Package de.xima.fc.utils
Class UserMgmtUtils
- java.lang.Object
-
- de.xima.fc.utils.UserMgmtUtils
-
- All Implemented Interfaces:
Serializable
public final class UserMgmtUtils extends Object implements Serializable
Hilfsklasse für Funktionalitäten der Benutzerverwaltung.- See Also:
- Serialized Form
-
-
Field Summary
Fields Modifier and Type Field Description static Benutzer
ANONYMOUS
Deprecated.static String
DEFAULT_PWD_SYMBOLS
static Benutzer
DESIGNER_INITIAL_DUMMY
Deprecated.Usevirtual users
static Benutzer
DESIGNER_LAST_DUMMY
Deprecated.Usevirtual users
static Benutzer
DESIGNER_USER
Deprecated.No equivalent, but seeVirtualUser
static Benutzer
SETUP
Deprecated.static Benutzer
SYSTEM
Deprecated.
-
Method Summary
All Methods Static Methods Concrete Methods Deprecated Methods Modifier and Type Method Description static boolean
canAccessClient(IUser user, Mandant client)
Whether the given user has permission to access the given client.static boolean
canAccessInbox(IUser user, Postfach inbox)
Whether the user has permission to access the client inbox.static boolean
canEditProject(IUser user, Projekt project)
Whether or not the given user has permission to edit the given project.static boolean
canViewProject(IUser user, Projekt project)
Whether the given user has permission to view the given project.static boolean
checkPassword(String clearTextPassword, String encryptedPassword)
static org.pac4j.core.profile.Gender
convert(EGender gender)
Converts the given gender to a pac4jGender
and toGender.UNSPECIFIED
if no match was found ornull
.static EGender
convert(org.pac4j.core.profile.Gender gender)
static org.pac4j.core.profile.CommonProfile
convertToProfile(Benutzer user)
Deprecated.static String
dfltBgNameFor(ERollenTyp rolle, Locale locale)
Deprecated.Is handled inIClientCreateData
static String
encPwd(String src)
Deprecated.static List<org.passay.CharacterRule>
filterCharacterRules(List<org.passay.Rule> rules)
static org.passay.LengthRule
filterFirstLengthRules(List<org.passay.Rule> rules)
static String
genPwd()
Deprecated.usegenPwd(List)
insteadstatic String
genPwd(List<SystemProperty> pwdPolicyConfig)
Generates a password based on the configured system rulesstatic IClientDescriptor
getAuthenticationClientFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)
Gets the client descriptor of the client that authenticated the user if it has been set in the authentication attributes of the given profile.static String
getAuthenticationTargetFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)
Gets the target that the user authenticated for if it has been set in the authentication attributes of the given profile.static Benutzer
getBenutzerFromUser(IUser user, Mandant client)
Deprecated.static Set<IClientAuthorization>
getClientAuthorizationsFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)
Get the client authorizations of the user if it has been set in the authentication attributes of the given profile.static String
getClientPermission(Mandant client, IAccessProperty accessProperty)
Returns a string value representing the permission within a client (Mandant
).static String
getClientPermission(Mandant client, String permissionName)
Returns a string value representing the permission within aclient
.static String
getClientRole(Mandant client, String roleName)
Returns a string value representing the role within a client (Mandant
).static String
getClientRole(Rolle role)
Returns a string value representing the role within a client (Mandant
).static List<org.passay.Rule>
getDefaultPasswordRules()
This method returns a password policy with strict rules for the super user.static Benutzer
getFromProfile(org.pac4j.core.profile.CommonProfile profile)
Deprecated.static String
getGeneralPermission(IAccessProperty accessProperty)
Returns a string value representing the permission for the general scope.static String
getGeneralPermission(String permissionName)
Returns a string value representing the permission for the general scope.static DirectClientAuthorization
getInvitationClientAuthorizationFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)
Gets the invitation client authorization if it has been set in the authentication attributes of the given pac4j profile.static String
getMaskedEmailAddress(String email)
Masks the email address for privacy purposes.static String
getMaskedName(String name)
Masks the user name for privacy purposes.static String
getMaskedUserAttribute(String value)
Masks the given user attribute (e.g.static List<org.passay.Rule>
getPasswordRules(List<SystemProperty> pwdPolicyConfig, boolean useDefaultForGen)
Determines the password policy rules set from the persisted system configuration.static int
getPasswordStrength(String newPassword, List<org.passay.Rule> rules)
Calculates the password-strength for password ui components.static Set<String>
getPermissionsFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)
