org.apache.jackrabbit.oak.spi.security.user

Interface UserConstants

All Known Implementing Classes:

UserUtil

public interface UserConstants

User management related constants. Please note that all names and paths are OAK names/paths and therefore are not suited to be used in JCR context with remapped namespaces.

Field Summary

Fields

Modifier and Type	Field and Description
static String	CREDENTIALS_ATTRIBUTE_NEWPASSWORD Name of the SimpleCredentials attribute containing the new password.
static String	DEFAULT_ADMIN_ID Default value for PARAM_ADMIN_ID
static String	DEFAULT_ANONYMOUS_ID Default value for PARAM_ANONYMOUS_ID
static int	DEFAULT_DEPTH Default value for PARAM_DEFAULT_DEPTH
static boolean	DEFAULT_ENABLE_RFC7613_USERCASE_MAPPED_PROFILE Default value for PARAM_ENABLE_RFC7613_USERCASE_MAPPED_PROFILE
static String	DEFAULT_GROUP_PATH Default value for PARAM_GROUP_PATH
static boolean	DEFAULT_PASSWORD_INITIAL_CHANGE Default value for PARAM_PASSWORD_INITIAL_CHANGE
static int	DEFAULT_PASSWORD_MAX_AGE Default value for PARAM_PASSWORD_MAX_AGE
static String	DEFAULT_SYSTEM_RELATIVE_PATH Default intermediate path for system users.
static String	DEFAULT_USER_PATH Default value for PARAM_USER_PATH
static Collection<String>	GROUP_PROPERTY_NAMES
static String	MIX_REP_IMPERSONATABLE
static Collection<String>	NT_NAMES
static String	NT_REP_AUTHORIZABLE
static String	NT_REP_AUTHORIZABLE_FOLDER
static String	NT_REP_GROUP
static String	NT_REP_MEMBER_REFERENCES
static String	NT_REP_MEMBER_REFERENCES_LIST
static String	NT_REP_MEMBERS Deprecated.
static String	NT_REP_PASSWORD
static String	NT_REP_SYSTEM_USER
static String	NT_REP_USER
static String	PARAM_ADMIN_ID Configuration option defining the ID of the administrator user.
static String	PARAM_ANONYMOUS_ID Configuration option defining the ID of the anonymous user.
static String	PARAM_AUTHORIZABLE_ACTION_PROVIDER Optional configuration parameter to set the AuthorizableActionProvider to be used with the given user management implementation.
static String	PARAM_AUTHORIZABLE_NODE_NAME Optional configuration parameter defining how to generate the name of the authorizable node from the ID of the new authorizable that is being created.
static String	PARAM_DEFAULT_DEPTH Parameter used to change the number of levels that are used by default to store authorizable nodes. The default number of levels is 2.
static String	PARAM_ENABLE_RFC7613_USERCASE_MAPPED_PROFILE Optionally enables the UsernameCaseMapped profile defined in https://tools.ietf.org/html/rfc7613#section-3.2 for user name comparison.
static String	PARAM_GROUP_PATH Configuration option to define the path underneath which group nodes are being created.
static String	PARAM_OMIT_ADMIN_PW Configuration option defining if the admin password should be omitted upon user creation.
static String	PARAM_PASSWORD_HASH_ALGORITHM Configuration parameter to change the default algorithm used to generate password hashes.
static String	PARAM_PASSWORD_HASH_ITERATIONS Configuration parameter to change the number of iterations used for password hash generation.
static String	PARAM_PASSWORD_HISTORY_SIZE Optional configuration parameter indicating the maximum number of passwords recorded for a user after password changes.
static String	PARAM_PASSWORD_INITIAL_CHANGE Optional configuration parameter indicating whether users must change their passwords on first login.
static String	PARAM_PASSWORD_MAX_AGE Optional configuration parameter indicating the maximum age in days a password may have before it expires.
static String	PARAM_PASSWORD_SALT_SIZE Configuration parameter to change the number of iterations used for password hash generation.
static String	PARAM_SUPPORT_AUTOSAVE Optional configuration parameter that might be used to get back support for the auto-save behavior which has been dropped in the default user management implementation present with OAK.
static String	PARAM_SYSTEM_RELATIVE_PATH Configuration option to define the path relative to the user root node underneath which system user nodes are being created.
static String	PARAM_USER_AUTHENTICATION_FACTORY Mandatory configuration option denoting the user Authentication implementation to use in the login module.
static String	PARAM_USER_PATH Configuration option to define the path underneath which user nodes are being created.
static int	PASSWORD_HISTORY_DISABLED_SIZE Constant to indicate disabled password history, which is the default.
static Collection<String>	PWD_PROPERTY_NAMES
static String	REP_AUTHORIZABLE_ID
static String	REP_DISABLED
static String	REP_IMPERSONATORS
static String	REP_MEMBERS
static String	REP_MEMBERS_LIST
static String	REP_PASSWORD
static String	REP_PASSWORD_LAST_MODIFIED
static String	REP_PRINCIPAL_NAME
static String	REP_PWD
static String	REP_PWD_HISTORY
static Collection<String>	USER_PROPERTY_NAMES

