cz.ues.platform.security.identity

Interface AccountManager

@UESComponent
public interface AccountManager

Component used for account management.

Since:

UES6-10

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	ENCODED Flag to be appended before principal or credentials.

Method Summary

Methods

Modifier and Type	Method and Description
AccountAttributes	createAccount(java.lang.String securityRealm, AccountCreate account) Creates new account.
boolean	deleteAccount(java.lang.String securityRealm, java.lang.String accountId) Removes existing account.
java.lang.Object	encodeCredentials(java.lang.String securityRealm, java.lang.Object credentials, java.lang.String algorithm) Method encodes given credentials in same way as they are stored in persistent storage.
java.lang.String	encodePrincipal(java.lang.String securityRealm, java.lang.String principal) Method encodes given principal in same way as they are stored in persistent storage.
void	enrollSuccessfulAuthentication(java.lang.String securityRealm, java.lang.String accountId) Resets invalid login counter for given account (reset also unlocks account if locked) and updates last successful login time.
void	enrollUnsuccessfulAuthentication(java.lang.String securityRealm, java.lang.String accountId) Updates last failed login time and increment invalid login counters for given accounts.
AccountAttributes	getAccount(java.lang.String securityRealm, java.lang.String accountId) Reads existing account attributes.
AccountAttributes	getAccountByIdentity(java.lang.String securityRealm, java.lang.String identity) Reads existing account attributes.
AccountAttributes	getAccountByPrincipal(java.lang.String securityRealm, java.lang.String principal) Reads existing account attributes.
java.util.List<AccountAttributes>	getAccountListByIdentity(java.lang.String identity) Returns list of account attributes for the specified identity.
boolean	changeCredentials(java.lang.String securityRealm, java.lang.String accountId, java.lang.Object oldCredentials, java.lang.Object newCredentials) Changes account credentials.
boolean	changePrincipal(java.lang.String securityRealm, java.lang.String accountId, java.lang.String principal) Changes account principal name.
java.lang.Object	resetCredentials(java.lang.String securityRealm, java.lang.String accountId) Resets credentials of account identified by given account ID.
boolean	setAccountState(java.lang.String securityRealm, java.lang.String accountId, AccountState state) Sets account state.
java.lang.String	updateHashingAlgorithm(java.lang.String securityRealm, java.lang.String algorithm) Generates new hashing algorithm configuration for given security derived from existing configuration.

Field Detail

ENCODED

static final ENCODED

Flag to be appended before principal or credentials. When this flag is used, account manager will not encode given value with corresponding secrets handler associated with security realm. Flag is removed before storing into persistent storage so original of given value is stored.

See Also:

Constant Field Values

Method Detail

createAccount

AccountAttributes createAccount(java.lang.String securityRealm,
AccountCreate account)
throws AccountManagerRTException

Creates new account. In case account with given principal already exists, nothing is created and method returns null. Principal and credentials attributes are optional. If they are not given, they are automatically generated according to security realm where account is created and set on account object returned as result. In case of automatically generated principal or credentials, account is marked as "expired" (user should be forced to change their values after next login)

Parameters:

securityRealm - Security realm into which we are creating account

account - DTO containing new account attributes

Returns:

Created account DTO with all attributes filled or null

Throws:

AccountManagerRTException - In case creating of account fails

Since:

UES6-10

deleteAccount

boolean deleteAccount(java.lang.String securityRealm,
java.lang.String accountId)
throws AccountManagerRTException

Removes existing account. In case account with given ID does not exist nothing is removed and method returns false.

Parameters:

securityRealm - Security realm where we are deleting account

accountId - Unique account ID

Returns:

True if account was successfully removed

Throws:

AccountManagerRTException - In case removing of account fails

Since:

UES6-10

getAccount

AccountAttributes getAccount(java.lang.String securityRealm,
java.lang.String accountId)

Reads existing account attributes. In case account with given ID does not exist null is returned. Credentials are not loaded by this method.

Parameters:

securityRealm - Security realm where to look for account

accountId - Unique account ID

Returns:

DTO of account (excluding credentials) or null

Throws:

AccountManagerRTException - In case reading of account fails

Since:

UES6-10

getAccountByPrincipal

AccountAttributes getAccountByPrincipal(java.lang.String securityRealm,
java.lang.String principal)
throws AccountManagerRTException

Reads existing account attributes. In case account with given principal does not exist null is returned.

