Package de.xima.fc.utils

Class UserMgmtUtils

java.lang.Object

de.xima.fc.utils.UserMgmtUtils

All Implemented Interfaces:

Serializable

public final class UserMgmtUtils
extends Object
implements Serializable

Hilfsklasse für Funktionalitäten der Benutzerverwaltung.

See Also:

Serialized Form

Field Summary

Fields

Modifier and Type	Field	Description
static Benutzer	ANONYMOUS	Deprecated. Use VirtualUser.ANONYMOUS
static String	DEFAULT_PWD_SYMBOLS
static Benutzer	DESIGNER_INITIAL_DUMMY	Deprecated. Use virtual users
static Benutzer	DESIGNER_LAST_DUMMY	Deprecated. Use virtual users
static Benutzer	DESIGNER_USER	Deprecated. No equivalent, but see VirtualUser
static Benutzer	SETUP	Deprecated. Use VirtualUser.SYSTEM
static Benutzer	SYSTEM	Deprecated. Use VirtualUser.SYSTEM

Method Summary

Modifier and Type	Method	Description
static boolean	canAccessClient(IUser user, Mandant client)	Whether the given user has permission to access the given client.
static boolean	canAccessInbox(IUser user, Postfach inbox)	Whether the user has permission to access the client inbox.
static boolean	canEditProject(IUser user, Projekt project)	Whether or not the given user has permission to edit the given project.
static boolean	canViewProject(IUser user, Projekt project)	Whether the given user has permission to view the given project.
static boolean	checkPassword(String clearTextPassword, String encryptedPassword)
static org.pac4j.core.profile.Gender	convert(EGender gender)	Converts the given gender to a pac4j Gender and to Gender.UNSPECIFIED if no match was found or null.
static EGender	convert(org.pac4j.core.profile.Gender gender)	Converts the given pac4j gender to a EGender and to EGender.UNSPECIFIED if null.
static org.pac4j.core.profile.CommonProfile	convertToProfile(Benutzer user)	Deprecated. Conversion of UserProfile to UserProfile is done in InternalUserAuthenticator
static String	dfltBgNameFor(ERollenTyp rolle, Locale locale)	Deprecated. Is handled in IClientCreateData
static String	encPwd(String src)	Deprecated. use hashPassword(String) and checkPassword(String, String)
static List<org.passay.CharacterRule>	filterCharacterRules(List<org.passay.Rule> rules)
static org.passay.LengthRule	filterFirstLengthRules(List<org.passay.Rule> rules)
static String	genPwd()	Deprecated. use genPwd(List) instead
static String	genPwd(List<SystemProperty> pwdPolicyConfig)	Generates a password based on the configured system rules
static IClientDescriptor	getAuthenticationClientFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)	Gets the client descriptor of the client that authenticated the user if it has been set in the authentication attributes of the given profile.
static String	getAuthenticationTargetFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)	Gets the target that the user authenticated for if it has been set in the authentication attributes of the given profile.
static Benutzer	getBenutzerFromUser(IUser user, Mandant client)	Deprecated.
static Set<IClientAuthorization>	getClientAuthorizationsFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)	Get the client authorizations of the user if it has been set in the authentication attributes of the given profile.
static String	getClientPermission(Mandant client, IAccessProperty accessProperty)	Returns a string value representing the permission within a client (Mandant).
static String	getClientPermission(Mandant client, String permissionName)	Returns a string value representing the permission within a client.
static String	getClientRole(Mandant client, String roleName)	Returns a string value representing the role within a client (Mandant).
static String	getClientRole(Rolle role)	Returns a string value representing the role within a client (Mandant).
static List<org.passay.Rule>	getDefaultPasswordRules()	This method returns a password policy with strict rules for the super user.
static Benutzer	getFromProfile(org.pac4j.core.profile.CommonProfile profile)	Deprecated.
static String	getGeneralPermission(IAccessProperty accessProperty)	Returns a string value representing the permission for the general scope.
static String	getGeneralPermission(String permissionName)	Returns a string value representing the permission for the general scope.
static DirectClientAuthorization	getInvitationClientAuthorizationFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)	Gets the invitation client authorization if it has been set in the authentication attributes of the given pac4j profile.
static String	getMaskedEmailAddress(String email)	Masks the email address for privacy purposes.
static String	getMaskedName(String name)	Masks the user name for privacy purposes.
static String	getMaskedUserAttribute(String value)	Masks the given user attribute (e.g.
static List<org.passay.Rule>	getPasswordRules(List<SystemProperty> pwdPolicyConfig, boolean useDefaultForGen)	Determines the password policy rules set from the persisted system configuration.
static int	getPasswordStrength(String newPassword, List<org.passay.Rule> rules)	Calculates the password-strength for password ui components.
static Set<String>	getPermissionsFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)	Gets the permissions if they have been set in the authentication attributes of the given pac4j profile.
static com.alibaba.fastjson.JSONObject	getRawData(org.pac4j.core.profile.UserProfile userProfile)
static String	getSystemPermission(IAccessProperty accessProperty)	Returns a string value representing the permission for system scope.
static String	getSystemPermission(String permissionName)	Returns a string value representing the permission for system scope.
static long	getTimeStamp(long addHours, long addMinutes)	Deprecated. Token duration for password set/reset mails is handled in UserMailUtil.
static String	getUniversalReferenceId(IUserIdentity identity)	Returns the universal reference ID of the user.
