@Service(value="blAdminSecurityService") public class AdminSecurityServiceImpl extends Object implements AdminSecurityService
| Modifier and Type | Field and Description |
|---|---|
protected AdminPermissionDao |
adminPermissionDao |
protected AdminRoleDao |
adminRoleDao |
protected AdminUserDao |
adminUserDao |
protected javax.cache.Cache<String,Boolean> |
cache |
protected static String |
CACHE_KEY_PREFIX |
protected static String |
CACHE_NAME |
protected javax.cache.CacheManager |
cacheManager |
protected EmailService |
emailService |
protected BroadleafApplicationEventPublisher |
eventPublisher |
protected AdminSecurityServiceExtensionManager |
extensionManager |
protected ForgotPasswordSecurityTokenDao |
forgotPasswordSecurityTokenDao |
protected org.springframework.security.crypto.password.PasswordEncoder |
passwordEncoderBean
This is simply a placeholder to be used by
#setupPasswordEncoder() to determine if we're using the
new PasswordEncoder or the deprecated PasswordEncoder |
protected EmailInfo |
resetPasswordEmailInfo |
protected EmailInfo |
sendUsernameEmailInfo |
DEFAULT_PERMISSIONS| Constructor and Description |
|---|
AdminSecurityServiceImpl() |
| Modifier and Type | Method and Description |
|---|---|
protected String |
buildCacheKey(AdminUser adminUser,
PermissionType permissionType,
String ceilingEntityFullyQualifiedName) |
AdminUser |
changePassword(PasswordChange passwordChange) |
GenericResponse |
changePassword(String username,
String oldPassword,
String password,
String confirmPassword)
Change a user's password only if oldPassword matches what's stored for that user
|
protected void |
checkExistingPassword(String unencodedPassword,
AdminUser user,
GenericResponse response) |
protected void |
checkPassword(String password,
String confirmPassword,
GenericResponse response) |
protected void |
checkUser(AdminUser user,
GenericResponse response) |
void |
clearAdminSecurityCache()
Clears the cache used for
AdminSecurityService.isUserQualifiedForOperationOnCeilingEntity(AdminUser, PermissionType, String) |
void |
deleteAdminPermission(AdminPermission permission) |
void |
deleteAdminRole(AdminRole role) |
void |
deleteAdminUser(AdminUser user) |
boolean |
doesOperationExistForCeilingEntity(PermissionType permissionType,
String ceilingEntityFullyQualifiedName) |
protected String |
encodePassword(String rawPassword)
Generate an encoded password from a raw password
|
protected String |
generateSecurePassword() |
protected javax.cache.Cache<String,Boolean> |
getCache() |
static int |
getPASSWORD_TOKEN_LENGTH() |
EmailInfo |
getResetPasswordEmailInfo() |
protected String |
getResetPasswordURL() |
EmailInfo |
getSendUsernameEmailInfo() |
protected int |
getTokenExpiredMinutes() |
protected void |
invalidateAllTokensForAdminUser(AdminUser user) |
protected boolean |
isPasswordValid(String encodedPassword,
String rawPassword)
Determines if a password is valid by comparing it to the encoded string, salting is handled internally to the
PasswordEncoder. |
protected boolean |
isTokenExpired(ForgotPasswordSecurityToken fpst) |
boolean |
isUserQualifiedForOperationOnCeilingEntity(AdminUser adminUser,
PermissionType permissionType,
String ceilingEntityFullyQualifiedName) |
AdminPermission |
readAdminPermissionById(Long id) |
AdminRole |
readAdminRoleById(Long id) |
AdminUser |
readAdminUserById(Long id) |
AdminUser |
readAdminUserByUserName(String userName) |
List<AdminUser> |
readAdminUsersByEmail(String email)
Returns a list of admin users that match the given email.
|
List<AdminPermission> |
readAllAdminPermissions() |
List<AdminRole> |
readAllAdminRoles() |
List<AdminUser> |
readAllAdminUsers() |
GenericResponse |
resetPasswordUsingToken(String username,
String token,
String password,
String confirmPassword)
Updates the password for the passed in user only if the passed
in token is valid for that user.
|
AdminPermission |
saveAdminPermission(AdminPermission permission) |
AdminRole |
saveAdminRole(AdminRole role) |
AdminUser |
saveAdminUser(AdminUser user) |
GenericResponse |
sendForgotUsernameNotification(String emailAddress)
Looks up the corresponding AdminUser and emails the address on file with
the associated username.
|
GenericResponse |
sendResetPasswordNotification(String username)
Generates an access token and then emails the user.
