Package de.xima.fc.utils

Class UserMgmtUtils

    • Field Detail

      • ANONYMOUS

        @Deprecated
public static final Benutzer ANONYMOUS
        Deprecated.
        Use VirtualUser.ANONYMOUS
        Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.

      • SYSTEM

        @Deprecated
public static final Benutzer SYSTEM
        Deprecated.
        Use VirtualUser.SYSTEM
        Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.

      • SETUP

        @Deprecated
public static final Benutzer SETUP
        Deprecated.
        Use VirtualUser.SYSTEM
        Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.

      • DESIGNER_USER

        @Deprecated
public static final Benutzer DESIGNER_USER
        Deprecated.
        No equivalent, but see VirtualUser
        Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.

      • DESIGNER_LAST_DUMMY

        @Deprecated
public static final Benutzer DESIGNER_LAST_DUMMY
        Deprecated.
        Use virtual users
        Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.

      • DESIGNER_INITIAL_DUMMY

        @Deprecated
public static final Benutzer DESIGNER_INITIAL_DUMMY
        Deprecated.
        Use virtual users
        Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.

    • Method Detail

      • canAccessClient

        public static boolean canAccessClient​(IUser user,
                                      Mandant client)
        Whether the given user has permission to access the given client.
        Parameters:
        user - to check for
        client - to check
        Returns:
        true if the user has permission to access the given client and false otherwise.

      • canAccessInbox

        public static boolean canAccessInbox​(IUser user,
                                     Postfach inbox)
        Whether the user has permission to access the client inbox. Note: This check does not take into account whether the user has the role permission to access the inbox UI.
        Parameters:
        user - to check for
        inbox - to check
        Returns:
        true if the user has permission to access the given client inbox and false otherwise.

      • canEditProject

        public static boolean canEditProject​(IUser user,
                                     Projekt project)
        Whether or not the given user has permission to edit the given project.
        Parameters:
        user - to check for
        project - to check
        Returns:
        true if the user has permission to edit the project and false otherwise.

      • canViewProject

        public static boolean canViewProject​(IUser user,
                                     Projekt project)
        Whether the given user has permission to view the given project.
        Parameters:
        user - to check for
        project - to check
        Returns:
        true if the user has permission to view the project and false otherwise.

      • checkPassword

        public static boolean checkPassword​(String clearTextPassword,
                                    String encryptedPassword)

      • convert

        public static EGender convert​(org.pac4j.core.profile.Gender gender)
        Converts the given pac4j gender to a EGender and to EGender.UNSPECIFIED if null.
        Parameters:
        gender - to convert
        Returns:
        converted gender

      • convert

        public static org.pac4j.core.profile.Gender convert​(EGender gender)
        Converts the given gender to a pac4j Gender and to Gender.UNSPECIFIED if no match was found or null.
        Parameters:
        gender - to convert
        Returns:
        converted gender

      • convertToProfile

        @Deprecated
public static org.pac4j.core.profile.CommonProfile convertToProfile​(Benutzer user)
        Deprecated.
        Conversion of UserProfile to UserProfile is done in InternalUserAuthenticator

      • dfltBgNameFor

        @Deprecated
public static String dfltBgNameFor​(ERollenTyp rolle,
                                   Locale locale)
        Deprecated.
        Is handled in IClientCreateData
        Liefert den lokalisierten Standard-Gruppennamen für Benutzer mit der übergebenen Rolle.
        Returns:
        Den Gruppennamen.

      • filterCharacterRules

        public static List<org.passay.CharacterRule> filterCharacterRules​(List<org.passay.Rule> rules)

      • filterFirstLengthRules

        public static org.passay.LengthRule filterFirstLengthRules​(List<org.passay.Rule> rules)

      • genPwd

        public static String genPwd​(List<SystemProperty> pwdPolicyConfig)
        Generates a password based on the configured system rules
        Parameters:
        pwdPolicyConfig - pwdPolicyConfig a List of SystemPropertys which specify the password policy rules
        Returns:
        a generated Password

      • getAuthenticationClientFromAuthenticationAttribute

        public static IClientDescriptor getAuthenticationClientFromAuthenticationAttribute​(org.pac4j.core.profile.UserProfile pac4jProfile)
        Gets the client descriptor of the client that authenticated the user if it has been set in the authentication attributes of the given profile.
        Parameters:
        pac4jProfile - to get the authentication client descriptor for
        Returns:
        the authentication client descriptor if it has been set and null otherwise.