static String	getUniversalReferenceId(EHashAlgorithm hashAlgorithm, IUserIdentity identity)	Returns the universal reference ID of the user using the given hash algorithm.
static String	getUniversalReferenceId(EHashAlgorithm hashAlgorithm, String clientName, String profileId)	Returns the universal reference ID of the user.
static String	getUniversalReferenceId(EHashAlgorithm hashAlgorithm, org.pac4j.core.profile.UserProfile profile)	Returns the universal reference ID of the user.
static String	getUniversalReferenceId(org.pac4j.core.profile.UserProfile profile)	Returns the universal reference ID of the user.
static String	getUniversalReferenceIdClientPrefix(IClientDescriptor descriptor)	Returns the prefix of the authentication client for creating the universal reference ID for a user.
static String	getUniversalReferenceIdClientPrefix(String clientName)	Returns the prefix of the authentication client for creating the universal reference ID for a user.
static UserProfile	getUserProfileFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)	Gets the formcycle profile if it has been set in the authentication attributes of the given pac4j profile.
static String	getUserProfileHash(EHashAlgorithm hashAlgorithm, String clientName, String profileId)	Calculates the hash digest for the user profile defined by the given client name and profile ID using the given hash algorithm.
static String	getUserProfileHash(EHashAlgorithm hashAlgorithm, org.pac4j.core.profile.UserProfile profile)	Calculates the hash digest for the given user profile using the given hash algorithm.
static boolean	hasBackendAccess(IClientAuthorization authorization)	If the given client authorization grants users access to the formcycle backend.
static boolean	hasBackendAccess(IUser user)	Checks if the user has permission to access to the formcycle backend.
static boolean	hasDesignerAccess(IClientAuthorization authorization)	Returns whether or not the given client authorization grants designer access.
static String	hashPassword(String clearTextPassword)	Paswort-Encryption.
static boolean	hasInboxAccess(IClientAuthorization authorization)	Returns whether or not the given client authorization grants inbox access.
static boolean	isActive(IClientAuthorization authorization)	Checks if the given client authorization is active.
static boolean	isAnonymousUser(Benutzer user)	Deprecated.
static boolean	isAnonymousUser(IUser user)	Checks if the user is anonymous.
static boolean	isAuthenticatedFor(IUser user, String authTarget)	checks if the user has been authenticated for the given authentication target.
static boolean	isBackendAccessCapable(IClientAuthorization authorization)	Returns if the given client authorization is capable of allowing users access to the formcycle backend.
static boolean	isClientAdmin(UserProfile profile, Mandant client)	Returns true if given profile has a role of a MANDANT_ADMIN
static boolean	isClientAdmin(IClientAuthorization authorization)	Returns true if given authorization has a role of a MANDANT_ADMIN
static boolean	isClientAdmin(IUser user, Mandant client)	Checks if the user is an admin of the given client.
static boolean	isExpired(IEntityClientAuthorization authorization)	Checks if the given client authorization is expired (right now).
static boolean	isExternalUser(Benutzer user)	Deprecated.
static boolean	isInternalUser(Benutzer user)	Deprecated. Not neede anymore.
static boolean	isInvitationExpired(IEntityClientAuthorization authorization)	Checks if the invitation attached to the given client authorization is expired (right now).
static boolean	isInvitedUser(IUser user)
static boolean	isInvitedUser(org.pac4j.core.profile.UserProfile pac4jProfile)
static boolean	isSetupUser(Benutzer user)	Deprecated. Use isSuperUser(IUser) instead.
static boolean	isSetupUserWithClient(Benutzer user, javax.servlet.http.HttpSession session)	Deprecated.
static boolean	isSetupUserWithoutClient(Benutzer user, javax.servlet.http.HttpSession session)	Deprecated.
static boolean	isSuperUser(IUser user)	Checks if the user is THE super user.
static boolean	isSystemAdmin(UserProfile profile)	Checks if the user of the given profile is a system admin.
static boolean	isSystemAdmin(IUser user)	Checks if the user is a system admin.
static boolean	isSystemUser(Benutzer user)	Deprecated. Not needed anymore.
static boolean	isUser(IEntityClientAuthorization authorization, IUser user)	Checks whether the given client authorization applies to the given user.
static boolean	isUser(IUserIdentity identity, IUser user)	Checks whether the given user identity is the identity of the given user.
static boolean	isUser(UserProfile profile, IUser user)	Checks whether the given user profile is the user profile of the given user.
static org.pac4j.core.profile.AnonymousProfile	newAnonymousProfile()
static void	setAuthenticationTargetInAuthenticationAttributes(org.pac4j.core.profile.UserProfile pac4jProfile, IAuthenticationTarget target)	Sets the given authentication target in the authentication attributes of the profile.
static com.alibaba.fastjson.JSONObject	toJson(IUser user)
static com.alibaba.fastjson.JSONObject	toJson(IUser user, Mandant client)
static com.alibaba.fastjson.JSONObject	toJSON(Benutzer user, List<BenutzerGruppe> userGroups)	Deprecated. Use toJson(IUser, Mandant) instead.
static com.alibaba.fastjson.JSONObject	toJSON(Benutzer user, List<BenutzerGruppe> userGroups, org.pac4j.core.profile.CommonProfile prof)	Deprecated. Use toJson(IUser, Mandant) instead.
static PasswordValidationResult	validateDefaultPasswordRules(String password)	Validates the password with the default password rules.
static PasswordValidationResult	validatePassword(String userName, String oldPassword, String newPassword, List<SystemProperty> systemConfig)	Validates Passwords
static PasswordValidationResult	validatePassword(String oldPassword, String newPassword, List<SystemProperty> systemConfig)	Validates Passwords
static PasswordValidationResult	validatePassword(String password, List<SystemProperty> systemConfig)	Validates Passwords

