Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.broadleafcommerce.openadmin.server.security.service
Class AdminSecurityServiceImpl

java.lang.Object
  extended by org.broadleafcommerce.openadmin.server.security.service.AdminSecurityServiceImpl
All Implemented Interfaces:
AdminSecurityService
@Service(value="blAdminSecurityService")
public class AdminSecurityServiceImpl
extends Object
implements AdminSecurityService

Author:
jfischer

Field Summary
protected  AdminRoleDao adminRoleDao
           
protected  AdminUserDao adminUserDao
           
protected  EmailService emailService
           
protected  ForgotPasswordSecurityTokenDao forgotPasswordSecurityTokenDao
           
protected  org.springframework.security.authentication.encoding.PasswordEncoder passwordEncoder
           
protected  EmailInfo resetPasswordEmailInfo
           
protected  String resetPasswordURL
           
protected  String salt
          Deprecated. use saltSource instead
protected  org.springframework.security.authentication.dao.SaltSource saltSource
          Use a Salt Source ONLY if there's one configured
protected  EmailInfo sendUsernameEmailInfo
           
protected  int tokenExpiredMinutes
           
 
Constructor Summary
AdminSecurityServiceImpl()
           
 
Method Summary
 AdminUser changePassword(PasswordChange passwordChange)
           
 GenericResponse changePassword(String username, String oldPassword, String password, String confirmPassword)
           
protected  void checkExistingPassword(String password, AdminUser user, GenericResponse response)
           
protected  void checkPassword(String password, String confirmPassword, GenericResponse response)
           
protected  void checkUser(AdminUser user, GenericResponse response)
           
 void deleteAdminPermission(AdminPermission permission)
           
 void deleteAdminRole(AdminRole role)
           
 void deleteAdminUser(AdminUser user)
           
 boolean doesOperationExistForCeilingEntity(PermissionType permissionType, String ceilingEntityFullyQualifiedName)
           
static int getPASSWORD_TOKEN_LENGTH()
           
 EmailInfo getResetPasswordEmailInfo()
           
 String getResetPasswordURL()
           
 String getSalt()
           
 Object getSalt(AdminUser user)
          Gets the salt object for the current admin user.
 org.springframework.security.authentication.dao.SaltSource getSaltSource()
          Returns the SaltSource used with the blAdminPasswordEncoder to encrypt the user password.
 EmailInfo getSendUsernameEmailInfo()
           
 int getTokenExpiredMinutes()
           
protected  boolean isTokenExpired(ForgotPasswordSecurityToken fpst)
           
 boolean isUserQualifiedForOperationOnCeilingEntity(AdminUser adminUser, PermissionType permissionType, String ceilingEntityFullyQualifiedName)
           
 AdminPermission readAdminPermissionById(Long id)
           
 AdminRole readAdminRoleById(Long id)
           
 AdminUser readAdminUserById(Long id)
           
 AdminUser readAdminUserByUserName(String userName)
           
 List<AdminPermission> readAllAdminPermissions()
           
 List<AdminRole> readAllAdminRoles()
           
 List<AdminUser> readAllAdminUsers()
           
 GenericResponse resetPasswordUsingToken(String username, String token, String password, String confirmPassword)
          Updates the password for the passed in user only if the passed in token is valid for that user.
 AdminPermission saveAdminPermission(AdminPermission permission)
           
 AdminRole saveAdminRole(AdminRole role)
           
 AdminUser saveAdminUser(AdminUser user)
           
 GenericResponse sendForgotUsernameNotification(String emailAddress)
          Looks up the corresponding AdminUser and emails the address on file with the associated username.
 GenericResponse sendResetPasswordNotification(String username)
          Generates an access token and then emails the user.
static void setPASSWORD_TOKEN_LENGTH(int PASSWORD_TOKEN_LENGTH)
           
 void setResetPasswordEmailInfo(EmailInfo resetPasswordEmailInfo)
           
 void setResetPasswordURL(String resetPasswordURL)
           
 void setSalt(String salt)
           
 void setSaltSource(org.springframework.security.authentication.dao.SaltSource saltSource)
          Sets the SaltSource used with blAdminPasswordencoder to encrypt the user password.
 void setSendUsernameEmailInfo(EmailInfo sendUsernameEmailInfo)
           
