Class UserMgmtUtils

java.lang.Object
de.xima.fc.utils.UserMgmtUtils
All Implemented Interfaces:
Serializable
public final class UserMgmtUtils extends Object implements Serializable
Hilfsklasse für Funktionalitäten der Benutzerverwaltung.
See Also:

  • Field Details

    • DEFAULT_PWD_SYMBOLS

      public static final String DEFAULT_PWD_SYMBOLS
      See Also:

    • ANONYMOUS

      @Deprecated public static final Benutzer ANONYMOUS
      Deprecated.
      Use VirtualUser.ANONYMOUS
      Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.

    • SYSTEM

      @Deprecated public static final Benutzer SYSTEM
      Deprecated.
      Use VirtualUser.SYSTEM
      Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.

    • SETUP

      @Deprecated public static final Benutzer SETUP
      Deprecated.
      Use VirtualUser.SYSTEM
      Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.

    • DESIGNER_USER

      @Deprecated public static final Benutzer DESIGNER_USER
      Deprecated.
      No equivalent, but see VirtualUser
      Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.

    • DESIGNER_LAST_DUMMY

      @Deprecated public static final Benutzer DESIGNER_LAST_DUMMY
      Deprecated.
      Use virtual users
      Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.

    • DESIGNER_INITIAL_DUMMY

      @Deprecated public static final Benutzer DESIGNER_INITIAL_DUMMY
      Deprecated.
      Use virtual users
      Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.

  • Method Details

    • canAccessClient

      public static boolean canAccessClient(IUser user, Mandant client)
      Whether the given user has permission to access the given client.
      Parameters:
      user - to check for
      client - to check
      Returns:
      true if the user has permission to access the given client and false otherwise.

    • canAccessInbox

      public static boolean canAccessInbox(IUser user, Postfach inbox)
      Whether the user has permission to access the client inbox. Note: This check does not take into account whether the user has the role permission to access the inbox UI.
      Parameters:
      user - to check for
      inbox - to check
      Returns:
      true if the user has permission to access the given client inbox and false otherwise.

    • canEditProject

      public static boolean canEditProject(IUser user, Projekt project)
      Whether or not the given user has permission to edit the given project.
      Parameters:
      user - to check for
      project - to check
      Returns:
      true if the user has permission to edit the project and false otherwise.

    • canViewProject

      public static boolean canViewProject(IUser user, Projekt project)
      Whether the given user has permission to view the given project.
      Parameters:
      user - to check for
      project - to check
      Returns:
      true if the user has permission to view the project and false otherwise.

    • checkPassword

      public static boolean checkPassword(String clearTextPassword, String encryptedPassword)

    • convert

      public static EGender convert(org.pac4j.core.profile.Gender gender)
      Converts the given pac4j gender to a EGender and to EGender.UNSPECIFIED if null.
      Parameters:
      gender - to convert
      Returns:
      converted gender

    • convert

      public static org.pac4j.core.profile.Gender convert(EGender gender)
      Converts the given gender to a pac4j Gender and to Gender.UNSPECIFIED if no match was found or null.
      Parameters:
      gender - to convert
      Returns:
      converted gender

    • convertToProfile

      @Deprecated public static org.pac4j.core.profile.CommonProfile convertToProfile(Benutzer user)
      Deprecated.
      Conversion of UserProfile to UserProfile is done in InternalUserAuthenticator

    • dfltBgNameFor

      @Deprecated public static String dfltBgNameFor(ERollenTyp rolle, Locale locale)
      Deprecated.
      Is handled in IClientCreateData
      Liefert den lokalisierten Standard-Gruppennamen für Benutzer mit der übergebenen Rolle.
      Returns:
      Den Gruppennamen.

