org.broadleafcommerce.profile.core.service

Interface CustomerService

All Known Implementing Classes:

CustomerServiceImpl

public interface CustomerService

Method Summary

Methods

Modifier and Type	Method and Description
void	addPostRegisterListener(PostRegistrationObserver postRegisterListeners)
Customer	changePassword(PasswordChange passwordChange)
GenericResponse	checkPasswordResetToken(String token) Deprecated. checkPasswordResetToken(String, Customer), this will be removed in 4.2
GenericResponse	checkPasswordResetToken(String token, Customer customer) Verifies that a customer has a valid token.
Customer	createCustomer()
Customer	createCustomerFromId(Long customerId) Returns a Customer by first looking in the database, otherwise creating a new non-persisted Customer
Customer	createNewCustomer() Returns a non-persisted Customer.
void	createRegisteredCustomerRoles(Customer customer) Subclassed implementations can assign unique roles for various customer types
void	deleteCustomer(Customer customer) Delete the customer entity from the persistent store
String	encodePassword(String rawPassword) Encodes the clear text parameter, using the salt provided by PasswordEncoder.
String	encodePassword(String rawPassword, Customer customer) Deprecated. the new PasswordEncoder handles salting internally, this will be removed in 4.2
Long	findNextCustomerId() Allow customers to call from subclassed service.
List<PasswordUpdatedHandler>	getPasswordChangedHandlers()
List<PasswordUpdatedHandler>	getPasswordResetHandlers()
String	getSalt() Deprecated. use getSaltSource() instead, this will be removed in 4.2
Object	getSalt(Customer customer) Deprecated. use getSalt(Customer, String) instead, this will be removed in 4.2
Object	getSalt(Customer customer, String unencodedPassword) Deprecated. the new PasswordEncoder handles salting internally, this will be removed in 4.2
org.springframework.security.authentication.dao.SaltSource	getSaltSource() Deprecated. the new PasswordEncoder handles salting internally, this will be removed in 4.2
boolean	isPasswordValid(String rawPassword, String encodedPassword) Determines if a password is valid by comparing it to the encoded string, salting is handled internally to the PasswordEncoder.
boolean	isPasswordValid(String rawPassword, String encodedPassword, Customer customer) Deprecated. the new PasswordEncoder handles salting internally, this will be removed in 4.2
Customer	readCustomerByEmail(String emailAddress)
Customer	readCustomerById(Long userId)
Customer	readCustomerByUsername(String customerName)
Customer	readCustomerByUsername(String username, Boolean cacheable)
Customer	registerCustomer(Customer customer, String password, String passwordConfirm)
void	removePostRegisterListener(PostRegistrationObserver postRegisterListeners)
Customer	resetPassword(PasswordReset passwordReset)
GenericResponse	resetPasswordUsingToken(String username, String token, String password, String confirmPassword) Updates the password for the passed in customer only if the passed in token is valid for that customer.
Customer	saveCustomer(Customer customer)
Customer	saveCustomer(Customer customer, boolean register)
GenericResponse	sendForgotPasswordNotification(String userName, String forgotPasswordUrl) Generates an access token and then emails the user.
GenericResponse	sendForgotUsernameNotification(String emailAddress) Looks up the corresponding Customer and emails the address on file with the associated username.
void	setPasswordChangedHandlers(List<PasswordUpdatedHandler> passwordChangedHandlers)
void	setPasswordResetHandlers(List<PasswordUpdatedHandler> passwordResetHandlers)
void	setSalt(String salt) Deprecated. use setSaltSource(SaltSource) instead, this will be removed in 4.2
void	setSaltSource(org.springframework.security.authentication.dao.SaltSource saltSource) Deprecated. the new PasswordEncoder handles salting internally, this will be removed in 4.2

Method Detail

saveCustomer

Customer saveCustomer(Customer customer)

saveCustomer

Customer saveCustomer(Customer customer,
                    boolean register)

registerCustomer

Customer registerCustomer(Customer customer,
                        String password,
                        String passwordConfirm)

readCustomerByUsername

Customer readCustomerByUsername(String customerName)

readCustomerByUsername

Customer readCustomerByUsername(String username,
                              Boolean cacheable)

readCustomerByEmail

Customer readCustomerByEmail(String emailAddress)

changePassword

Customer changePassword(PasswordChange passwordChange)

readCustomerById

Customer readCustomerById(Long userId)

createCustomer

Customer createCustomer()

deleteCustomer

void deleteCustomer(Customer customer)