|
static void |
setPASSWORD_TOKEN_LENGTH(int PASSWORD_TOKEN_LENGTH) |
void |
setResetPasswordEmailInfo(EmailInfo resetPasswordEmailInfo) |
void |
setSendUsernameEmailInfo(EmailInfo sendUsernameEmailInfo) |
@Autowired @Qualifier(value="blApplicationEventPublisher") protected BroadleafApplicationEventPublisher eventPublisher
protected AdminRoleDao adminRoleDao
protected AdminUserDao adminUserDao
protected ForgotPasswordSecurityTokenDao forgotPasswordSecurityTokenDao
protected AdminPermissionDao adminPermissionDao
protected javax.cache.CacheManager cacheManager
protected static String CACHE_NAME
protected static String CACHE_KEY_PREFIX
protected org.springframework.security.crypto.password.PasswordEncoder passwordEncoderBean
This is simply a placeholder to be used by #setupPasswordEncoder() to determine if we're using the
new PasswordEncoder or the deprecated PasswordEncoder
protected EmailService emailService
protected EmailInfo resetPasswordEmailInfo
protected EmailInfo sendUsernameEmailInfo
protected AdminSecurityServiceExtensionManager extensionManager
protected int getTokenExpiredMinutes()
protected String getResetPasswordURL()
@Transactional(value="blTransactionManager") public void deleteAdminPermission(AdminPermission permission)
deleteAdminPermission in interface AdminSecurityService@Transactional(value="blTransactionManager") public void deleteAdminRole(AdminRole role)
deleteAdminRole in interface AdminSecurityService@Transactional(value="blTransactionManager") public void deleteAdminUser(AdminUser user)
deleteAdminUser in interface AdminSecurityServicepublic AdminPermission readAdminPermissionById(Long id)
readAdminPermissionById in interface AdminSecurityServicepublic AdminRole readAdminRoleById(Long id)
readAdminRoleById in interface AdminSecurityServicepublic AdminUser readAdminUserById(Long id)
readAdminUserById in interface AdminSecurityService@Transactional(value="blTransactionManager") public AdminPermission saveAdminPermission(AdminPermission permission)
saveAdminPermission in interface AdminSecurityService@Transactional(value="blTransactionManager") public AdminRole saveAdminRole(AdminRole role)
saveAdminRole in interface AdminSecurityService@Transactional(value="blTransactionManager") public AdminUser saveAdminUser(AdminUser user)
saveAdminUser in interface AdminSecurityServicepublic void clearAdminSecurityCache()
AdminSecurityServiceAdminSecurityService.isUserQualifiedForOperationOnCeilingEntity(AdminUser, PermissionType, String)clearAdminSecurityCache in interface AdminSecurityServiceprotected String generateSecurePassword()
@Transactional(value="blTransactionManager") public AdminUser changePassword(PasswordChange passwordChange)
changePassword in interface AdminSecurityServicepublic boolean isUserQualifiedForOperationOnCeilingEntity(AdminUser adminUser, PermissionType permissionType, String ceilingEntityFullyQualifiedName)
isUserQualifiedForOperationOnCeilingEntity in interface AdminSecurityServiceprotected String buildCacheKey(AdminUser adminUser, PermissionType permissionType, String ceilingEntityFullyQualifiedName)
public boolean doesOperationExistForCeilingEntity(PermissionType permissionType, String ceilingEntityFullyQualifiedName)
doesOperationExistForCeilingEntity in interface AdminSecurityServicepublic AdminUser readAdminUserByUserName(String userName)
readAdminUserByUserName in interface AdminSecurityServicepublic List<AdminUser> readAdminUsersByEmail(String email)
AdminSecurityServicereadAdminUsersByEmail in interface AdminSecurityServiceemail - the email address to search forList of AdminUser matching the provided email addresspublic List<AdminUser> readAllAdminUsers()
readAllAdminUsers in interface AdminSecurityServicepublic List<AdminRole> readAllAdminRoles()
readAllAdminRoles in interface AdminSecurityServicepublic List<AdminPermission> readAllAdminPermissions()
readAllAdminPermissions in interface AdminSecurityService@Transactional(value="blTransactionManager") public GenericResponse sendForgotUsernameNotification(String emailAddress)
AdminSecurityServicesendForgotUsernameNotification in interface AdminSecurityServiceemailAddress - email address of user to email@Transactional(value="blTransactionManager") public GenericResponse sendResetPasswordNotification(String username)
AdminSecurityServicesendResetPasswordNotification in interface AdminSecurityServiceusername - the username of the user to send a password reset email@Transactional(value="blTransactionManager") public GenericResponse resetPasswordUsingToken(String username, String token, String password, String confirmPassword)
AdminSecurityServiceresetPasswordUsingToken in interface AdminSecurityServiceusername - the username of the usertoken - a valid reset token from the emailpassword - the new desired passwordconfirmPassword - the password confirmation to match passwordprotected void invalidateAllTokensForAdminUser(AdminUser user)
protected void checkUser(AdminUser user, GenericResponse response)
protected void checkPassword(String password, String confirmPassword, GenericResponse response)
protected void checkExistingPassword(String unencodedPassword, AdminUser user, GenericResponse response)
protected boolean isTokenExpired(ForgotPasswordSecurityToken fpst)
public static int getPASSWORD_TOKEN_LENGTH()
public static void setPASSWORD_TOKEN_LENGTH(int PASSWORD_TOKEN_LENGTH)
public EmailInfo getSendUsernameEmailInfo()
public void setSendUsernameEmailInfo(EmailInfo sendUsernameEmailInfo)
public EmailInfo getResetPasswordEmailInfo()
public void setResetPasswordEmailInfo(EmailInfo resetPasswordEmailInfo)
@Transactional(value="blTransactionManager") public GenericResponse changePassword(String username, String oldPassword, String password, String confirmPassword)
AdminSecurityServicechangePassword in interface AdminSecurityServiceusername - the username to change the password foroldPassword - the user's current passwordpassword - the desired new passwordconfirmPassword - the confirm password to ensure it matches passwordprotected boolean isPasswordValid(String encodedPassword, String rawPassword)
PasswordEncoder.
This method must always be called to verify if a password is valid after the original encoded password is generated
due to PasswordEncoder randomly generating salts internally and appending them to the resulting hash.
encodedPassword - the encoded passwordrawPassword - the raw password to check against the encoded passwordprotected String encodePassword(String rawPassword)
This method can only be called once per password. The salt is randomly generated internally in the PasswordEncoder
and appended to the hash to provide the resulting encoded password. Once this has been called on a password,
going forward all checks for authenticity must be done by isPasswordValid(String, String) as encoding the
same password twice will result in different encoded passwords.
rawPassword - the unencoded password to encodeCopyright © 2022. All rights reserved.