    • encPwd

      @Deprecated public static String encPwd(String src)
      Deprecated.
      use hashPassword(String) and checkPassword(String, String)

    • filterCharacterRules

      public static List<org.passay.CharacterRule> filterCharacterRules(List<org.passay.Rule> rules)

    • filterFirstLengthRules

      public static org.passay.LengthRule filterFirstLengthRules(List<org.passay.Rule> rules)

    • genPwd

      public static String genPwd(List<SystemProperty> pwdPolicyConfig)
      Generates a password based on the configured system rules
      Parameters:
      pwdPolicyConfig - pwdPolicyConfig a List of SystemPropertys which specify the password policy rules
      Returns:
      a generated Password

    • genPwd

      @Deprecated public static String genPwd()
      Deprecated.
      use genPwd(List) instead
      Passwortgenerierung.

    • getAuthenticationClientFromAuthenticationAttribute

      public static IClientDescriptor getAuthenticationClientFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)
      Gets the client descriptor of the client that authenticated the user if it has been set in the authentication attributes of the given profile.
      Parameters:
      pac4jProfile - to get the authentication client descriptor for
      Returns:
      the authentication client descriptor if it has been set and null otherwise.

    • getAuthenticationClientName

      public static String getAuthenticationClientName(String universalReferenceId)

    • getAuthenticationTargetFromAuthenticationAttribute

      public static String getAuthenticationTargetFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)
      Gets the target that the user authenticated for if it has been set in the authentication attributes of the given profile.
      Parameters:
      pac4jProfile - to get the authentication client descriptor for
      Returns:
      the authentication client descriptor if it has been set and null otherwise.

    • getBenutzerFromUser

      @Deprecated public static Benutzer getBenutzerFromUser(IUser user, Mandant client)
      Deprecated.

    • getClientAuthorizationsFromAuthenticationAttribute

      public static Set<IClientAuthorization> getClientAuthorizationsFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)
      Get the client authorizations of the user if it has been set in the authentication attributes of the given profile.
      Parameters:
      pac4jProfile - to get the client authorizations for.
      Returns:
      the client authorizations if it has been set and null otherwise.

    • getClientPermission

      public static String getClientPermission(Mandant client, IAccessProperty accessProperty)
      Returns a string value representing the permission within a client (Mandant). For more information about the format of the scoped value see getClientPermission(Mandant, String).
      Parameters:
      client - to scope permission to
      accessProperty - to get a scoped permission value for
      Returns:
      a scoped string value representing the permission within a client.

    • getClientPermission

      public static String getClientPermission(Mandant client, String permissionName)
      Returns a string value representing the permission within a client. Format of the string value: 
      <client UUID>#<permission name>
      Parameters:
      client - to scope permission to
      permissionName - to get a scoped permission value for
      Returns:
      a scoped string value representing the permission within a client.

    • getClientRole

      public static String getClientRole(Rolle role)
      Returns a string value representing the role within a client (Mandant). For more information about the format of the scoped role value see getClientRole(Mandant, String).
      Parameters:
      role - to get the scoped role value for
      Returns:
      a scoped string value representing the role within a client.

    • getClientRole

      public static String getClientRole(Mandant client, String roleName)
      Returns a string value representing the role within a client (Mandant). Format of the string value: 
      <client UUID>#<Role name>
      Parameters:
      client - to scope role name to
      roleName - to scope
      Returns:
      a scoped string value representing the role within a client.

    • getDefaultPasswordRules

      public static List<org.passay.Rule> getDefaultPasswordRules()
      This method returns a password policy with strict rules for the super user. This method should be used when the password policy on the database cannot be accessed.
      Returns:
      list of password policy Rules

    • getFromProfile

      @Deprecated public static Benutzer getFromProfile(org.pac4j.core.profile.CommonProfile profile)
      Deprecated.

    • getGeneralPermission

      public static String getGeneralPermission(IAccessProperty accessProperty)
      Returns a string value representing the permission for the general scope.
      Parameters:
      accessProperty - to get a permission value for.
      Returns:
      a string value representing the permission for the general scope.

    • getGeneralPermission

      public static String getGeneralPermission(String permissionName)
      Returns a string value representing the permission for the general scope.
      Parameters:
      permissionName - to get a permission value for.
      Returns:
      a string value representing the permission for the general scope.

    • getInitials

      public static String getInitials(String displayName)
      Returns the initials of the given display name. The initials are the first letters of the first and last name.

