public class UserManagerImpl extends ProtectedItemModifier implements org.apache.jackrabbit.api.security.user.UserManager, SessionListener
UserManager
interface with the
following characteristics:
UserConstants.USERS_PATH
,UserConstants.GROUPS_PATH
(unless otherwise configured).getUsersPath()
or getGroupsPath()
.escaped
.+ rep:security [nt:unstructured] + rep:authorizables [rep:AuthorizableFolder] + rep:users [rep:AuthorizableFolder] + a [rep:AuthorizableFolder] + aS [rep:AuthorizableFolder] + aSmith [rep:User]Creating a non-existing user with ID 'aSmith' specifying an intermediate path 'some/tree' would result in the following structure:
+ rep:security [nt:unstructured] + rep:authorizables [rep:AuthorizableFolder] + rep:users [rep:AuthorizableFolder] + some [rep:AuthorizableFolder] + tree [rep:AuthorizableFolder] + aSmith [rep:User]
UserManager
is able to handle the following configuration
options:
PARAM_USERS_PATH
: Defines where user nodes are created.
If missing set to USERS_PATH
.PARAM_GROUPS_PATH
. Defines where group nodes are created.
If missing set to GROUPS_PATH
.PARAM_COMPATIBLE_JR16
: If the param is present and its
value is true
looking up authorizables by ID will use the
NodeResolver
if not found otherwise.PARAM_DEFAULT_DEPTH
: Parameter used to change the number of
levels that are used by default to store authorizable nodes.PARAM_AUTO_EXPAND_TREE
: If this parameter is present and its
value is true
, the trees containing user and group nodes will
automatically created additional hierarchy levels if the number of nodes
on a given level exceeds the maximal allowed size
.
PARAM_AUTO_EXPAND_SIZE
: This parameter only takes effect
if PARAM_AUTO_EXPAND_TREE
is enabled.PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE
: If this parameter is present
group memberships are collected in a node structure below UserConstants.N_MEMBERS
instead of the default multi valued property UserConstants.P_MEMBERS
.
Its value determines the maximum number of member properties until additional
intermediate nodes are inserted. Valid parameter values are integers > 4.PARAM_PASSWORD_HASH_ALGORITHM
: Optional parameter to configure
the algorithm used for password hash generation. The default value is
PasswordUtility.DEFAULT_ALGORITHM
.PARAM_PASSWORD_HASH_ITERATIONS
: Optional parameter to configure
the number of iterations used for password hash generations. The default
value is PasswordUtility.DEFAULT_ITERATIONS
.AuthorizableAction
s.
Authorizable actions provide the ability to execute additional validation or
tasks upon authorizable creation, removal and upon changing a users password.UserManagerConfig.getAuthorizableActions()
Modifier and Type | Field and Description |
---|---|
static String |
AUTHORIZABLES_PATH |
static String |
GROUP_ADMIN_GROUP_NAME
Configuration key and default value for the the name of the
'GroupAdmin' group-principal
|
static String |
GROUPS_PATH |
static Name |
MIX_REP_IMPERSONATABLE |
static Name |
N_MEMBERS |
static NameFactory |
NF |
static Name |
NT_REP_AUTHORIZABLE |
static Name |
NT_REP_AUTHORIZABLE_FOLDER |
static Name |
NT_REP_GROUP |
static Name |
NT_REP_MEMBERS |
static Name |
NT_REP_USER |
static Name |
P_DISABLED |
static Name |
P_GROUPS
Deprecated.
As of 2.0 group membership is stored with the group node.
|
static Name |
P_IMPERSONATORS
Name of the user property containing the principal names of those allowed
to impersonate.
|
static Name |
P_MEMBERS |
static Name |
P_PASSWORD |
static Name |
P_PRINCIPAL_NAME |
static Name |
P_USERID
Deprecated.
As of 2.0 the id-hash is stored with the jcr:uuid making the
rep:userId property redundant. It has been removed from the node type
definition.
|
static String |
PARAM_AUTO_EXPAND_SIZE
This parameter only takes effect if
PARAM_AUTO_EXPAND_TREE is
enabled.The default value is 1000. |
static String |
PARAM_AUTO_EXPAND_TREE
If this parameter is present and its value is
true , the trees
containing user and group nodes will automatically created additional
hierarchy levels if the number of nodes on a given level exceeds the
maximal allowed size . |
static String |
PARAM_COMPATIBILE_JR16
Deprecated.
