org.gluu.credmanager.core.UserService クラス

org.gluu.credmanager.core.UserService 連携図

公開メンバ関数
User	getUserFromClaims (Map< String, List< String >> claims) throws AttributeNotFoundException
boolean	passwordMatch (String userName, String password)
boolean	changePassword (String userId, String newPassword)
List< AuthnMethod >	getLiveAuthnMethods ()
List< AuthnMethod >	get2FARequisiteMethods ()
List< Pair< AuthnMethod, Integer > >	getUserMethodsCount (String userId, Set< String > retainMethods)
boolean	setPreferredMethod (User user, String method)
int	resetPreference (List< String > userInums)
List< Person >	searchUsers (String searchString)
boolean	zeroPreferences (String acr)
Pair< Set< String >, List< TrustedDevice > >	get2FAPolicyData (String userId)
boolean	update2FAPolicies (String userId, Set< String > policies)
boolean	deleteTrustedDevice (String userId, List< TrustedDevice > devices, int index)
String	generateRandEnrollmentCode (String userId)
boolean	cleanRandEnrollmentCode (String userId)

静的公開変数類
static final String []	OPEN_ID_SCOPES = new String[]{ "openid", "profile", "user_name", "clientinfo" }

非公開メンバ関数
boolean	setPreferredMethod (String id, String method)
List< AuthnMethod >	getLiveAuthnMethods (boolean sorted)
String	getClaim (Map< String, List< String >> claims, String claimName)
PersonPreferences	personPreferencesInstance (String id)

非公開変数類
Logger	logger
LdapService	ldapService
ExtensionsManager	extManager
ConfigurationHandler	confHandler
ObjectMapper	mapper = new ObjectMapper()

静的非公開変数類
static final String	PREFERRED_METHOD_ATTR = "oxPreferredMethod"

詳解

An app. scoped bean that encapsulates logic related to users manipulation (CRUD) at memory level (no LDAP storage)

著者

jgomer

関数詳解

changePassword()

boolean org.gluu.credmanager.core.UserService.changePassword ( String  userId, String  newPassword  )

inline

                                                                     {

        boolean success = false;
        try {
            if (Utils.isNotEmpty(newPassword)) {
                PersonPreferences person = personPreferencesInstance(userId);
                person.setPassword(newPassword);
                success = ldapService.modify(person, PersonPreferences.class);
            }
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
        }
        return success;

    }

cleanRandEnrollmentCode()

boolean org.gluu.credmanager.core.UserService.cleanRandEnrollmentCode ( String  userId )

inline

                                                          {
        logger.trace("Removing enrollment code for {}", userId);
        Person person = ldapService.get(Person.class, ldapService.getPersonDn(userId));
        person.setOxEnrollmentCode();
        return ldapService.modify(person, Person.class);
    }

deleteTrustedDevice()

boolean org.gluu.credmanager.core.UserService.deleteTrustedDevice ( String  userId, List< TrustedDevice >  devices, int  index  )

inline

                                                                                              {

        boolean updated = false;
        List<TrustedDevice> copyOfDevices = new ArrayList<>(devices);
        try {
            copyOfDevices.remove(index);
            String updatedJson = ldapService.getEncryptedString(mapper.writeValueAsString(copyOfDevices));

            PersonPreferences person = personPreferencesInstance(userId);
            person.setTrustedDevices(updatedJson);
            if (ldapService.modify(person, PersonPreferences.class)) {
                devices.remove(index);
                updated = true;
            }
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
        }
        return updated;

    }

generateRandEnrollmentCode()

String org.gluu.credmanager.core.UserService.generateRandEnrollmentCode ( String  userId )

inline

                                                            {

        logger.debug("Writing random enrollment code for {}", userId);
        String code = UUID.randomUUID().toString();
        Person person = ldapService.get(Person.class, ldapService.getPersonDn(userId));
        person.setOxEnrollmentCode(code);
        return ldapService.modify(person, Person.class) ? code : null;

    }

get2FAPolicyData()

Pair<Set<String>, List<TrustedDevice> > org.gluu.credmanager.core.UserService.get2FAPolicyData ( String  userId )

inline

                                                                                  {

        Set<String> list = new HashSet<>();
        List<TrustedDevice> trustedDevices = new ArrayList<>();
        try {
            PersonPreferences person = personPreferencesInstance(userId);
            String policy = person.getStrongAuthPolicy();

            if (Utils.isNotEmpty(policy)) {
                Stream.of(policy.split(",\\s*")).forEach(str -> {
                    try {
                        list.add(EnforcementPolicy.valueOf(str.toUpperCase()).toString());
                    } catch (Exception e) {
                        logger.error("The policy '{}' is not recognized", str);
                    }
                });
            }