      Example: "John Doe" -> "JD"

      Parameters:
      displayName - to get the initials from
      Returns:
      the initials of the given display name

    • getInvitationClientAuthorizationFromAuthenticationAttribute

      public static DirectClientAuthorization getInvitationClientAuthorizationFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)
      Gets the invitation client authorization if it has been set in the authentication attributes of the given pac4j profile. See here for more information about what invitation client authorizations are used for.
      Parameters:
      pac4jProfile - to get the invitation client authorization for.
      Returns:
      the invitation client authorization if it has been set in and null otherwise.
      See Also:

    • getMaskedEmailAddress

      public static String getMaskedEmailAddress(String email)
      Masks the email address for privacy purposes. E.g.: "joe.average@example.com" becomes "j*****e@example.com".
      Parameters:
      email - to be masked
      Returns:
      the masked email
      Throws:
      IllegalArgumentException - if the given string is not an email.

    • getMaskedName

      public static String getMaskedName(String name)
      Masks the user name for privacy purposes. E.g.: "Joe Average" becomes "Jo**** Av****".
      Parameters:
      name - to be masked
      Returns:
      the masked name

    • getMaskedUserAttribute

      public static String getMaskedUserAttribute(String value)
      Masks the given user attribute (e.g. emails or names).
      Parameters:
      value - user attribute value that is to be masked.
      Returns:
      the masked user attribute.

    • getPasswordRules

      public static List<org.passay.Rule> getPasswordRules(List<SystemProperty> pwdPolicyConfig, boolean useDefaultForGen)
      Determines the password policy rules set from the persisted system configuration. The persisted system configuration comes within the given systemConfig list.
      Parameters:
      pwdPolicyConfig - List of SystemPropertys
      useDefaultForGen - Flag for use functionality in password generation. If no rules configured (in system properties or pre default) the rules 'ALPABETICAL' and 'DIGITS' will be returned.
      Returns:
      list of password policy Rules

    • getPasswordStrength

      public static int getPasswordStrength(String newPassword, List<org.passay.Rule> rules)
      Calculates the password-strength for password ui components. The ranges for levels in the ui component are:
      • 0,29: Weak
      • 30,79: Medium
      • 80,100: Strong

      The method returns

      • 0-29 if not all configured password policy rules apply.
      • 30-79 if all configured password policy rules apply.
      • 80-100 if the estimate entropy of the pass phrase is over 31.
      Parameters:
      newPassword - the password to calculate the strength of
      rules - a list of system properties which specify the password policy rules
      Returns:
      Double

    • getPermissionsFromAuthenticationAttribute

      public static Set<String> getPermissionsFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)
      Gets the permissions if they have been set in the authentication attributes of the given pac4j profile.
      Parameters:
      pac4jProfile - to get the permissions for.
      Returns:
      the permissions if they have been set in and null otherwise.

    • cleanupUserDataForRendering

      public static void cleanupUserDataForRendering(com.alibaba.fastjson.JSONObject userData)

    • cleanupUserDataForPersisting

      public static void cleanupUserDataForPersisting(com.alibaba.fastjson.JSONObject userData)

    • getRawData

      public static com.alibaba.fastjson.JSONObject getRawData(org.pac4j.core.profile.UserProfile userProfile)

    • getSystemPermission

      public static String getSystemPermission(IAccessProperty accessProperty)
      Returns a string value representing the permission for system scope. For more information about the format of the scoped value see getSystemPermission(String).
      Parameters:
      accessProperty - to get a scoped permission value for
      Returns:
      a scoped string value representing the permission for the system scope.

    • getSystemPermission

      public static String getSystemPermission(String permissionName)
      Returns a string value representing the permission for system scope. Format of the string value: 
      SYSTEM#<permission name>
      Parameters:
      permissionName - to get a scoped permission value for
      Returns:
      a scoped string value representing the permission for the system scope.