Gets the permissions if they have been set in the authentication attributes of the given pac4j profile.static com.alibaba.fastjson.JSONObject
getRawData(org.pac4j.core.profile.UserProfile userProfile)
static String
getSystemPermission(IAccessProperty accessProperty)
Returns a string value representing the permission forsystem
scope.static String
getSystemPermission(String permissionName)
Returns a string value representing the permission forsystem
scope.static long
getTimeStamp(long addHours, long addMinutes)
Deprecated.Token duration for password set/reset mails is handled in UserMailUtil.static String
getUniversalReferenceId(IUserIdentity identity)
Returns the universal reference ID of the user.static String
getUniversalReferenceId(EHashAlgorithm hashAlgorithm, IUserIdentity identity)
Returns the universal reference ID of the user using the given hash algorithm.static String
getUniversalReferenceId(EHashAlgorithm hashAlgorithm, String clientName, String profileId)
Returns the universal reference ID of the user.static String
getUniversalReferenceId(EHashAlgorithm hashAlgorithm, org.pac4j.core.profile.UserProfile profile)
Returns the universal reference ID of the user.static String
getUniversalReferenceId(org.pac4j.core.profile.UserProfile profile)
Returns the universal reference ID of the user.static String
getUniversalReferenceIdClientPrefix(IClientDescriptor descriptor)
Returns the prefix of the authentication client for creating the universal reference ID for a user.static String
getUniversalReferenceIdClientPrefix(String clientName)
Returns the prefix of the authentication client for creating the universal reference ID for a user.static UserProfile
getUserProfileFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)
Gets the formcycle profile if it has been set in the authentication attributes of the given pac4j profile.static String
getUserProfileHash(EHashAlgorithm hashAlgorithm, String clientName, String profileId)
Calculates the hash digest for the user profile defined by the given client name and profile ID using the given hash algorithm.static String
getUserProfileHash(EHashAlgorithm hashAlgorithm, org.pac4j.core.profile.UserProfile profile)
Calculates the hash digest for the given user profile using the given hash algorithm.static boolean
hasBackendAccess(IClientAuthorization authorization)
If the given client authorization grants users access to the formcycle backend.static boolean
hasBackendAccess(IUser user)
Checks if the user has permission to access to the formcycle backend.static boolean
hasDesignerAccess(IClientAuthorization authorization)
Returns whether or not the given client authorization grants designer access.static String
hashPassword(String clearTextPassword)
Paswort-Encryption.static boolean
hasInboxAccess(IClientAuthorization authorization)
Returns whether or not the given client authorization grants inbox access.static boolean
isActive(IClientAuthorization authorization)
Checks if the given client authorization is active.static boolean
isAnonymousUser(Benutzer user)
Deprecated.static boolean
isAnonymousUser(IUser user)
Checks if the user is anonymous.static boolean
isAuthenticatedFor(IUser user, String authTarget)
checks if the user has been authenticated for the given authentication target.static boolean
isBackendAccessCapable(IClientAuthorization authorization)
Returns if the given client authorization is capable of allowing users access to the formcycle backend.static boolean
isClientAdmin(UserProfile profile, Mandant client)
Returns true if given profile has a role of a MANDANT_ADMINstatic boolean
isClientAdmin(IClientAuthorization authorization)
Returns true if given authorization has a role of a MANDANT_ADMINstatic boolean
isClientAdmin(IUser user, Mandant client)
Checks if the user is an admin of the given client.static boolean
isExpired(IEntityClientAuthorization authorization)
Checks if the given client authorization is expired (right now).static boolean
isExternalUser(Benutzer user)
Deprecated.static boolean
isInternalUser(Benutzer user)
Deprecated.Not neede anymore.static boolean
isInvitationExpired(IEntityClientAuthorization authorization)
Checks if the invitation attached to the given client authorization is expired (right now).static boolean
isInvitedUser(IUser user)
static boolean
isInvitedUser(org.pac4j.core.profile.UserProfile pac4jProfile)
static boolean
isSetupUser(Benutzer user)
Deprecated.UseisSuperUser(IUser)
instead.static boolean
isSetupUserWithClient(Benutzer user, javax.servlet.http.HttpSession session)
Deprecated.static boolean
isSetupUserWithoutClient(Benutzer user, javax.servlet.http.HttpSession session)
Deprecated.static boolean
isSuperUser(IUser user)
Checks if the user is THE super user.static boolean
isSystemAdmin(UserProfile profile)
Checks if the user of the given profile is a system admin.static boolean
isSystemAdmin(IUser user)
Checks if the user is a system admin.static boolean
isSystemUser(Benutzer user)
Deprecated.Not needed anymore.static boolean
isUser(IEntityClientAuthorization authorization, IUser user)
Checks whether the given client authorization applies to the given user.static boolean
isUser(IUserIdentity identity, IUser user)
Checks whether the given user identity is the identity of the given user.static boolean
isUser(UserProfile profile, IUser user)
Checks whether the given user profile is the user profile of the given user.static org.pac4j.core.profile.AnonymousProfile
newAnonymousProfile()
static void
setAuthenticationTargetInAuthenticationAttributes(org.pac4j.core.profile.UserProfile pac4jProfile, IAuthenticationTarget target)
Sets the given authentication target in the authentication attributes of the profile.static com.alibaba.fastjson.JSONObject
toJson(IUser user)
static com.alibaba.fastjson.JSONObject
toJson(IUser user, Mandant client)
static com.alibaba.fastjson.JSONObject
toJSON(Benutzer user, List<BenutzerGruppe> userGroups)
Deprecated.UsetoJson(IUser, Mandant)
instead.static com.alibaba.fastjson.JSONObject
toJSON(Benutzer user, List<BenutzerGruppe> userGroups, org.pac4j.core.profile.CommonProfile prof)
Deprecated.UsetoJson(IUser, Mandant)
instead.static PasswordValidationResult
validateDefaultPasswordRules(String password)
Validates the password with the default password rules.static PasswordValidationResult
validatePassword(String userName, String oldPassword, String newPassword, List<SystemProperty> systemConfig)
Validates Passwordsstatic PasswordValidationResult
validatePassword(String oldPassword, String newPassword, List<SystemProperty> systemConfig)
Validates Passwordsstatic PasswordValidationResult
validatePassword(String password, List<SystemProperty> systemConfig)
Validates Passwords
-
-
-
Field Detail
-
DEFAULT_PWD_SYMBOLS
public static final String DEFAULT_PWD_SYMBOLS
- See Also:
- Constant Field Values
-
ANONYMOUS
@Deprecated public static final Benutzer ANONYMOUS
Deprecated.Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.
-
SYSTEM
@Deprecated public static final Benutzer SYSTEM
Deprecated.Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.
-
SETUP
@Deprecated public static final Benutzer SETUP
Deprecated.Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.
-
DESIGNER_USER
@Deprecated public static final Benutzer DESIGNER_USER
Deprecated.No equivalent, but seeVirtualUser
Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.
-
DESIGNER_LAST_DUMMY
@Deprecated public static final Benutzer DESIGNER_LAST_DUMMY
Deprecated.Usevirtual users
Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.
-
DESIGNER_INITIAL_DUMMY
@Deprecated public static final Benutzer DESIGNER_INITIAL_DUMMY
Deprecated.Usevirtual users
Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.
-
-
Method Detail
-
canEditProject
public static boolean canEditProject(IUser user, Projekt project)
Whether or not the given user has permission to edit the given project.- Parameters:
user
- to check forproject
- to check- Returns:
true
if the user has permission to edit the project andfalse
otherwise.
-
canViewProject
public static boolean canViewProject(IUser user, Projekt project)
Whether the given user has permission to view the given project.- Parameters:
user
- to check forproject
- to check- Returns:
true
if the user has permission to view the project andfalse
otherwise.
-
canAccessClient
public static boolean canAccessClient(IUser user, Mandant client)
Whether the given user has permission to access the given client.- Parameters:
user
- to check forclient
- to check- Returns:
true
if the user has permission to access the given client andfalse
otherwise.
-
canAccessInbox
public static boolean canAccessInbox(IUser user, Postfach inbox)
Whether the user has permission to access the client inbox. Note: This check does not take into account whether the user has therole permission to access the inbox UI
.- Parameters:
user
- to check forinbox
- to check- Returns:
true
if the user has permission to access the given client inbox andfalse
otherwise.
-
isClientAdmin
public static boolean isClientAdmin(UserProfile profile, Mandant client)
Returns true if given profile has a role of a MANDANT_ADMIN- Parameters:
profile
- to check- Returns:
- false if no admin role found
-
isClientAdmin
public static boolean isClientAdmin(IClientAuthorization authorization)
Returns true if given authorization has a role of a MANDANT_ADMIN- Parameters:
authorization
- direct or indirect authorization- Returns:
- false if no admin role found
-
isClientAdmin
public static boolean isClientAdmin(IUser user, Mandant client)
Checks if the user is an admin of the given client.- Parameters:
user
- to check forclient
- to check- Returns:
true
if the user is an admin of the given client andfalse
otherwise.
-
isSystemAdmin
public static boolean isSystemAdmin(UserProfile profile)
Checks if the user of the given profile is a system admin. System admins have permission to access/edit the system settings.- Parameters:
profile
- to check- Returns:
true
if the user of the given profile is a system admin andfalse
otherwise.
