccessMgr.createSession.- Parameters:
userId
- String validated using simple length test and optional regular expression, i.e. safe text.password
- validated using simple length test and OpenLDAP password policies.roleName
- contains role that caller is requesting activation.
-
User
public User(String userId, String password, String[] roleNames)
Construct User given userId and password. Once loaded this entity can be passed to AccessMgr.createSession.- Parameters:
userId
- String validated using simple length test and optional regular expression, i.e. safe text.password
- validated using simple length test and OpenLDAP password policies.roleNames
- contains array of roleNames that caller is requesting activation.
-
User
public User(String userId, String password, String roleName, String ou)
Construct User given userId and password. Once loaded this entity can be passed to AccessMgr.createSession.- Parameters:
userId
- String validated using simple length test and optional regular expression, i.e. safe text.password
- validated using simple length test and OpenLDAP password policies.roleName
- contains role that caller is requesting activation (seeAccessMgr.createSession(User, boolean)
) or assignment (seeAdminMgr.addUser(User)
).ou
- org unit name that caller is requesting assigned to newly created User (seeAdminMgr.addUser(User)
).
-
-
Method Detail
-
getUidNumber
public String getUidNumber()
-
setUidNumber
public void setUidNumber(String uidNumber)
-
getGidNumber
public String getGidNumber()
-
setGidNumber
public void setGidNumber(String gidNumber)
-
getHomeDirectory
public String getHomeDirectory()
-
setHomeDirectory
public void setHomeDirectory(String homeDirectory)
-
getLoginShell
public String getLoginShell()
-
setLoginShell
public void setLoginShell(String loginShell)
-
getGecos
public String getGecos()
-
setGecos
public void setGecos(String gecos)
-
toString
public String toString()
Used to retrieve userId attributes concatenated in a comma separated value String..
-
getRawData
public String getRawData()
Required by Constraint Interface but not needed for user entity. Not intended for external use.- Specified by:
getRawData
in interfaceConstraint
- Returns:
- String containing constraint data ready for ldap.
-
getName
public String getName()
This is used internally by Fortress for Constraint operations.- Specified by:
getName
in interfaceConstraint
- Returns:
- String contains name attribute used internally for constraint checking.
-
setName
public void setName(String name)
This is used internally by Fortress for Constraint operations. Values set here by external caller will be ignored.- Specified by:
setName
in interfaceConstraint
- Parameters:
name
- contains attribute used internally for constraint checking.
-
getEmployeeType
public String getEmployeeType()
Used to identify the employer to employee relationship. Typical values used will be "Contractor", "Employee", "Intern", "Temp", "External", and "Unknown" but any value may be used.- Returns:
- attribute maps to 'employeeType' attribute in 'inetOrgPerson' object class.
-
setEmployeeType
public void setEmployeeType(String employeeType)
Used to identify the employer to employee relationship. Typical values used will be "Contractor", "Employee", "Intern", "Temp", "External", and "Unknown" but any value may be used.- Parameters:
employeeType
- maps to 'employeeType' attribute in 'inetOrgPerson' object class.
-
getTitle
public String getTitle()
The honorific prefix(es) of the User, or "Title" in most Western languages (e.g. Ms. given the full name Ms. Barbara Jane Jensen, III.).- Returns:
- maps to 'title' attribute in 'inetOrgPerson' objectclass.
-
setTitle
public void setTitle(String title)
The honorific prefix(es) of the User, or "Title" in most Western languages (e.g. Ms. given the full name Ms. Barbara Jane Jensen, III.).- Parameters:
title
- maps to 'title' attribute in 'inetOrgPerson' objectclass.
-
getPwPolicy
public String getPwPolicy()
Return the name of the OpenLDAP password policy that is set for this user. This attribute may be null. The attribute maps to 'pwdPolicySubentry' attribute from pwpolicy ldap object class.- Returns:
- name maps to name of OpenLDAP policy in effect for User.