 void setTokenExpiredMinutes(int tokenExpiredMinutes)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

adminRoleDao

protected AdminRoleDao adminRoleDao

adminUserDao

protected AdminUserDao adminUserDao

forgotPasswordSecurityTokenDao

protected ForgotPasswordSecurityTokenDao forgotPasswordSecurityTokenDao

passwordEncoder

protected org.springframework.security.authentication.encoding.PasswordEncoder passwordEncoder

salt

@Deprecated
protected String salt
Deprecated. use saltSource instead
Optional password salt to be used with the passwordEncoder

saltSource

@Autowired(required=false)
@Qualifier(value="blAdminSaltSource")
protected org.springframework.security.authentication.dao.SaltSource saltSource
Use a Salt Source ONLY if there's one configured

emailService

protected EmailService emailService

resetPasswordEmailInfo

protected EmailInfo resetPasswordEmailInfo

sendUsernameEmailInfo

protected EmailInfo sendUsernameEmailInfo

tokenExpiredMinutes

@Value(value="${tokenExpiredMinutes}")
protected int tokenExpiredMinutes

resetPasswordURL

@Value(value="${resetPasswordURL}")
protected String resetPasswordURL
Constructor Detail

AdminSecurityServiceImpl

public AdminSecurityServiceImpl()
Method Detail

deleteAdminPermission

@Transactional(value="blTransactionManager")
public void deleteAdminPermission(AdminPermission permission)
Specified by:
deleteAdminPermission in interface AdminSecurityService

deleteAdminRole

@Transactional(value="blTransactionManager")
public void deleteAdminRole(AdminRole role)
Specified by:
deleteAdminRole in interface AdminSecurityService

deleteAdminUser

@Transactional(value="blTransactionManager")
public void deleteAdminUser(AdminUser user)
Specified by:
deleteAdminUser in interface AdminSecurityService

readAdminPermissionById

public AdminPermission readAdminPermissionById(Long id)
Specified by:
readAdminPermissionById in interface AdminSecurityService

readAdminRoleById

public AdminRole readAdminRoleById(Long id)
Specified by:
readAdminRoleById in interface AdminSecurityService

readAdminUserById

public AdminUser readAdminUserById(Long id)
Specified by:
readAdminUserById in interface AdminSecurityService

saveAdminPermission

@Transactional(value="blTransactionManager")
public AdminPermission saveAdminPermission(AdminPermission permission)
Specified by:
saveAdminPermission in interface AdminSecurityService

saveAdminRole

@Transactional(value="blTransactionManager")
public AdminRole saveAdminRole(AdminRole role)
Specified by:
saveAdminRole in interface AdminSecurityService

saveAdminUser

@Transactional(value="blTransactionManager")
public AdminUser saveAdminUser(AdminUser user)
Specified by:
saveAdminUser in interface AdminSecurityService

changePassword

@Transactional(value="blTransactionManager")
public AdminUser changePassword(PasswordChange passwordChange)
Specified by:
changePassword in interface AdminSecurityService

isUserQualifiedForOperationOnCeilingEntity

public boolean isUserQualifiedForOperationOnCeilingEntity(AdminUser adminUser,
                                                          PermissionType permissionType,
                                                          String ceilingEntityFullyQualifiedName)
Specified by:
isUserQualifiedForOperationOnCeilingEntity in interface AdminSecurityService

doesOperationExistForCeilingEntity

public boolean doesOperationExistForCeilingEntity(PermissionType permissionType,
                                                  String ceilingEntityFullyQualifiedName)
Specified by:
doesOperationExistForCeilingEntity in interface AdminSecurityService

readAdminUserByUserName

public AdminUser readAdminUserByUserName(String userName)
Specified by:
readAdminUserByUserName in interface AdminSecurityService

readAllAdminUsers

public List<AdminUser> readAllAdminUsers()
Specified by:
readAllAdminUsers in interface AdminSecurityService

readAllAdminRoles

public List<AdminRole> readAllAdminRoles()
Specified by:
readAllAdminRoles in interface AdminSecurityService

readAllAdminPermissions

public List<AdminPermission> readAllAdminPermissions()
Specified by:
readAllAdminPermissions in interface AdminSecurityService

sendForgotUsernameNotification

@Transactional(value="blTransactionManager")
public GenericResponse sendForgotUsernameNotification(String emailAddress)
Description copied from interface: AdminSecurityService
Looks up the corresponding AdminUser and emails the address on file with the associated username.