Parameters:

securityRealm - Security realm where to look for account

principal - Principal used for identification of account

Returns:

DTO of account (excluding credentials) or null

Throws:

AccountManagerRTException - In case reading of account fails

Since:

UES6-10

getAccountByIdentity

AccountAttributes getAccountByIdentity(java.lang.String securityRealm,
java.lang.String identity)
throws AccountManagerRTException

Reads existing account attributes. In case account for given identity in specified security realm does not exist null is returned. Credentials are not loaded by this method.

Parameters:

securityRealm - Security realm where to look for account

identity - Identity for which to read account

Returns:

DTO of account (excluding credentials) or null

Throws:

AccountManagerRTException - In case reading of account fails

Since:

UES6-10

changePrincipal

boolean changePrincipal(java.lang.String securityRealm,
java.lang.String accountId,
java.lang.String principal)
throws AccountManagerRTException

Changes account principal name. In case account with given account ID does not exist, nothing is updated and method returns false. New principal name must be unique in scope of security realm else exception is thrown.

Parameters:

securityRealm - Security realm where to look for account

accountId - Unique account ID

principal - New principal to be set

Returns:

True if principal was successfully changed

Throws:

AccountManagerRTException - In case changing of principal fails

Since:

UES6-10

changeCredentials

boolean changeCredentials(java.lang.String securityRealm,
java.lang.String accountId,
java.lang.Object oldCredentials,
java.lang.Object newCredentials)
throws AccountManagerRTException

Changes account credentials. In case account with given account ID does not exist or original credentials does not match, nothing is updated and method returns false.

Parameters:

securityRealm - Security realm where to look for account

accountId - Unique account ID

oldCredentials - Original credentials

newCredentials - New credentials

Returns:

True if credentials were successfully changed

Throws:

AccountManagerRTException - In case changing of credentials fails

Since:

UES6-10

resetCredentials

java.lang.Object resetCredentials(java.lang.String securityRealm,
java.lang.String accountId)
throws AccountManagerRTException

Resets credentials of account identified by given account ID. New credentials are immediately set as expired in order to force user to change it on next login.

Parameters:

securityRealm - Security realm where to look for account

accountId - Unique account ID

Returns:

New credentials

Throws:

AccountManagerRTException - In case reseting of credentials fails

Since:

UES6-10

setAccountState

boolean setAccountState(java.lang.String securityRealm,
java.lang.String accountId,
AccountState state)
throws AccountManagerRTException

Sets account state.

Parameters:

securityRealm - Security realm where to look for account

accountId - Unique account ID

state - New account state

Returns:

True if account state was successfully set

Throws:

AccountManagerRTException - In case setting of account state fails

Since:

UES6-10

enrollUnsuccessfulAuthentication

void enrollUnsuccessfulAuthentication(java.lang.String securityRealm,
java.lang.String accountId)

Updates last failed login time and increment invalid login counters for given accounts. In case counter exceeds maximum invalid count (based on security realm), account is locked.

Parameters:

securityRealm - Security realm where to look for account

accountId - Account ID

Since:

UES7-06

enrollSuccessfulAuthentication

void enrollSuccessfulAuthentication(java.lang.String securityRealm,
java.lang.String accountId)

Resets invalid login counter for given account (reset also unlocks account if locked) and updates last successful login time.

Parameters:

securityRealm - Security realm where to look for account

accountId - Account ID

Since:

UES7-06

encodePrincipal

java.lang.String encodePrincipal(java.lang.String securityRealm,
java.lang.String principal)

Method encodes given principal in same way as they are stored in persistent storage. This method is usefull e.g. for evaluation of one-way hashed principal in authentication process.

Parameters:

securityRealm - Security realm

principal - Original principal

Returns:

Encoded principal

Since:

UES7-06

encodeCredentials

java.lang.Object encodeCredentials(java.lang.String securityRealm,
java.lang.Object credentials,
java.lang.String algorithm)

Method encodes given credentials in same way as they are stored in persistent storage. This method is usefull e.g. for evaluation of one-way hashed passwords in authentication process.

Parameters:

securityRealm - Security realm

credentials - Original credentials

algorithm - Credentials hashing algorithm configuration

Returns:

Encoded credentials

Since:

UES8-14

updateHashingAlgorithm

java.lang.String updateHashingAlgorithm(java.lang.String securityRealm,
java.lang.String algorithm)

Generates new hashing algorithm configuration for given security derived from existing configuration.

Parameters:

securityRealm - Security realm

algorithm - existing credentials hashing algorithm configuration

Returns:

New hashing algorithm configuration

Since:

{ues.vesion}

getAccountListByIdentity

java.util.List<AccountAttributes> getAccountListByIdentity(java.lang.String identity)

Returns list of account attributes for the specified identity.

Parameters:

identity - identity

Returns:

list of account attributes

Since:

UES8-23