Delete the customer entity from the persistent store

Parameters:

customer - the customer entity to remove

createCustomerFromId

Customer createCustomerFromId(Long customerId)

Returns a Customer by first looking in the database, otherwise creating a new non-persisted Customer

Parameters:

customerId - the id of the customer to lookup

createNewCustomer

Customer createNewCustomer()

Returns a non-persisted Customer. Typically used with registering a new customer.

createRegisteredCustomerRoles

void createRegisteredCustomerRoles(Customer customer)

Subclassed implementations can assign unique roles for various customer types

Parameters:

customer - Customer to create roles for

addPostRegisterListener

void addPostRegisterListener(PostRegistrationObserver postRegisterListeners)

removePostRegisterListener

void removePostRegisterListener(PostRegistrationObserver postRegisterListeners)

resetPassword

Customer resetPassword(PasswordReset passwordReset)

getPasswordResetHandlers

List<PasswordUpdatedHandler> getPasswordResetHandlers()

setPasswordResetHandlers

void setPasswordResetHandlers(List<PasswordUpdatedHandler> passwordResetHandlers)

getPasswordChangedHandlers

List<PasswordUpdatedHandler> getPasswordChangedHandlers()

setPasswordChangedHandlers

void setPasswordChangedHandlers(List<PasswordUpdatedHandler> passwordChangedHandlers)

sendForgotUsernameNotification

GenericResponse sendForgotUsernameNotification(String emailAddress)

Looks up the corresponding Customer and emails the address on file with the associated username.

Parameters:

emailAddress - user's email address

Returns:

Response can contain errors including (notFound)

sendForgotPasswordNotification

GenericResponse sendForgotPasswordNotification(String userName,
                                             String forgotPasswordUrl)

Generates an access token and then emails the user.

Parameters:

userName - - the user to send a reset password email to.

forgotPasswordUrl - - Base url to include in the email.

Returns:

Response can contain errors including (invalidEmail, invalidUsername, inactiveUser)

resetPasswordUsingToken

GenericResponse resetPasswordUsingToken(String username,
                                      String token,
                                      String password,
                                      String confirmPassword)

Updates the password for the passed in customer only if the passed in token is valid for that customer.

Parameters:

username - Username of the customer

token - Valid reset token

password - new password

Returns:

Response can contain errors including (invalidUsername, inactiveUser, invalidToken, invalidPassword, tokenExpired)

checkPasswordResetToken

@Deprecated
GenericResponse checkPasswordResetToken(String token)

Deprecated. checkPasswordResetToken(String, Customer), this will be removed in 4.2

Verifies that the passed in token is valid.

This method can only be used when using the deprecated PasswordEncoder bean, otherwise an exception will be thrown. The new PasswordEncoder bean requires passing in a Customer to find the appropriate token.

Parameters:

token - password reset token

Returns:

Response can contain errors including (invalidToken, tokenUsed, and tokenExpired)

checkPasswordResetToken

GenericResponse checkPasswordResetToken(String token,
                                      Customer customer)

Verifies that a customer has a valid token.

Parameters:

token - password reset token

customer - Customer who owns the token

Returns:

Response can contain errors including (invalidToken, tokenUsed, and tokenExpired)

findNextCustomerId

Long findNextCustomerId()

Allow customers to call from subclassed service.