-
setPwPolicy
public void setPwPolicy(String pwPolicy)
Sets the OpenLDAP password policy name to enable for User. This attribute is optional but if set, will be validated to ensure contains actual OpenLDAP password policy name.- Parameters:
pwPolicy
- parameter must contain valid OpenLDAP policy name.
-
getRoles
public List<UserRole> getRoles()
Return a list of User's RBAC Roles.- Returns:
- List containing User's RBAC roles. This list may be empty if User not assigned RBAC.
-
setRoles
public void setRoles(List<UserRole> roles)
Add a list of RBAC Roles to this entity be considered for later processing: AccessMgr (user-role activation) or AdminMgr (user-role assignment).- Parameters:
roles
- List of type UserRole that contains at minimum UserId and Role name.
-
setRole
public void setRole(UserRole role)
Add a single user-role object to the list of UserRoles for User.- Parameters:
role
- UserRole containsUserRole.name
to target for activation intoSession
.
-
setRoleName
public void setRoleName(String roleName)
Add a single user-role object to the list of UserRoles for User.- Parameters:
roleName
- contains role name to target for activation intoSession
.
-
delRole
public void delRole(UserRole role)
Removes a user-role object from the list of UserRoles.- Parameters:
role
- UserRole must contain userId and role name.
-
getAdminRoles
public List<UserAdminRole> getAdminRoles()
Return a list of User's Admin Roles.- Returns:
- List containing User's Admin roles. This list may be empty if User not assigned Administrative role.
-
setAdminRoles
public void setAdminRoles(List<UserAdminRole> roles)
Add a single user-adminRole object to the list of UserAdminRoles for User.- Parameters:
roles
- UserAdminRole contains at least userId and admin role name (activation) and additional constraints (assignment)
-
setAdminRole
public void setAdminRole(UserAdminRole role)
Add a single user-adminRole object to the list of UserAdminRoles for User.- Parameters:
role
- UserAdminRole contains at least userId and adminRole name (activation) and additional constraints (assignment)
-
setAdminRoleName
public void setAdminRoleName(String roleName)
Add a single user-adminRole object to the list of UserAdminRoles for User.- Parameters:
roleName
- contrains adminRole name.
-
delAdminRole
public void delAdminRole(UserAdminRole adminRole)
Removes a user-adminRole object from the list of UserAdminRoles.- Parameters:
adminRole
- UserAdminRole must contain userId and adminRole name.
-
getUserId
public String getUserId()
Return the userId that is associated with User. UserId is required attribute and must be set on add, update, delete, createSession, authenticate, etc..- Returns:
- attribute maps to 'uid' in 'inetOrgPerson' object class.
-
setUserId
public void setUserId(String userId)
Set the userId that is associated with User. UserId is required attribute and must be set on add, update, delete, createSession, authenticate, etc..- Parameters:
userId
- maps to 'uid' attribute in 'inNetOrgPerson' object class.
-
getInternalId
public String getInternalId()
Return the internal userId that is associated with User. This attribute is generated automatically by Fortress when new User is added to directory and is not known or changeable by external client.- Returns:
- attribute maps to 'ftId' in 'ftUserAttrs' object class.
-
setInternalId
public void setInternalId(String internalId)
Set the internal userId that is associated with User. This method is used by DAO class and is generated automatically by Fortress. Attribute stored in LDAP cannot be changed by external caller. This method can be used by client for search purposes only.- Parameters:
internalId
- maps to 'ftId' in 'ftUserAttrs' object class.
-
setInternalId
public void setInternalId()
Generate an internal userId that is associated with User. This method is used by DAO class and is not available to outside classes. The generated attribute maps to 'ftId' in 'ftUserAttrs' object class.
-
getDescription
public String getDescription()
Returns optional description that is associated with User. This attribute is validated but not constrained by Fortress.- Returns:
- value that is mapped to 'description' in 'inetOrgPerson' object class.
