org.broadleafcommerce.openadmin.server.security.service

Interface AdminSecurityService

All Known Implementing Classes:

AdminSecurityServiceImpl

public interface AdminSecurityService

Author:

jfischer

Field Summary

Fields

Modifier and Type	Field and Description
static String[]	DEFAULT_PERMISSIONS

Method Summary

Modifier and Type	Method and Description
AdminUser	changePassword(PasswordChange passwordChange)
GenericResponse	changePassword(String username, String oldPassword, String password, String confirmPassword) Change a user's password only if oldPassword matches what's stored for that user
void	clearAdminSecurityCache() Clears the cache used for isUserQualifiedForOperationOnCeilingEntity(AdminUser, PermissionType, String)
void	deleteAdminPermission(AdminPermission permission)
void	deleteAdminRole(AdminRole role)
void	deleteAdminUser(AdminUser user)
boolean	doesOperationExistForCeilingEntity(PermissionType permissionType, String ceilingEntityFullyQualifiedName)
boolean	isUserQualifiedForOperationOnCeilingEntity(AdminUser adminUser, PermissionType permissionType, String ceilingEntityFullyQualifiedName)
AdminPermission	readAdminPermissionById(Long id)
AdminRole	readAdminRoleById(Long id)
AdminUser	readAdminUserById(Long id)
AdminUser	readAdminUserByUserName(String userName)
List<AdminUser>	readAdminUsersByEmail(String email) Returns a list of admin users that match the given email.
List<AdminPermission>	readAllAdminPermissions()
List<AdminRole>	readAllAdminRoles()
List<AdminUser>	readAllAdminUsers()
GenericResponse	resetPasswordUsingToken(String username, String token, String password, String confirmPassword) Updates the password for the passed in user only if the passed in token is valid for that user.
AdminPermission	saveAdminPermission(AdminPermission permission)
AdminRole	saveAdminRole(AdminRole role)
AdminUser	saveAdminUser(AdminUser user)
GenericResponse	sendForgotUsernameNotification(String emailAddress) Looks up the corresponding AdminUser and emails the address on file with the associated username.
GenericResponse	sendResetPasswordNotification(String userName) Generates an access token and then emails the user.

Field Detail

DEFAULT_PERMISSIONS

static final String[] DEFAULT_PERMISSIONS

Method Detail

readAllAdminUsers

List<AdminUser> readAllAdminUsers()

readAdminUserById

AdminUser readAdminUserById(Long id)

readAdminUserByUserName

AdminUser readAdminUserByUserName(String userName)

saveAdminUser

AdminUser saveAdminUser(AdminUser user)

deleteAdminUser

void deleteAdminUser(AdminUser user)

readAllAdminRoles

List<AdminRole> readAllAdminRoles()

readAdminRoleById

AdminRole readAdminRoleById(Long id)

saveAdminRole

AdminRole saveAdminRole(AdminRole role)

deleteAdminRole

void deleteAdminRole(AdminRole role)

readAllAdminPermissions

List<AdminPermission> readAllAdminPermissions()

readAdminPermissionById

AdminPermission readAdminPermissionById(Long id)

saveAdminPermission

AdminPermission saveAdminPermission(AdminPermission permission)

deleteAdminPermission

void deleteAdminPermission(AdminPermission permission)

clearAdminSecurityCache

void clearAdminSecurityCache()

Clears the cache used for isUserQualifiedForOperationOnCeilingEntity(AdminUser, PermissionType, String)

changePassword

AdminUser changePassword(PasswordChange passwordChange)

isUserQualifiedForOperationOnCeilingEntity

boolean isUserQualifiedForOperationOnCeilingEntity(AdminUser adminUser,
                                                   PermissionType permissionType,
                                                   String ceilingEntityFullyQualifiedName)

doesOperationExistForCeilingEntity

boolean doesOperationExistForCeilingEntity(PermissionType permissionType,
                                           String ceilingEntityFullyQualifiedName)

sendForgotUsernameNotification

GenericResponse sendForgotUsernameNotification(String emailAddress)

Looks up the corresponding AdminUser and emails the address on file with the associated username.

Parameters:

emailAddress - email address of user to email

Returns:

Response can contain errors including (notFound)

sendResetPasswordNotification

GenericResponse sendResetPasswordNotification(String userName)

Generates an access token and then emails the user.

Parameters:

userName - the username of the user to send a password reset email

Returns:

Response can contain errors including (invalidEmail, invalidUsername, inactiveUser)

resetPasswordUsingToken

GenericResponse resetPasswordUsingToken(String username,
                                        String token,
                                        String password,
                                        String confirmPassword)

Updates the password for the passed in user only if the passed in token is valid for that user.

Parameters:

username - the username of the user

token - a valid reset token from the email

password - the new desired password

confirmPassword - the password confirmation to match password

Returns:

Response can contain errors including (invalidUsername, inactiveUser, invalidToken, invalidPassword, tokenExpired, passwordMismatch)

changePassword

GenericResponse changePassword(String username,
                               String oldPassword,
                               String password,
                               String confirmPassword)

Change a user's password only if oldPassword matches what's stored for that user

Parameters:

username - the username to change the password for

oldPassword - the user's current password

password - the desired new password

confirmPassword - the confirm password to ensure it matches password

Returns:

Response can contain errors including (invalidUser, emailNotFound, inactiveUser, invalidPassword, passwordMismatch)

readAdminUsersByEmail

List<AdminUser> readAdminUsersByEmail(String email)

Returns a list of admin users that match the given email. This could potentially return more than one user if the admin.user.requireUniqueEmailAddress property is set to false.

Parameters:

email - the email address to search for

Returns:

a List of AdminUser matching the provided email address