Use
PARAM_COMPATIBLE_JR16 instead. |
static String |
PARAM_COMPATIBLE_JR16
Flag to enable a minimal backwards compatibility with Jackrabbit <
v2.0
If the param is present and its value is true looking up
authorizables by ID will use the NodeResolver if not found
otherwise.If the parameter is missing (or false) users and groups created with a Jackrabbit repository < v2.0 will not be found any more. By default this option is disabled. |
static String |
PARAM_DEFAULT_DEPTH
Parameter used to change the number of levels that are used by default
store authorizable nodes.
The default number of levels is 2. |
static String |
PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE
If this parameter is present group members are collected in a node
structure below
UserConstants.N_MEMBERS instead of the default
multi valued property UserConstants.P_MEMBERS . |
static String |
PARAM_GROUPS_PATH
Configuration option to change the
default path for creating groups. |
static String |
PARAM_PASSWORD_HASH_ALGORITHM
Configuration parameter to change the default algorithm used to generate
password hashes.
|
static String |
PARAM_PASSWORD_HASH_ITERATIONS
Configuration parameter to change the number of iterations used for
password hash generation.
|
static String |
PARAM_USERS_PATH
Configuration option to change the
default path for creating users. |
static String |
SECURITY_ROOT_PATH
root-path to security related content e.g.
|
static String |
USER_ADMIN_GROUP_NAME
Configuration key and default value for the the name of the
'UserAdmin' group-principal.
|
static String |
USERS_PATH |
Constructor and Description |
---|
UserManagerImpl(SessionImpl session,
String adminId)
Create a new
UserManager with the default configuration. |
UserManagerImpl(SessionImpl session,
String adminId,
Properties config)
Create a new
UserManager |
UserManagerImpl(SessionImpl session,
String adminId,
Properties config,
MembershipCache mCache)
Create a new
UserManager for the given session . |
Modifier and Type | Method and Description |
---|---|
void |
autoSave(boolean enable)
Always throws
unsupportedRepositoryOperationException as
modification of the autosave behavior is not supported. |
org.apache.jackrabbit.api.security.user.Group |
createGroup(Principal principal)
Same as
createGroup(java.security.Principal, String) where the
intermediate path is null . |
org.apache.jackrabbit.api.security.user.Group |
createGroup(Principal principal,
String intermediatePath)
Same as
createGroup(String, Principal, String) where a groupID
is generated from the principal name. |
org.apache.jackrabbit.api.security.user.Group |
createGroup(String groupID) |
org.apache.jackrabbit.api.security.user.Group |
createGroup(String groupID,
Principal principal,
String intermediatePath)
Create a new
Group from the given groupID and
principal . |
org.apache.jackrabbit.api.security.user.User |
createSystemUser(String userID,
String intermediatePath) |
org.apache.jackrabbit.api.security.user.User |
createUser(String userID,
String password) |
org.apache.jackrabbit.api.security.user.User |
createUser(String userID,
String password,
Principal principal,
String intermediatePath) |
protected org.apache.jackrabbit.api.security.user.Group |
doCreateGroup(NodeImpl node)
Build the group object from the given group node.
|
protected org.apache.jackrabbit.api.security.user.User |
doCreateUser(NodeImpl node)
Build the user object from the given user node.
|
Iterator<org.apache.jackrabbit.api.security.user.Authorizable> |
findAuthorizables(org.apache.jackrabbit.api.security.user.Query query) |
Iterator<org.apache.jackrabbit.api.security.user.Authorizable> |
findAuthorizables(String relPath,
String value) |
Iterator<org.apache.jackrabbit.api.security.user.Authorizable> |
findAuthorizables(String relPath,
String value,
int searchType) |
org.apache.jackrabbit.api.security.user.Authorizable |
getAuthorizable(Principal principal) |
org.apache.jackrabbit.api.security.user.Authorizable |
getAuthorizable(String id) |
<T extends org.apache.jackrabbit.api.security.user.Authorizable> |
getAuthorizable(String id,
Class<T> authorizableClass) |
org.apache.jackrabbit.api.security.user.Authorizable |
getAuthorizableByPath(String path)
Always throws
UnsupportedRepositoryOperationException since
this implementation of the user management API does not allow to retrieve
the path of an authorizable. |
String |
getGroupsPath()
Implementation specific methods revealing where groups are created within
the content.