      • getAuthenticationClientName

        public static String getAuthenticationClientName​(String universalReferenceId)

      • getAuthenticationTargetFromAuthenticationAttribute

        public static String getAuthenticationTargetFromAuthenticationAttribute​(org.pac4j.core.profile.UserProfile pac4jProfile)
        Gets the target that the user authenticated for if it has been set in the authentication attributes of the given profile.
        Parameters:
        pac4jProfile - to get the authentication client descriptor for
        Returns:
        the authentication client descriptor if it has been set and null otherwise.

      • getClientAuthorizationsFromAuthenticationAttribute

        public static Set<IClientAuthorization> getClientAuthorizationsFromAuthenticationAttribute​(org.pac4j.core.profile.UserProfile pac4jProfile)
        Get the client authorizations of the user if it has been set in the authentication attributes of the given profile.
        Parameters:
        pac4jProfile - to get the client authorizations for.
        Returns:
        the client authorizations if it has been set and null otherwise.

      • getClientPermission

        public static String getClientPermission​(Mandant client,
                                         IAccessProperty accessProperty)
        Returns a string value representing the permission within a client (Mandant). For more information about the format of the scoped value see getClientPermission(Mandant, String).
        Parameters:
        client - to scope permission to
        accessProperty - to get a scoped permission value for
        Returns:
        a scoped string value representing the permission within a client.

      • getClientPermission

        public static String getClientPermission​(Mandant client,
                                         String permissionName)
        Returns a string value representing the permission within a client. Format of the string value: 
         <client UUID>#<permission name>
        Parameters:
        client - to scope permission to
        permissionName - to get a scoped permission value for
        Returns:
        a scoped string value representing the permission within a client.

      • getClientRole

        public static String getClientRole​(Rolle role)
        Returns a string value representing the role within a client (Mandant). For more information about the format of the scoped role value see getClientRole(Mandant, String).
        Parameters:
        role - to get the scoped role value for
        Returns:
        a scoped string value representing the role within a client.

      • getClientRole

        public static String getClientRole​(Mandant client,
                                   String roleName)
        Returns a string value representing the role within a client (Mandant). Format of the string value: 
         <client UUID>#<Role name>
        Parameters:
        client - to scope role name to
        roleName - to scope
        Returns:
        a scoped string value representing the role within a client.

      • getDefaultPasswordRules

        public static List<org.passay.Rule> getDefaultPasswordRules()
        This method returns a password policy with strict rules for the super user. This method should be used when the password policy on the database cannot be accessed.
        Returns:
        list of password policy Rules

      • getFromProfile

        @Deprecated
public static Benutzer getFromProfile​(org.pac4j.core.profile.CommonProfile profile)
        Deprecated.

      • getGeneralPermission

        public static String getGeneralPermission​(IAccessProperty accessProperty)
        Returns a string value representing the permission for the general scope.
        Parameters:
        accessProperty - to get a permission value for.
        Returns:
        a string value representing the permission for the general scope.

      • getGeneralPermission

        public static String getGeneralPermission​(String permissionName)
        Returns a string value representing the permission for the general scope.
        Parameters:
        permissionName - to get a permission value for.
        Returns:
        a string value representing the permission for the general scope.

      • getInitials

        public static String getInitials​(String displayName)
        Returns the initials of the given display name. The initials are the first letters of the first and last name.

