Package org.broadleafcommerce.openadmin.server.security.service

Class AdminSecurityServiceImpl

java.lang.Object
org.broadleafcommerce.openadmin.server.security.service.AdminSecurityServiceImpl
All Implemented Interfaces:
AdminSecurityService
@Service("blAdminSecurityService") public class AdminSecurityServiceImpl extends Object implements AdminSecurityService
Author:
jfischer

  • Field Details

    • CACHE_NAME

      protected static String CACHE_NAME

    • CACHE_KEY_PREFIX

      protected static String CACHE_KEY_PREFIX

    • eventPublisher

      @Autowired @Qualifier("blApplicationEventPublisher") protected org.broadleafcommerce.common.event.BroadleafApplicationEventPublisher eventPublisher

    • adminRoleDao

      protected AdminRoleDao adminRoleDao

    • adminUserDao

      protected AdminUserDao adminUserDao

    • forgotPasswordSecurityTokenDao

      protected ForgotPasswordSecurityTokenDao forgotPasswordSecurityTokenDao

    • adminPermissionDao

      protected AdminPermissionDao adminPermissionDao

    • cacheManager

      protected javax.cache.CacheManager cacheManager

    • cache

      protected javax.cache.Cache<String,Boolean> cache

    • passwordEncoderBean

      protected org.springframework.security.crypto.password.PasswordEncoder passwordEncoderBean

      This is simply a placeholder to be used by #setupPasswordEncoder() to determine if we're using the new PasswordEncoder or the deprecated PasswordEncoder

    • emailService

      protected org.broadleafcommerce.common.email.service.EmailService emailService

    • resetPasswordEmailInfo

      protected org.broadleafcommerce.common.email.service.info.EmailInfo resetPasswordEmailInfo

    • sendUsernameEmailInfo

      protected org.broadleafcommerce.common.email.service.info.EmailInfo sendUsernameEmailInfo

    • extensionManager

      protected AdminSecurityServiceExtensionManager extensionManager

  • Constructor Details

    • AdminSecurityServiceImpl

      public AdminSecurityServiceImpl()

  • Method Details

    • getPASSWORD_TOKEN_LENGTH

      public static int getPASSWORD_TOKEN_LENGTH()

    • setPASSWORD_TOKEN_LENGTH

      public static void setPASSWORD_TOKEN_LENGTH(int PASSWORD_TOKEN_LENGTH)

    • getTokenExpiredMinutes

      protected int getTokenExpiredMinutes()

    • getResetPasswordURL

      protected String getResetPasswordURL()

    • deleteAdminPermission

      @Transactional("blTransactionManager") public void deleteAdminPermission(AdminPermission permission)
      Specified by:
      deleteAdminPermission in interface AdminSecurityService

    • deleteAdminRole

      @Transactional("blTransactionManager") public void deleteAdminRole(AdminRole role)
      Specified by:
      deleteAdminRole in interface AdminSecurityService

    • deleteAdminUser

      @Transactional("blTransactionManager") public void deleteAdminUser(AdminUser user)
      Specified by:
      deleteAdminUser in interface AdminSecurityService

    • readAdminPermissionById

      public AdminPermission readAdminPermissionById(Long id)
      Specified by:
      readAdminPermissionById in interface AdminSecurityService

    • readAdminRoleById

      public AdminRole readAdminRoleById(Long id)
      Specified by:
      readAdminRoleById in interface AdminSecurityService

    • readAdminUserById

      public AdminUser readAdminUserById(Long id)
      Specified by:
      readAdminUserById in interface AdminSecurityService

    • saveAdminPermission

      @Transactional("blTransactionManager") public AdminPermission saveAdminPermission(AdminPermission permission)
      Specified by:
      saveAdminPermission in interface AdminSecurityService

    • saveAdminRole

      @Transactional("blTransactionManager") public AdminRole saveAdminRole(AdminRole role)
      Specified by:
      saveAdminRole in interface AdminSecurityService

    • saveAdminUser

      @Transactional("blTransactionManager") public AdminUser saveAdminUser(AdminUser user)
      Specified by:
      saveAdminUser in interface AdminSecurityService

    • clearAdminSecurityCache

      public void clearAdminSecurityCache()
      Description copied from interface: AdminSecurityService
      Clears the cache used for AdminSecurityService.isUserQualifiedForOperationOnCeilingEntity(AdminUser, PermissionType, String)
      Specified by:
      clearAdminSecurityCache in interface AdminSecurityService

    • generateSecurePassword

      protected String generateSecurePassword()

    • changePassword

      @Transactional("blTransactionManager") public AdminUser changePassword(org.broadleafcommerce.common.security.util.PasswordChange passwordChange)
      Specified by:
      changePassword in interface AdminSecurityService

    • isUserQualifiedForOperationOnCeilingEntity

      public boolean isUserQualifiedForOperationOnCeilingEntity(AdminUser adminUser, PermissionType permissionType, String ceilingEntityFullyQualifiedName)
      Specified by:
      isUserQualifiedForOperationOnCeilingEntity in interface AdminSecurityService

    • buildCacheKey

      protected String buildCacheKey(AdminUser adminUser, PermissionType permissionType, String ceilingEntityFullyQualifiedName)

    • doesOperationExistForCeilingEntity

      public boolean doesOperationExistForCeilingEntity(PermissionType permissionType, String ceilingEntityFullyQualifiedName)
      Specified by:
      doesOperationExistForCeilingEntity in interface AdminSecurityService

    • readAdminUserByUserName

      public AdminUser readAdminUserByUserName(String userName)
      Specified by:
      readAdminUserByUserName in interface AdminSecurityService