-
isSystemAdmin
public static boolean isSystemAdmin(IUser user)
Checks if the user is a system admin. System admins have permission to access/edit the system settings.- Parameters:
user
- A user to check.- Returns:
true
if the user is a system admin andfalse
otherwise.
-
isSuperUser
public static boolean isSuperUser(IUser user)
Checks if the user is THE super user. There is only one super user (sadmin) in the system.- Parameters:
user
- to check- Returns:
true
if the given user is the super user andfalse
otherwise.
-
isAnonymousUser
public static boolean isAnonymousUser(IUser user)
Checks if the user is anonymous.- Parameters:
user
- to check- Returns:
true
if the user is an anonymous user andfalse
otherwise.
-
isBackendAccessCapable
public static boolean isBackendAccessCapable(IClientAuthorization authorization)
Returns if the given client authorization is capable of allowing users access to the formcycle backend. This does not mean that the authorization actually allows backend access. If you want to find if an authorization grants backend access usehasBackendAccess(IClientAuthorization)
instead.- Parameters:
authorization
- to check.- Returns:
true
if the authorization is capable of allowing users access to the formcycle backend.false
otherwise.
-
isUser
public static boolean isUser(IEntityClientAuthorization authorization, IUser user)
Checks whether the given client authorization applies to the given user.- Parameters:
authorization
- to check.user
- to check if the client authorization applies.- Returns:
true
if the given client authorization applies to the given user andfalse
otherwise.
-
isUser
public static boolean isUser(UserProfile profile, IUser user)
Checks whether the given user profile is the user profile of the given user.- Parameters:
profile
- to check.user
- to check if the user profile is their user profile.- Returns:
true
if the given user profile is the user profile of the given user andfalse
otherwise.
-
isUser
public static boolean isUser(IUserIdentity identity, IUser user)
Checks whether the given user identity is the identity of the given user.- Parameters:
identity
- to check.user
- to check if their identity is the given user identity.- Returns:
true
if the given user identity is the identity of the given user andfalse
otherwise.
-
isActive
public static boolean isActive(IClientAuthorization authorization)
Checks if the given client authorization is active. If the attached user profile is inactive then the client authorization can't be active.- Parameters:
authorization
- to check.- Returns:
true
if the given client authorization is active andfalse
otherwise.
-
isExpired
public static boolean isExpired(IEntityClientAuthorization authorization)
Checks if the given client authorization is expired (right now).- Parameters:
authorization
- to check.- Returns:
true
if the given client authorization is expired andfalse
otherwise.
-
isInvitationExpired
public static boolean isInvitationExpired(IEntityClientAuthorization authorization)
Checks if the invitation attached to the given client authorization is expired (right now).- Parameters:
authorization
- to check.- Returns:
true
if the invitation to the given client authorization is expired andfalse
otherwise.
-
isAuthenticatedFor
public static boolean isAuthenticatedFor(IUser user, String authTarget)
checks if the user has been authenticated for the given authentication target.- Parameters:
user
- to check.authTarget
- to check. User can authenticated for different authentication targets, e.g. "backend
", "form
", ...- Returns:
true
if the user has been authenticated for the given authentication target andfalse
otherwise.- Throws:
IllegalArgumentException
- if a blank authentication target is given.
-
isInvitedUser
public static boolean isInvitedUser(IUser user)
-
isInvitedUser
public static boolean isInvitedUser(org.pac4j.core.profile.UserProfile pac4jProfile)
-
hasBackendAccess
public static boolean hasBackendAccess(IUser user)
Checks if the user has permission to access to the formcycle backend.- Parameters:
user
- to check- Returns:
true
if the user has permission to access the formcycle backend andfalse
otherwise.
-
hasBackendAccess
public static boolean hasBackendAccess(IClientAuthorization authorization)
If the given client authorization grants users access to the formcycle backend.- Parameters:
authorization
- to check- Returns:
true
if the client authorization grants users access to the formcycle backend andfalse
otherwise.
-
hasInboxAccess
public static boolean hasInboxAccess(IClientAuthorization authorization)
Returns whether or not the given client authorization grants inbox access.- Parameters:
authorization
- to check- Returns:
true
if the authorization grants inbox access andfalse
otherwise.
-
hasDesignerAccess
public static boolean hasDesignerAccess(IClientAuthorization authorization)
Returns whether or not the given client authorization grants designer access.- Parameters:
authorization
- to check- Returns:
true
if the authorization grants designer access andfalse
otherwise.
-
setAuthenticationTargetInAuthenticationAttributes
public static void setAuthenticationTargetInAuthenticationAttributes(org.pac4j.core.profile.UserProfile pac4jProfile, IAuthenticationTarget target)
Sets the given authentication target in the authentication attributes of the profile.- Parameters:
pac4jProfile
- to set authentication target for.target
- to set.
