org.alfresco.repo.security.authentication

Class RepositoryAuthenticationDao

java.lang.Object

org.alfresco.repo.security.authentication.RepositoryAuthenticationDao

All Implemented Interfaces:

net.sf.acegisecurity.providers.dao.AuthenticationDao, net.sf.acegisecurity.providers.dao.SaltSource, NodeServicePolicies.BeforeDeleteNodePolicy, NodeServicePolicies.OnUpdatePropertiesPolicy, ClassPolicy, Policy, MutableAuthenticationDao, org.springframework.beans.factory.InitializingBean

public class RepositoryAuthenticationDao
extends Object
implements MutableAuthenticationDao, org.springframework.beans.factory.InitializingBean, NodeServicePolicies.OnUpdatePropertiesPolicy, NodeServicePolicies.BeforeDeleteNodePolicy

Component to provide authentication using native Alfresco authentication

Since:

1.2

Nested Class Summary

Nested classes/interfaces inherited from interface org.alfresco.repo.policy.Policy

Policy.Arg

Field Summary

Fields

Modifier and Type	Field and Description
protected AuthorityService	authorityService
protected CompositePasswordEncoder	compositePasswordEncoder
protected org.alfresco.service.namespace.NamespacePrefixResolver	namespacePrefixResolver
protected org.alfresco.service.cmr.repository.NodeService	nodeService
protected PolicyComponent	policyComponent
protected org.alfresco.repo.tenant.TenantService	tenantService

Fields inherited from interface org.alfresco.repo.node.NodeServicePolicies.OnUpdatePropertiesPolicy

ARG_0, ARG_1, ARG_2, QNAME

Fields inherited from interface org.alfresco.repo.node.NodeServicePolicies.BeforeDeleteNodePolicy

QNAME

Fields inherited from interface org.alfresco.repo.policy.Policy

NAMESPACE

Constructor Summary

Constructors

Constructor and Description
RepositoryAuthenticationDao()

Method Summary

Modifier and Type	Method and Description
void	afterPropertiesSet()
void	beforeDeleteNode(org.alfresco.service.cmr.repository.NodeRef nodeRef) Called before a node is deleted.
void	createUser(String caseSensitiveUserName, char[] rawPassword) Create a user with the given userName and password
void	createUser(String caseSensitiveUserName, String hashedPassword, char[] rawPassword) Create a user with the given userName and password hash If hashedPassword is passed in then this is used, otherwise it falls back to using the rawPassword.
void	deleteUser(String userName) Delete a user.
static org.alfresco.util.Pair<List<String>,String>	determinePasswordHash(Map<org.alfresco.service.namespace.QName,Serializable> properties) Retrieves the password hash for the given user properties.
boolean	getAccountExpires(String userName) Does the account expire?
Date	getAccountExpiryDate(String userName) Get the date when this account expires.
boolean	getAccountHasExpired(String userName) Has the account expired?
boolean	getAccountlocked(String userName) Is the account locked?
boolean	getCredentialsExpire(String userName) Do the credentials for the user expire?
protected boolean	getCredentialsExpire(String userName, Map<org.alfresco.service.namespace.QName,Serializable> properties)
Date	getCredentialsExpiryDate(String userName) Get the date when the credentials/password expire.
boolean	getCredentialsHaveExpired(String userName) Have the credentials for the user expired?
protected boolean	getCredentialsHaveExpired(String userName, Map<org.alfresco.service.namespace.QName,Serializable> properties, Boolean isAdminAuthority)
boolean	getEnabled(String userName) Getter for user enabled
protected boolean	getEnabled(String userName, Map<org.alfresco.service.namespace.QName,Serializable> properties, Boolean isAdminAuthority)
protected boolean	getHasExpired(String userName, Map<org.alfresco.service.namespace.QName,Serializable> properties, Boolean isAdminAuthority)
boolean	getLocked(String userName) Check if the account is locked
protected boolean	getLocked(String userName, Map<org.alfresco.service.namespace.QName,Serializable> properties, Boolean isAdminAuthority)
String	getMD4HashedPassword(String userName) Get the MD4 password hash
Object	getSalt(net.sf.acegisecurity.UserDetails userDetails)
org.alfresco.service.cmr.repository.NodeRef	getUserOrNull(String caseSensitiveSearchUserName)
protected Map<org.alfresco.service.namespace.QName,Serializable>	getUserProperties(String userName)
net.sf.acegisecurity.UserDetails	loadUserByUsername(String incomingUserName)
void	onUpdateProperties(org.alfresco.service.cmr.repository.NodeRef nodeRef, Map<org.alfresco.service.namespace.QName,Serializable> before, Map<org.alfresco.service.namespace.QName,Serializable> after) Called after a node's properties have been changed.
void	onUpdateUserProperties(org.alfresco.service.cmr.repository.NodeRef nodeRef, Map<org.alfresco.service.namespace.QName,Serializable> before, Map<org.alfresco.service.namespace.QName,Serializable> after)
void	setAccountExpires(String userName, boolean expires) Set if the account should expire
void	setAccountExpiryDate(String userName, Date exipryDate) Set the date on which the account expires
void	setAuthenticationCache(org.alfresco.repo.cache.SimpleCache<String,org.alfresco.repo.security.authentication.RepositoryAuthenticationDao.CacheEntry> authenticationCache)
void	setAuthorityService(AuthorityService authorityService)
void	setCompositePasswordEncoder(CompositePasswordEncoder compositePasswordEncoder)
void	setCredentialsExpire(String userName, boolean expires) Set if the password expires.
void	setCredentialsExpiryDate(String userName, Date exipryDate) Set the date when credentials expire.
void	setEnabled(String userName, boolean enabled) Enable/disable a user.
void	setLocked(String userName, boolean locked) Set if the account is locked.
void	setNamespaceService(org.alfresco.service.namespace.NamespacePrefixResolver namespacePrefixResolver)
void	setNodeService(org.alfresco.service.cmr.repository.NodeService nodeService)
void	setPolicyComponent(PolicyComponent policyComponent)
void	setSingletonCache(org.alfresco.repo.cache.SimpleCache<String,org.alfresco.service.cmr.repository.NodeRef> singletonCache)
void	setTenantService(org.alfresco.repo.tenant.TenantService tenantService)
void	setTransactionService(TransactionService transactionService)
void	updateUser(String userName, char[] rawPassword) Update a user's password.
boolean	userExists(String userName) Check is a user exists.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

