Directory (EBX.Platform 4.8 Java API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.orchestranetworks.service.directory
Class Directory

java.lang.Object
  com.orchestranetworks.service.directory.Directory

Direct Known Subclasses:: DirectoryDefault

public abstract class Directory
extends Object

Defines the users' directory that is used by EBX.Platform for user authentication and roles management.

Deployment of a specific directory

The way to specify and deploy a specific directory is described by DirectoryFactory class comment.

The default implementation is DirectoryDefault.

Constructor Summary
`Directory()`

Method Summary
`UserReference`	`authenticateUserFromArray(Object[] args)` Authenticates a user by an open array.
`UserReference`	`authenticateUserFromHttpRequest(HttpServletRequest request)` Authenticates a user for the purpose of a single sign-on policy.
`abstract UserReference`	`authenticateUserFromLoginPassword(String aLogin, String aPassword)` Authenticates a user by his login and password.
`String`	`displayBuiltInRole(Role aBuiltInRole, Locale aLocale)` Returns a label for the specified built-in role.
`String`	`displaySpecificRole(Role aSpecificRole, Locale aLocale)` Returns a label for this specific role.
`String`	`displayUser(UserReference aUserReference, Locale aLocale)` Returns a label for the specified user.
`String`	`displayUserWithSalutation(UserReference aUserReference, Locale aLocale)` Returns a label for the specified user so that it can be used for a salutation.
`abstract List`	`getProfiles(ProfileListContext aProfileContext)` Returns the profiles according to the specified context.
`String`	`getUserEmail(UserReference aUserReference)` Returns the e-mail address of the specified user, `null` if it is unknown.
`List`	`getUsersInRole(Role aRole)` Returns all users that belong to the specified role.
`boolean`	`isRoleStrictlyIncluded(Role aRole, Role anotherRole)` Returns `true` when `aRole` is included in `anotherRole`.
`abstract boolean`	`isSpecificRoleDefined(Role aSpecificRole)` Returns `true` if the specific role actually exists in this directory.
`abstract boolean`	`isUserDefined(UserReference aUserReference)` Returns `true` if the specified user actually exists in this directory.
`abstract boolean`	`isUserInRole(UserReference aUser, Role aRole)` Returns `true` if the user has the specified role.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

authenticateUserFromLoginPassword

public abstract UserReference authenticateUserFromLoginPassword(String aLogin,
                                                                String aPassword)
                                                         throws AuthenticationException

Authenticates a user by his login and password.

Note: for EBX.Manager, the full authentication process is detailed on the class UIHttpManagerComponent. This method can also be called by a client application through Repository.createSessionFromLoginPassword(String, String).

Returns:: the user reference corresponding to the specified login/password, or null if login does not exist or password is incorrect.
Throws:: AuthenticationException - if authentication fails for a reason that is more specific than an unknown login or an incorrect password (for example, a security violation or a physical access failure).

authenticateUserFromHttpRequest

public UserReference authenticateUserFromHttpRequest(HttpServletRequest request)
                                              throws AuthenticationException

Authenticates a user for the purpose of a single sign-on policy.

If the implementation of this method does not return null, the user enters directly into the EBX.Manager session (he does not have to submit his login and password).

More precisely, this method is called each time an initial HTTP request is sent to the Manager:

If the method returns null, the login/password page is returned as the HTTP response.
If the method returns a user, this user is logged in the Manager session.
If the method throws an exception, an "Access denied" page is returned.

Notes:

For EBX.Manager, the full authentication process is detailed on the class UIHttpManagerComponent.
This method can also be directly called by a client Web application through Repository.createSessionFromHttpRequest(HttpServletRequest).
The default implementation of this method always returns null. It shall be overridden if a single sign-on behaviour is needed.
This method is able to grant specific privileges to the resulting session by invoking the method Profile.forUserWithSpecificPrivilege(String, ServiceKey).

Returns:: the user reference retrieved from the specified HTTP request(for example, from its parameters or from its cookies), or null if the authentication features are not provided in the request (in which case a login/password is asked from the user).
Throws:: AuthenticationException - if authentication cannot complete.

authenticateUserFromArray

public UserReference authenticateUserFromArray(Object[] args)

Authenticates a user by an open array.

Note: this method is only called through Repository.createSessionFromArray(Object[]), that is, only by a specific client application.

The default implementation of this method always returns null.

Returns:: the user reference corresponding to the specified arguments, or null if no user can be authenticated.

isUserDefined

public abstract boolean isUserDefined(UserReference aUserReference)

Returns true if the specified user actually exists in this directory.

See Also:: DirectoryHandler.isProfileDefined(Profile)

isSpecificRoleDefined

public abstract boolean isSpecificRoleDefined(Role aSpecificRole)

Returns true if the specific role actually exists in this directory.

See Also:: DirectoryHandler.isProfileDefined(Profile)

isUserInRole

public abstract boolean isUserInRole(UserReference aUser,
                                     Role aRole)

Returns true if the user has the specified role. The method must return false if the user does not exist.

The following built-in roles are not passed to this method because their meaning does not depend on a specific directory:

See Also:: DirectoryHandler.isProfileIncluded(Profile, Profile)

isRoleStrictlyIncluded

public boolean isRoleStrictlyIncluded(Role aRole,
                                      Role anotherRole)

Returns true when aRole is included in anotherRole.

The default implementation of this method returns false. It should be overridden if role inclusion is somehow implemented in the underlying directory.

See Also:: DirectoryHandler.isProfileIncluded(Profile, Profile)

getProfiles

public abstract List getProfiles(ProfileListContext aProfileContext)

Returns the profiles according to the specified context.

Postconditions:

The profiles to return have some restrictions:

For defining permissions (see ProfileListContext.isForDefiningPermission()), the list must not contain the ADMINISTRATOR built-in role.
For owning a branch or an instance (see ProfileListContext.isForSelectingBranchOwner() and ProfileListContext.isForSelectingInstanceOwner()), the list must not contain the built-in roles OWNER and DISTRIBUTOR.
For workflow (see ProfileListContext.isForWorkflow(), the list must not contain the built-in roles OWNER and DISTRIBUTOR.

Returns:: a List of profiles

getUsersInRole

public List getUsersInRole(Role aRole)

Returns all users that belong to the specified role.

Default implementation throws an exception: this method must be overridden.

Returns:: a List of UserReference, each responding true to method isUserInRole(UserReference, Role).

getUserEmail

public String getUserEmail(UserReference aUserReference)

Returns the e-mail address of the specified user, null if it is unknown.

The default implementation of this method returns always null.

displayUser

public String displayUser(UserReference aUserReference,
                          Locale aLocale)

Returns a label for the specified user.

Implementation recommendations:

Since the returned label is used in lists, for example for setting permissions or ownership, it is recommended that it should contain at least the identifier of the user.
Any implementation of this method should handle the case where the user does not exist in the directory any more (because it has been removed from the directory). In this case, it is expected for this method to return a particular label indicating that the specified user is unknown.

The default implementation of this method simply displays the identifier of the user (and mentions that it is "unknown", if the user is not defined).

See Also:: DirectoryHandler.displayProfile(Profile, Locale)

displayUserWithSalutation

public String displayUserWithSalutation(UserReference aUserReference,
                                        Locale aLocale)

Returns a label for the specified user so that it can be used for a salutation. For example, it is displayed by EBX.Manager on the upper right of the screen.

The default implementation of this method invokes the method displayUser(UserReference, Locale).

A better specific implementation could display the social title with first and last names, for example "Mr. Andrew Smith".

displayBuiltInRole

public String displayBuiltInRole(Role aBuiltInRole,
                                 Locale aLocale)

Returns a label for the specified built-in role.

The default implementation of this method returns a localized label.

See Also:: DirectoryHandler.displayProfile(Profile, Locale)

displaySpecificRole

public String displaySpecificRole(Role aSpecificRole,
                                  Locale aLocale)

Returns a label for this specific role.

Any implementation of this method should handle the case where the role does not exist any more in the directory (because it has been deleted). In this case, it is expected for this method to return a particular label indicating that the specified role is unknown.

The default implementation of this method uses role name.

See Also:: DirectoryHandler.displayProfile(Profile, Locale)