    • getTimeStamp

      @Deprecated public static long getTimeStamp(long addHours, long addMinutes)
      Deprecated.
      Token duration for password set/reset mails is handled in UserMailUtil.
      Liefert einen Zeitstempel (beginnend vom aktuellen Zeitpunkt) zurück, welcher, um die in den Parametern für Stunden und Minuten enthalten Werte, erweitert wurde.
      Parameters:
      addHours - Stunden, die zum aktuellen Zeitpunkt hinzugezählt werden sollen
      addMinutes - Minuten, die zum aktuellen Zeitpunkt hinzugezählt werden sollen
      Returns:
      ein Zeitstempel

    • getUniversalReferenceId

      public static String getUniversalReferenceId(org.pac4j.core.profile.UserProfile profile)
      Returns the universal reference ID of the user. The universal reference ID is unique for every user within the system across all authenticators if it is a uniquely identifiable user. See getUniversalReferenceId(EHashAlgorithm, String, String) for universal reference ID format.
      Parameters:
      profile - to get the universal reference ID for
      Returns:
      the universal reference ID of the profile.

    • getUniversalReferenceId

      public static String getUniversalReferenceId(EHashAlgorithm hashAlgorithm, org.pac4j.core.profile.UserProfile profile)
      Returns the universal reference ID of the user. The universal reference ID is unique for every user within the system across all authenticators if it is a uniquely identifiable user. See getUniversalReferenceId(EHashAlgorithm, String, String) for universal reference ID format.
      Parameters:
      hashAlgorithm - the algorithm to be used for calculating the hash digest for a user profile. If no hash algorithm is given, the default user profile hash algorithm will be used.
      profile - to get the universal reference ID for
      Returns:
      the universal reference ID of the profile.

    • getUniversalReferenceId

      public static String getUniversalReferenceId(IUserIdentity identity)
      Returns the universal reference ID of the user. The universal reference ID is unique for every user within the system across all authenticators if it is a uniquely identifiable user. See getUniversalReferenceId(EHashAlgorithm, String, String) for universal reference ID format.
      Parameters:
      identity - to get the universal reference ID for
      Returns:
      the universal reference ID of the identity.

    • getUniversalReferenceId

      public static String getUniversalReferenceId(EHashAlgorithm hashAlgorithm, IUserIdentity identity)
      Returns the universal reference ID of the user using the given hash algorithm. The universal reference ID is unique for every user within the system across all authenticators if it is a uniquely identifiable user. See getUniversalReferenceId(EHashAlgorithm, String, String) for universal reference ID format.
      Parameters:
      hashAlgorithm - the algorithm to be used for calculating the hash digest for a user profile. If no hash algorithm is given, the default user profile hash algorithm will be used.
      identity - to get the universal reference ID for
      Returns:
      the universal reference ID of the identity.

    • getUniversalReferenceId

      public static String getUniversalReferenceId(EHashAlgorithm hashAlgorithm, String clientName, String profileId)
      Returns the universal reference ID of the user. The universal reference ID is unique for every user within the system across all authenticators if it is a uniquely identifiable user. Anonymous users or users that authenticate via a group password can't be uniquely identified. There are a few users which have special universal reference IDs (see below). All other users follow a general format for their universal reference ID.

      Universal reference ID format for general users: 

      <Authenticator client name>#<Hash algorithm ID>#<profile identification hash>
      Authenticator client name
      The client name of an authenticator client, which can be retrieved by calling IClientDescriptor.getClientName(), E.g. "KERBEROS" or the callback UUID for entity authenticators.
      Hash algorithm ID
      An identifier determining the hash algorithm used to calculate the profile hash
      Profile identification hash
      A hash digest representing the user profile. See getUserProfileHash(EHashAlgorithm, UserProfile) for the creation of the user profile hash.

      Special reserved universal reference IDs:

      Parameters:
      hashAlgorithm - the algorithm to be used for calculating the hash digest for a user profile. If no hash algorithm is given, the default user profile hash algorithm will be used.
      clientName - describes the authentication client that is used to authenticate the user
      profileId - ID of the authenticated user within the authentication client
      Returns:
      the universal reference ID of the user

    • getUniversalReferenceIdClientPrefix

      public static String getUniversalReferenceIdClientPrefix(IClientDescriptor descriptor)
      Returns the prefix of the authentication client for creating the universal reference ID for a user. See getUniversalReferenceId(EHashAlgorithm, String, String) for universal reference ID format.
      Parameters:
      descriptor - describes the authentication client that is used to authenticate the user.
      Returns:
      the prefix of the authentication client for creating the universal reference ID for a user.