            String trustedDevicesInfo = ldapService.getDecryptedString(person.getTrustedDevicesInfo());
            if (Utils.isNotEmpty(trustedDevicesInfo)) {
                trustedDevices = mapper.readValue(trustedDevicesInfo, new TypeReference<List<TrustedDevice>>() { });
                trustedDevices.forEach(TrustedDevice::sortOriginsDescending);

                TrustedDeviceComparator comparator = new TrustedDeviceComparator(true);
                trustedDevices.sort((first, second) -> comparator.compare(second, first));
            }
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
        }
        return new Pair<>(list, trustedDevices);

    }

get2FARequisiteMethods()

List<AuthnMethod> org.gluu.credmanager.core.UserService.get2FARequisiteMethods ( )

inline

                                                      {
        return getLiveAuthnMethods(false).stream().filter(AuthnMethod::mayBe2faActivationRequisite).collect(Collectors.toList());
    }

getClaim()

String org.gluu.credmanager.core.UserService.getClaim ( Map< String, List< String >>  claims, String  claimName  )

inlineprivate

From a collection of claims, it extracts the first value found for a claim whose name is passed. If claim is not found or has an empty list associated, it returns null

引数

claims	Map with claims (as gathered via oxd)
claimName	Claim to inspect

戻り値

First value of claim or null

                                                                                {
        List<String> values = claims.get(claimName);
        return Utils.isEmpty(values) ? null : values.get(0);
    }

getLiveAuthnMethods() [1/2]

List<AuthnMethod> org.gluu.credmanager.core.UserService.getLiveAuthnMethods ( )

inline

                                                   {
        return getLiveAuthnMethods(true);
    }

getLiveAuthnMethods() [2/2]

List<AuthnMethod> org.gluu.credmanager.core.UserService.getLiveAuthnMethods ( boolean  sorted )

inlineprivate

                                                                  {

        Map<String, Integer> authnMethodLevels = confHandler.getAcrLevelMapping();
        Set<String> mappedAcrs = confHandler.getSettings().getAcrPluginMap().keySet();
        Stream<AuthnMethod> stream = extManager.getAuthnMethodExts().stream().filter(aMethod -> mappedAcrs.contains(aMethod.getAcr()));
        if (sorted) {
            stream = stream.sorted(Comparator.comparing(aMethod -> -authnMethodLevels.get(aMethod.getAcr())));
        }
        return stream.collect(Collectors.toList());

    }

getUserFromClaims()

User org.gluu.credmanager.core.UserService.getUserFromClaims ( Map< String, List< String >>  claims ) throws AttributeNotFoundException

inline

                                                                                                      {

        User u = new User();
        u.setUserName(getClaim(claims, "user_name"));
        logger.trace("Creating a user instance from claims. Username is {}", u.getUserName());

        u.setGivenName(getClaim(claims, "given_name"));
        String inum = getClaim(claims, "inum");

        if (inum != null) {
            u.setId(inum);
        }
        if (u.getId() == null || u.getUserName() == null) {
            logger.error("Could not obtain minimal user claims!");
            throw new AttributeNotFoundException("Cannot retrieve claims for logged user");
        }
        PersonPreferences person = personPreferencesInstance(inum);
        if (person == null) {
            throw new AttributeNotFoundException("Cannot retrieve user's info from LDAP");
        }

        u.setPreferredMethod(person.getPreferredMethod());
        u.setAdmin(ldapService.isAdmin(inum));
        cleanRandEnrollmentCode(inum);
        if (confHandler.getSettings().getAcrPluginMap().keySet().stream()
                .anyMatch(acr -> acr.equals(SecurityKeyExtension.ACR) || acr.equals(SuperGluuExtension.ACR))) {
            ldapService.prepareFidoBranch(inum);
        }
        return u;

    }

getUserMethodsCount()

List<Pair<AuthnMethod, Integer> > org.gluu.credmanager.core.UserService.getUserMethodsCount ( String  userId, Set< String >  retainMethods  )

inline

                                                                                                          {
        return extManager.getAuthnMethodExts().stream().filter(aMethod -> retainMethods.contains(aMethod.getAcr()))
                .map(aMethod -> new Pair<>(aMethod, aMethod.getTotalUserCreds(userId, true)))
                .filter(pair -> pair.getY() > 0).collect(Collectors.toList());
    }

passwordMatch()

boolean org.gluu.credmanager.core.UserService.passwordMatch ( String  userName, String  password  )

inline

                                                                   {

        boolean match = false;
        try {
            match = ldapService.authenticate(userName, password);
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
        }
        return match;