|
MembershipCache |
getMembershipCache() |
int |
getMemberSplitSize()
Maximum number of properties on the group membership node structure under
UserConstants.N_MEMBERS until additional intermediate nodes are inserted. |
String |
getUsersPath()
Implementation specific methods revealing where users are created within
the content.
|
boolean |
hasMemberSplitSize()
Returns
true if the split-member configuration parameter
is greater or equal than 4 indicating that group members should be stored
in a tree instead of a single multivalued property. |
boolean |
isAutoSave()
Always returns
true as by default the autoSave behavior
cannot be altered (see also autoSave(boolean) . |
void |
loggedOut(SessionImpl session)
Called when a
Session has been 'closed' by
calling . |
void |
loggingOut(SessionImpl session)
Called when a
Session is about to be 'closed' by
calling . |
void |
setAuthorizableActions(AuthorizableAction[] authorizableActions)
Set the authorizable actions that will be invoked upon authorizable
creation and removal.
|
addNode, addNode, markModified, performProtected, removeItem, setProperty, setProperty, setProperty, setProperty
public static final String PARAM_USERS_PATH
default path
for creating users.public static final String PARAM_GROUPS_PATH
default path
for creating groups.public static final String PARAM_COMPATIBILE_JR16
PARAM_COMPATIBLE_JR16
instead.public static final String PARAM_COMPATIBLE_JR16
true
looking up
authorizables by ID will use the NodeResolver
if not found
otherwise.public static final String PARAM_DEFAULT_DEPTH
NOTE: Changing the default depth once users and groups
have been created in the repository will cause inconsistencies, due to
the fact that the resolution of ID to an authorizable relies on the
structure defined by the default depth.
It is recommended to remove all authorizable nodes that will not be
reachable any more, before this config option is changed.
PARAM_AUTO_EXPAND_TREE
flag is set to true
.public static final String PARAM_AUTO_EXPAND_TREE
true
, the trees
containing user and group nodes will automatically created additional
hierarchy levels if the number of nodes on a given level exceeds the
maximal allowed size
.
public static final String PARAM_AUTO_EXPAND_SIZE
PARAM_AUTO_EXPAND_TREE
is
enabled.public static final String PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE
UserConstants.N_MEMBERS
instead of the default
multi valued property UserConstants.P_MEMBERS
. Its value determines
the maximum number of member properties until additional intermediate nodes
are inserted. Valid values are integers > 4. The default value is 0 and
indicates that the UserConstants.P_MEMBERS
property is used to
record group members.public static final String PARAM_PASSWORD_HASH_ALGORITHM
PasswordUtility.DEFAULT_ALGORITHM
.public static final String PARAM_PASSWORD_HASH_ITERATIONS
PasswordUtility.DEFAULT_ITERATIONS
.public static final NameFactory NF
public static final String SECURITY_ROOT_PATH
public static final String AUTHORIZABLES_PATH
public static final String USERS_PATH
public static final String GROUPS_PATH
public static final String USER_ADMIN_GROUP_NAME
public static final String GROUP_ADMIN_GROUP_NAME
public static final Name P_PRINCIPAL_NAME
public static final Name P_USERID
public static final Name P_PASSWORD
public static final Name P_DISABLED
public static final Name P_GROUPS
P_MEMBERS
public static final Name P_MEMBERS
public static final Name N_MEMBERS
public static final Name P_IMPERSONATORS
public static final Name NT_REP_AUTHORIZABLE
public static final Name NT_REP_AUTHORIZABLE_FOLDER
public static final Name NT_REP_USER
public static final Name NT_REP_GROUP
public static final Name NT_REP_MEMBERS
public static final Name MIX_REP_IMPERSONATABLE
public UserManagerImpl(SessionImpl session, String adminId) throws RepositoryException
UserManager
with the default configuration.session
- The editing/reading session.adminId
- The user ID of the administrator.RepositoryException
- If an error occurs.public UserManagerImpl(SessionImpl session, String adminId, Properties config) throws RepositoryException
UserManager
session
- The editing/reading session.adminId
- The user ID of the administrator.config
- The configuration parameters.RepositoryException
- If an error occurs.public UserManagerImpl(SessionImpl session, String adminId, Properties config, MembershipCache mCache) throws RepositoryException
UserManager
for the given session
.