-
getAuthenticationTargetFromAuthenticationAttribute
public static String getAuthenticationTargetFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)
Gets the target that the user authenticated for if it has been set in the authentication attributes of the given profile.- Parameters:
pac4jProfile
- to get the authentication client descriptor for- Returns:
- the authentication client descriptor if it has been set and
null
otherwise.
-
getAuthenticationClientFromAuthenticationAttribute
public static IClientDescriptor getAuthenticationClientFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)
Gets the client descriptor of the client that authenticated the user if it has been set in the authentication attributes of the given profile.- Parameters:
pac4jProfile
- to get the authentication client descriptor for- Returns:
- the authentication client descriptor if it has been set and
null
otherwise.
-
getClientAuthorizationsFromAuthenticationAttribute
public static Set<IClientAuthorization> getClientAuthorizationsFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)
Get the client authorizations of the user if it has been set in the authentication attributes of the given profile.- Parameters:
pac4jProfile
- to get the client authorizations for.- Returns:
- the client authorizations if it has been set and
null
otherwise.
-
getUserProfileFromAuthenticationAttribute
public static UserProfile getUserProfileFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)
Gets the formcycle profile if it has been set in the authentication attributes of the given pac4j profile.- Parameters:
pac4jProfile
- to get the formcycle profile for- Returns:
- the formcycle profile if it has been set and
null
otherwise.
-
getPermissionsFromAuthenticationAttribute
public static Set<String> getPermissionsFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)
Gets the permissions if they have been set in the authentication attributes of the given pac4j profile.- Parameters:
pac4jProfile
- to get the permissions for.- Returns:
- the permissions if they have been set in and
null
otherwise.
-
getInvitationClientAuthorizationFromAuthenticationAttribute
public static DirectClientAuthorization getInvitationClientAuthorizationFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)
Gets the invitation client authorization if it has been set in the authentication attributes of the given pac4j profile. Seehere
for more information about what invitation client authorizations are used for.- Parameters:
pac4jProfile
- to get the invitation client authorization for.- Returns:
- the invitation client authorization if it has been set in and
null
otherwise. - See Also:
CmnConst.Security.Authorization.AUTHENTICATION_ATTR_CLIENT_INVITATION_UUID
-
getUniversalReferenceId
public static String getUniversalReferenceId(org.pac4j.core.profile.UserProfile profile)
Returns the universal reference ID of the user. The universal reference ID is unique for every user within the system across all authenticators if it is a uniquely identifiable user. SeegetUniversalReferenceId(EHashAlgorithm, String, String)
for universal reference ID format.- Parameters:
profile
- to get the universal reference ID for- Returns:
- the universal reference ID of the profile.
-
getUniversalReferenceId
public static String getUniversalReferenceId(EHashAlgorithm hashAlgorithm, org.pac4j.core.profile.UserProfile profile)
Returns the universal reference ID of the user. The universal reference ID is unique for every user within the system across all authenticators if it is a uniquely identifiable user. SeegetUniversalReferenceId(EHashAlgorithm, String, String)
for universal reference ID format.- Parameters:
hashAlgorithm
- the algorithm to be used for calculating the hash digest for a user profile. If no hash algorithm is given, thedefault user profile hash algorithm
will be used.profile
- to get the universal reference ID for- Returns:
- the universal reference ID of the profile.
-
getUniversalReferenceId
public static String getUniversalReferenceId(IUserIdentity identity)
Returns the universal reference ID of the user. The universal reference ID is unique for every user within the system across all authenticators if it is a uniquely identifiable user. SeegetUniversalReferenceId(EHashAlgorithm, String, String)
for universal reference ID format.- Parameters:
identity
- to get the universal reference ID for- Returns:
- the universal reference ID of the identity.
-
getUniversalReferenceId
public static String getUniversalReferenceId(EHashAlgorithm hashAlgorithm, IUserIdentity identity)
Returns the universal reference ID of the user using the given hash algorithm. The universal reference ID is unique for every user within the system across all authenticators if it is a uniquely identifiable user. SeegetUniversalReferenceId(EHashAlgorithm, String, String)
for universal reference ID format.- Parameters:
hashAlgorithm
- the algorithm to be used for calculating the hash digest for a user profile. If no hash algorithm is given, thedefault user profile hash algorithm
will be used.identity
- to get the universal reference ID for- Returns:
- the universal reference ID of the identity.