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_PWD_SYMBOLS

public static final String DEFAULT_PWD_SYMBOLS

See Also:

Constant Field Values

ANONYMOUS

@Deprecated
public static final Benutzer ANONYMOUS

Deprecated.

Use VirtualUser.ANONYMOUS

Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.

SYSTEM

@Deprecated
public static final Benutzer SYSTEM

Deprecated.

Use VirtualUser.SYSTEM

Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.

SETUP

@Deprecated
public static final Benutzer SETUP

Deprecated.

Use VirtualUser.SYSTEM

Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.

DESIGNER_USER

@Deprecated
public static final Benutzer DESIGNER_USER

Deprecated.

No equivalent, but see VirtualUser

Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.

DESIGNER_LAST_DUMMY

@Deprecated
public static final Benutzer DESIGNER_LAST_DUMMY

Deprecated.

Use virtual users

Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.

DESIGNER_INITIAL_DUMMY

@Deprecated
public static final Benutzer DESIGNER_INITIAL_DUMMY

Deprecated.

Use virtual users

Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.

Method Detail

canEditProject

public static boolean canEditProject(IUser user,
                                     Projekt project)

Whether or not the given user has permission to edit the given project.

Parameters:

user - to check for

project - to check

Returns:

true if the user has permission to edit the project and false otherwise.

canViewProject

public static boolean canViewProject(IUser user,
                                     Projekt project)

Whether the given user has permission to view the given project.

Parameters:

user - to check for

project - to check

Returns:

true if the user has permission to view the project and false otherwise.

canAccessClient

public static boolean canAccessClient(IUser user,
                                      Mandant client)

Whether the given user has permission to access the given client.

Parameters:

user - to check for

client - to check

Returns:

true if the user has permission to access the given client and false otherwise.

canAccessInbox

public static boolean canAccessInbox(IUser user,
                                     Postfach inbox)

Whether the user has permission to access the client inbox. Note: This check does not take into account whether the user has the role permission to access the inbox UI.

Parameters:

user - to check for

inbox - to check

Returns:

true if the user has permission to access the given client inbox and false otherwise.

isClientAdmin

public static boolean isClientAdmin(UserProfile profile,
                                    Mandant client)

Returns true if given profile has a role of a MANDANT_ADMIN

Parameters:

profile - to check

Returns:

false if no admin role found

isClientAdmin

public static boolean isClientAdmin(IClientAuthorization authorization)

Returns true if given authorization has a role of a MANDANT_ADMIN

Parameters:

authorization - direct or indirect authorization

Returns:

false if no admin role found

isClientAdmin

public static boolean isClientAdmin(IUser user,
                                    Mandant client)

Checks if the user is an admin of the given client.

Parameters:

user - to check for

client - to check

Returns:

true if the user is an admin of the given client and false otherwise.

isSystemAdmin

public static boolean isSystemAdmin(UserProfile profile)

Checks if the user of the given profile is a system admin. System admins have permission to access/edit the system settings.