-
setDescription
public void setDescription(String description)
Sets the optional description that is associated with User. This attribute is validated but not constrained by Fortress.- Parameters:
description
- that is mapped to same name in 'inetOrgPerson' object class.
-
getPassword
public String getPassword()
Get the optional password attribute associated for a User. Note, this value is required before User will pass Fortress authentication inAccessMgrImpl.createSession(User, boolean)
. Even though password is char[] format here it will be stored on the ldap server (using server-side controls) in configurable and standard hashed formats.- Returns:
- value maps to 'userPassword' attribute in 'inetOrgPerson' object class.
-
setPassword
public void setPassword(String password)
Set the optional password attribute associated for a User. Note, this value is required before User will pass Fortress authentication inAccessMgrImpl.createSession(User, boolean)
. Even though password is char[] format here it will be stored on the ldap server (using server-side controls) in configurable and standard hashed formats.- Parameters:
password
- maps to 'userPassword' attribute in 'inetOrgPerson' object class.
-
getNewPassword
public String getNewPassword()
Get the new password which will be used in a password change.- Returns:
- value maps to a new 'userPassword' attribute in 'inetOrgPerson' object class.
-
setNewPassword
public void setNewPassword(String newPassword)
Set the new password which will be used in a password change.- Parameters:
newPassword
- maps to a new 'userPassword' attribute in 'inetOrgPerson' object class.
-
getCn
public String getCn()
Returns common name associated with User. This attribute is validated but not constrained by Fortress. cn is not required but if not supplied by caller on create, will default to same value asuserId
attribute.- Returns:
- value that is mapped to 'cn' in 'inetOrgPerson' object class.
-
setCn
public void setCn(String cn)
Set the common name associated with User. This attribute is validated but not constrained by Fortress. cn is not required but if not supplied by caller on create, will default to same value asuserId
attribute.- Parameters:
cn
- mapped to same name in 'inetOrgPerson' object class.
-
getSn
public String getSn()
Returns surname associated with User. This attribute is validated but not constrained by Fortress. sn is not required but if not supplied by caller on create, will default to same value asuserId
attribute.- Returns:
- value that is mapped to 'sn' in 'inetOrgPerson' object class.
-
setSn
public void setSn(String sn)
Set the surname associated with User. This attribute is validated but not constrained by Fortress. sn is not required but if not supplied by caller on create, will default to same value asuserId
attribute.- Parameters:
sn
- mapped to same name in 'inetOrgPerson' object class.
-
getDn
public String getDn()
Returns distinguished name associated with User. This attribute is generated by DAO and is not allowed for outside classes to modify. This attribute is for internal user only and need not be processed by external clients.- Returns:
- value that is mapped to 'dn' in 'inetOrgPerson' object class.
-
setDn
public void setDn(String dn)
Set distinguished name associated with User. This attribute is used by DAO and is not allowed for outside classes. This attribute cannot be set by external callers.- Parameters:
dn
- that is mapped to same name in 'inetOrgPerson' object class.
-
getOu
public String getOu()
Returns orgUnit name for User. This attribute is validated and constrained by Fortress and must contain name of existing User OU. This attribute is required onAdminMgrImpl.addUser(User)
but not onReviewMgrImpl.readUser(User)
.- Returns:
- value that is mapped to 'ou' in 'inetOrgPerson' object class.
-
setOu
public void setOu(String ou)
Set the orgUnit name associated with User. This attribute is validated and constrained by Fortress and must contain name of existing User OU. This attribute is required onAdminMgrImpl.addUser(User)
but not onReviewMgrImpl.readUser(User)
.- Parameters:
ou
- mapped to same name in 'inetOrgPerson' object class.
-
getDisplayName
public String getDisplayName()
Optional attribute maps to 'displayName' attribute on inetOrgPerson object class.- Returns:
- value that is mapped to 'displayName' in 'inetOrgPerson' object class.
