com.epimorphics.appbase.security

Class BaseUserStore

java.lang.Object

com.epimorphics.appbase.core.ComponentBase

com.epimorphics.appbase.security.BaseUserStore

All Implemented Interfaces:

com.epimorphics.appbase.core.Named, com.epimorphics.appbase.core.Startup, UserStore

Direct Known Subclasses:

DBUserStore, MemUserStore

public abstract class BaseUserStore
extends com.epimorphics.appbase.core.ComponentBase
implements UserStore

Support for loading a new store from a bootstrap file.

Author:

Dave Reynolds

Field Summary

Fields

Modifier and Type	Field and Description
static String	DEFAULT_ALGORITHM
static int	DEFAULT_ITERATIONS
protected File	initfile
protected org.apache.shiro.crypto.SecureRandomNumberGenerator	rand
protected AppRealm	realm

Fields inherited from class com.epimorphics.appbase.core.ComponentBase

app, componentName

Fields inherited from interface com.epimorphics.appbase.security.UserStore

AUTH_USER_ID

Constructor Summary

Constructors

Constructor and Description
BaseUserStore()

Method Summary

Modifier and Type	Method and Description
void	addPermision(String id, String permission) Record a new permission for this user.
protected void	checkSubjectControls(String path)
org.apache.shiro.authc.SaltedAuthenticationInfo	checkUser(String id) Test if a user is registered.
protected abstract void	commit() Commit the transaction if the store supports transactions
String	createCredentials(String id, int minstolive) Create a new random password, set it and return it.
abstract void	doAddPermision(String id, String permission)
abstract boolean	doRegister(UserInfo user)
abstract void	doRemoveCredentials(String id)
abstract void	doRemovePermission(String id, String permission)
abstract void	doRemovePermissionsOn(String id, String path)
abstract void	doSetCredentials(String id, org.apache.shiro.util.ByteSource credentials, int minstolive)
abstract void	doUnregister(String id)
protected abstract com.epimorphics.appbase.security.BaseUserStore.UserRecord	getRecord(String id) Return the record for the identified user.
UserInfo	getUser(String id) Return the user info for the given user ID, or null if not found
protected abstract boolean	initstore() Test if store is available, if not create a new empty store and return true.
boolean	register(UserInfo user) Register a new user.
void	removeCredentials(String id) Remove the credentials for the user
void	removePermission(String id, String permission) Remove the specific matching permission for this user
void	removePermissionsOn(String id, String path) Remove permissions from this user for the given path.
void	setCredentials(String id, org.apache.shiro.util.ByteSource credentials, int minstolive) Store new credentials for the user
void	setInitfile(String file)
void	setRealm(AppRealm realm) Link this store to a specific authorization realm
protected abstract void	startTransaction() Start a transaction if the store supports transactions
void	unregister(String id) Unregister a user, removing them and any permissions from the store

Methods inherited from class com.epimorphics.appbase.core.ComponentBase

asFile, expandFileLocation, getApp, getName, require, setName, startup, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface com.epimorphics.appbase.security.UserStore

authorizedOn, getPermissions, listUsers

Field Detail

DEFAULT_ALGORITHM

public static final String DEFAULT_ALGORITHM

See Also:

Constant Field Values

DEFAULT_ITERATIONS

public static final int DEFAULT_ITERATIONS

See Also:

Constant Field Values

rand

protected org.apache.shiro.crypto.SecureRandomNumberGenerator rand

initfile

protected File initfile

realm

protected AppRealm realm

Constructor Detail

BaseUserStore

public BaseUserStore()

Method Detail

setInitfile

public void setInitfile(String file)

setRealm

public void setRealm(AppRealm realm)

Description copied from interface: UserStore

Link this store to a specific authorization realm

Specified by:

setRealm in interface UserStore

initstore

protected abstract boolean initstore()

Test if store is available, if not create a new empty store and return true.

startTransaction

protected abstract void startTransaction()

Start a transaction if the store supports transactions

commit

protected abstract void commit()

Commit the transaction if the store supports transactions

getRecord

protected abstract com.epimorphics.appbase.security.BaseUserStore.UserRecord getRecord(String id)

Return the record for the identified user.

getUser

public UserInfo getUser(String id)

Description copied from interface: UserStore

Return the user info for the given user ID, or null if not found

Specified by:

getUser in interface UserStore

checkUser

public org.apache.shiro.authc.SaltedAuthenticationInfo checkUser(String id)

Description copied from interface: UserStore

Test if a user is registered. Returns their user information and credentials if they are or null if not registered. Stored and returned credentials are salt-hashed to make it easy to allow user defined passwords in the future, redundant for generated passwords. If the user has no credentials or they have timed out then the credentials will be null.

Specified by:

checkUser in interface UserStore

Parameters:

id - the openid identifier string authenticated by the user

createCredentials

public String createCredentials(String id,
                                int minstolive)

Description copied from interface: UserStore

Create a new random password, set it and return it.

Yes, the return ought to be a char[] to allow for reseting but the use case will be creating string serializations of the key in any case to send it out so the added security of using char[] is zero.

Specified by:

createCredentials in interface UserStore

checkSubjectControls

protected void checkSubjectControls(String path)

register

public boolean register(UserInfo user)

Description copied from interface: UserStore

Register a new user. Return true if the new registration succeeded, false if the user is already registered.

Specified by:

register in interface UserStore

doRegister

public abstract boolean doRegister(UserInfo user)

unregister

public void unregister(String id)

Description copied from interface: UserStore

Unregister a user, removing them and any permissions from the store

Specified by:

unregister in interface UserStore

doUnregister

public abstract void doUnregister(String id)

setCredentials

public void setCredentials(String id,
                           org.apache.shiro.util.ByteSource credentials,
                           int minstolive)

Description copied from interface: UserStore

Store new credentials for the user

Specified by:

setCredentials in interface UserStore

Parameters:

id - the openid identifier string authenticated by the user

credentials - the password to store

minstolive - the time-to-livefor the credentials in minutes

doSetCredentials

public abstract void doSetCredentials(String id,
                                      org.apache.shiro.util.ByteSource credentials,
                                      int minstolive)

removeCredentials

public void removeCredentials(String id)

Description copied from interface: UserStore

Remove the credentials for the user

Specified by:

removeCredentials in interface UserStore

doRemoveCredentials

public abstract void doRemoveCredentials(String id)

addPermision

public void addPermision(String id,
                         String permission)

Description copied from interface: UserStore

Record a new permission for this user.

Specified by:

addPermision in interface UserStore

doAddPermision

public abstract void doAddPermision(String id,
                                    String permission)

removePermissionsOn

public void removePermissionsOn(String id,
                                String path)

Description copied from interface: UserStore

Remove permissions from this user for the given path. Only relevant in applications that use action:path structure.

Specified by:

removePermissionsOn in interface UserStore

doRemovePermissionsOn

public abstract void doRemovePermissionsOn(String id,
                                           String path)

removePermission

public void removePermission(String id,
                             String permission)

Description copied from interface: UserStore

Remove the specific matching permission for this user

Specified by:

removePermission in interface UserStore

doRemovePermission

public abstract void doRemovePermission(String id,
                                        String permission)