Field Detail

NT_REP_AUTHORIZABLE

static final String NT_REP_AUTHORIZABLE

See Also:

Constant Field Values

NT_REP_AUTHORIZABLE_FOLDER

static final String NT_REP_AUTHORIZABLE_FOLDER

See Also:

Constant Field Values

NT_REP_USER

static final String NT_REP_USER

See Also:

Constant Field Values

NT_REP_GROUP

static final String NT_REP_GROUP

See Also:

Constant Field Values

NT_REP_SYSTEM_USER

static final String NT_REP_SYSTEM_USER

See Also:

Constant Field Values

NT_REP_PASSWORD

static final String NT_REP_PASSWORD

See Also:

Constant Field Values

NT_REP_MEMBERS

@Deprecated
static final String NT_REP_MEMBERS

Deprecated.

See Also:

Constant Field Values

NT_REP_MEMBER_REFERENCES_LIST

static final String NT_REP_MEMBER_REFERENCES_LIST

See Also:

Constant Field Values

NT_REP_MEMBER_REFERENCES

static final String NT_REP_MEMBER_REFERENCES

See Also:

Constant Field Values

MIX_REP_IMPERSONATABLE

static final String MIX_REP_IMPERSONATABLE

See Also:

Constant Field Values

REP_PRINCIPAL_NAME

static final String REP_PRINCIPAL_NAME

See Also:

Constant Field Values

REP_AUTHORIZABLE_ID

static final String REP_AUTHORIZABLE_ID

See Also:

Constant Field Values

REP_PASSWORD

static final String REP_PASSWORD

See Also:

Constant Field Values

REP_PASSWORD_LAST_MODIFIED

static final String REP_PASSWORD_LAST_MODIFIED

See Also:

Constant Field Values

REP_DISABLED

static final String REP_DISABLED

See Also:

Constant Field Values

REP_MEMBERS

static final String REP_MEMBERS

See Also:

Constant Field Values

REP_MEMBERS_LIST

static final String REP_MEMBERS_LIST

See Also:

Constant Field Values

REP_IMPERSONATORS

static final String REP_IMPERSONATORS

See Also:

Constant Field Values

REP_PWD

static final String REP_PWD

See Also:

Constant Field Values

REP_PWD_HISTORY

static final String REP_PWD_HISTORY

See Also:

Constant Field Values

GROUP_PROPERTY_NAMES

static final Collection<String> GROUP_PROPERTY_NAMES

USER_PROPERTY_NAMES

static final Collection<String> USER_PROPERTY_NAMES

PWD_PROPERTY_NAMES

static final Collection<String> PWD_PROPERTY_NAMES

NT_NAMES

static final Collection<String> NT_NAMES

PARAM_ADMIN_ID

static final String PARAM_ADMIN_ID

Configuration option defining the ID of the administrator user.

See Also:

Constant Field Values

PARAM_OMIT_ADMIN_PW

static final String PARAM_OMIT_ADMIN_PW

Configuration option defining if the admin password should be omitted upon user creation.

See Also:

Constant Field Values

DEFAULT_ADMIN_ID

static final String DEFAULT_ADMIN_ID

Default value for PARAM_ADMIN_ID

See Also:

Constant Field Values

PARAM_ANONYMOUS_ID

static final String PARAM_ANONYMOUS_ID

Configuration option defining the ID of the anonymous user. The ID might be null of no anonymous user exists. In this case Session#getUserID() may return null if it has been obtained using GuestCredentials.

See Also:

Constant Field Values

DEFAULT_ANONYMOUS_ID

static final String DEFAULT_ANONYMOUS_ID

Default value for PARAM_ANONYMOUS_ID

See Also:

Constant Field Values

PARAM_USER_AUTHENTICATION_FACTORY

static final String PARAM_USER_AUTHENTICATION_FACTORY

Mandatory configuration option denoting the user Authentication implementation to use in the login module.

See Also:

Constant Field Values

PARAM_USER_PATH

static final String PARAM_USER_PATH

Configuration option to define the path underneath which user nodes are being created.

See Also:

Constant Field Values

DEFAULT_USER_PATH

static final String DEFAULT_USER_PATH

Default value for PARAM_USER_PATH

See Also:

Constant Field Values

PARAM_GROUP_PATH

static final String PARAM_GROUP_PATH

Configuration option to define the path underneath which group nodes are being created.

See Also:

Constant Field Values

DEFAULT_GROUP_PATH

static final String DEFAULT_GROUP_PATH

Default value for PARAM_GROUP_PATH

See Also:

Constant Field Values

PARAM_SYSTEM_RELATIVE_PATH

static final String PARAM_SYSTEM_RELATIVE_PATH

Configuration option to define the path relative to the user root node underneath which system user nodes are being created.

See Also:

Constant Field Values

DEFAULT_SYSTEM_RELATIVE_PATH

static final String DEFAULT_SYSTEM_RELATIVE_PATH

Default intermediate path for system users.