Parameters:

profile - to check

Returns:

true if the user of the given profile is a system admin and false otherwise.

isSystemAdmin

public static boolean isSystemAdmin(IUser user)

Checks if the user is a system admin. System admins have permission to access/edit the system settings.

Parameters:

user - A user to check.

Returns:

true if the user is a system admin and false otherwise.

isSuperUser

public static boolean isSuperUser(IUser user)

Checks if the user is THE super user. There is only one super user (sadmin) in the system.

Parameters:

user - to check

Returns:

true if the given user is the super user and false otherwise.

isAnonymousUser

public static boolean isAnonymousUser(IUser user)

Checks if the user is anonymous.

Parameters:

user - to check

Returns:

true if the user is an anonymous user and false otherwise.

isBackendAccessCapable

public static boolean isBackendAccessCapable(IClientAuthorization authorization)

Returns if the given client authorization is capable of allowing users access to the formcycle backend. This does not mean that the authorization actually allows backend access. If you want to find if an authorization grants backend access use hasBackendAccess(IClientAuthorization) instead.

Parameters:

authorization - to check.

Returns:

true if the authorization is capable of allowing users access to the formcycle backend. false otherwise.

isUser

public static boolean isUser(IEntityClientAuthorization authorization,
                             IUser user)

Checks whether the given client authorization applies to the given user.

Parameters:

authorization - to check.

user - to check if the client authorization applies.

Returns:

true if the given client authorization applies to the given user and false otherwise.

isUser

public static boolean isUser(UserProfile profile,
                             IUser user)

Checks whether the given user profile is the user profile of the given user.

Parameters:

profile - to check.

user - to check if the user profile is their user profile.

Returns:

true if the given user profile is the user profile of the given user and false otherwise.

isUser

public static boolean isUser(IUserIdentity identity,
                             IUser user)

Checks whether the given user identity is the identity of the given user.

Parameters:

identity - to check.

user - to check if their identity is the given user identity.

Returns:

true if the given user identity is the identity of the given user and false otherwise.

isActive

public static boolean isActive(IClientAuthorization authorization)

Checks if the given client authorization is active. If the attached user profile is inactive then the client authorization can't be active.

Parameters:

authorization - to check.

Returns:

true if the given client authorization is active and false otherwise.

isExpired

public static boolean isExpired(IEntityClientAuthorization authorization)

Checks if the given client authorization is expired (right now).

Parameters:

authorization - to check.

Returns:

true if the given client authorization is expired and false otherwise.

isInvitationExpired

public static boolean isInvitationExpired(IEntityClientAuthorization authorization)

Checks if the invitation attached to the given client authorization is expired (right now).

Parameters:

authorization - to check.

Returns:

true if the invitation to the given client authorization is expired and false otherwise.

isAuthenticatedFor

public static boolean isAuthenticatedFor(IUser user,
                                         String authTarget)

checks if the user has been authenticated for the given authentication target.

Parameters:

user - to check.

authTarget - to check. User can authenticated for different authentication targets, e.g. "backend", "form", ...

Returns:

true if the user has been authenticated for the given authentication target and false otherwise.

Throws:

IllegalArgumentException - if a blank authentication target is given.

isInvitedUser

public static boolean isInvitedUser(IUser user)

isInvitedUser

public static boolean isInvitedUser(org.pac4j.core.profile.UserProfile pac4jProfile)

hasBackendAccess

public static boolean hasBackendAccess(IUser user)

Checks if the user has permission to access to the formcycle backend.

Parameters:

user - to check

Returns:

true if the user has permission to access the formcycle backend and false otherwise.

hasBackendAccess

public static boolean hasBackendAccess(IClientAuthorization authorization)

If the given client authorization grants users access to the formcycle backend.

Parameters:

authorization - to check

Returns:

true if the client authorization grants users access to the formcycle backend and false otherwise.

hasInboxAccess

public static boolean hasInboxAccess(IClientAuthorization authorization)

Returns whether or not the given client authorization grants inbox access.

Parameters:

authorization - to check

Returns:

true if the authorization grants inbox access and false otherwise.

hasDesignerAccess

public static boolean hasDesignerAccess(IClientAuthorization authorization)

Returns whether or not the given client authorization grants designer access.

Parameters:

authorization - to check

Returns:

true if the authorization grants designer access and false otherwise.

setAuthenticationTargetInAuthenticationAttributes

public static void setAuthenticationTargetInAuthenticationAttributes(org.pac4j.core.profile.UserProfile pac4jProfile,
                                                                     IAuthenticationTarget target)

Sets the given authentication target in the authentication attributes of the profile.