        Example: "John Doe" -> "JD"

        Parameters:
        displayName - to get the initials from
        Returns:
        the initials of the given display name

      • getInvitationClientAuthorizationFromAuthenticationAttribute

        public static DirectClientAuthorization getInvitationClientAuthorizationFromAuthenticationAttribute​(org.pac4j.core.profile.UserProfile pac4jProfile)
        Gets the invitation client authorization if it has been set in the authentication attributes of the given pac4j profile. See here for more information about what invitation client authorizations are used for.
        Parameters:
        pac4jProfile - to get the invitation client authorization for.
        Returns:
        the invitation client authorization if it has been set in and null otherwise.
        See Also:
        CmnConst.Security.Authorization.AUTHENTICATION_ATTR_CLIENT_INVITATION_UUID

      • getMaskedEmailAddress

        public static String getMaskedEmailAddress​(String email)
        Masks the email address for privacy purposes. E.g.: "joe.average@example.com" becomes "j*****e@example.com".
        Parameters:
        email - to be masked
        Returns:
        the masked email
        Throws:
        IllegalArgumentException - if the given string is not an email.

      • getMaskedName

        public static String getMaskedName​(String name)
        Masks the user name for privacy purposes. E.g.: "Joe Average" becomes "Jo**** Av****".
        Parameters:
        name - to be masked
        Returns:
        the masked name

      • getMaskedUserAttribute

        public static String getMaskedUserAttribute​(String value)
        Masks the given user attribute (e.g. emails or names).
        Parameters:
        value - user attribute value that is to be masked.
        Returns:
        the masked user attribute.

      • getPasswordRules

        public static List<org.passay.Rule> getPasswordRules​(List<SystemProperty> pwdPolicyConfig,
                                                     boolean useDefaultForGen)
        Determines the password policy rules set from the persisted system configuration. The persisted system configuration comes within the given systemConfig list.
        Parameters:
        pwdPolicyConfig - List of SystemPropertys
        useDefaultForGen - Flag for use functionality in password generation. If no rules configured (in system properties or pre default) the rules 'ALPABETICAL' and 'DIGITS' will be returned.
        Returns:
        list of password policy Rules

      • getPasswordStrength

        public static int getPasswordStrength​(String newPassword,
                                      List<org.passay.Rule> rules)
        Calculates the password-strength for password ui components. The ranges for levels in the ui component are:
        • 0,29: Weak
        • 30,79: Medium
        • 80,100: Strong

        The method returns 29 if not all configured password policy rules apply.
        The method returns 79 if all configured password policy rules apply.
        The method returns 100 if the estimate entropy of the pass phrase is over 31.

        Parameters:
        newPassword - the password to calculate the strength of
        rules - a list of system properties which specify the password policy rules
        Returns:
        Double

      • getPermissionsFromAuthenticationAttribute

        public static Set<String> getPermissionsFromAuthenticationAttribute​(org.pac4j.core.profile.UserProfile pac4jProfile)
        Gets the permissions if they have been set in the authentication attributes of the given pac4j profile.
        Parameters:
        pac4jProfile - to get the permissions for.
        Returns:
        the permissions if they have been set in and null otherwise.

      • cleanupUserDataForRendering

        public static void cleanupUserDataForRendering​(com.alibaba.fastjson.JSONObject userData)

      • cleanupUserDataForPersisting

        public static void cleanupUserDataForPersisting​(com.alibaba.fastjson.JSONObject userData)

      • getRawData

        public static com.alibaba.fastjson.JSONObject getRawData​(org.pac4j.core.profile.UserProfile userProfile)

      • getSystemPermission

        public static String getSystemPermission​(IAccessProperty accessProperty)
        Returns a string value representing the permission for system scope. For more information about the format of the scoped value see getSystemPermission(String).
        Parameters:
        accessProperty - to get a scoped permission value for
        Returns:
        a scoped string value representing the permission for the system scope.

      • getSystemPermission

        public static String getSystemPermission​(String permissionName)
        Returns a string value representing the permission for system scope. Format of the string value: 
         SYSTEM#<permission name>
        Parameters:
        permissionName - to get a scoped permission value for
        Returns:
        a scoped string value representing the permission for the system scope.