-
getUniversalReferenceId
public static String getUniversalReferenceId(EHashAlgorithm hashAlgorithm, String clientName, String profileId)
Returns the universal reference ID of the user. The universal reference ID is unique for every user within the system across all authenticators if it is a uniquely identifiable user. Anonymous users or users that authenticate via a group password can't be uniquely identified. There are a few users which have special universal reference IDs (see below). All other users follow a general format for their universal reference ID.Universal reference ID format for general users:
<
Authenticator client name
>#<Hash algorithm ID
>#<profile identification hash
>- Authenticator client name
- The client name of an authenticator client, which can be retrieved by calling
IClientDescriptor.getClientName()
, E.g. "KERBEROS" or the callback UUID for entity authenticators. - Hash algorithm ID
- An identifier determining the hash algorithm used to calculate the profile hash
- Profile identification hash
- A hash digest representing the user profile. See
getUserProfileHash(EHashAlgorithm, UserProfile)
for the creation of the user profile hash.
- Parameters:
hashAlgorithm
- the algorithm to be used for calculating the hash digest for a user profile. If no hash algorithm is given, thedefault user profile hash algorithm
will be used.clientName
- describes the authentication client that is used to authenticate the userprofileId
- ID of the authenticated user within the authentication client- Returns:
- the universal reference ID of the user
-
getUniversalReferenceIdClientPrefix
public static String getUniversalReferenceIdClientPrefix(IClientDescriptor descriptor)
Returns the prefix of the authentication client for creating the universal reference ID for a user. SeegetUniversalReferenceId(EHashAlgorithm, String, String)
for universal reference ID format.- Parameters:
descriptor
- describes the authentication client that is used to authenticate the user.- Returns:
- the prefix of the authentication client for creating the universal reference ID for a user.
-
getUniversalReferenceIdClientPrefix
public static String getUniversalReferenceIdClientPrefix(String clientName)
Returns the prefix of the authentication client for creating the universal reference ID for a user. SeegetUniversalReferenceId(EHashAlgorithm, String, String)
for universal reference ID format.- Parameters:
clientName
- describes the authentication client that is used to authenticate the user.- Returns:
- the prefix of the authentication client for creating the universal reference ID for a user.
-
getUserProfileHash
public static String getUserProfileHash(EHashAlgorithm hashAlgorithm, org.pac4j.core.profile.UserProfile profile)
Calculates the hash digest for the given user profile using the given hash algorithm.- Parameters:
hashAlgorithm
- the algorithm to be used for calculating the hash digest for a user profile. If no hash algorithm is given, thedefault user profile hash algorithm
will be used.profile
- the user profile to be hashed.- Returns:
- the hash digest for the user profile.
- Throws:
NullPointerException
- if no user profile was given.
-
getUserProfileHash
public static String getUserProfileHash(EHashAlgorithm hashAlgorithm, String clientName, String profileId)
Calculates the hash digest for the user profile defined by the given client name and profile ID using the given hash algorithm.- Parameters:
hashAlgorithm
- the algorithm to be used for calculating the hash digest for a user profile. If no hash algorithm is given, thedefault user profile hash algorithm
will be used.clientName
- the client name of the authenticator (the authenticator callback UUID for entity authenticators).profileId
- the ID of the user profile within an IDP.- Returns:
- the hash digest for the user profile defined by the client name and profile ID.
- Throws:
IllegalArgumentException
- if no client name or profile ID were given.
-
getClientRole
public static String getClientRole(Rolle role)
Returns a string value representing the role within a client (Mandant
). For more information about the format of the scoped role value seegetClientRole(Mandant, String)
.- Parameters:
role
- to get the scoped role value for- Returns:
- a scoped string value representing the role within a client.
-
getClientRole
public static String getClientRole(Mandant client, String roleName)
Returns a string value representing the role within a client (Mandant
). Format of the string value:<client UUID>#<Role name>
- Parameters:
client
- to scope role name toroleName
- to scope- Returns:
- a scoped string value representing the role within a client.
-
getClientPermission
public static String getClientPermission(Mandant client, IAccessProperty accessProperty)
Returns a string value representing the permission within a client (Mandant
). For more information about the format of the scoped value seegetClientPermission(Mandant, String)
.- Parameters:
client
- to scope permission toaccessProperty
- to get a scoped permission value for- Returns:
- a scoped string value representing the permission within a client.
-
getClientPermission
public static String getClientPermission(Mandant client, String permissionName)
Returns a string value representing the permission within aclient
. Format of the string value:<client UUID>#<permission name>
- Parameters:
client
- to scope permission topermissionName
- to get a scoped permission value for- Returns:
- a scoped string value representing the permission within a client.
-
getSystemPermission
public static String getSystemPermission(IAccessProperty accessProperty)
Returns a string value representing the permission forsystem
scope. For more information about the format of the scoped value seegetSystemPermission(String)
.- Parameters:
accessProperty
- to get a scoped permission value for- Returns:
- a scoped string value representing the permission for the
system
scope.