Parameters:

pac4jProfile - to set authentication target for.

target - to set.

getAuthenticationTargetFromAuthenticationAttribute

public static String getAuthenticationTargetFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)

Gets the target that the user authenticated for if it has been set in the authentication attributes of the given profile.

Parameters:

pac4jProfile - to get the authentication client descriptor for

Returns:

the authentication client descriptor if it has been set and null otherwise.

getAuthenticationClientFromAuthenticationAttribute

public static IClientDescriptor getAuthenticationClientFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)

Gets the client descriptor of the client that authenticated the user if it has been set in the authentication attributes of the given profile.

Parameters:

pac4jProfile - to get the authentication client descriptor for

Returns:

the authentication client descriptor if it has been set and null otherwise.

getClientAuthorizationsFromAuthenticationAttribute

public static Set<IClientAuthorization> getClientAuthorizationsFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)

Get the client authorizations of the user if it has been set in the authentication attributes of the given profile.

Parameters:

pac4jProfile - to get the client authorizations for.

Returns:

the client authorizations if it has been set and null otherwise.

getUserProfileFromAuthenticationAttribute

public static UserProfile getUserProfileFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)

Gets the formcycle profile if it has been set in the authentication attributes of the given pac4j profile.

Parameters:

pac4jProfile - to get the formcycle profile for

Returns:

the formcycle profile if it has been set and null otherwise.

getPermissionsFromAuthenticationAttribute

public static Set<String> getPermissionsFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)

Gets the permissions if they have been set in the authentication attributes of the given pac4j profile.

Parameters:

pac4jProfile - to get the permissions for.

Returns:

the permissions if they have been set in and null otherwise.

getInvitationClientAuthorizationFromAuthenticationAttribute

public static DirectClientAuthorization getInvitationClientAuthorizationFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)

Gets the invitation client authorization if it has been set in the authentication attributes of the given pac4j profile. See here for more information about what invitation client authorizations are used for.

Parameters:

pac4jProfile - to get the invitation client authorization for.

Returns:

the invitation client authorization if it has been set in and null otherwise.

See Also:

CmnConst.Security.Authorization.AUTHENTICATION_ATTR_CLIENT_INVITATION_UUID

getUniversalReferenceId

public static String getUniversalReferenceId(org.pac4j.core.profile.UserProfile profile)

Returns the universal reference ID of the user. The universal reference ID is unique for every user within the system across all authenticators if it is a uniquely identifiable user. See getUniversalReferenceId(EHashAlgorithm, String, String) for universal reference ID format.

Parameters:

profile - to get the universal reference ID for

Returns:

the universal reference ID of the profile.

getUniversalReferenceId

public static String getUniversalReferenceId(EHashAlgorithm hashAlgorithm,
                                             org.pac4j.core.profile.UserProfile profile)

Returns the universal reference ID of the user. The universal reference ID is unique for every user within the system across all authenticators if it is a uniquely identifiable user. See getUniversalReferenceId(EHashAlgorithm, String, String) for universal reference ID format.

Parameters:

hashAlgorithm - the algorithm to be used for calculating the hash digest for a user profile. If no hash algorithm is given, the default user profile hash algorithm will be used.

profile - to get the universal reference ID for

Returns:

the universal reference ID of the profile.

getUniversalReferenceId

public static String getUniversalReferenceId(IUserIdentity identity)

Returns the universal reference ID of the user. The universal reference ID is unique for every user within the system across all authenticators if it is a uniquely identifiable user. See getUniversalReferenceId(EHashAlgorithm, String, String) for universal reference ID format.

Parameters:

identity - to get the universal reference ID for

Returns:

the universal reference ID of the identity.

getUniversalReferenceId

public static String getUniversalReferenceId(EHashAlgorithm hashAlgorithm,
                                             IUserIdentity identity)

Returns the universal reference ID of the user using the given hash algorithm. The universal reference ID is unique for every user within the system across all authenticators if it is a uniquely identifiable user. See getUniversalReferenceId(EHashAlgorithm, String, String) for universal reference ID format.

Parameters:

hashAlgorithm - the algorithm to be used for calculating the hash digest for a user profile. If no hash algorithm is given, the default user profile hash algorithm will be used.

identity - to get the universal reference ID for

Returns:

the universal reference ID of the identity.

getUniversalReferenceId

public static String getUniversalReferenceId(EHashAlgorithm hashAlgorithm,
                                             String clientName,
                                             String profileId)

Returns the universal reference ID of the user. The universal reference ID is unique for every user within the system across all authenticators if it is a uniquely identifiable user. Anonymous users or users that authenticate via a group password can't be uniquely identified. There are a few users which have special universal reference IDs (see below). All other users follow a general format for their universal reference ID.