      • getTimeStamp

        @Deprecated
public static long getTimeStamp​(long addHours,
                                long addMinutes)
        Deprecated.
        Token duration for password set/reset mails is handled in UserMailUtil.
        Liefert einen Zeitstempel (beginnend vom aktuellen Zeitpunkt) zurück, welcher, um die in den Parametern für Stunden und Minuten enthalten Werte, erweitert wurde.
        Parameters:
        addHours - Stunden, die zum aktuellen Zeitpunkt hinzugezählt werden sollen
        addMinutes - Minuten, die zum aktuellen Zeitpunkt hinzugezählt werden sollen
        Returns:
        ein Zeitstempel

      • getUniversalReferenceId

        public static String getUniversalReferenceId​(org.pac4j.core.profile.UserProfile profile)
        Returns the universal reference ID of the user. The universal reference ID is unique for every user within the system across all authenticators if it is a uniquely identifiable user. See getUniversalReferenceId(EHashAlgorithm, String, String) for universal reference ID format.
        Parameters:
        profile - to get the universal reference ID for
        Returns:
        the universal reference ID of the profile.

      • getUniversalReferenceId

        public static String getUniversalReferenceId​(EHashAlgorithm hashAlgorithm,
                                             org.pac4j.core.profile.UserProfile profile)
        Returns the universal reference ID of the user. The universal reference ID is unique for every user within the system across all authenticators if it is a uniquely identifiable user. See getUniversalReferenceId(EHashAlgorithm, String, String) for universal reference ID format.
        Parameters:
        hashAlgorithm - the algorithm to be used for calculating the hash digest for a user profile. If no hash algorithm is given, the default user profile hash algorithm will be used.
        profile - to get the universal reference ID for
        Returns:
        the universal reference ID of the profile.

      • getUniversalReferenceId

        public static String getUniversalReferenceId​(IUserIdentity identity)
        Returns the universal reference ID of the user. The universal reference ID is unique for every user within the system across all authenticators if it is a uniquely identifiable user. See getUniversalReferenceId(EHashAlgorithm, String, String) for universal reference ID format.
        Parameters:
        identity - to get the universal reference ID for
        Returns:
        the universal reference ID of the identity.

      • getUniversalReferenceId

        public static String getUniversalReferenceId​(EHashAlgorithm hashAlgorithm,
                                             IUserIdentity identity)
        Returns the universal reference ID of the user using the given hash algorithm. The universal reference ID is unique for every user within the system across all authenticators if it is a uniquely identifiable user. See getUniversalReferenceId(EHashAlgorithm, String, String) for universal reference ID format.
        Parameters:
        hashAlgorithm - the algorithm to be used for calculating the hash digest for a user profile. If no hash algorithm is given, the default user profile hash algorithm will be used.
        identity - to get the universal reference ID for
        Returns:
        the universal reference ID of the identity.

      • getUniversalReferenceId

        public static String getUniversalReferenceId​(EHashAlgorithm hashAlgorithm,
                                             String clientName,
                                             String profileId)
        Returns the universal reference ID of the user. The universal reference ID is unique for every user within the system across all authenticators if it is a uniquely identifiable user. Anonymous users or users that authenticate via a group password can't be uniquely identified. There are a few users which have special universal reference IDs (see below). All other users follow a general format for their universal reference ID.

        Universal reference ID format for general users: 

         <Authenticator client name>#<Hash algorithm ID>#<profile identification hash>
        Authenticator client name
        The client name of an authenticator client, which can be retrieved by calling IClientDescriptor.getClientName(), E.g. "KERBEROS" or the callback UUID for entity authenticators.
        Hash algorithm ID
        An identifier determining the hash algorithm used to calculate the profile hash
        Profile identification hash
        A hash digest representing the user profile. See getUserProfileHash(EHashAlgorithm, UserProfile) for the creation of the user profile hash.

        Special reserved universal reference IDs:

Parameters:
hashAlgorithm - the algorithm to be used for calculating the hash digest for a user profile. If no hash algorithm is given, the default user profile hash algorithm will be used.
clientName - describes the authentication client that is used to authenticate the user
profileId - ID of the authenticated user within the authentication client
Returns:
the universal reference ID of the user