Class AdminSecurityServiceImpl
java.lang.Object
org.broadleafcommerce.openadmin.server.security.service.AdminSecurityServiceImpl
- All Implemented Interfaces:
AdminSecurityService
@Service("blAdminSecurityService")
public class AdminSecurityServiceImpl
extends Object
implements AdminSecurityService
- Author:
- jfischer
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected AdminPermissionDaoprotected AdminRoleDaoprotected AdminUserDaoprotected static Stringprotected static Stringprotected javax.cache.CacheManagerprotected EmailServiceprotected BroadleafApplicationEventPublisherprotected AdminSecurityServiceExtensionManagerprotected ForgotPasswordSecurityTokenDaoprotected org.springframework.security.crypto.password.PasswordEncoderThis is simply a placeholder to be used by#setupPasswordEncoder()to determine if we're using the newPasswordEncoderor the deprecatedPasswordEncoderprotected EmailInfoprotected EmailInfoFields inherited from interface org.broadleafcommerce.openadmin.server.security.service.AdminSecurityService
DEFAULT_PERMISSIONS -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected StringbuildCacheKey(AdminUser adminUser, PermissionType permissionType, String ceilingEntityFullyQualifiedName) changePassword(String username, String oldPassword, String password, String confirmPassword) Change a user's password only if oldPassword matches what's stored for that userchangePassword(PasswordChange passwordChange) protected voidcheckExistingPassword(String unencodedPassword, AdminUser user, GenericResponse response) protected voidcheckPassword(String password, String confirmPassword, GenericResponse response) protected voidcheckUser(AdminUser user, GenericResponse response) voidClears the cache used forAdminSecurityService.isUserQualifiedForOperationOnCeilingEntity(AdminUser, PermissionType, String)voiddeleteAdminPermission(AdminPermission permission) voiddeleteAdminRole(AdminRole role) voiddeleteAdminUser(AdminUser user) booleandoesOperationExistForCeilingEntity(PermissionType permissionType, String ceilingEntityFullyQualifiedName) protected StringencodePassword(String rawPassword) Generate an encoded password from a raw passwordprotected StringgetCache()static intprotected Stringprotected intprotected voidprotected booleanisPasswordValid(String encodedPassword, String rawPassword) Determines if a password is valid by comparing it to the encoded string, salting is handled internally to thePasswordEncoder.protected booleanbooleanisUserQualifiedForOperationOnCeilingEntity(AdminUser adminUser, PermissionType permissionType, String ceilingEntityFullyQualifiedName) readAdminUserByUserName(String userName) readAdminUsersByEmail(String email) Returns a list of admin users that match the given email.resetPasswordUsingToken(String username, String token, String password, String confirmPassword) Updates the password for the passed in user only if the passed in token is valid for that user.saveAdminPermission(AdminPermission permission) saveAdminRole(AdminRole role) saveAdminUser(AdminUser user) sendForgotUsernameNotification(String emailAddress) Looks up the corresponding AdminUser and emails the address on file with the associated username.sendResetPasswordNotification(String username) Generates an access token and then emails the user.static voidsetPASSWORD_TOKEN_LENGTH(int PASSWORD_TOKEN_LENGTH) voidsetResetPasswordEmailInfo(EmailInfo resetPasswordEmailInfo) voidsetSendUsernameEmailInfo(EmailInfo sendUsernameEmailInfo)
-
Field Details
-
CACHE_NAME
-
CACHE_KEY_PREFIX
-
eventPublisher
@Autowired @Qualifier("blApplicationEventPublisher") protected BroadleafApplicationEventPublisher eventPublisher -
adminRoleDao
-
adminUserDao
-
forgotPasswordSecurityTokenDao
-
adminPermissionDao
-
cacheManager
protected javax.cache.CacheManager cacheManager -
cache
-
passwordEncoderBean
protected org.springframework.security.crypto.password.PasswordEncoder passwordEncoderBeanThis is simply a placeholder to be used by
#setupPasswordEncoder()to determine if we're using the newPasswordEncoderor the deprecatedPasswordEncoder -
emailService
-
resetPasswordEmailInfo
-
sendUsernameEmailInfo
-
extensionManager
-
-
Constructor Details
-
AdminSecurityServiceImpl
public AdminSecurityServiceImpl()
-
-
Method Details
-
getPASSWORD_TOKEN_LENGTH
public static int getPASSWORD_TOKEN_LENGTH() -
setPASSWORD_TOKEN_LENGTH
public static void setPASSWORD_TOKEN_LENGTH(int PASSWORD_TOKEN_LENGTH) -
getTokenExpiredMinutes
protected int getTokenExpiredMinutes() -
getResetPasswordURL
-
deleteAdminPermission
@Transactional("blTransactionManager") public void deleteAdminPermission(AdminPermission permission) - Specified by:
deleteAdminPermissionin interfaceAdminSecurityService
-
deleteAdminRole
- Specified by:
deleteAdminRolein interfaceAdminSecurityService
-
deleteAdminUser
- Specified by:
deleteAdminUserin interfaceAdminSecurityService
-
readAdminPermissionById
- Specified by:
readAdminPermissionByIdin interfaceAdminSecurityService
-
readAdminRoleById
- Specified by:
readAdminRoleByIdin interfaceAdminSecurityService
-
readAdminUserById
- Specified by:
readAdminUserByIdin interfaceAdminSecurityService
-
saveAdminPermission
@Transactional("blTransactionManager") public AdminPermission saveAdminPermission(AdminPermission permission) - Specified by:
saveAdminPermissionin interfaceAdminSecurityService
-
saveAdminRole
- Specified by:
saveAdminRolein interfaceAdminSecurityService
-
saveAdminUser
- Specified by:
saveAdminUserin interfaceAdminSecurityService
-
clearAdminSecurityCache
public void clearAdminSecurityCache()Description copied from interface:AdminSecurityServiceClears the cache used forAdminSecurityService.isUserQualifiedForOperationOnCeilingEntity(AdminUser, PermissionType, String)- Specified by:
clearAdminSecurityCachein interfaceAdminSecurityService
-
generateSecurePassword
-
changePassword
@Transactional("blTransactionManager") public AdminUser changePassword(PasswordChange passwordChange) - Specified by:
changePasswordin interfaceAdminSecurityService
-
isUserQualifiedForOperationOnCeilingEntity
public boolean isUserQualifiedForOperationOnCeilingEntity(AdminUser adminUser, PermissionType permissionType, String ceilingEntityFullyQualifiedName) - Specified by:
isUserQualifiedForOperationOnCeilingEntityin interfaceAdminSecurityService
-
buildCacheKey
protected String buildCacheKey(AdminUser adminUser, PermissionType permissionType, String ceilingEntityFullyQualifiedName) -
doesOperationExistForCeilingEntity
public boolean doesOperationExistForCeilingEntity(PermissionType permissionType, String ceilingEntityFullyQualifiedName) - Specified by:
doesOperationExistForCeilingEntityin interfaceAdminSecurityService
-
readAdminUserByUserName
- Specified by:
readAdminUserByUserNamein interfaceAdminSecurityService
-
readAdminUsersByEmail
Description copied from interface:AdminSecurityServiceReturns a list of admin users that match the given email. This could potentially return more than one user if the admin.user.requireUniqueEmailAddress property is set to false.- Specified by:
readAdminUsersByEmailin interfaceAdminSecurityService- Parameters:
email- the email address to search for- Returns:
- a
ListofAdminUsermatching the provided email address
-
readAllAdminUsers
- Specified by:
readAllAdminUsersin interfaceAdminSecurityService
-
readAllAdminRoles
- Specified by:
readAllAdminRolesin interfaceAdminSecurityService
-
readAllAdminPermissions
- Specified by:
readAllAdminPermissionsin interfaceAdminSecurityService
-
sendForgotUsernameNotification
@Transactional("blTransactionManager") public GenericResponse sendForgotUsernameNotification(String emailAddress) Description copied from interface:AdminSecurityServiceLooks up the corresponding AdminUser and emails the address on file with the associated username.- Specified by:
sendForgotUsernameNotificationin interfaceAdminSecurityService- Parameters:
emailAddress- email address of user to email- Returns:
- Response can contain errors including (notFound)
-
sendResetPasswordNotification
@Transactional("blTransactionManager") public GenericResponse sendResetPasswordNotification(String username) Description copied from interface:AdminSecurityServiceGenerates an access token and then emails the user.- Specified by:
sendResetPasswordNotificationin interfaceAdminSecurityService- Parameters:
username- the username of the user to send a password reset email- Returns:
- Response can contain errors including (invalidEmail, invalidUsername, inactiveUser)
-
resetPasswordUsingToken
@Transactional("blTransactionManager") public GenericResponse resetPasswordUsingToken(String username, String token, String password, String confirmPassword) Description copied from interface:AdminSecurityServiceUpdates the password for the passed in user only if the passed in token is valid for that user.- Specified by:
resetPasswordUsingTokenin interfaceAdminSecurityService- Parameters:
username- the username of the usertoken- a valid reset token from the emailpassword- the new desired passwordconfirmPassword- the password confirmation to match password- Returns:
- Response can contain errors including (invalidUsername, inactiveUser, invalidToken, invalidPassword, tokenExpired, passwordMismatch)
-
invalidateAllTokensForAdminUser
-
checkUser
-
checkPassword
-
checkExistingPassword
protected void checkExistingPassword(String unencodedPassword, AdminUser user, GenericResponse response) -
isTokenExpired
-
getSendUsernameEmailInfo
-
setSendUsernameEmailInfo
-
getResetPasswordEmailInfo
-
setResetPasswordEmailInfo
-
changePassword
@Transactional("blTransactionManager") public GenericResponse changePassword(String username, String oldPassword, String password, String confirmPassword) Description copied from interface:AdminSecurityServiceChange a user's password only if oldPassword matches what's stored for that user- Specified by:
changePasswordin interfaceAdminSecurityService- Parameters:
username- the username to change the password foroldPassword- the user's current passwordpassword- the desired new passwordconfirmPassword- the confirm password to ensure it matches password- Returns:
- Response can contain errors including (invalidUser, emailNotFound, inactiveUser, invalidPassword, passwordMismatch)
-
isPasswordValid
Determines if a password is valid by comparing it to the encoded string, salting is handled internally to thePasswordEncoder.This method must always be called to verify if a password is valid after the original encoded password is generated due to
PasswordEncoderrandomly generating salts internally and appending them to the resulting hash.- Parameters:
encodedPassword- the encoded passwordrawPassword- the raw password to check against the encoded password- Returns:
- true if rawPassword matches the encodedPassword, false otherwise
-
encodePassword
Generate an encoded password from a raw passwordThis method can only be called once per password. The salt is randomly generated internally in the
PasswordEncoderand appended to the hash to provide the resulting encoded password. Once this has been called on a password, going forward all checks for authenticity must be done byisPasswordValid(String, String)as encoding the same password twice will result in different encoded passwords.- Parameters:
rawPassword- the unencoded password to encode- Returns:
- the encoded password
-
getCache
-