Universal reference ID format for general users:

 <Authenticator client name>#<Hash algorithm ID>#<profile identification hash>
 

Authenticator client name

The client name of an authenticator client, which can be retrieved by calling IClientDescriptor.getClientName(), E.g. "KERBEROS" or the callback UUID for entity authenticators.

Hash algorithm ID

An identifier determining the hash algorithm used to calculate the profile hash

Profile identification hash

A hash digest representing the user profile. See getUserProfileHash(EHashAlgorithm, UserProfile) for the creation of the user profile hash.

Special reserved universal reference IDs:

• Super user: SUPER
• Anonymous user(s): ANONYMOUS

Parameters:

hashAlgorithm - the algorithm to be used for calculating the hash digest for a user profile. If no hash algorithm is given, the default user profile hash algorithm will be used.

clientName - describes the authentication client that is used to authenticate the user

profileId - ID of the authenticated user within the authentication client

Returns:

the universal reference ID of the user

getUniversalReferenceIdClientPrefix

public static String getUniversalReferenceIdClientPrefix(IClientDescriptor descriptor)

Returns the prefix of the authentication client for creating the universal reference ID for a user. See getUniversalReferenceId(EHashAlgorithm, String, String) for universal reference ID format.

Parameters:

descriptor - describes the authentication client that is used to authenticate the user.

Returns:

the prefix of the authentication client for creating the universal reference ID for a user.

getUniversalReferenceIdClientPrefix

public static String getUniversalReferenceIdClientPrefix(String clientName)

Returns the prefix of the authentication client for creating the universal reference ID for a user. See getUniversalReferenceId(EHashAlgorithm, String, String) for universal reference ID format.

Parameters:

clientName - describes the authentication client that is used to authenticate the user.

Returns:

the prefix of the authentication client for creating the universal reference ID for a user.

getUserProfileHash

public static String getUserProfileHash(EHashAlgorithm hashAlgorithm,
                                        org.pac4j.core.profile.UserProfile profile)

Calculates the hash digest for the given user profile using the given hash algorithm.

Parameters:

hashAlgorithm - the algorithm to be used for calculating the hash digest for a user profile. If no hash algorithm is given, the default user profile hash algorithm will be used.

profile - the user profile to be hashed.

Returns:

the hash digest for the user profile.

Throws:

NullPointerException - if no user profile was given.

getUserProfileHash

public static String getUserProfileHash(EHashAlgorithm hashAlgorithm,
                                        String clientName,
                                        String profileId)

Calculates the hash digest for the user profile defined by the given client name and profile ID using the given hash algorithm.

Parameters:

hashAlgorithm - the algorithm to be used for calculating the hash digest for a user profile. If no hash algorithm is given, the default user profile hash algorithm will be used.

clientName - the client name of the authenticator (the authenticator callback UUID for entity authenticators).

profileId - the ID of the user profile within an IDP.

Returns:

the hash digest for the user profile defined by the client name and profile ID.

Throws:

IllegalArgumentException - if no client name or profile ID were given.

getClientRole

public static String getClientRole(Rolle role)

Returns a string value representing the role within a client (Mandant). For more information about the format of the scoped role value see getClientRole(Mandant, String).

Parameters:

role - to get the scoped role value for

Returns:

a scoped string value representing the role within a client.

getClientRole

public static String getClientRole(Mandant client,
                                   String roleName)

Returns a string value representing the role within a client (Mandant). Format of the string value:

 <client UUID>#<Role name>
 

Parameters:

client - to scope role name to

roleName - to scope

Returns:

a scoped string value representing the role within a client.

getClientPermission

public static String getClientPermission(Mandant client,
                                         IAccessProperty accessProperty)

Returns a string value representing the permission within a client (Mandant). For more information about the format of the scoped value see getClientPermission(Mandant, String).

Parameters:

client - to scope permission to

accessProperty - to get a scoped permission value for

Returns:

a scoped string value representing the permission within a client.

getClientPermission

public static String getClientPermission(Mandant client,
                                         String permissionName)

Returns a string value representing the permission within a client. Format of the string value:

 <client UUID>#<permission name>
 

Parameters:

client - to scope permission to

permissionName - to get a scoped permission value for

Returns:

a scoped string value representing the permission within a client.

getSystemPermission

public static String getSystemPermission(IAccessProperty accessProperty)

Returns a string value representing the permission for system scope. For more information about the format of the scoped value see getSystemPermission(String).

Parameters:

accessProperty - to get a scoped permission value for

Returns:

a scoped string value representing the permission for the system scope.

getSystemPermission

public static String getSystemPermission(String permissionName)

Returns a string value representing the permission for system scope. Format of the string value:

 SYSTEM#<permission name>
 

Parameters:

permissionName - to get a scoped permission value for

Returns:

a scoped string value representing the permission for the system scope.

getGeneralPermission

public static String getGeneralPermission(IAccessProperty accessProperty)

Returns a string value representing the permission for the general scope.

