AdminSecurityServiceImpl (BroadleafCommerce 2.1.2-GA API)

java.lang.Object
- org.broadleafcommerce.openadmin.server.security.service.AdminSecurityServiceImpl

All Implemented Interfaces:: AdminSecurityService

@Service(value="blAdminSecurityService")
@Transactional(value="blTransactionManager")
public class AdminSecurityServiceImpl
extends Object
implements AdminSecurityService

Author:: jfischer

Field Summary

Fields
Modifier and Type	Field and Description
`protected AdminRoleDao`	`adminRoleDao`
`protected AdminUserDao`	`adminUserDao`
`protected EmailService`	`emailService`
`protected ForgotPasswordSecurityTokenDao`	`forgotPasswordSecurityTokenDao`
`protected org.springframework.security.authentication.encoding.PasswordEncoder`	`passwordEncoder`
`protected EmailInfo`	`resetPasswordEmailInfo`
`protected String`	`resetPasswordURL`
`protected String`	`salt` Optional password salt to be used with the passwordEncoder
`protected EmailInfo`	`sendUsernameEmailInfo`
`protected int`	`tokenExpiredMinutes`

Constructor Summary

Constructors
Constructor and Description

AdminSecurityServiceImpl()

Constructors
Constructor and Description
`AdminSecurityServiceImpl()`

Method Summary

Methods
Modifier and Type	Method and Description
`AdminUser`	`changePassword(PasswordChange passwordChange)`
`GenericResponse`	`changePassword(String username, String oldPassword, String password, String confirmPassword)`
`protected void`	`checkExistingPassword(String password, AdminUser user, GenericResponse response)`
`protected void`	`checkPassword(String password, String confirmPassword, GenericResponse response)`
`protected void`	`checkUser(AdminUser user, GenericResponse response)`
`void`	`deleteAdminPermission(AdminPermission permission)`
`void`	`deleteAdminRole(AdminRole role)`
`void`	`deleteAdminUser(AdminUser user)`
`boolean`	`doesOperationExistForCeilingEntity(PermissionType permissionType, String ceilingEntityFullyQualifiedName)`
`static int`	`getPASSWORD_TOKEN_LENGTH()`
`EmailInfo`	`getResetPasswordEmailInfo()`
`String`	`getResetPasswordURL()`
`String`	`getSalt()`
`String`	`getSalt(AdminUser user)` Optionally provide a salt based on a a specific AdminUser.
`EmailInfo`	`getSendUsernameEmailInfo()`
`int`	`getTokenExpiredMinutes()`
`protected boolean`	`isTokenExpired(ForgotPasswordSecurityToken fpst)`
`boolean`	`isUserQualifiedForOperationOnCeilingEntity(AdminUser adminUser, PermissionType permissionType, String ceilingEntityFullyQualifiedName)`
`AdminPermission`	`readAdminPermissionById(Long id)`
`AdminRole`	`readAdminRoleById(Long id)`
`AdminUser`	`readAdminUserById(Long id)`
`AdminUser`	`readAdminUserByUserName(String userName)`
`List<AdminPermission>`	`readAllAdminPermissions()`
`List<AdminRole>`	`readAllAdminRoles()`
`List<AdminUser>`	`readAllAdminUsers()`
`GenericResponse`	`resetPasswordUsingToken(String username, String token, String password, String confirmPassword)` Updates the password for the passed in user only if the passed in token is valid for that user.
`AdminPermission`	`saveAdminPermission(AdminPermission permission)`
`AdminRole`	`saveAdminRole(AdminRole role)`
`AdminUser`	`saveAdminUser(AdminUser user)`
`GenericResponse`	`sendForgotUsernameNotification(String emailAddress)` Looks up the corresponding AdminUser and emails the address on file with the associated username.
`GenericResponse`	`sendResetPasswordNotification(String username)` Generates an access token and then emails the user.
`static void`	`setPASSWORD_TOKEN_LENGTH(int PASSWORD_TOKEN_LENGTH)`
`void`	`setResetPasswordEmailInfo(EmailInfo resetPasswordEmailInfo)`
`void`	`setResetPasswordURL(String resetPasswordURL)`
`void`	`setSalt(String salt)`
`void`	`setSendUsernameEmailInfo(EmailInfo sendUsernameEmailInfo)`
`void`	`setTokenExpiredMinutes(int tokenExpiredMinutes)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