    • getUniversalReferenceIdClientPrefix

      public static String getUniversalReferenceIdClientPrefix(String clientName)
      Returns the prefix of the authentication client for creating the universal reference ID for a user. See getUniversalReferenceId(EHashAlgorithm, String, String) for universal reference ID format.
      Parameters:
      clientName - describes the authentication client that is used to authenticate the user.
      Returns:
      the prefix of the authentication client for creating the universal reference ID for a user.

    • getUserProfileFromAuthenticationAttribute

      public static UserProfile getUserProfileFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)
      Gets the formcycle profile if it has been set in the authentication attributes of the given pac4j profile.
      Parameters:
      pac4jProfile - to get the formcycle profile for
      Returns:
      the formcycle profile if it has been set and null otherwise.

    • getUserProfileHash

      public static String getUserProfileHash(EHashAlgorithm hashAlgorithm, org.pac4j.core.profile.UserProfile profile)
      Calculates the hash digest for the given user profile using the given hash algorithm.
      Parameters:
      hashAlgorithm - the algorithm to be used for calculating the hash digest for a user profile. If no hash algorithm is given, the default user profile hash algorithm will be used.
      profile - the user profile to be hashed.
      Returns:
      the hash digest for the user profile.
      Throws:
      NullPointerException - if no user profile was given.

    • getUserProfileHash

      public static String getUserProfileHash(EHashAlgorithm hashAlgorithm, String clientName, String profileId)
      Calculates the hash digest for the user profile defined by the given client name and profile ID using the given hash algorithm.
      Parameters:
      hashAlgorithm - the algorithm to be used for calculating the hash digest for a user profile. If no hash algorithm is given, the default user profile hash algorithm will be used.
      clientName - the client name of the authenticator (the authenticator callback UUID for entity authenticators).
      profileId - the ID of the user profile within an IDP.
      Returns:
      the hash digest for the user profile defined by the client name and profile ID.
      Throws:
      IllegalArgumentException - if no client name or profile ID were given.

    • hasBackendAccess

      public static boolean hasBackendAccess(IUser user)
      Checks if the user has permission to access to the formcycle backend.
      Parameters:
      user - to check
      Returns:
      true if the user has permission to access the formcycle backend and false otherwise.

    • hasBackendAccess

      public static boolean hasBackendAccess(IClientAuthorization authorization)
      If the given client authorization grants users access to the formcycle backend.
      Parameters:
      authorization - to check
      Returns:
      true if the client authorization grants users access to the formcycle backend and false otherwise.

    • hasClientBackendAccess

      public static boolean hasClientBackendAccess(IUser user, Long clientId)
      Returns whether or not the given user has access to the formcycle backend of the client with the given ID.
      Parameters:
      user - to check
      Returns:
      true if the user has access to the formcycle backend of the client with the given ID and false otherwise.

    • hasDesignerAccess

      public static boolean hasDesignerAccess(IClientAuthorization authorization)
      Returns whether or not the given client authorization grants designer access.
      Parameters:
      authorization - to check
      Returns:
      true if the authorization grants designer access and false otherwise.

    • hasInboxAccess

      public static boolean hasInboxAccess(IClientAuthorization authorization)
      Returns whether or not the given client authorization grants inbox access.
      Parameters:
      authorization - to check
      Returns:
      true if the authorization grants inbox access and false otherwise.

    • hasSystemPermission

      public static boolean hasSystemPermission(UserProfile userProfile, IAccessProperty accessProperty)
      Checks if the given user profile has the given system permission.
      Parameters:
      userProfile - to check
      accessProperty - the system permission to check for
      Returns:
      true if the given user profile has the given system permission and false otherwise.