-
getSystemPermission
public static String getSystemPermission(String permissionName)
Returns a string value representing the permission forsystem
scope. Format of the string value:SYSTEM#<permission name>
- Parameters:
permissionName
- to get a scoped permission value for- Returns:
- a scoped string value representing the permission for the
system
scope.
-
getGeneralPermission
public static String getGeneralPermission(IAccessProperty accessProperty)
Returns a string value representing the permission for the general scope.- Parameters:
accessProperty
- to get a permission value for.- Returns:
- a string value representing the permission for the general scope.
-
getGeneralPermission
public static String getGeneralPermission(String permissionName)
Returns a string value representing the permission for the general scope.- Parameters:
permissionName
- to get a permission value for.- Returns:
- a string value representing the permission for the general scope.
-
convert
public static EGender convert(org.pac4j.core.profile.Gender gender)
- Parameters:
gender
- to convert- Returns:
- converted gender
-
convert
public static org.pac4j.core.profile.Gender convert(EGender gender)
Converts the given gender to a pac4jGender
and toGender.UNSPECIFIED
if no match was found ornull
.- Parameters:
gender
- to convert- Returns:
- converted gender
-
genPwd
public static String genPwd(List<SystemProperty> pwdPolicyConfig)
Generates a password based on the configured system rules- Parameters:
pwdPolicyConfig
- pwdPolicyConfig aList
ofSystemProperty
s which specify the password policy rules- Returns:
- a generated Password
-
getPasswordStrength
public static int getPasswordStrength(String newPassword, List<org.passay.Rule> rules)
Calculates the password-strength for password ui components. The ranges for levels in the ui component are:- 0,29: Weak
- 30,79: Medium
- 80,100: Strong
- Parameters:
newPassword
- the password to calculate the strength ofrules
- a list of system properties which specify the password policy rules- Returns:
Double
-
checkPassword
public static boolean checkPassword(String clearTextPassword, String encryptedPassword)
-
validatePassword
public static PasswordValidationResult validatePassword(String password, List<SystemProperty> systemConfig)
Validates Passwords- Parameters:
password
- the new passwordsystemConfig
- list with system properties, which defines the use password policy rules if list is null or empty, the system defined default password policy rules will be used- Returns:
PasswordValidationResult
with validation-status and errors
-
validateDefaultPasswordRules
public static PasswordValidationResult validateDefaultPasswordRules(String password)
Validates the password with the default password rules.- Parameters:
password
- the new password- Returns:
PasswordValidationResult
with validation-status and errors
-
validatePassword
public static PasswordValidationResult validatePassword(String oldPassword, String newPassword, List<SystemProperty> systemConfig)
Validates Passwords- Parameters:
oldPassword
- old passwords which should be permitted to use again. May benull
or empty.newPassword
- the new passwordsystemConfig
- list with system properties, which defines the use password policy rules if list is null or empty, the system defined default password policy rules will be used- Returns:
PasswordValidationResult
with validation-status and errors
-
validatePassword
public static PasswordValidationResult validatePassword(String userName, String oldPassword, String newPassword, List<SystemProperty> systemConfig)
Validates Passwords- Parameters:
userName
- name of the user to permit passwords with username. May benull
or empty.oldPassword
- old passwords which should be permitted to use again. May benull
or empty.newPassword
- the new passwordsystemConfig
- list with system properties, which defines the use password policy rules if list is null or empty, the system defined default password policy rules will be used- Returns:
PasswordValidationResult
with validation-status and errors
-
getMaskedUserAttribute
public static String getMaskedUserAttribute(String value)
- Parameters:
value
- user attribute value that is to be masked.- Returns:
- the masked user attribute.
-
getMaskedName
public static String getMaskedName(String name)
Masks the user name for privacy purposes. E.g.: "Joe Average" becomes "Jo**** Av****".- Parameters:
name
- to be masked- Returns:
- the masked name
-
getMaskedEmailAddress
public static String getMaskedEmailAddress(String email)
Masks the email address for privacy purposes. E.g.: "joe.average@example.com" becomes "j*****e@example.com".- Parameters:
email
- to be masked- Returns:
- the masked email
- Throws:
IllegalArgumentException
- if the given string is not an email.
