Package org.apache.jackrabbit.oak.spi.security.user

Interface UserConstants

All Known Implementing Classes:
UserUtil
public interface UserConstants
User management related constants. Please note that all names and paths are OAK names/paths and therefore are not suited to be used in JCR context with remapped namespaces.

  • Field Details

    • NT_REP_AUTHORIZABLE

      static final String NT_REP_AUTHORIZABLE
      See Also:

    • NT_REP_AUTHORIZABLE_FOLDER

      static final String NT_REP_AUTHORIZABLE_FOLDER
      See Also:

    • NT_REP_USER

      static final String NT_REP_USER
      See Also:

    • NT_REP_GROUP

      static final String NT_REP_GROUP
      See Also:

    • NT_REP_SYSTEM_USER

      static final String NT_REP_SYSTEM_USER
      See Also:

    • NT_REP_PASSWORD

      static final String NT_REP_PASSWORD
      See Also:

    • NT_REP_MEMBERS

      @Deprecated static final String NT_REP_MEMBERS
      Deprecated.
      See Also:

    • NT_REP_MEMBER_REFERENCES_LIST

      static final String NT_REP_MEMBER_REFERENCES_LIST
      See Also:

    • NT_REP_MEMBER_REFERENCES

      static final String NT_REP_MEMBER_REFERENCES
      See Also:

    • MIX_REP_IMPERSONATABLE

      static final String MIX_REP_IMPERSONATABLE
      See Also:

    • REP_PRINCIPAL_NAME

      static final String REP_PRINCIPAL_NAME
      See Also:

    • REP_AUTHORIZABLE_ID

      static final String REP_AUTHORIZABLE_ID
      See Also:

    • REP_PASSWORD

      static final String REP_PASSWORD
      See Also:

    • REP_PASSWORD_LAST_MODIFIED

      static final String REP_PASSWORD_LAST_MODIFIED
      See Also:

    • REP_DISABLED

      static final String REP_DISABLED
      See Also:

    • REP_MEMBERS

      static final String REP_MEMBERS
      See Also:

    • REP_MEMBERS_LIST

      static final String REP_MEMBERS_LIST
      See Also:

    • REP_IMPERSONATORS

      static final String REP_IMPERSONATORS
      See Also:

    • REP_PWD

      static final String REP_PWD
      See Also:

    • REP_PWD_HISTORY

      static final String REP_PWD_HISTORY
      See Also:

    • GROUP_PROPERTY_NAMES

      static final Collection<String> GROUP_PROPERTY_NAMES

    • USER_PROPERTY_NAMES

      static final Collection<String> USER_PROPERTY_NAMES

    • PWD_PROPERTY_NAMES

      static final Collection<String> PWD_PROPERTY_NAMES

    • NT_NAMES

      static final Collection<String> NT_NAMES

    • PARAM_ADMIN_ID

      static final String PARAM_ADMIN_ID
      Configuration option defining the ID of the administrator user.
      See Also:

    • PARAM_IMPERSONATOR_PRINCIPAL_NAMES

      static final String PARAM_IMPERSONATOR_PRINCIPAL_NAMES
      Configuration option defining the names of the impersonatorPrincipals field.
      Since:
      Oak 1.54.0
      See Also:

    • PARAM_OMIT_ADMIN_PW

      static final String PARAM_OMIT_ADMIN_PW
      Configuration option defining if the admin password should be omitted upon user creation.
      See Also:

    • DEFAULT_ADMIN_ID

      static final String DEFAULT_ADMIN_ID
      Default value for PARAM_ADMIN_ID
      See Also:

    • PARAM_ANONYMOUS_ID

      static final String PARAM_ANONYMOUS_ID
      Configuration option defining the ID of the anonymous user. The ID might be null of no anonymous user exists. In this case Session#getUserID() may return null if it has been obtained using GuestCredentials.
      See Also:

    • DEFAULT_ANONYMOUS_ID

      static final String DEFAULT_ANONYMOUS_ID
      Default value for PARAM_ANONYMOUS_ID
      See Also:

    • PARAM_USER_AUTHENTICATION_FACTORY

      static final String PARAM_USER_AUTHENTICATION_FACTORY
      Mandatory configuration option denoting the user Authentication implementation to use in the login module.
      See Also:

    • PARAM_USER_PATH

      static final String PARAM_USER_PATH
      Configuration option to define the path underneath which user nodes are being created.
      See Also:

    • DEFAULT_USER_PATH

      static final String DEFAULT_USER_PATH
      Default value for PARAM_USER_PATH
      See Also:

    • PARAM_GROUP_PATH

      static final String PARAM_GROUP_PATH
      Configuration option to define the path underneath which group nodes are being created.
      See Also:

    • DEFAULT_GROUP_PATH

      static final String DEFAULT_GROUP_PATH
      Default value for PARAM_GROUP_PATH
      See Also:

    • PARAM_SYSTEM_RELATIVE_PATH

      static final String PARAM_SYSTEM_RELATIVE_PATH
      Configuration option to define the path relative to the user root node underneath which system user nodes are being created.
      See Also:

    • DEFAULT_SYSTEM_RELATIVE_PATH

      static final String DEFAULT_SYSTEM_RELATIVE_PATH
      Default intermediate path for system users.
      See Also:

    • PARAM_DEFAULT_DEPTH

      static final String PARAM_DEFAULT_DEPTH
      Parameter used to change the number of levels that are used by default to store authorizable nodes.
      The default number of levels is 2.
      See Also:

    • DEFAULT_DEPTH

      static final int DEFAULT_DEPTH
      Default value for PARAM_DEFAULT_DEPTH
      See Also:

    • PARAM_PASSWORD_HASH_ALGORITHM

      static final String PARAM_PASSWORD_HASH_ALGORITHM
      Configuration parameter to change the default algorithm used to generate password hashes.
      See Also:

    • PARAM_PASSWORD_HASH_ITERATIONS

      static final String PARAM_PASSWORD_HASH_ITERATIONS
      Configuration parameter to change the number of iterations used for password hash generation.
      See Also:

    • PARAM_PASSWORD_SALT_SIZE

      static final String PARAM_PASSWORD_SALT_SIZE
      Configuration parameter to change the number of iterations used for password hash generation.
      See Also:

    • PARAM_ENABLE_RFC7613_USERCASE_MAPPED_PROFILE

      static final String PARAM_ENABLE_RFC7613_USERCASE_MAPPED_PROFILE
      Optionally enables the UsernameCaseMapped profile defined in https://tools.ietf.org/html/rfc7613#section-3.2 for user name comparison. Use this if half-width and full-width user names should be considered equal.
      See Also:

    • DEFAULT_ENABLE_RFC7613_USERCASE_MAPPED_PROFILE

      static final boolean DEFAULT_ENABLE_RFC7613_USERCASE_MAPPED_PROFILE
      Default value for PARAM_ENABLE_RFC7613_USERCASE_MAPPED_PROFILE
      See Also:

    • PARAM_AUTHORIZABLE_NODE_NAME

      static final String PARAM_AUTHORIZABLE_NODE_NAME
      Optional configuration parameter defining how to generate the name of the authorizable node from the ID of the new authorizable that is being created. The value is expected to be an instance of AuthorizableNodeName. By default AuthorizableNodeName.DEFAULT is used.
      See Also:

    • PARAM_AUTHORIZABLE_ACTION_PROVIDER

      static final String PARAM_AUTHORIZABLE_ACTION_PROVIDER
      Optional configuration parameter to set the AuthorizableActionProvider to be used with the given user management implementation. Unless otherwise specified in the configuration DefaultAuthorizableActionProvider is used.
      See Also:

    • PARAM_SUPPORT_AUTOSAVE

      static final String PARAM_SUPPORT_AUTOSAVE
      Optional configuration parameter that might be used to get back support for the auto-save behavior which has been dropped in the default user management implementation present with OAK.

      Note that this option has been added for those cases where API consumers rely on the implementation specific behavior present with Jackrabbit 2.x. In general using this option should not be required as the Jackrabbit User Management API expects that API consumers tests the auto-save mode is enabled. Therefore this option should be considered a temporary workaround after upgrading a repository to OAK; the affected code should be reviewed and adjusted accordingly.

      See Also:

    • PARAM_PASSWORD_MAX_AGE

      static final String PARAM_PASSWORD_MAX_AGE
      Optional configuration parameter indicating the maximum age in days a password may have before it expires. If the value specified is > 0, password expiry is implicitly enabled.
      See Also:

    • DEFAULT_PASSWORD_MAX_AGE

      static final int DEFAULT_PASSWORD_MAX_AGE
      Default value for PARAM_PASSWORD_MAX_AGE
      See Also:

    • PARAM_PASSWORD_INITIAL_CHANGE

      static final String PARAM_PASSWORD_INITIAL_CHANGE
      Optional configuration parameter indicating whether users must change their passwords on first login. If enabled, passwords are immediately expired upon user creation.
      See Also:

    • DEFAULT_PASSWORD_INITIAL_CHANGE

      static final boolean DEFAULT_PASSWORD_INITIAL_CHANGE
      Default value for PARAM_PASSWORD_INITIAL_CHANGE
      See Also:

    • CREDENTIALS_ATTRIBUTE_NEWPASSWORD

      static final String CREDENTIALS_ATTRIBUTE_NEWPASSWORD
      Name of the SimpleCredentials attribute containing the new password. This may be used change the password via the credentials object.
      See Also:

    • PARAM_PASSWORD_HISTORY_SIZE

      static final String PARAM_PASSWORD_HISTORY_SIZE
      Optional configuration parameter indicating the maximum number of passwords recorded for a user after password changes. If the value specified is > 0, password history checking during password change is implicitly enabled and the new password provided during a password change must not be found in the already recorded history.
      Since:
      Oak 1.3.3
      See Also:

    • PASSWORD_HISTORY_DISABLED_SIZE

      static final int PASSWORD_HISTORY_DISABLED_SIZE
      Constant to indicate disabled password history, which is the default.
      Since:
      Oak 1.3.3
      See Also:

    • PARAM_ALLOW_DISABLE_ANONYMOUS

      static final String PARAM_ALLOW_DISABLE_ANONYMOUS
      Optional configuration parameter indicating if the anonymous user can be disabled or not. By default, the anonymous user can be disabled.
      See Also: