.. java:import:: java.io FileInputStream .. java:import:: java.io IOException .. java:import:: java.lang.reflect InvocationTargetException .. java:import:: java.util Collections .. java:import:: java.util HashMap .. java:import:: java.util HashSet .. java:import:: java.util Set .. java:import:: org.apache.shiro.authc AuthenticationException .. java:import:: org.apache.shiro.authz AuthorizationException .. java:import:: org.apache.shiro.config Ini .. java:import:: org.apache.shiro.subject Subject .. java:import:: org.caosdb.server CaosDBServer .. java:import:: org.caosdb.server ServerProperties .. java:import:: org.caosdb.server.entity Message .. java:import:: org.caosdb.server.permissions Role .. java:import:: org.caosdb.server.transaction LogUserVisitTransaction .. java:import:: org.caosdb.server.transaction RetrieveRoleTransaction .. java:import:: org.caosdb.server.transaction RetrieveUserTransaction .. java:import:: org.caosdb.server.utils ServerMessages .. java:import:: org.slf4j Logger .. java:import:: org.slf4j LoggerFactory UserSources =========== .. java:package:: org.caosdb.server.accessControl :noindex: .. java:type:: public class UserSources extends HashMap This singleton class is the primary resource for authenticating users and resolving principals to roles. Key concepts: .. * User name: A string which identifies a user uniquely across one realm. Why is this so? Because it is possible, that two different people from collaborating work groups with similar names have the same user name in their group e.g. "mueller@uni1.de" and "mueller@uni2.de" or two people from different user groups use the name "admin". In the "mueller" example the domain name of the email is the realm of authentication. * Realm: A string which uniquely identifies "where a user comes from". It guarantees the authentication of a user with a particular user name. Currently the possible realms are quite limited. Only "CaosDB" (which is controlled by the internal user source) and "PAM" which delegates authentication to the host system via PAM (Pluggable Authentication Module) are known and extension is not too easy. * User Source: An instance which provides the access to a realm where users can be authenticated. * Principal: The combination of realm and user name - hence a system-wide unique identifier for users and the primary key to identifying who did what and who is allowed to to do what. :author: Timm Fitschen (t.fitschen@indiscale.com) Fields ------ KEY_DEFAULT_REALM ^^^^^^^^^^^^^^^^^ .. java:field:: public static final String KEY_DEFAULT_REALM :outertype: UserSources KEY_REALMS ^^^^^^^^^^ .. java:field:: public static final String KEY_REALMS :outertype: UserSources KEY_REALM_CLASS ^^^^^^^^^^^^^^^ .. java:field:: public static final String KEY_REALM_CLASS :outertype: UserSources USERNAME_PASSWORD_AUTHENTICATION ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. java:field:: public static final String USERNAME_PASSWORD_AUTHENTICATION :outertype: UserSources Methods ------- add ^^^ .. java:method:: public static UserSource add(UserSource src) :outertype: UserSources getDefaultRealm ^^^^^^^^^^^^^^^ .. java:method:: public static String getDefaultRealm() :outertype: UserSources getDefaultRoles ^^^^^^^^^^^^^^^ .. java:method:: public static Set getDefaultRoles(String realm, String username) :outertype: UserSources getDefaultUserEmail ^^^^^^^^^^^^^^^^^^^ .. java:method:: public static String getDefaultUserEmail(Principal p) :outertype: UserSources getDefaultUserEmail ^^^^^^^^^^^^^^^^^^^ .. java:method:: public static String getDefaultUserEmail(String realm, String username) :outertype: UserSources getDefaultUserStatus ^^^^^^^^^^^^^^^^^^^^ .. java:method:: public static UserStatus getDefaultUserStatus(String realm, String username) :outertype: UserSources getDefaultUserStatus ^^^^^^^^^^^^^^^^^^^^ .. java:method:: public static UserStatus getDefaultUserStatus(Principal p) :outertype: UserSources getInternalRealm ^^^^^^^^^^^^^^^^ .. java:method:: public static UserSource getInternalRealm() :outertype: UserSources guessRealm ^^^^^^^^^^ .. java:method:: public static String guessRealm(String username) :outertype: UserSources guessRealm ^^^^^^^^^^ .. java:method:: public static String guessRealm(String username, String defaultRealm) :outertype: UserSources initMap ^^^^^^^ .. java:method:: public void initMap() :outertype: UserSources isActive ^^^^^^^^ .. java:method:: public static boolean isActive(Principal principal) :outertype: UserSources isRoleExisting ^^^^^^^^^^^^^^ .. java:method:: public static boolean isRoleExisting(String role) :outertype: UserSources isUserExisting ^^^^^^^^^^^^^^ .. java:method:: public static boolean isUserExisting(Principal principal) :outertype: UserSources Check whether a user exists. :param principal: - principal of the user. :return: true iff the user identified by the given \ :java:ref:`Principal`\ exists. isValid ^^^^^^^ .. java:method:: public static boolean isValid(String realm, String username, String password) :outertype: UserSources logUserVisit ^^^^^^^^^^^^ .. java:method:: public static void logUserVisit(String realm, String username, String type) :outertype: UserSources Log the current time as the user's last visit. put ^^^ .. java:method:: public UserSource put(UserSource src) :outertype: UserSources resolveRoles ^^^^^^^^^^^^ .. java:method:: public static Set resolveRoles(String realm, String username) :outertype: UserSources Return the roles of a given user. :param realm: :param username: :return: A set of user roles. resolveRoles ^^^^^^^^^^^^ .. java:method:: public static Set resolveRoles(Principal principal) :outertype: UserSources Return the roles of a given user. :param principal: :return: A set of role names.