-
setDisplayName
public void setDisplayName(String displayName)
Optional attribute maps to 'displayName' attribute on inetOrgPerson object class.- Parameters:
displayName
- maps to attribute of same name in 'inetOrgPerson' object class.
-
isTemporalSet
public boolean isTemporalSet()
temporal boolean flag is used by internal Fortress components.- Specified by:
isTemporalSet
in interfaceConstraint
- Returns:
- boolean indicating if temporal constraints are placed on user.
-
getBeginTime
public String getBeginTime()
Contains the begin time of day user is allowed to signon to system. The format is military time - HHMM, i.e. 0800 (8:00 am) or 1700 (5:00 p.m.). This attribute is optional but if set will be validated for reasonableness.- Specified by:
getBeginTime
in interfaceConstraint
- Returns:
- attribute maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-
setBeginTime
public void setBeginTime(String beginTime)
Set the begin time of day user is allowed to signon to system. The format is military time - HHMM, i.e. 0800 (8:00 am) or 1700 (5:00 p.m.). This attribute is optional but if set will be validated for reasonableness.- Specified by:
setBeginTime
in interfaceConstraint
- Parameters:
beginTime
- maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-
getEndTime
public String getEndTime()
Contains the end time of day user is allowed to occupy system. The format is military time - HHMM, i.e. 0000 (12:00 am) or 2359 (11:59 p.m.). This attribute is optional but if set will be validated for reasonableness.- Specified by:
getEndTime
in interfaceConstraint
- Returns:
- attribute maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-
setEndTime
public void setEndTime(String endTime)
Set the end time of day user is allowed to signon to system. The format is military time - HHMM, i.e. 0000 (12:00 am) or 2359 (11:59 p.m.). This attribute is optional but if set will be validated for reasonableness.- Specified by:
setEndTime
in interfaceConstraint
- Parameters:
endTime
- maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-
getBeginDate
public String getBeginDate()
Contains the begin date when user is allowed to signon to system. The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010). This attribute is optional but if set will be validated for reasonableness.- Specified by:
getBeginDate
in interfaceConstraint
- Returns:
- attribute maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-
setBeginDate
public void setBeginDate(String beginDate)
Set the beginDate when user is allowed to signon to system. The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010). This attribute is optional but if set will be validated for reasonableness.- Specified by:
setBeginDate
in interfaceConstraint
- Parameters:
beginDate
- maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-
getEndDate
public String getEndDate()
Contains the end date when user is allowed to signon to system. The format is - YYYYMMDD, i.e. 20101231 (December 31, 2010). This attribute is optional but if set will be validated for reasonableness.- Specified by:
getEndDate
in interfaceConstraint
- Returns:
- attribute maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-
setEndDate
public void setEndDate(String endDate)
Set the end date when user is not allowed to signon to system. The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010). This attribute is optional but if set will be validated for reasonableness.- Specified by:
setEndDate
in interfaceConstraint
- Parameters:
endDate
- maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-
getBeginLockDate
public String getBeginLockDate()
Contains the begin lock date when user is temporarily not allowed to signon to system. The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010). This attribute is optional but if set will be validated for reasonableness.- Specified by:
getBeginLockDate
in interfaceConstraint
- Returns:
- attribute maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-
setBeginLockDate
public void setBeginLockDate(String beginLockDate)
Set the begin lock date when user is temporarily not allowed to signon to system. The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010). This attribute is optional but if set will be validated for reasonableness.- Specified by:
setBeginLockDate
in interfaceConstraint
- Parameters:
beginLockDate
- maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-
getEndLockDate
public String getEndLockDate()
Contains the end lock date when user is allowed to signon to system once again. The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010). This attribute is optional but if set will be validated for reasonableness.- Specified by:
getEndLockDate
in interfaceConstraint
- Returns:
- attribute maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-
setEndLockDate
public void setEndLockDate(String endLockDate)
Set the end lock date when user is allowed to signon to system once again. The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010). This attribute is optional but if set will be validated for reasonableness.- Specified by:
setEndLockDate
in interfaceConstraint
- Parameters:
endLockDate
- maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-
getDayMask
public String getDayMask()
Get the daymask that indicates what days of week user is allowed to signon to system. The format is 1234567, i.e. 23456 (Monday, Tuesday, Wednesday, Thursday, Friday). This attribute is optional but if set will be validated for reasonableness.- Specified by:
getDayMask
in interfaceConstraint
- Returns:
- attribute maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-
setDayMask
public void setDayMask(String dayMask)
Set the daymask that specifies what days of week user is allowed to signon to system. The format is 1234567, i.e. 23456 (Monday, Tuesday, Wednesday, Thursday, Friday). This attribute is optional but if set will be validated for reasonableness.- Specified by:
setDayMask
in interfaceConstraint
- Parameters:
dayMask
- maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-
getTimeout
public Integer getTimeout()
Return the integer timeout that contains total time ((in minutes)) that User's session may remain inactive. This attribute is optional but if set will be validated for reasonableness.- Specified by:
getTimeout
in interfaceConstraint
- Returns:
- attribute maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-
setTimeout
public void setTimeout(Integer timeout)
Set the integer timeout that contains max time ((in minutes)) that User's session may remain inactive. This attribute is optional but if set will be validated for reasonableness.- Specified by:
setTimeout
in interfaceConstraint
- Parameters:
timeout
- maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-
getConstraints
public List<RoleConstraint> getConstraints()
Description copied from interface:Constraint
Return a list of role constraints on entity.- Specified by:
getConstraints
in interfaceConstraint
- Returns:
-
isReset
public boolean isReset()
If set to true User's password has been reset by administrator. This attribute will be ignored if set by external callers.- Returns:
- boolean value maps to 'pwdResetTime' in OpenLDAP's pwpolicy object class.
-
setReset
public void setReset(boolean reset)
If set to true User's password has been reset by administrator. This attribute will be ignored if set by external callers.- Parameters:
reset
- contains boolean value which maps to 'pwdResetTime' in OpenLDAP's pwpolicy object class.
-
isLocked
public boolean isLocked()
If set to true User's password has been locked by administrator or directory itself due to password policy violations. This attribute will be ignored if set by external callers.- Returns:
- boolean value maps to 'pwdLockedTime' in OpenLDAP's pwpolicy object class.
-
setLocked
public void setLocked(boolean locked)
If set to true User's password has been locked by administrator or directory itself due to password policy violations. This attribute will be ignored if set by external callers.- Parameters:
locked
- contains boolean value which maps to 'pwdResetTime' in OpenLDAP's pwpolicy object class.
-
getProps
public Props getProps()
Gets the value of the Props property. This method is used by Fortress Core and Rest and should not be called by external programs.- Returns:
- possible object is
Props
-
setProps
public void setProps(Props value)
Sets the value of the Props property. This method is used by Fortress Core and Rest and should not be called by external programs.- Parameters:
value
- allowed object isProps
-
addProperty
public void addProperty(String key, String value)
Add name/value pair to list of properties associated with User. These values are not constrained by Fortress. Properties are optional.- Parameters:
key
- contains property name and maps to 'ftProps' attribute in 'ftProperties' aux object class.value
- The property value to add
-
getProperty
public String getProperty(String key)
Get a name/value pair attribute from list of properties associated with User. These values are not constrained by Fortress. Properties are optional.- Parameters:
key
- contains property name and maps to 'ftProps' attribute in 'ftProperties' aux object class.- Returns:
- value containing name/value pair that maps to 'ftProps' attribute in 'ftProperties' aux object class.