Parameters:

accessProperty - to get a permission value for.

Returns:

a string value representing the permission for the general scope.

getGeneralPermission

public static String getGeneralPermission(String permissionName)

Returns a string value representing the permission for the general scope.

Parameters:

permissionName - to get a permission value for.

Returns:

a string value representing the permission for the general scope.

convert

public static EGender convert(org.pac4j.core.profile.Gender gender)

Converts the given pac4j gender to a EGender and to EGender.UNSPECIFIED if null.

Parameters:

gender - to convert

Returns:

converted gender

convert

public static org.pac4j.core.profile.Gender convert(EGender gender)

Converts the given gender to a pac4j Gender and to Gender.UNSPECIFIED if no match was found or null.

Parameters:

gender - to convert

Returns:

converted gender

genPwd

public static String genPwd(List<SystemProperty> pwdPolicyConfig)

Generates a password based on the configured system rules

Parameters:

pwdPolicyConfig - pwdPolicyConfig a List of SystemPropertys which specify the password policy rules

Returns:

a generated Password

getPasswordStrength

public static int getPasswordStrength(String newPassword,
                                      List<org.passay.Rule> rules)

Calculates the password-strength for password ui components. The ranges for levels in the ui component are:

• 0,29: Weak
• 30,79: Medium
• 80,100: Strong

The method returns 29 if not all configured password policy rules apply.
The method returns 79 if all configured password policy rules apply.
The method returns 100 if the estimate entropy of the pass phrase is over 31.

Parameters:

newPassword - the password to calculate the strength of

rules - a list of system properties which specify the password policy rules

Returns:

Double

hashPassword

public static String hashPassword(String clearTextPassword)

Paswort-Encryption.

checkPassword

public static boolean checkPassword(String clearTextPassword,
                                    String encryptedPassword)

validatePassword

public static PasswordValidationResult validatePassword(String password,
                                                        List<SystemProperty> systemConfig)

Validates Passwords

Parameters:

password - the new password

systemConfig - list with system properties, which defines the use password policy rules if list is null or empty, the system defined default password policy rules will be used

Returns:

PasswordValidationResult with validation-status and errors

validateDefaultPasswordRules

public static PasswordValidationResult validateDefaultPasswordRules(String password)

Validates the password with the default password rules.

Parameters:

password - the new password

Returns:

PasswordValidationResult with validation-status and errors

validatePassword

public static PasswordValidationResult validatePassword(String oldPassword,
                                                        String newPassword,
                                                        List<SystemProperty> systemConfig)

Validates Passwords

Parameters:

oldPassword - old passwords which should be permitted to use again. May be null or empty.

newPassword - the new password

systemConfig - list with system properties, which defines the use password policy rules if list is null or empty, the system defined default password policy rules will be used

Returns:

PasswordValidationResult with validation-status and errors

validatePassword

public static PasswordValidationResult validatePassword(String userName,
                                                        String oldPassword,
                                                        String newPassword,
                                                        List<SystemProperty> systemConfig)

Validates Passwords

Parameters:

userName - name of the user to permit passwords with username. May be null or empty.

oldPassword - old passwords which should be permitted to use again. May be null or empty.

newPassword - the new password

systemConfig - list with system properties, which defines the use password policy rules if list is null or empty, the system defined default password policy rules will be used

Returns:

PasswordValidationResult with validation-status and errors

getMaskedUserAttribute

public static String getMaskedUserAttribute(String value)

Masks the given user attribute (e.g. emails or names).

Parameters:

value - user attribute value that is to be masked.

Returns:

the masked user attribute.

getMaskedName

public static String getMaskedName(String name)

Masks the user name for privacy purposes. E.g.: "Joe Average" becomes "Jo**** Av****".

Parameters:

name - to be masked

Returns:

the masked name

getMaskedEmailAddress

public static String getMaskedEmailAddress(String email)

Masks the email address for privacy purposes. E.g.: "joe.average@example.com" becomes "j*****e@example.com".

Parameters:

email - to be masked

Returns:

the masked email

Throws:

IllegalArgumentException - if the given string is not an email.

getDefaultPasswordRules

public static List<org.passay.Rule> getDefaultPasswordRules()

This method returns a password policy with strict rules for the super user. This method should be used when the password policy on the database cannot be accessed.

Returns:

list of password policy Rules

getPasswordRules

public static List<org.passay.Rule> getPasswordRules(List<SystemProperty> pwdPolicyConfig,
                                                     boolean useDefaultForGen)

Determines the password policy rules set from the persisted system configuration. The persisted system configuration comes within the given systemConfig list.