    • readAdminUsersByEmail

      public List<AdminUser> readAdminUsersByEmail(String email)
      Description copied from interface: AdminSecurityService
      Returns a list of admin users that match the given email. This could potentially return more than one user if the admin.user.requireUniqueEmailAddress property is set to false.
      Specified by:
      readAdminUsersByEmail in interface AdminSecurityService
      Parameters:
      email - the email address to search for
      Returns:
      a List of AdminUser matching the provided email address

    • readAllAdminUsers

      public List<AdminUser> readAllAdminUsers()
      Specified by:
      readAllAdminUsers in interface AdminSecurityService

    • readAllAdminRoles

      public List<AdminRole> readAllAdminRoles()
      Specified by:
      readAllAdminRoles in interface AdminSecurityService

    • readAllAdminPermissions

      public List<AdminPermission> readAllAdminPermissions()
      Specified by:
      readAllAdminPermissions in interface AdminSecurityService

    • sendForgotUsernameNotification

      @Transactional("blTransactionManager") public org.broadleafcommerce.common.service.GenericResponse sendForgotUsernameNotification(String emailAddress)
      Description copied from interface: AdminSecurityService
      Looks up the corresponding AdminUser and emails the address on file with the associated username.
      Specified by:
      sendForgotUsernameNotification in interface AdminSecurityService
      Parameters:
      emailAddress - email address of user to email
      Returns:
      Response can contain errors including (notFound)

    • sendResetPasswordNotification

      @Transactional("blTransactionManager") public org.broadleafcommerce.common.service.GenericResponse sendResetPasswordNotification(String username)
      Description copied from interface: AdminSecurityService
      Generates an access token and then emails the user.
      Specified by:
      sendResetPasswordNotification in interface AdminSecurityService
      Parameters:
      username - the username of the user to send a password reset email
      Returns:
      Response can contain errors including (invalidEmail, invalidUsername, inactiveUser)

    • resetPasswordUsingToken

      @Transactional("blTransactionManager") public org.broadleafcommerce.common.service.GenericResponse resetPasswordUsingToken(String username, String token, String password, String confirmPassword)
      Description copied from interface: AdminSecurityService
      Updates the password for the passed in user only if the passed in token is valid for that user.
      Specified by:
      resetPasswordUsingToken in interface AdminSecurityService
      Parameters:
      username - the username of the user
      token - a valid reset token from the email
      password - the new desired password
      confirmPassword - the password confirmation to match password
      Returns:
      Response can contain errors including (invalidUsername, inactiveUser, invalidToken, invalidPassword, tokenExpired, passwordMismatch)

    • invalidateAllTokensForAdminUser

      protected void invalidateAllTokensForAdminUser(AdminUser user)

    • checkUser

      protected void checkUser(AdminUser user, org.broadleafcommerce.common.service.GenericResponse response)

    • checkPassword

      protected void checkPassword(String password, String confirmPassword, org.broadleafcommerce.common.service.GenericResponse response)

    • checkExistingPassword

      protected void checkExistingPassword(String unencodedPassword, AdminUser user, org.broadleafcommerce.common.service.GenericResponse response)

    • isTokenExpired

      protected boolean isTokenExpired(ForgotPasswordSecurityToken fpst)

    • getSendUsernameEmailInfo

      public org.broadleafcommerce.common.email.service.info.EmailInfo getSendUsernameEmailInfo()

    • setSendUsernameEmailInfo

      public void setSendUsernameEmailInfo(org.broadleafcommerce.common.email.service.info.EmailInfo sendUsernameEmailInfo)

    • getResetPasswordEmailInfo

      public org.broadleafcommerce.common.email.service.info.EmailInfo getResetPasswordEmailInfo()

    • setResetPasswordEmailInfo

      public void setResetPasswordEmailInfo(org.broadleafcommerce.common.email.service.info.EmailInfo resetPasswordEmailInfo)

    • changePassword

      @Transactional("blTransactionManager") public org.broadleafcommerce.common.service.GenericResponse changePassword(String username, String oldPassword, String password, String confirmPassword)
      Description copied from interface: AdminSecurityService
      Change a user's password only if oldPassword matches what's stored for that user
      Specified by:
      changePassword in interface AdminSecurityService
      Parameters:
      username - the username to change the password for
      oldPassword - the user's current password
      password - the desired new password
      confirmPassword - the confirm password to ensure it matches password
      Returns:
      Response can contain errors including (invalidUser, emailNotFound, inactiveUser, invalidPassword, passwordMismatch)

    • isPasswordValid

      protected boolean isPasswordValid(String encodedPassword, String rawPassword)
      Determines if a password is valid by comparing it to the encoded string, salting is handled internally to the PasswordEncoder.

      This method must always be called to verify if a password is valid after the original encoded password is generated due to PasswordEncoder randomly generating salts internally and appending them to the resulting hash.

      Parameters:
      encodedPassword - the encoded password
      rawPassword - the raw password to check against the encoded password
      Returns:
      true if rawPassword matches the encodedPassword, false otherwise

    • encodePassword

      protected String encodePassword(String rawPassword)
      Generate an encoded password from a raw password

      This method can only be called once per password. The salt is randomly generated internally in the PasswordEncoder and appended to the hash to provide the resulting encoded password. Once this has been called on a password, going forward all checks for authenticity must be done by isPasswordValid(String, String) as encoding the same password twice will result in different encoded passwords.

      Parameters:
      rawPassword - the unencoded password to encode
      Returns:
      the encoded password

    • getCache

      protected javax.cache.Cache<String,Boolean> getCache()