-
addProperties
public void addProperties(Properties props)
Add new collection of name/value pairs to attributes associated with User. These values are not constrained by Fortress. Properties are optional.- Parameters:
props
- contains collection of name/value pairs and maps to 'ftProps' attribute in 'ftProperties' aux object class.
-
getProperties
public Properties getProperties()
Return the collection of name/value pairs to attributes associated with User. These values are not constrained by Fortress. Properties are optional.- Returns:
- Properties contains collection of name/value pairs and maps to 'ftProps' attribute in 'ftProperties' aux object class.
-
getAddress
public Address getAddress()
Get address data from entity that was persisted in directory as attributes defined by RFC 2798's LDAP inetOrgPerson Object Class:- ------------------------------------------
-
postalAddress
-
st
-
postalCode
-
postOfficeBox
- ------------------------------------------
- Returns:
Address
-
setAddress
public void setAddress(Address address)
Set address data onto entity that stored in directory as attributes defined by RFC 2798's LDAP inetOrgPerson Object Class:- ------------------------------------------
-
postalAddress
-
st
-
postalCode
-
postOfficeBox
- ------------------------------------------
- Parameters:
address
- The addreess to set
-
getPhones
public List<String> getPhones()
Retrieve multi-occurringtelephoneNumber
associated withorganizationalPerson
object class.- Returns:
- List of type String that contains zero or more phone numbers associated with the user.
-
setPhones
public void setPhones(List<String> phones)
Set multi-occurringtelephoneNumber
number to associated withorganizationalPerson
object class.- Parameters:
phones
- contains an ArrayList of type String with zero or more phone numbers associated with the user.
-
setPhone
public void setPhone(String phone)
Set phone number to stored in rfc822Mailbox format and associated withinetOrgPerson
object class.- Parameters:
phone
- contains String bound totelephoneNumber
attribute onorganizationalPerson
object class.
-
getMobiles
public List<String> getMobiles()
Retrieve multi-occurringmobile
associated withinetOrgPerson
object class.- Returns:
- List of type String that contains zero or more mobile phone numbers associated with the user.
-
setMobiles
public void setMobiles(List<String> mobiles)
Set multi-occurringmobile
associated withinetOrgPerson
object class.- Parameters:
mobiles
- contains an ArrayList of type String with zero or more mobile phone numbers associated with the user.
-
setMobile
public void setMobile(String mobile)
Set a singlemobile
associated withinetOrgPerson
object class.- Parameters:
mobile
- contains a String containing mobile phone numbers associated with the user.
-
getEmails
public List<String> getEmails()
Retrieve multi-occurring email address stored in rfc822Mailbox format associated withinetOrgPerson
object class.- Returns:
- List of type String that contains zero or more email addresses associated with the user.
-
setEmails
public void setEmails(List<String> emails)
Set multi-occurring email address to stored in rfc822Mailbox format and associated withinetOrgPerson
object class.- Parameters:
emails
- contains an ArrayList of type String with zero or more email addresses associated with the user.
-
setEmail
public void setEmail(String email)
Set a single email address in rfc822Mailbox format to be assoicated withinetOrgPerson
object class.- Parameters:
email
- contains a String to be stored as email address on user.
-
isSystem
public Boolean isSystem()
- Returns:
- true if the SYSTEM flag is set
-
setSystem
public void setSystem(Boolean system)
- Parameters:
system
- the SYSTEM flag to set
-
getJpegPhoto
public byte[] getJpegPhoto()
Get one image of a person using the JPEG File Interchange Format [JFIF]. ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )- Returns:
- byte array containing the jpeg image.
-
setJpegPhoto
public void setJpegPhoto(byte[] jpegPhoto)
Set one image of a person using the JPEG File Interchange Format [JFIF]. ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )- Parameters:
jpegPhoto
- contains the jpeg image stored as byte array.
-
hashCode
public int hashCode()
Override hashcode so User compare operations work in case insensitive manner in collection classes.
-
-