Currently the following configuration options are respected:
PARAM_USERS_PATH
. If missing set to UserConstants.USERS_PATH
.PARAM_GROUPS_PATH
. If missing set to UserConstants.GROUPS_PATH
.PARAM_DEFAULT_DEPTH
. The default number of levels is 2.PARAM_AUTO_EXPAND_TREE
. By default this option is disabled.PARAM_AUTO_EXPAND_SIZE
. The default value is 1000.PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE
. The default is 0 which means use
UserConstants.P_MEMBERS
.introduction
for details.session
- The editing/reading session.adminId
- The user ID of the administrator.config
- The configuration parameters.mCache
- Shared membership cache.RepositoryException
- If an error occurs.public String getUsersPath()
For the corresponding configuration parameter.
public String getGroupsPath()
For the corresponding configuration parameter.
public MembershipCache getMembershipCache()
public int getMemberSplitSize()
UserConstants.N_MEMBERS
until additional intermediate nodes are inserted.
If 0 (default), UserConstants.P_MEMBERS
is used to record group
memberships.public boolean hasMemberSplitSize()
true
if the split-member configuration parameter
is greater or equal than 4 indicating that group members should be stored
in a tree instead of a single multivalued property.public void setAuthorizableActions(AuthorizableAction[] authorizableActions)
authorizableActions
- An array of authorizable actions.public org.apache.jackrabbit.api.security.user.Authorizable getAuthorizable(String id) throws RepositoryException
getAuthorizable
in interface org.apache.jackrabbit.api.security.user.UserManager
RepositoryException
UserManager.getAuthorizable(String)
public <T extends org.apache.jackrabbit.api.security.user.Authorizable> T getAuthorizable(String id, Class<T> authorizableClass) throws org.apache.jackrabbit.api.security.user.AuthorizableTypeException, RepositoryException
getAuthorizable
in interface org.apache.jackrabbit.api.security.user.UserManager
org.apache.jackrabbit.api.security.user.AuthorizableTypeException
RepositoryException
UserManager.getAuthorizable(String, Class)
public org.apache.jackrabbit.api.security.user.Authorizable getAuthorizable(Principal principal) throws RepositoryException
getAuthorizable
in interface org.apache.jackrabbit.api.security.user.UserManager
RepositoryException
UserManager.getAuthorizable(Principal)
public org.apache.jackrabbit.api.security.user.Authorizable getAuthorizableByPath(String path) throws UnsupportedRepositoryOperationException, RepositoryException
UnsupportedRepositoryOperationException
since
this implementation of the user management API does not allow to retrieve
the path of an authorizable.getAuthorizableByPath
in interface org.apache.jackrabbit.api.security.user.UserManager
UnsupportedRepositoryOperationException
RepositoryException
UserManager.getAuthorizableByPath(String)
public Iterator<org.apache.jackrabbit.api.security.user.Authorizable> findAuthorizables(String relPath, String value) throws RepositoryException
findAuthorizables
in interface org.apache.jackrabbit.api.security.user.UserManager
RepositoryException
UserManager.findAuthorizables(String,String)
public Iterator<org.apache.jackrabbit.api.security.user.Authorizable> findAuthorizables(String relPath, String value, int searchType) throws RepositoryException
findAuthorizables
in interface org.apache.jackrabbit.api.security.user.UserManager
RepositoryException
UserManager.findAuthorizables(String,String, int)
public Iterator<org.apache.jackrabbit.api.security.user.Authorizable> findAuthorizables(org.apache.jackrabbit.api.security.user.Query query) throws RepositoryException
findAuthorizables
in interface org.apache.jackrabbit.api.security.user.UserManager
RepositoryException
UserManager.findAuthorizables(Query)
public org.apache.jackrabbit.api.security.user.User createUser(String userID, String password) throws RepositoryException
createUser
in interface org.apache.jackrabbit.api.security.user.UserManager
RepositoryException
UserManager.createUser(String,String)
public org.apache.jackrabbit.api.security.user.User createUser(String userID, String password, Principal principal, String intermediatePath) throws org.apache.jackrabbit.api.security.user.AuthorizableExistsException, RepositoryException
createUser
in interface org.apache.jackrabbit.api.security.user.UserManager
org.apache.jackrabbit.api.security.user.AuthorizableExistsException