-
getDefaultPasswordRules
public static List<org.passay.Rule> getDefaultPasswordRules()
This method returns a password policy with strict rules for the super user. This method should be used when the password policy on the database cannot be accessed.- Returns:
- list of password policy
Rule
s
-
getPasswordRules
public static List<org.passay.Rule> getPasswordRules(List<SystemProperty> pwdPolicyConfig, boolean useDefaultForGen)
Determines the password policy rules set from the persisted system configuration. The persisted system configuration comes within the given systemConfig list.- Parameters:
pwdPolicyConfig
- List ofSystemProperty
suseDefaultForGen
- Flag for use functionality in password generation. If no rules configured (in system properties or pre default) the rules 'ALPABETICAL' and 'DIGITS' will be returned.- Returns:
- list of password policy
Rule
s
-
filterCharacterRules
public static List<org.passay.CharacterRule> filterCharacterRules(List<org.passay.Rule> rules)
-
filterFirstLengthRules
public static org.passay.LengthRule filterFirstLengthRules(List<org.passay.Rule> rules)
-
newAnonymousProfile
public static org.pac4j.core.profile.AnonymousProfile newAnonymousProfile()
-
toJson
public static com.alibaba.fastjson.JSONObject toJson(IUser user)
-
getRawData
public static com.alibaba.fastjson.JSONObject getRawData(org.pac4j.core.profile.UserProfile userProfile)
-
getBenutzerFromUser
@Deprecated public static Benutzer getBenutzerFromUser(IUser user, Mandant client)
Deprecated.
-
genPwd
@Deprecated public static String genPwd()
Deprecated.usegenPwd(List)
insteadPasswortgenerierung.
-
encPwd
@Deprecated public static String encPwd(String src)
Deprecated.
-
getTimeStamp
@Deprecated public static long getTimeStamp(long addHours, long addMinutes)
Deprecated.Token duration for password set/reset mails is handled in UserMailUtil.Liefert einen Zeitstempel (beginnend vom aktuellen Zeitpunkt) zurück, welcher, um die in den Parametern für Stunden und Minuten enthalten Werte, erweitert wurde.- Parameters:
addHours
- Stunden, die zum aktuellen Zeitpunkt hinzugezählt werden sollenaddMinutes
- Minuten, die zum aktuellen Zeitpunkt hinzugezählt werden sollen- Returns:
- ein Zeitstempel
-
dfltBgNameFor
@Deprecated public static String dfltBgNameFor(ERollenTyp rolle, Locale locale)
Deprecated.Is handled inIClientCreateData
Liefert den lokalisierten Standard-Gruppennamen für Benutzer mit der übergebenen Rolle.- Returns:
- Den Gruppennamen.
-
isSetupUser
@Deprecated public static boolean isSetupUser(Benutzer user)
Deprecated.UseisSuperUser(IUser)
instead.- Parameters:
user
- User to check.- Returns:
true
if the given user is a setup user (sadmin), who can administrate the system.
-
isSetupUserWithoutClient
@Deprecated public static boolean isSetupUserWithoutClient(Benutzer user, javax.servlet.http.HttpSession session)
Deprecated.- Parameters:
user
- User to check.session
- Optional session for retrieving the client.- Returns:
true
if the given user is a setup user and has not chosen a client.
-
isSetupUserWithClient
@Deprecated public static boolean isSetupUserWithClient(Benutzer user, javax.servlet.http.HttpSession session)
Deprecated.- Parameters:
user
- User to check.session
- Optional session for retrieving the client.- Returns:
true
if the given user is a setup user and has chosen a client.
-
isSystemUser
@Deprecated public static boolean isSystemUser(Benutzer user)
Deprecated.Not needed anymore. Check againstVirtualUser.SYSTEM
if it is really necessary.
-
isAnonymousUser
@Deprecated public static boolean isAnonymousUser(Benutzer user)
Deprecated.
-
isInternalUser
@Deprecated public static boolean isInternalUser(Benutzer user)
Deprecated.Not neede anymore.Method do determine if the given user is an internal and virtual user likeSETUP
,ANONYMOUS
orSYSTEM
- Parameters:
user
- the user to check- Returns:
true
if the user is internal,false
otherwise
-
isExternalUser
@Deprecated public static boolean isExternalUser(Benutzer user)
Deprecated.
-
convertToProfile
@Deprecated public static org.pac4j.core.profile.CommonProfile convertToProfile(Benutzer user)
Deprecated.
-
getFromProfile
@Deprecated public static Benutzer getFromProfile(org.pac4j.core.profile.CommonProfile profile)
Deprecated.
-
toJSON
@Deprecated public static com.alibaba.fastjson.JSONObject toJSON(Benutzer user, List<BenutzerGruppe> userGroups)
Deprecated.UsetoJson(IUser, Mandant)
instead.
-
toJSON
@Deprecated public static com.alibaba.fastjson.JSONObject toJSON(Benutzer user, List<BenutzerGruppe> userGroups, org.pac4j.core.profile.CommonProfile prof)
Deprecated.UsetoJson(IUser, Mandant)
instead.
-
-