authorityService

protected AuthorityService authorityService

nodeService

protected org.alfresco.service.cmr.repository.NodeService nodeService

tenantService

protected org.alfresco.repo.tenant.TenantService tenantService

namespacePrefixResolver

protected org.alfresco.service.namespace.NamespacePrefixResolver namespacePrefixResolver

policyComponent

protected PolicyComponent policyComponent

compositePasswordEncoder

protected CompositePasswordEncoder compositePasswordEncoder

Constructor Detail

RepositoryAuthenticationDao

public RepositoryAuthenticationDao()

Method Detail

setNamespaceService

public void setNamespaceService(org.alfresco.service.namespace.NamespacePrefixResolver namespacePrefixResolver)

setAuthorityService

public void setAuthorityService(AuthorityService authorityService)

setNodeService

public void setNodeService(org.alfresco.service.cmr.repository.NodeService nodeService)

setTenantService

public void setTenantService(org.alfresco.repo.tenant.TenantService tenantService)

setSingletonCache

public void setSingletonCache(org.alfresco.repo.cache.SimpleCache<String,org.alfresco.service.cmr.repository.NodeRef> singletonCache)

setPolicyComponent

public void setPolicyComponent(PolicyComponent policyComponent)

setAuthenticationCache

public void setAuthenticationCache(org.alfresco.repo.cache.SimpleCache<String,org.alfresco.repo.security.authentication.RepositoryAuthenticationDao.CacheEntry> authenticationCache)

setTransactionService

public void setTransactionService(TransactionService transactionService)

setCompositePasswordEncoder

public void setCompositePasswordEncoder(CompositePasswordEncoder compositePasswordEncoder)

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception

Specified by:

afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

Throws:

Exception

loadUserByUsername

public net.sf.acegisecurity.UserDetails loadUserByUsername(String incomingUserName)
                                                    throws net.sf.acegisecurity.providers.dao.UsernameNotFoundException,
                                                           org.springframework.dao.DataAccessException

Specified by:

loadUserByUsername in interface net.sf.acegisecurity.providers.dao.AuthenticationDao

Throws:

net.sf.acegisecurity.providers.dao.UsernameNotFoundException

org.springframework.dao.DataAccessException

getUserOrNull

public org.alfresco.service.cmr.repository.NodeRef getUserOrNull(String caseSensitiveSearchUserName)

Parameters:

caseSensitiveSearchUserName - case sensitive user name

Returns:

the user's authentication node ref or null

determinePasswordHash

public static org.alfresco.util.Pair<List<String>,String> determinePasswordHash(Map<org.alfresco.service.namespace.QName,Serializable> properties)

Retrieves the password hash for the given user properties.