Specified by:
sendForgotUsernameNotification in interface AdminSecurityService
Returns:
Response can contain errors including (notFound)

sendResetPasswordNotification

@Transactional(value="blTransactionManager")
public GenericResponse sendResetPasswordNotification(String username)
Description copied from interface: AdminSecurityService
Generates an access token and then emails the user.

Specified by:
sendResetPasswordNotification in interface AdminSecurityService
Returns:
Response can contain errors including (invalidEmail, invalidUsername, inactiveUser)

resetPasswordUsingToken

@Transactional(value="blTransactionManager")
public GenericResponse resetPasswordUsingToken(String username,
                                                             String token,
                                                             String password,
                                                             String confirmPassword)
Description copied from interface: AdminSecurityService
Updates the password for the passed in user only if the passed in token is valid for that user.

Specified by:
resetPasswordUsingToken in interface AdminSecurityService
Parameters:
username - Name of the user
token - Valid reset token
password - new password
Returns:
Response can contain errors including (invalidUsername, inactiveUser, invalidToken, invalidPassword, tokenExpired, passwordMismatch)

checkUser

protected void checkUser(AdminUser user,
                         GenericResponse response)

checkPassword

protected void checkPassword(String password,
                             String confirmPassword,
                             GenericResponse response)

checkExistingPassword

protected void checkExistingPassword(String password,
                                     AdminUser user,
                                     GenericResponse response)

isTokenExpired

protected boolean isTokenExpired(ForgotPasswordSecurityToken fpst)

getTokenExpiredMinutes

public int getTokenExpiredMinutes()

setTokenExpiredMinutes

public void setTokenExpiredMinutes(int tokenExpiredMinutes)

getPASSWORD_TOKEN_LENGTH

public static int getPASSWORD_TOKEN_LENGTH()

setPASSWORD_TOKEN_LENGTH

public static void setPASSWORD_TOKEN_LENGTH(int PASSWORD_TOKEN_LENGTH)

getResetPasswordURL

public String getResetPasswordURL()

setResetPasswordURL

public void setResetPasswordURL(String resetPasswordURL)

getSendUsernameEmailInfo

public EmailInfo getSendUsernameEmailInfo()

setSendUsernameEmailInfo

public void setSendUsernameEmailInfo(EmailInfo sendUsernameEmailInfo)

getResetPasswordEmailInfo

public EmailInfo getResetPasswordEmailInfo()

setResetPasswordEmailInfo

public void setResetPasswordEmailInfo(EmailInfo resetPasswordEmailInfo)

getSalt

public Object getSalt(AdminUser user)
Description copied from interface: AdminSecurityService
Gets the salt object for the current admin user. By default this delegates to AdminSecurityService.getSaltSource(). If there is not a SaltSource configured (AdminSecurityService.getSaltSource() returns null) then this also returns null.

Specified by:
getSalt in interface AdminSecurityService
Returns:
the salt for the current admin user

getSalt

public String getSalt()
Specified by:
getSalt in interface AdminSecurityService

setSalt

public void setSalt(String salt)
Specified by:
setSalt in interface AdminSecurityService

getSaltSource

public org.springframework.security.authentication.dao.SaltSource getSaltSource()
Description copied from interface: AdminSecurityService
Returns the SaltSource used with the blAdminPasswordEncoder to encrypt the user password. Usually configured in applicationContext-admin-security.xml. This is not a required property and will return null if not configured

Specified by:
getSaltSource in interface AdminSecurityService

setSaltSource

public void setSaltSource(org.springframework.security.authentication.dao.SaltSource saltSource)
Description copied from interface: AdminSecurityService
Sets the SaltSource used with blAdminPasswordencoder to encrypt the user password. Usually configured within applicationContext-admin-security.xml

Specified by:
setSaltSource in interface AdminSecurityService

changePassword

@Transactional(value="blTransactionManager")
public GenericResponse changePassword(String username,
                                                    String oldPassword,
                                                    String password,
                                                    String confirmPassword)
Specified by:
changePassword in interface AdminSecurityService
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2013. All Rights Reserved.