See Also:

Constant Field Values

PARAM_DEFAULT_DEPTH

static final String PARAM_DEFAULT_DEPTH

Parameter used to change the number of levels that are used by default to store authorizable nodes.
The default number of levels is 2.

See Also:

Constant Field Values

DEFAULT_DEPTH

static final int DEFAULT_DEPTH

Default value for PARAM_DEFAULT_DEPTH

See Also:

Constant Field Values

PARAM_PASSWORD_HASH_ALGORITHM

static final String PARAM_PASSWORD_HASH_ALGORITHM

Configuration parameter to change the default algorithm used to generate password hashes.

See Also:

Constant Field Values

PARAM_PASSWORD_HASH_ITERATIONS

static final String PARAM_PASSWORD_HASH_ITERATIONS

Configuration parameter to change the number of iterations used for password hash generation.

See Also:

Constant Field Values

PARAM_PASSWORD_SALT_SIZE

static final String PARAM_PASSWORD_SALT_SIZE

Configuration parameter to change the number of iterations used for password hash generation.

See Also:

Constant Field Values

PARAM_ENABLE_RFC7613_USERCASE_MAPPED_PROFILE

static final String PARAM_ENABLE_RFC7613_USERCASE_MAPPED_PROFILE

Optionally enables the UsernameCaseMapped profile defined in https://tools.ietf.org/html/rfc7613#section-3.2 for user name comparison. Use this if half-width and full-width user names should be considered equal.

See Also:

Constant Field Values

DEFAULT_ENABLE_RFC7613_USERCASE_MAPPED_PROFILE

static final boolean DEFAULT_ENABLE_RFC7613_USERCASE_MAPPED_PROFILE

Default value for PARAM_ENABLE_RFC7613_USERCASE_MAPPED_PROFILE

See Also:

Constant Field Values

PARAM_AUTHORIZABLE_NODE_NAME

static final String PARAM_AUTHORIZABLE_NODE_NAME

Optional configuration parameter defining how to generate the name of the authorizable node from the ID of the new authorizable that is being created. The value is expected to be an instance of AuthorizableNodeName. By default AuthorizableNodeName.DEFAULT is used.

See Also:

Constant Field Values

PARAM_AUTHORIZABLE_ACTION_PROVIDER

static final String PARAM_AUTHORIZABLE_ACTION_PROVIDER

Optional configuration parameter to set the AuthorizableActionProvider to be used with the given user management implementation. Unless otherwise specified in the configuration DefaultAuthorizableActionProvider is used.

See Also:

Constant Field Values

PARAM_SUPPORT_AUTOSAVE

static final String PARAM_SUPPORT_AUTOSAVE

Optional configuration parameter that might be used to get back support for the auto-save behavior which has been dropped in the default user management implementation present with OAK.

Note that this option has been added for those cases where API consumers rely on the implementation specific behavior present with Jackrabbit 2.x. In general using this option should not be required as the Jackrabbit User Management API expects that API consumers tests the auto-save mode is enabled. Therefore this option should be considered a temporary workaround after upgrading a repository to OAK; the affected code should be reviewed and adjusted accordingly.

See Also:

Constant Field Values

PARAM_PASSWORD_MAX_AGE

static final String PARAM_PASSWORD_MAX_AGE

Optional configuration parameter indicating the maximum age in days a password may have before it expires. If the value specified is > 0, password expiry is implicitly enabled.

See Also:

Constant Field Values

DEFAULT_PASSWORD_MAX_AGE

static final int DEFAULT_PASSWORD_MAX_AGE

Default value for PARAM_PASSWORD_MAX_AGE

See Also:

Constant Field Values

PARAM_PASSWORD_INITIAL_CHANGE

static final String PARAM_PASSWORD_INITIAL_CHANGE

Optional configuration parameter indicating whether users must change their passwords on first login. If enabled, passwords are immediately expired upon user creation.

See Also:

Constant Field Values

DEFAULT_PASSWORD_INITIAL_CHANGE

static final boolean DEFAULT_PASSWORD_INITIAL_CHANGE

Default value for PARAM_PASSWORD_INITIAL_CHANGE

See Also:

Constant Field Values

CREDENTIALS_ATTRIBUTE_NEWPASSWORD

static final String CREDENTIALS_ATTRIBUTE_NEWPASSWORD

Name of the SimpleCredentials attribute containing the new password. This may be used change the password via the credentials object.

See Also:

Constant Field Values

PARAM_PASSWORD_HISTORY_SIZE

static final String PARAM_PASSWORD_HISTORY_SIZE

Optional configuration parameter indicating the maximum number of passwords recorded for a user after password changes. If the value specified is > 0, password history checking during password change is implicitly enabled and the new password provided during a password change must not be found in the already recorded history.

Since:

Oak 1.3.3

See Also:

Constant Field Values

PASSWORD_HISTORY_DISABLED_SIZE

static final int PASSWORD_HISTORY_DISABLED_SIZE

Constant to indicate disabled password history, which is the default.

Since:

Oak 1.3.3

See Also:

Constant Field Values