    • hasClientPermission

      public static boolean hasClientPermission(UserProfile userProfile, Long clientId, IAccessProperty accessProperty)
      Checks if the given user profile has the given client permission for the client with the given ID.
      Parameters:
      userProfile - to check
      clientId - ID of the client to check the permission for
      accessProperty - the client permission to check for
      Returns:
      true if the given user profile has the given client permission for the client with the given ID and false otherwise.

    • hashPassword

      public static String hashPassword(String clearTextPassword)
      Paswort-Encryption.

    • isActive

      public static boolean isActive(IClientAuthorization authorization)
      Checks if the given client authorization is active. If the attached user profile is inactive then the client authorization can't be active.
      Parameters:
      authorization - to check.
      Returns:
      true if the given client authorization is active and false otherwise.

    • isAnonymousUser

      public static boolean isAnonymousUser(IUser user)
      Checks if the user is anonymous.
      Parameters:
      user - to check
      Returns:
      true if the user is an anonymous user and false otherwise.

    • isAnonymousUser

      public static boolean isAnonymousUser(IUserRef userRef)
      Checks if the user is anonymous.
      Parameters:
      userRef - to check
      Returns:
      true if the user is an anonymous user and false otherwise.

    • isAnonymousUser

      @Deprecated public static boolean isAnonymousUser(Benutzer user)
      Deprecated.

    • isAuthenticatedFor

      public static boolean isAuthenticatedFor(IUser user, String authTarget)
      checks if the user has been authenticated for the given authentication target.
      Parameters:
      user - to check.
      authTarget - to check. User can authenticated for different authentication targets, e.g. "backend", "form", ...
      Returns:
      true if the user has been authenticated for the given authentication target and false otherwise.
      Throws:
      IllegalArgumentException - if a blank authentication target is given.

    • isBackendAccessCapable

      public static boolean isBackendAccessCapable(IClientAuthorization authorization)
      Returns if the given client authorization is capable of allowing users access to the formcycle backend. This does not mean that the authorization actually allows backend access. If you want to find if an authorization grants backend access use hasBackendAccess(IClientAuthorization) instead.
      Parameters:
      authorization - to check.
      Returns:
      true if the authorization is capable of allowing users access to the formcycle backend. false otherwise.

    • isClientAdmin

      public static boolean isClientAdmin(UserProfile profile, Mandant client)
      Returns true if given profile has a role of a MANDANT_ADMIN
      Parameters:
      profile - to check
      Returns:
      false if no admin role found

    • isClientAdmin

      public static boolean isClientAdmin(IClientAuthorization authorization)
      Returns true if given authorization has a role of a MANDANT_ADMIN
      Parameters:
      authorization - direct or indirect authorization
      Returns:
      false if no admin role found

    • isClientAdmin

      public static boolean isClientAdmin(IUser user, Mandant client)
      Checks if the user is an admin of the given client.
      Parameters:
      user - to check for
      client - to check
      Returns:
      true if the user is an admin of the given client and false otherwise.

    • isDistinctUniversalReferenceId

      public static boolean isDistinctUniversalReferenceId(String universalReferenceId)
      Checks if the given universal reference id is a distinct universal reference id. Distinct universal reference ids are universal reference ids that can be distinguished from other universal reference ids.

      Distinct universal reference ids are not system or anonymous universal reference ids.

      Parameters:
      universalReferenceId - to check
      Returns:
      true if the universal reference id is a distinct universal reference id and false

    • isAnonymous

      public static boolean isAnonymous(IUserRef userRef)

    • isSystem

      public static boolean isSystem(IUserRef userRef)

    • isDistinctUser

      public static boolean isDistinctUser(IUser user)
      Checks if the user is a distinct user. Distinct users are users that can be distinguished from other users.

      Distinct users are not system or anonymous users.

      Parameters:
      user - to check
      Returns:
      true if the user is a distinct user and false otherwise.

    • isDistinctUser

      public static boolean isDistinctUser(IUserRef userRef)
      Checks if the user is a distinct user. Distinct users are users that can be distinguished from other users.