    }

personPreferencesInstance()

PersonPreferences org.gluu.credmanager.core.UserService.personPreferencesInstance ( String  id )

inlineprivate

                                                                   {
        return ldapService.get(PersonPreferences.class, ldapService.getPersonDn(id));
    }

resetPreference()

int org.gluu.credmanager.core.UserService.resetPreference ( List< String >  userInums )

inline

Resets the preferred method of authentication for the users referenced by LDAP dn

引数

userInums

A List containing user DNs

戻り値

The number of modified entries in LDAP

                                                       {

        int modified = 0;
        try {
            for (String inum : userInums) {
                if (setPreferredMethod(inum, null)) {
                    modified++;
                    logger.info("Reset preferred method for user '{}'", inum);
                }
            }
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
        }
        return modified;

    }

searchUsers()

List<Person> org.gluu.credmanager.core.UserService.searchUsers ( String  searchString )

inline

Builds a list of users whose username, first or last name matches the pattern passed, and at the same time have a preferred authentication method other than password

引数

searchString

Pattern for search

戻り値

A collection of SimpleUser instances. Null if an error occurred to compute the list

                                                         {

        Stream<Filter> stream = Stream.of("uid", "givenName", "sn")
                .map(attr -> Filter.createSubstringFilter(attr, null, new String[]{ searchString }, null));

        Filter filter = Filter.createANDFilter(
                Filter.createORFilter(stream.collect(Collectors.toList())),
                Filter.createPresenceFilter(PREFERRED_METHOD_ATTR)
        );
        return ldapService.find(Person.class, ldapService.getPeopleDn(), filter.toString());

    }

setPreferredMethod() [1/2]

boolean org.gluu.credmanager.core.UserService.setPreferredMethod ( User  user, String  method  )

inline

                                                                {

        boolean success = setPreferredMethod(user.getId(), method);
        if (success) {
            user.setPreferredMethod(method);
        }
        return success;

    }

setPreferredMethod() [2/2]

boolean org.gluu.credmanager.core.UserService.setPreferredMethod ( String  id, String  method  )

inlineprivate

                                                                 {

        boolean success = false;
        try {
            PersonPreferences person = personPreferencesInstance(id);
            person.setPreferredMethod(method);
            success = ldapService.modify(person, PersonPreferences.class);
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
        }
        return success;

    }

update2FAPolicies()

boolean org.gluu.credmanager.core.UserService.update2FAPolicies ( String  userId, Set< String >  policies  )

inline

                                                                          {

        boolean updated = false;
        String str = policies.stream().map(String::toLowerCase).reduce("", (partial, next) -> partial + ", " + next);
        try {
            PersonPreferences person = personPreferencesInstance(userId);
            person.setStrongAuthPolicy(str.substring(2));
            updated = ldapService.modify(person, PersonPreferences.class);
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
        }
        return updated;

    }

zeroPreferences()

boolean org.gluu.credmanager.core.UserService.zeroPreferences ( String  acr )

inline

Determines if there are no users with this type of method as preferred in LDAP

引数

acr

戻り値

False if any user has type as his preferred. True otherwise

                                              {
        PersonPreferences ppfs = new PersonPreferences();
        ppfs.setPreferredMethod(acr);
        return ldapService.find(ppfs, PersonPreferences.class, ldapService.getPeopleDn()).size() == 0;
    }

メンバ詳解

confHandler

ConfigurationHandler org.gluu.credmanager.core.UserService.confHandler

private

extManager

ExtensionsManager org.gluu.credmanager.core.UserService.extManager

private

ldapService

LdapService org.gluu.credmanager.core.UserService.ldapService

private

logger

Logger org.gluu.credmanager.core.UserService.logger

private

mapper

ObjectMapper org.gluu.credmanager.core.UserService.mapper = new ObjectMapper()

private

OPEN_ID_SCOPES

final String [] org.gluu.credmanager.core.UserService.OPEN_ID_SCOPES = new String[]{ "openid", "profile", "user_name", "clientinfo" }

static

PREFERRED_METHOD_ATTR

final String org.gluu.credmanager.core.UserService.PREFERRED_METHOD_ATTR = "oxPreferredMethod"

staticprivate

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/OpenId/gluu/src/cred-manager/app/src/main/java/org/gluu/credmanager/core/UserService.java