Parameters:

properties - The properties of the user.

Returns:

A Pair object containing the hash indicator and the hashed password.

createUser

public void createUser(String caseSensitiveUserName,
                       char[] rawPassword)
                throws org.alfresco.repo.security.authentication.AuthenticationException

Description copied from interface: MutableAuthenticationDao

Create a user with the given userName and password

Specified by:

createUser in interface MutableAuthenticationDao

Throws:

org.alfresco.repo.security.authentication.AuthenticationException

createUser

public void createUser(String caseSensitiveUserName,
                       String hashedPassword,
                       char[] rawPassword)
                throws org.alfresco.repo.security.authentication.AuthenticationException

Description copied from interface: MutableAuthenticationDao

Create a user with the given userName and password hash If hashedPassword is passed in then this is used, otherwise it falls back to using the rawPassword. It is assumed the hashed password has been encoded using system.preferred.password.encoding and doesn't use its own salt.

Specified by:

createUser in interface MutableAuthenticationDao

Throws:

org.alfresco.repo.security.authentication.AuthenticationException

updateUser

public void updateUser(String userName,
                       char[] rawPassword)
                throws org.alfresco.repo.security.authentication.AuthenticationException

Description copied from interface: MutableAuthenticationDao

Update a user's password.

Specified by:

updateUser in interface MutableAuthenticationDao

Throws:

org.alfresco.repo.security.authentication.AuthenticationException

deleteUser

public void deleteUser(String userName)
                throws org.alfresco.repo.security.authentication.AuthenticationException

Description copied from interface: MutableAuthenticationDao

Delete a user.

Specified by:

deleteUser in interface MutableAuthenticationDao

Throws:

org.alfresco.repo.security.authentication.AuthenticationException

getSalt

public Object getSalt(net.sf.acegisecurity.UserDetails userDetails)

Specified by:

getSalt in interface net.sf.acegisecurity.providers.dao.SaltSource

userExists

public boolean userExists(String userName)

Description copied from interface: MutableAuthenticationDao

Check is a user exists.

Specified by:

userExists in interface MutableAuthenticationDao

getUserProperties

protected Map<org.alfresco.service.namespace.QName,Serializable> getUserProperties(String userName)

Returns:

Returns the user properties or null if there are none

getAccountExpires

public boolean getAccountExpires(String userName)

Description copied from interface: MutableAuthenticationDao

Does the account expire?

Specified by:

getAccountExpires in interface MutableAuthenticationDao

getAccountExpiryDate

public Date getAccountExpiryDate(String userName)

Description copied from interface: MutableAuthenticationDao

Get the date when this account expires.

Specified by:

getAccountExpiryDate in interface MutableAuthenticationDao

getAccountHasExpired

public boolean getAccountHasExpired(String userName)

Description copied from interface: MutableAuthenticationDao

Has the account expired?

Specified by:

getAccountHasExpired in interface MutableAuthenticationDao

getHasExpired

protected boolean getHasExpired(String userName,
                                Map<org.alfresco.service.namespace.QName,Serializable> properties,
                                Boolean isAdminAuthority)

Parameters:

userName - the username

properties - user properties or null to fetch them

getLocked

public boolean getLocked(String userName)

Description copied from interface: MutableAuthenticationDao

Check if the account is locked

Specified by:

getLocked in interface MutableAuthenticationDao

Parameters:

userName - the username

getAccountlocked

public boolean getAccountlocked(String userName)

Description copied from interface: MutableAuthenticationDao

Is the account locked?

Specified by:

getAccountlocked in interface MutableAuthenticationDao

getLocked

protected boolean getLocked(String userName,
                            Map<org.alfresco.service.namespace.QName,Serializable> properties,
                            Boolean isAdminAuthority)

Parameters:

userName - the username

properties - user properties or null to fetch them

getCredentialsExpire

public boolean getCredentialsExpire(String userName)

Description copied from interface: MutableAuthenticationDao

Do the credentials for the user expire?

Specified by:

getCredentialsExpire in interface MutableAuthenticationDao

getCredentialsExpire

protected boolean getCredentialsExpire(String userName,
                                       Map<org.alfresco.service.namespace.QName,Serializable> properties)

Parameters:

userName - the username

properties - user properties or null to fetch them

getCredentialsExpiryDate

public Date getCredentialsExpiryDate(String userName)

Description copied from interface: MutableAuthenticationDao

Get the date when the credentials/password expire.

Specified by:

getCredentialsExpiryDate in interface MutableAuthenticationDao

getCredentialsHaveExpired

public boolean getCredentialsHaveExpired(String userName)

Description copied from interface: MutableAuthenticationDao

Have the credentials for the user expired?

Specified by:

getCredentialsHaveExpired in interface MutableAuthenticationDao

getCredentialsHaveExpired

protected boolean getCredentialsHaveExpired(String userName,
                                            Map<org.alfresco.service.namespace.QName,Serializable> properties,
                                            Boolean isAdminAuthority)

Parameters:

userName - the username (never null

properties - the properties associated with the user or null to get them

isAdminAuthority - is admin authority

Returns:

true if the user account has expired

getEnabled

public boolean getEnabled(String userName)

Description copied from interface: MutableAuthenticationDao

Getter for user enabled

Specified by:

getEnabled in interface MutableAuthenticationDao

getEnabled

protected boolean getEnabled(String userName,
                             Map<org.alfresco.service.namespace.QName,Serializable> properties,
                             Boolean isAdminAuthority)

Parameters:

userName - the username

properties - the user's properties or null

setAccountExpires

public void setAccountExpires(String userName,
                              boolean expires)

Description copied from interface: MutableAuthenticationDao

Set if the account should expire

Specified by:

setAccountExpires in interface MutableAuthenticationDao

setAccountExpiryDate

public void setAccountExpiryDate(String userName,
                                 Date exipryDate)

Description copied from interface: MutableAuthenticationDao

Set the date on which the account expires

Specified by:

setAccountExpiryDate in interface MutableAuthenticationDao

setCredentialsExpire

public void setCredentialsExpire(String userName,
                                 boolean expires)

Description copied from interface: MutableAuthenticationDao

Set if the password expires.

Specified by:

setCredentialsExpire in interface MutableAuthenticationDao

setCredentialsExpiryDate

public void setCredentialsExpiryDate(String userName,
                                     Date exipryDate)

Description copied from interface: MutableAuthenticationDao

Set the date when credentials expire.

Specified by:

setCredentialsExpiryDate in interface MutableAuthenticationDao

setEnabled

public void setEnabled(String userName,
                       boolean enabled)

Description copied from interface: MutableAuthenticationDao

Enable/disable a user.

Specified by:

setEnabled in interface MutableAuthenticationDao

setLocked

public void setLocked(String userName,
                      boolean locked)

Description copied from interface: MutableAuthenticationDao

Set if the account is locked.

Specified by:

setLocked in interface MutableAuthenticationDao

getMD4HashedPassword

public String getMD4HashedPassword(String userName)

Description copied from interface: MutableAuthenticationDao

Get the MD4 password hash

Specified by:

getMD4HashedPassword in interface MutableAuthenticationDao

onUpdateProperties

public void onUpdateProperties(org.alfresco.service.cmr.repository.NodeRef nodeRef,
                               Map<org.alfresco.service.namespace.QName,Serializable> before,
                               Map<org.alfresco.service.namespace.QName,Serializable> after)

Description copied from interface: NodeServicePolicies.OnUpdatePropertiesPolicy

Called after a node's properties have been changed.

Specified by:

onUpdateProperties in interface NodeServicePolicies.OnUpdatePropertiesPolicy

Parameters:

nodeRef - reference to the updated node

before - the node's properties before the change

after - the node's properties after the change

onUpdateUserProperties

public void onUpdateUserProperties(org.alfresco.service.cmr.repository.NodeRef nodeRef,
                                   Map<org.alfresco.service.namespace.QName,Serializable> before,
                                   Map<org.alfresco.service.namespace.QName,Serializable> after)

beforeDeleteNode

public void beforeDeleteNode(org.alfresco.service.cmr.repository.NodeRef nodeRef)

Description copied from interface: NodeServicePolicies.BeforeDeleteNodePolicy

Called before a node is deleted.

Specified by:

beforeDeleteNode in interface NodeServicePolicies.BeforeDeleteNodePolicy

Parameters:

nodeRef - the node reference