adminRoleDao
```
protected AdminRoleDao adminRoleDao
```

adminUserDao
```
protected AdminUserDao adminUserDao
```

forgotPasswordSecurityTokenDao

protected ForgotPasswordSecurityTokenDao forgotPasswordSecurityTokenDao

passwordEncoder

protected org.springframework.security.authentication.encoding.PasswordEncoder passwordEncoder

salt
```
protected String salt
```
Optional password salt to be used with the passwordEncoder

emailService
```
protected EmailService emailService
```

resetPasswordEmailInfo

protected EmailInfo resetPasswordEmailInfo

sendUsernameEmailInfo

protected EmailInfo sendUsernameEmailInfo

tokenExpiredMinutes

@Value(value="${tokenExpiredMinutes}")
protected int tokenExpiredMinutes

resetPasswordURL

@Value(value="${resetPasswordURL}")
protected String resetPasswordURL

Constructor Detail
- AdminSecurityServiceImpl
```
public AdminSecurityServiceImpl()
```

Method Detail

deleteAdminPermission
```
public void deleteAdminPermission(AdminPermission permission)
```
Specified by:

deleteAdminPermission in interface AdminSecurityService

deleteAdminRole
```
public void deleteAdminRole(AdminRole role)
```
Specified by:

deleteAdminRole in interface AdminSecurityService

deleteAdminUser
```
public void deleteAdminUser(AdminUser user)
```
Specified by:

deleteAdminUser in interface AdminSecurityService

readAdminPermissionById
```
public AdminPermission readAdminPermissionById(Long id)
```
Specified by:

readAdminPermissionById in interface AdminSecurityService

readAdminRoleById
```
public AdminRole readAdminRoleById(Long id)
```
Specified by:

readAdminRoleById in interface AdminSecurityService

readAdminUserById
```
public AdminUser readAdminUserById(Long id)
```
Specified by:

readAdminUserById in interface AdminSecurityService

saveAdminPermission
```
public AdminPermission saveAdminPermission(AdminPermission permission)
```
Specified by:

saveAdminPermission in interface AdminSecurityService

saveAdminRole
```
public AdminRole saveAdminRole(AdminRole role)
```
Specified by:

saveAdminRole in interface AdminSecurityService

saveAdminUser
```
public AdminUser saveAdminUser(AdminUser user)
```
Specified by:

saveAdminUser in interface AdminSecurityService

changePassword
```
public AdminUser changePassword(PasswordChange passwordChange)
```
Specified by:

changePassword in interface AdminSecurityService

isUserQualifiedForOperationOnCeilingEntity

public boolean isUserQualifiedForOperationOnCeilingEntity(AdminUser adminUser,
                                                 PermissionType permissionType,
                                                 String ceilingEntityFullyQualifiedName)

Specified by:: isUserQualifiedForOperationOnCeilingEntity in interface AdminSecurityService

doesOperationExistForCeilingEntity

public boolean doesOperationExistForCeilingEntity(PermissionType permissionType,
                                         String ceilingEntityFullyQualifiedName)

Specified by:: doesOperationExistForCeilingEntity in interface AdminSecurityService

readAdminUserByUserName
```
public AdminUser readAdminUserByUserName(String userName)
```
Specified by:

readAdminUserByUserName in interface AdminSecurityService

readAllAdminUsers
```
public List<AdminUser> readAllAdminUsers()
```
Specified by:

readAllAdminUsers in interface AdminSecurityService

readAllAdminRoles
```
public List<AdminRole> readAllAdminRoles()
```
Specified by:

readAllAdminRoles in interface AdminSecurityService

readAllAdminPermissions
```
public List<AdminPermission> readAllAdminPermissions()
```
Specified by:

readAllAdminPermissions in interface AdminSecurityService

sendForgotUsernameNotification
```
public GenericResponse sendForgotUsernameNotification(String emailAddress)
```
Description copied from interface: AdminSecurityService

Looks up the corresponding AdminUser and emails the address on file with the associated username.