      Distinct users are not system or anonymous users.

      Parameters:
      userRef - to check
      Returns:
      true if the user is a distinct user and false otherwise.

    • isEmptyUserRef

      public static boolean isEmptyUserRef(IUserRef userRef)
      Checks if the given user reference is empty. An empty user reference is a user reference that has no universal reference id and no profile uuid also no data for the filter extension.
      Parameters:
      userRef - to check
      Returns:
      true if the user reference is empty and false otherwise.

    • isExpired

      public static boolean isExpired(IEntityClientAuthorization authorization)
      Checks if the given client authorization is expired (right now).
      Parameters:
      authorization - to check.
      Returns:
      true if the given client authorization is expired and false otherwise.

    • isExternalUser

      @Deprecated public static boolean isExternalUser(Benutzer user)
      Deprecated.

    • isInternalUser

      @Deprecated public static boolean isInternalUser(Benutzer user)
      Deprecated.
      Not neede anymore.
      Method do determine if the given user is an internal and virtual user like SETUP, ANONYMOUS or SYSTEM
      Parameters:
      user - the user to check
      Returns:
      true if the user is internal, false otherwise

    • isInvitationExpired

      public static boolean isInvitationExpired(IEntityClientAuthorization authorization)
      Checks if the invitation attached to the given client authorization is expired (right now).
      Parameters:
      authorization - to check.
      Returns:
      true if the invitation to the given client authorization is expired and false otherwise.

    • isInvitedUser

      public static boolean isInvitedUser(IUser user)

    • isInvitedUser

      public static boolean isInvitedUser(org.pac4j.core.profile.UserProfile pac4jProfile)

    • isSetupUser

      @Deprecated public static boolean isSetupUser(Benutzer user)
      Deprecated.
      Use isSuperUser(IUser) instead.
      Parameters:
      user - User to check.
      Returns:
      true if the given user is a setup user (sadmin), who can administrate the system.

    • isSetupUserWithClient

      @Deprecated public static boolean isSetupUserWithClient(Benutzer user, javax.servlet.http.HttpSession session)
      Deprecated.
      Parameters:
      user - User to check.
      session - Optional session for retrieving the client.
      Returns:
      true if the given user is a setup user and has chosen a client.

    • isSetupUserWithoutClient

      @Deprecated public static boolean isSetupUserWithoutClient(Benutzer user, javax.servlet.http.HttpSession session)
      Deprecated.
      Parameters:
      user - User to check.
      session - Optional session for retrieving the client.
      Returns:
      true if the given user is a setup user and has not chosen a client.

    • isSuperUser

      public static boolean isSuperUser(IUser user)
      Checks if the user is THE super user. There is only one super user (sadmin) in the system.
      Parameters:
      user - to check
      Returns:
      true if the given user is the super user and false otherwise.

    • isSuperUser

      public static boolean isSuperUser(org.pac4j.core.profile.UserProfile pac4jProfile)
      Checks if the user is THE super user. There is only one super user (sadmin) in the system.
      Parameters:
      pac4jProfile - to check
      Returns:
      true if the given user profile is the super user and false otherwise.

    • isSuperUser

      public static boolean isSuperUser(IUserRef userRef)
      Checks if the user is THE super user. There is only one super user (sadmin) in the system.
      Parameters:
      userRef - to check
      Returns:
      true if the given user is the super user and false otherwise.

    • isSystemAdmin

      public static boolean isSystemAdmin(UserProfile profile)
      Checks if the user of the given profile is a system admin. System admins have permission to access/edit the system settings.
      Parameters:
      profile - to check
      Returns:
      true if the user of the given profile is a system admin and false otherwise.

    • isSystemAdmin

      public static boolean isSystemAdmin(IUser user)
      Checks if the user is a system admin. System admins have permission to access/edit the system settings.
      Parameters:
      user - A user to check.
      Returns:
      true if the user is a system admin and false otherwise.

    • isSystemUser

      public static boolean isSystemUser(IUser user)
      Checks if the user is THE system user. The system user is a special (virtual) user that is used by the system to perform operations that do not require a specific user context.
      Parameters:
      user - to check
      Returns:
      true if the user is THE system user and false otherwise.

    • isSystemUser

      @Deprecated public static boolean isSystemUser(Benutzer user)
      Deprecated.
      Not needed anymore. Check against VirtualUser.SYSTEM if it is really necessary.

    • isUser

      public static boolean isUser(IEntityClientAuthorization authorization, IUser user)
      Checks whether the given client authorization applies to the given user.
      Parameters:
      authorization - to check.
      user - to check if the client authorization applies.
      Returns:
      true if the given client authorization applies to the given user and false otherwise.

    • isUser

      public static boolean isUser(UserProfile profile, IUser user)
      Checks whether the given user profile is the user profile of the given user.
      Parameters:
      profile - to check.
      user - to check if the user profile is their user profile.
      Returns:
      true if the given user profile is the user profile of the given user and false otherwise.

    • isUser

      public static boolean isUser(IUserIdentity identity, IUser user)
      Checks whether the given user identity is the identity of the given user.
      Parameters:
      identity - to check.
      user - to check if their identity is the given user identity.
      Returns:
      true if the given user identity is the identity of the given user and false otherwise.

    • newAnonymousProfile

      public static org.pac4j.core.profile.AnonymousProfile newAnonymousProfile()

    • setAuthenticationTargetInAuthenticationAttributes

      public static void setAuthenticationTargetInAuthenticationAttributes(org.pac4j.core.profile.UserProfile pac4jProfile, IAuthenticationTarget target)
      Sets the given authentication target in the authentication attributes of the profile.
      Parameters:
      pac4jProfile - to set authentication target for.
      target - to set.

    • toJSON

      @Deprecated public static com.alibaba.fastjson.JSONObject toJSON(Benutzer user, List<BenutzerGruppe> userGroups)
      Deprecated.
      Use toJson(IUser, Mandant) instead.

    • toJSON

      @Deprecated public static com.alibaba.fastjson.JSONObject toJSON(Benutzer user, List<BenutzerGruppe> userGroups, org.pac4j.core.profile.CommonProfile prof)
      Deprecated.
      Use toJson(IUser, Mandant) instead.

    • toJson

      public static com.alibaba.fastjson.JSONObject toJson(IUser user, Mandant client)

    • toJson

      public static com.alibaba.fastjson.JSONObject toJson(IUser user, UUID clientUuid)

    • toJson

      public static com.alibaba.fastjson.JSONObject toJson(IUser user)

    • validateDefaultPasswordRules

      public static PasswordValidationResult validateDefaultPasswordRules(String password)
      Validates the password with the default password rules.
      Parameters:
      password - the new password
      Returns:
      PasswordValidationResult with validation-status and errors

    • validatePassword

      public static PasswordValidationResult validatePassword(String password, List<SystemProperty> systemConfig)
      Validates Passwords
      Parameters:
      password - the new password
      systemConfig - list with system properties, which defines the use password policy rules if list is null or empty, the system defined default password policy rules will be used
      Returns:
      PasswordValidationResult with validation-status and errors

    • validatePassword

      public static PasswordValidationResult validatePassword(String oldPassword, String newPassword, List<SystemProperty> systemConfig)
      Validates Passwords
      Parameters:
      oldPassword - old passwords which should be permitted to use again. May be null or empty.
      newPassword - the new password
      systemConfig - list with system properties, which defines the use password policy rules if list is null or empty, the system defined default password policy rules will be used
      Returns:
      PasswordValidationResult with validation-status and errors

    • validatePassword

      public static PasswordValidationResult validatePassword(String userName, String oldPassword, String newPassword, List<SystemProperty> systemConfig)
      Validates Passwords
      Parameters:
      userName - name of the user to permit passwords with username. May be null or empty.
      oldPassword - old passwords which should be permitted to use again. May be null or empty.
      newPassword - the new password
      systemConfig - list with system properties, which defines the use password policy rules if list is null or empty, the system defined default password policy rules will be used
      Returns:
      PasswordValidationResult with validation-status and errors