RepositoryException
UserManager.createUser(String, String, java.security.Principal, String)
public org.apache.jackrabbit.api.security.user.User createSystemUser(String userID, String intermediatePath) throws org.apache.jackrabbit.api.security.user.AuthorizableExistsException, RepositoryException
createSystemUser
in interface org.apache.jackrabbit.api.security.user.UserManager
org.apache.jackrabbit.api.security.user.AuthorizableExistsException
RepositoryException
public org.apache.jackrabbit.api.security.user.Group createGroup(String groupID) throws org.apache.jackrabbit.api.security.user.AuthorizableExistsException, RepositoryException
createGroup
in interface org.apache.jackrabbit.api.security.user.UserManager
org.apache.jackrabbit.api.security.user.AuthorizableExistsException
RepositoryException
UserManager.createGroup(String)
public org.apache.jackrabbit.api.security.user.Group createGroup(Principal principal) throws RepositoryException
createGroup(java.security.Principal, String)
where the
intermediate path is null
.createGroup
in interface org.apache.jackrabbit.api.security.user.UserManager
RepositoryException
UserManager.createGroup(Principal)
public org.apache.jackrabbit.api.security.user.Group createGroup(Principal principal, String intermediatePath) throws org.apache.jackrabbit.api.security.user.AuthorizableExistsException, RepositoryException
createGroup(String, Principal, String)
where a groupID
is generated from the principal name. If the name conflicts with an
existing authorizable ID (may happen in cases where
principal name != ID) the principal name is expanded by a suffix;
otherwise the resulting group ID equals the principal name.createGroup
in interface org.apache.jackrabbit.api.security.user.UserManager
principal
- A principal that doesn't yet represent an existing user
or group.intermediatePath
- Is always ignored.org.apache.jackrabbit.api.security.user.AuthorizableExistsException
RepositoryException
UserManager.createGroup(java.security.Principal, String)
public org.apache.jackrabbit.api.security.user.Group createGroup(String groupID, Principal principal, String intermediatePath) throws org.apache.jackrabbit.api.security.user.AuthorizableExistsException, RepositoryException
Group
from the given groupID
and
principal
. It will be created below the defined
group path
.rep:AuthorizableFolder
.createGroup
in interface org.apache.jackrabbit.api.security.user.UserManager
groupID
- A groupID that hasn't been used before for another
user or group.principal
- A principal that doesn't yet represent an existing user
or group.intermediatePath
- Is always ignored.org.apache.jackrabbit.api.security.user.AuthorizableExistsException
RepositoryException
UserManager.createGroup(String, java.security.Principal, String)
public boolean isAutoSave()
true
as by default the autoSave behavior
cannot be altered (see also autoSave(boolean)
.isAutoSave
in interface org.apache.jackrabbit.api.security.user.UserManager
true
.UserManager.isAutoSave()
public void autoSave(boolean enable) throws UnsupportedRepositoryOperationException, RepositoryException
unsupportedRepositoryOperationException
as
modification of the autosave behavior is not supported.autoSave
in interface org.apache.jackrabbit.api.security.user.UserManager
UnsupportedRepositoryOperationException
RepositoryException
UserManager.autoSave(boolean)
protected org.apache.jackrabbit.api.security.user.User doCreateUser(NodeImpl node) throws RepositoryException
node
- user nodeRepositoryException
- if an error occursprotected org.apache.jackrabbit.api.security.user.Group doCreateGroup(NodeImpl node) throws RepositoryException
node
- group nodeRepositoryException
- if an error occurspublic void loggingOut(SessionImpl session)
SessionListener
Session
is about to be 'closed' by
calling Session.logout()
. At this
moment the session is still valid.loggingOut
in interface SessionListener
session
- the Session
that is about to be 'closed'SessionListener.loggingOut(org.apache.jackrabbit.core.SessionImpl)
public void loggedOut(SessionImpl session)
SessionListener
Session
has been 'closed' by
calling Session.logout()
.loggedOut
in interface SessionListener
session
- the Session
that has been 'closed'SessionListener.loggedOut(org.apache.jackrabbit.core.SessionImpl)
Copyright © 2004–2024 The Apache Software Foundation. All rights reserved.