Specified by:

sendForgotUsernameNotification in interface AdminSecurityService

Returns:
Response can contain errors including (notFound)

sendResetPasswordNotification
```
public GenericResponse sendResetPasswordNotification(String username)
```
Description copied from interface: AdminSecurityService

Generates an access token and then emails the user.

Specified by:

sendResetPasswordNotification in interface AdminSecurityService

Returns:
Response can contain errors including (invalidEmail, invalidUsername, inactiveUser)

resetPasswordUsingToken
```
public GenericResponse resetPasswordUsingToken(String username,
                                      String token,
                                      String password,
                                      String confirmPassword)
```
Description copied from interface: AdminSecurityService

Updates the password for the passed in user only if the passed in token is valid for that user.

Specified by:

resetPasswordUsingToken in interface AdminSecurityService

Parameters:
username - Name of the user
token - Valid reset token
password - new password

Returns:
Response can contain errors including (invalidUsername, inactiveUser, invalidToken, invalidPassword, tokenExpired, passwordMismatch)

checkUser

protected void checkUser(AdminUser user,
             GenericResponse response)

checkPassword

protected void checkPassword(String password,
                 String confirmPassword,
                 GenericResponse response)

checkExistingPassword

protected void checkExistingPassword(String password,
                         AdminUser user,
                         GenericResponse response)

isTokenExpired

protected boolean isTokenExpired(ForgotPasswordSecurityToken fpst)

getTokenExpiredMinutes
```
public int getTokenExpiredMinutes()
```

setTokenExpiredMinutes

public void setTokenExpiredMinutes(int tokenExpiredMinutes)

getPASSWORD_TOKEN_LENGTH

public static int getPASSWORD_TOKEN_LENGTH()

setPASSWORD_TOKEN_LENGTH

public static void setPASSWORD_TOKEN_LENGTH(int PASSWORD_TOKEN_LENGTH)

getResetPasswordURL
```
public String getResetPasswordURL()
```

setResetPasswordURL

public void setResetPasswordURL(String resetPasswordURL)

getSendUsernameEmailInfo

public EmailInfo getSendUsernameEmailInfo()

setSendUsernameEmailInfo

public void setSendUsernameEmailInfo(EmailInfo sendUsernameEmailInfo)

getResetPasswordEmailInfo

public EmailInfo getResetPasswordEmailInfo()

setResetPasswordEmailInfo

public void setResetPasswordEmailInfo(EmailInfo resetPasswordEmailInfo)

getSalt
```
public String getSalt(AdminUser user)
```
Optionally provide a salt based on a a specific AdminUser. By default, this returns the salt property of this class

Parameters:
customer -

Returns:
See Also:
AdminSecurityServiceImpl#getSalt()}

getSalt
```
public String getSalt()
```

setSalt
```
public void setSalt(String salt)
```

changePassword

public GenericResponse changePassword(String username,
                             String oldPassword,
                             String password,
                             String confirmPassword)

Specified by:: changePassword in interface AdminSecurityService

Class AdminSecurityServiceImpl

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

adminRoleDao

adminUserDao

forgotPasswordSecurityTokenDao

passwordEncoder

salt

emailService

resetPasswordEmailInfo

sendUsernameEmailInfo

tokenExpiredMinutes

resetPasswordURL

Constructor Detail

AdminSecurityServiceImpl

Method Detail

deleteAdminPermission

deleteAdminRole

deleteAdminUser

readAdminPermissionById

readAdminRoleById

readAdminUserById

saveAdminPermission

saveAdminRole

saveAdminUser

changePassword

isUserQualifiedForOperationOnCeilingEntity

doesOperationExistForCeilingEntity

readAdminUserByUserName

readAllAdminUsers

readAllAdminRoles

readAllAdminPermissions

sendForgotUsernameNotification

sendResetPasswordNotification

resetPasswordUsingToken

checkUser

checkPassword

checkExistingPassword

isTokenExpired

getTokenExpiredMinutes

setTokenExpiredMinutes

getPASSWORD_TOKEN_LENGTH

setPASSWORD_TOKEN_LENGTH

getResetPasswordURL

setResetPasswordURL

getSendUsernameEmailInfo

setSendUsernameEmailInfo

getResetPasswordEmailInfo

setResetPasswordEmailInfo

getSalt

getSalt

setSalt

changePassword