org.broadleafcommerce.openadmin.server.security.service

Class AdminSecurityServiceImpl

java.lang.Object

org.broadleafcommerce.openadmin.server.security.service.AdminSecurityServiceImpl

All Implemented Interfaces:

AdminSecurityService

@Service(value="blAdminSecurityService")
public class AdminSecurityServiceImpl
extends Object
implements AdminSecurityService

Author:

jfischer

Field Summary

Fields

Modifier and Type	Field and Description
protected AdminPermissionDao	adminPermissionDao
protected AdminRoleDao	adminRoleDao
protected AdminUserDao	adminUserDao
protected EmailService	emailService
protected ForgotPasswordSecurityTokenDao	forgotPasswordSecurityTokenDao
protected org.springframework.security.authentication.encoding.PasswordEncoder	passwordEncoder
protected EmailInfo	resetPasswordEmailInfo
protected String	salt Deprecated. use saltSource instead
protected org.springframework.security.authentication.dao.SaltSource	saltSource Use a Salt Source ONLY if there's one configured
protected EmailInfo	sendUsernameEmailInfo

Fields inherited from interface org.broadleafcommerce.openadmin.server.security.service.AdminSecurityService

DEFAULT_PERMISSIONS

Constructor Summary

Constructors

Constructor and Description
AdminSecurityServiceImpl()

Method Summary

Methods

Modifier and Type	Method and Description
AdminUser	changePassword(PasswordChange passwordChange)
GenericResponse	changePassword(String username, String oldPassword, String password, String confirmPassword)
protected void	checkExistingPassword(String password, AdminUser user, GenericResponse response)
protected void	checkPassword(String password, String confirmPassword, GenericResponse response)
protected void	checkUser(AdminUser user, GenericResponse response)
void	deleteAdminPermission(AdminPermission permission)
void	deleteAdminRole(AdminRole role)
void	deleteAdminUser(AdminUser user)
boolean	doesOperationExistForCeilingEntity(PermissionType permissionType, String ceilingEntityFullyQualifiedName)
protected String	generateSecurePassword()
static int	getPASSWORD_TOKEN_LENGTH()
EmailInfo	getResetPasswordEmailInfo()
protected String	getResetPasswordURL()
String	getSalt()
Object	getSalt(AdminUser user, String unencodedPassword) Gets the salt object for the current admin user.
org.springframework.security.authentication.dao.SaltSource	getSaltSource() Returns the SaltSource used with the blAdminPasswordEncoder to encrypt the user password.
EmailInfo	getSendUsernameEmailInfo()
protected int	getTokenExpiredMinutes()
protected boolean	isTokenExpired(ForgotPasswordSecurityToken fpst)
boolean	isUserQualifiedForOperationOnCeilingEntity(AdminUser adminUser, PermissionType permissionType, String ceilingEntityFullyQualifiedName)
AdminPermission	readAdminPermissionById(Long id)
AdminRole	readAdminRoleById(Long id)
AdminUser	readAdminUserById(Long id)
AdminUser	readAdminUserByUserName(String userName)
List<AdminUser>	readAdminUsersByEmail(String email) Returns a list of admin users that match the given email.
List<AdminPermission>	readAllAdminPermissions()
List<AdminRole>	readAllAdminRoles()
List<AdminUser>	readAllAdminUsers()
GenericResponse	resetPasswordUsingToken(String username, String token, String password, String confirmPassword) Updates the password for the passed in user only if the passed in token is valid for that user.
AdminPermission	saveAdminPermission(AdminPermission permission)
AdminRole	saveAdminRole(AdminRole role)
AdminUser	saveAdminUser(AdminUser user)
GenericResponse	sendForgotUsernameNotification(String emailAddress) Looks up the corresponding AdminUser and emails the address on file with the associated username.
GenericResponse	sendResetPasswordNotification(String username) Generates an access token and then emails the user.
static void	setPASSWORD_TOKEN_LENGTH(int PASSWORD_TOKEN_LENGTH)
void	setResetPasswordEmailInfo(EmailInfo resetPasswordEmailInfo)
void	setSalt(String salt)
void	setSaltSource(org.springframework.security.authentication.dao.SaltSource saltSource) Sets the SaltSource used with blAdminPasswordencoder to encrypt the user password.
void	setSendUsernameEmailInfo(EmailInfo sendUsernameEmailInfo)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

adminRoleDao

protected AdminRoleDao adminRoleDao

adminUserDao

protected AdminUserDao adminUserDao

forgotPasswordSecurityTokenDao

protected ForgotPasswordSecurityTokenDao forgotPasswordSecurityTokenDao

adminPermissionDao

protected AdminPermissionDao adminPermissionDao

passwordEncoder

protected org.springframework.security.authentication.encoding.PasswordEncoder passwordEncoder

salt

@Deprecated
protected String salt

Deprecated. use saltSource instead

Optional password salt to be used with the passwordEncoder

saltSource

@Autowired(required=false)
@Qualifier(value="blAdminSaltSource")
protected org.springframework.security.authentication.dao.SaltSource saltSource

Use a Salt Source ONLY if there's one configured

emailService

protected EmailService emailService

resetPasswordEmailInfo

protected EmailInfo resetPasswordEmailInfo

sendUsernameEmailInfo

protected EmailInfo sendUsernameEmailInfo

Constructor Detail

AdminSecurityServiceImpl

public AdminSecurityServiceImpl()

Method Detail

getTokenExpiredMinutes

protected int getTokenExpiredMinutes()

getResetPasswordURL

protected String getResetPasswordURL()

deleteAdminPermission

@Transactional(value="blTransactionManager")
public void deleteAdminPermission(AdminPermission permission)

Specified by:

deleteAdminPermission in interface AdminSecurityService

deleteAdminRole

@Transactional(value="blTransactionManager")
public void deleteAdminRole(AdminRole role)

Specified by:

deleteAdminRole in interface AdminSecurityService

deleteAdminUser

@Transactional(value="blTransactionManager")
public void deleteAdminUser(AdminUser user)

Specified by:

deleteAdminUser in interface AdminSecurityService

readAdminPermissionById

public AdminPermission readAdminPermissionById(Long id)

Specified by:

readAdminPermissionById in interface AdminSecurityService

readAdminRoleById

public AdminRole readAdminRoleById(Long id)

Specified by:

readAdminRoleById in interface AdminSecurityService

readAdminUserById

public AdminUser readAdminUserById(Long id)

Specified by:

readAdminUserById in interface AdminSecurityService

saveAdminPermission

@Transactional(value="blTransactionManager")
public AdminPermission saveAdminPermission(AdminPermission permission)

Specified by:

saveAdminPermission in interface AdminSecurityService

saveAdminRole

@Transactional(value="blTransactionManager")
public AdminRole saveAdminRole(AdminRole role)

Specified by:

saveAdminRole in interface AdminSecurityService

saveAdminUser

@Transactional(value="blTransactionManager")
public AdminUser saveAdminUser(AdminUser user)

Specified by:

saveAdminUser in interface AdminSecurityService

generateSecurePassword

protected String generateSecurePassword()

changePassword

@Transactional(value="blTransactionManager")
public AdminUser changePassword(PasswordChange passwordChange)

Specified by:

changePassword in interface AdminSecurityService

isUserQualifiedForOperationOnCeilingEntity

public boolean isUserQualifiedForOperationOnCeilingEntity(AdminUser adminUser,
                                                 PermissionType permissionType,
                                                 String ceilingEntityFullyQualifiedName)

Specified by:

isUserQualifiedForOperationOnCeilingEntity in interface AdminSecurityService

doesOperationExistForCeilingEntity

public boolean doesOperationExistForCeilingEntity(PermissionType permissionType,
                                         String ceilingEntityFullyQualifiedName)

Specified by:

doesOperationExistForCeilingEntity in interface AdminSecurityService

readAdminUserByUserName

public AdminUser readAdminUserByUserName(String userName)

Specified by:

readAdminUserByUserName in interface AdminSecurityService

readAdminUsersByEmail

public List<AdminUser> readAdminUsersByEmail(String email)

Description copied from interface: AdminSecurityService

Returns a list of admin users that match the given email. This could potentially return more than one user if the admin.user.requireUniqueEmailAddress property is set to false.

Specified by:

readAdminUsersByEmail in interface AdminSecurityService

Returns:

readAllAdminUsers

public List<AdminUser> readAllAdminUsers()

Specified by:

readAllAdminUsers in interface AdminSecurityService

readAllAdminRoles

public List<AdminRole> readAllAdminRoles()

Specified by:

readAllAdminRoles in interface AdminSecurityService

readAllAdminPermissions

public List<AdminPermission> readAllAdminPermissions()

Specified by:

readAllAdminPermissions in interface AdminSecurityService

sendForgotUsernameNotification

@Transactional(value="blTransactionManager")
public GenericResponse sendForgotUsernameNotification(String emailAddress)

Description copied from interface: AdminSecurityService

Looks up the corresponding AdminUser and emails the address on file with the associated username.

Specified by:

sendForgotUsernameNotification in interface AdminSecurityService

Returns:

Response can contain errors including (notFound)

sendResetPasswordNotification

@Transactional(value="blTransactionManager")
public GenericResponse sendResetPasswordNotification(String username)

Description copied from interface: AdminSecurityService

Generates an access token and then emails the user.

Specified by:

sendResetPasswordNotification in interface AdminSecurityService

Returns:

Response can contain errors including (invalidEmail, invalidUsername, inactiveUser)

resetPasswordUsingToken

@Transactional(value="blTransactionManager")
public GenericResponse resetPasswordUsingToken(String username,
                                                    String token,
                                                    String password,
                                                    String confirmPassword)

Description copied from interface: AdminSecurityService

Updates the password for the passed in user only if the passed in token is valid for that user.

Specified by:

resetPasswordUsingToken in interface AdminSecurityService

Parameters:

username - Name of the user

token - Valid reset token

password - new password

Returns:

Response can contain errors including (invalidUsername, inactiveUser, invalidToken, invalidPassword, tokenExpired, passwordMismatch)

checkUser

protected void checkUser(AdminUser user,
             GenericResponse response)

checkPassword

protected void checkPassword(String password,
                 String confirmPassword,
                 GenericResponse response)

checkExistingPassword

protected void checkExistingPassword(String password,
                         AdminUser user,
                         GenericResponse response)

isTokenExpired

protected boolean isTokenExpired(ForgotPasswordSecurityToken fpst)

getPASSWORD_TOKEN_LENGTH

public static int getPASSWORD_TOKEN_LENGTH()

setPASSWORD_TOKEN_LENGTH

public static void setPASSWORD_TOKEN_LENGTH(int PASSWORD_TOKEN_LENGTH)

getSendUsernameEmailInfo

public EmailInfo getSendUsernameEmailInfo()

setSendUsernameEmailInfo

public void setSendUsernameEmailInfo(EmailInfo sendUsernameEmailInfo)

getResetPasswordEmailInfo

public EmailInfo getResetPasswordEmailInfo()

setResetPasswordEmailInfo

public void setResetPasswordEmailInfo(EmailInfo resetPasswordEmailInfo)

getSalt

public Object getSalt(AdminUser user,
             String unencodedPassword)

Description copied from interface: AdminSecurityService

Gets the salt object for the current admin user. By default this delegates to AdminSecurityService.getSaltSource(). If there is not a SaltSource configured (AdminSecurityService.getSaltSource() returns null) then this also returns null.

Specified by:

getSalt in interface AdminSecurityService

Returns:

the salt for the current admin user

getSalt

public String getSalt()

Specified by:

getSalt in interface AdminSecurityService

setSalt

public void setSalt(String salt)

Specified by:

setSalt in interface AdminSecurityService

getSaltSource

public org.springframework.security.authentication.dao.SaltSource getSaltSource()

Description copied from interface: AdminSecurityService

Returns the SaltSource used with the blAdminPasswordEncoder to encrypt the user password. Usually configured in applicationContext-admin-security.xml. This is not a required property and will return null if not configured

Specified by:

getSaltSource in interface AdminSecurityService

setSaltSource

public void setSaltSource(org.springframework.security.authentication.dao.SaltSource saltSource)

Description copied from interface: AdminSecurityService

Sets the SaltSource used with blAdminPasswordencoder to encrypt the user password. Usually configured within applicationContext-admin-security.xml

Specified by:

setSaltSource in interface AdminSecurityService

changePassword

@Transactional(value="blTransactionManager")
public GenericResponse changePassword(String username,
                                           String oldPassword,
                                           String password,
                                           String confirmPassword)

Specified by:

changePassword in interface AdminSecurityService