Returns:

the next customerId to be used

getSalt

@Deprecated
String getSalt()

Deprecated. use getSaltSource() instead, this will be removed in 4.2

Returns:

currently used salt string

setSalt

@Deprecated
void setSalt(String salt)

Deprecated. use setSaltSource(SaltSource) instead, this will be removed in 4.2

Parameters:

salt - new salt string to use

getSaltSource

@Deprecated
org.springframework.security.authentication.dao.SaltSource getSaltSource()

Deprecated. the new PasswordEncoder handles salting internally, this will be removed in 4.2

Returns the SaltSource used with the blPasswordEncoder to encrypt the user password. Usually configured in applicationContext-security.xml. This is not a required property and will return null if not configured

Returns:

the currently used SaltSource

setSaltSource

@Deprecated
void setSaltSource(org.springframework.security.authentication.dao.SaltSource saltSource)

Deprecated. the new PasswordEncoder handles salting internally, this will be removed in 4.2

Sets the SaltSource used with blPasswordEncoder to encrypt the user password. Usually configured within applicationContext-security.xml

Parameters:

saltSource - the new SaltSource to use

getSalt

@Deprecated
Object getSalt(Customer customer)

Deprecated. use getSalt(Customer, String) instead, this will be removed in 4.2

getSalt

@Deprecated
Object getSalt(Customer customer,
                        String unencodedPassword)

Deprecated. the new PasswordEncoder handles salting internally, this will be removed in 4.2

Gets the salt object for the current customer. By default this delegates to getSaltSource(). If there is not a SaltSource configured (getSaltSource() returns null) then this also returns null.

Parameters:

customer - the Customer to get UserDetails from

unencodedPassword - the unencoded password

Returns:

the salt for the current customer

encodePassword

@Deprecated
String encodePassword(String rawPassword,
                               Customer customer)

Deprecated. the new PasswordEncoder handles salting internally, this will be removed in 4.2

Encodes the clear text parameter, using the customer as a potential Salt. Does not change the customer properties. This method only encodes the password and returns the encoded result.

The externally salted PasswordEncoder support is being deprecated, following in Spring Security's footsteps, in order to move towards self salting hashing algorithms such as bcrypt. Bcrypt is a superior hashing algorithm that randomly generates a salt per password in order to protect against rainbow table attacks and is an intentionally expensive algorithm to further guard against brute force attempts to crack hashed passwords. Additionally, having the encoding algorithm handle the salt internally reduces code complexity and dependencies such as SaltSource.

Parameters:

rawPassword - the unencoded password

customer - the Customer to use for the salt

Returns:

the encoded password

encodePassword

String encodePassword(String rawPassword)

Encodes the clear text parameter, using the salt provided by PasswordEncoder. Does not change the customer properties. This method only encodes the password and returns the encoded result.

This method can only be called once per password. The salt is randomly generated internally in the PasswordEncoder and appended to the hash to provide the resulting encoded password. Once this has been called on a password, going forward all checks for authenticity must be done by isPasswordValid(String, String) as encoding the same password twice will result in different encoded passwords.

Parameters:

rawPassword - the unencoded password

Returns:

the encoded password

isPasswordValid

@Deprecated
boolean isPasswordValid(String rawPassword,
                                 String encodedPassword,
                                 Customer customer)

Deprecated. the new PasswordEncoder handles salting internally, this will be removed in 4.2

Use this to determine if passwords match using a Customer for salting. Don't encode the password separately since sometimes salts are generated randomly and stored with the password.

The externally salted PasswordEncoder support is being deprecated, following in Spring Security's footsteps, in order to move towards self salting hashing algorithms such as bcrypt. Bcrypt is a superior hashing algorithm that randomly generates a salt per password in order to protect against rainbow table attacks and is an intentionally expensive algorithm to further guard against brute force attempts to crack hashed passwords. Additionally, having the encoding algorithm handle the salt internally reduces code complexity and dependencies such as SaltSource.

Parameters:

rawPassword - the unencoded password

encodedPassword - the encoded password to compare against

customer - the Customer to use for the salt

Returns:

true if the unencoded password matches the encoded password, false otherwise

isPasswordValid

boolean isPasswordValid(String rawPassword,
                      String encodedPassword)

Determines if a password is valid by comparing it to the encoded string, salting is handled internally to the PasswordEncoder.

This method must always be called to verify if a password is valid after the original encoded password is generated due to PasswordEncoder randomly generating salts internally and appending them to the resulting hash.

Parameters:

rawPassword - the unencoded password

encodedPassword - the encoded password to compare against

Returns:

true if the unencoded password matches the encoded password, false otherwise