Parameters:

pwdPolicyConfig - List of SystemPropertys

useDefaultForGen - Flag for use functionality in password generation. If no rules configured (in system properties or pre default) the rules 'ALPABETICAL' and 'DIGITS' will be returned.

Returns:

list of password policy Rules

filterCharacterRules

public static List<org.passay.CharacterRule> filterCharacterRules(List<org.passay.Rule> rules)

filterFirstLengthRules

public static org.passay.LengthRule filterFirstLengthRules(List<org.passay.Rule> rules)

newAnonymousProfile

public static org.pac4j.core.profile.AnonymousProfile newAnonymousProfile()

toJson

public static com.alibaba.fastjson.JSONObject toJson(IUser user,
                                                     Mandant client)

toJson

public static com.alibaba.fastjson.JSONObject toJson(IUser user)

getRawData

public static com.alibaba.fastjson.JSONObject getRawData(org.pac4j.core.profile.UserProfile userProfile)

getBenutzerFromUser

@Deprecated
public static Benutzer getBenutzerFromUser(IUser user,
                                           Mandant client)

Deprecated.

genPwd

@Deprecated
public static String genPwd()

Deprecated.

use genPwd(List) instead

Passwortgenerierung.

encPwd

@Deprecated
public static String encPwd(String src)

Deprecated.

use hashPassword(String) and checkPassword(String, String)

getTimeStamp

@Deprecated
public static long getTimeStamp(long addHours,
                                long addMinutes)

Deprecated.

Token duration for password set/reset mails is handled in UserMailUtil.

Liefert einen Zeitstempel (beginnend vom aktuellen Zeitpunkt) zurück, welcher, um die in den Parametern für Stunden und Minuten enthalten Werte, erweitert wurde.

Parameters:

addHours - Stunden, die zum aktuellen Zeitpunkt hinzugezählt werden sollen

addMinutes - Minuten, die zum aktuellen Zeitpunkt hinzugezählt werden sollen

Returns:

ein Zeitstempel

dfltBgNameFor

@Deprecated
public static String dfltBgNameFor(ERollenTyp rolle,
                                   Locale locale)

Deprecated.

Is handled in IClientCreateData

Liefert den lokalisierten Standard-Gruppennamen für Benutzer mit der übergebenen Rolle.

Returns:

Den Gruppennamen.

isSetupUser

@Deprecated
public static boolean isSetupUser(Benutzer user)

Deprecated.

Use isSuperUser(IUser) instead.

Parameters:

user - User to check.

Returns:

true if the given user is a setup user (sadmin), who can administrate the system.

isSetupUserWithoutClient

@Deprecated
public static boolean isSetupUserWithoutClient(Benutzer user,
                                               javax.servlet.http.HttpSession session)

Deprecated.

Parameters:

user - User to check.

session - Optional session for retrieving the client.

Returns:

true if the given user is a setup user and has not chosen a client.

isSetupUserWithClient

@Deprecated
public static boolean isSetupUserWithClient(Benutzer user,
                                            javax.servlet.http.HttpSession session)

Deprecated.

Parameters:

user - User to check.

session - Optional session for retrieving the client.

Returns:

true if the given user is a setup user and has chosen a client.

isSystemUser

@Deprecated
public static boolean isSystemUser(Benutzer user)

Deprecated.

Not needed anymore. Check against VirtualUser.SYSTEM if it is really necessary.

isAnonymousUser

@Deprecated
public static boolean isAnonymousUser(Benutzer user)

Deprecated.

isInternalUser

@Deprecated
public static boolean isInternalUser(Benutzer user)

Deprecated.

Not neede anymore.

Method do determine if the given user is an internal and virtual user like SETUP, ANONYMOUS or SYSTEM

Parameters:

user - the user to check

Returns:

true if the user is internal, false otherwise

isExternalUser

@Deprecated
public static boolean isExternalUser(Benutzer user)

Deprecated.

convertToProfile

@Deprecated
public static org.pac4j.core.profile.CommonProfile convertToProfile(Benutzer user)

Deprecated.

Conversion of UserProfile to UserProfile is done in InternalUserAuthenticator

getFromProfile

@Deprecated
public static Benutzer getFromProfile(org.pac4j.core.profile.CommonProfile profile)

Deprecated.

toJSON

@Deprecated
public static com.alibaba.fastjson.JSONObject toJSON(Benutzer user,
                                                     List<BenutzerGruppe> userGroups)

Deprecated.

Use toJson(IUser, Mandant) instead.

toJSON

@Deprecated
public static com.alibaba.fastjson.JSONObject toJSON(Benutzer user,
                                                     List<BenutzerGruppe> userGroups,
                                                     org.pac4j.core.profile.CommonProfile prof)

Deprecated.

Use toJson(IUser, Mandant) instead.