Package com.caplin.permissioning

Class User

java.lang.Object
com.caplin.permissioning.Permissionable
com.caplin.permissioning.User
public class User extends Permissionable
Represents a permissioned user that is able to log on to Caplin Trader.

Note: The default password associated with a user is the reserved value Constants.KEYMASTER. The reserved value is not actually a password - it is an indicator that the password is not needed here as it is verified by the Caplin Keymaster. In this case verification of the SSO keymaster token is sufficient to determine that this user is authenticated. See the Caplin Trader Architecture document for more information.

  • Field Details

    • attributes

      protected Map<String,String> attributes

    • password

      protected String password

    • subjectMapper

      protected SubjectMapper subjectMapper

    • subjectMappingInfo

      protected final com.caplin.permissioning.SubjectMappingInfo subjectMappingInfo

  • Method Details

    • getPassword

      public String getPassword()
      Get this User's password. If the value Constants.KEYMASTER is returned this indicates that this User is authenticated using a KeyMaster token. If any other value is returned it is the actual password text that this User authenticates with the Liberator.
      Returns:
      The password string.
      Throws:
      IllegalStateException - if this User was removed from the PermissioningDatasource .

    • setPassword

      public void setPassword(String password) throws NoTransactionInProgressException
      Set this User's password. If the value Constants.KEYMASTER is passed as a parameter it indicates that this User is authenticated using a KeyMaster token. If any other value is passed in it is the actual password text that this User authenticates with in the Liberator . It is recommended that if a KeyMaster token is used then the setPasswordKeymaster() method is used as it is coded to provide the special (reserved) string keymaster to this method.

      Note: Only a master PermissioningDataSource can set the User's password.

      Parameters:
      password - The password string.
      Throws:
      NoTransactionInProgressException - if this method is called outside the scope of a PermissioningDataSource transaction.
      IllegalStateException - if this User was removed from the PermissioningDatasource .

    • setPasswordKeymaster

      public void setPasswordKeymaster() throws NoTransactionInProgressException
      Sets this User's password field to indicate that a KeyMaster token (as opposed to a text password) should be used to authenticate this user.
      Throws:
      NoTransactionInProgressException - if this method is called outside the scope of a PermissioningDataSource transaction.
      IllegalStateException - if this User was removed from the PermissioningDatasource .

      Note: Only a master PermissioningDataSource can set the User's password.

    • getAttribute

      public String getAttribute(String name)
      Get an attribute that has been set by an earlier call to setAttribute(String, String).
      Parameters:
      name - The name of the attribute to set on this user.
      Returns:
      The attribute value stored against this name or null if such an named attribute has not been set.
      Throws:
      IllegalStateException - if this User was removed from the PermissioningDatasource .
      See Also:

    • setAttribute

      public String setAttribute(String name, String value) throws NoTransactionInProgressException, IllegalArgumentException
      Sets an attribute on this user. This can be useful, for example, for setting user-level preferences that the GUI can act upon. The internal implementation of attributes is a Map, therefore if you call this method with the same name parameter twice, the second value overwrites the first set call.
      Parameters:
      name - The name of the attribute to set on this user.
      value - The value of the attribute to set on this user.
      Returns:
      The previous value of this attribute, or null if this is the first time this attribute has been set.
      Throws:
      IllegalArgumentException - if either or both of the parameters passed to this method are null.
      NoTransactionInProgressException - if this method is called outside the scope of a PermissioningDataSource transaction.
      IllegalStateException - if this User was removed from the PermissioningDatasource .

    • isPermitted

      public Authorization isPermitted(String action, String requestedProduct, String permissionNameSpace)
      Check if the User is authorised to perform action in that permissionNameSpace on the specified product. This method checks the Users own permissions and also any inherited permissions from recursively checked parent groups.
      Parameters:
      action - The action the user is attempting to perform on the specified product.
      requestedProduct - The item to check for action on.
      permissionNameSpace - The permissionNameSpace to check for the attempted action.
      Returns:
      the authorisation code representing if this User is permitted to perform the operation described by the parameters to this method.
      Throws:
      IllegalStateException - if this User was removed from the PermissioningDatasource .

    • addSubjectMapping

      public void addSubjectMapping(String key, Map<String,String> map)
      Adds subject mappping data for use by a User's SubjectMapper instance. The data is stored in the User and sent to the Auth Module where it will be applied to the SubjectMapper instance using its updateMappings method.
      Parameters:
      key - The key associated with the subject mappings.
      map - The subject mappings.
      Throws:
      NoTransactionInProgressException - if this method is called outside the scope of a PermissioningDataSource transaction.
      IllegalStateException - if this User was removed from the PermissioningDatasource .

    • getAttributeNames

      public Set<String> getAttributeNames()
      Get the name of every attribute that has been set on this user
      Returns:
      The set of attribute names for this user.
      Throws:
      IllegalStateException - if this User was removed from the PermissioningDatasource .

    • removeAttribute

      public String removeAttribute(String name) throws NoTransactionInProgressException, IllegalArgumentException
      Removes the named attribute from this user. Calling getAttribute(java.lang.String) after this method has been called using the same attributeName will return null. The attributeName will no longer be present in the set of attribute names return by getAttributeNames().

      This method cannot be used to unset a password attribute. The setPassword(String) or setPasswordKeymaster() methods must be used to change this User's password.

      Parameters:
      name - The name of the attribute to to be removed from this User's set of attrbutes.
      Returns:
      The previous value of this attribute, or null if this attribute has not been set.
      Throws:
      IllegalArgumentException - if the parameter passed to this method is null or identifies the password attribute.
      NoTransactionInProgressException - if this method is called outside the scope of a PermissioningDataSource transaction
      IllegalStateException - if this User was removed from the PermissioningDatasource .

    • removeSubjectMappingForKey

      public SubjectMapping removeSubjectMappingForKey(String key)
      Removes the subject mappings identified by the passed in key. This method only removes the subject mappings if they were added using addSubjectMapping(String, Map).
      Returns:
      The removed subject mappings, or null if no mappings were removed.
      Throws:
      NoTransactionInProgressException - if this method is called outside the scope of a PermissioningDataSource transaction
      IllegalStateException - if this User was removed from the PermissioningDatasource .

    • removeAllSubjectMappings

      public void removeAllSubjectMappings()
      Removes all subject mappings for this User, regardless of the method was used to add them.
      Throws:
      NoTransactionInProgressException - if this method is called outside the scope of a PermissioningDataSource transaction
      IllegalStateException - if this User was removed from the PermissioningDatasource .

    • setSubjectMapper

      public void setSubjectMapper(String subjectMapperClassName)
      Sets the class that implements the SubjectMapper interface for this User. The implementation of this interface must be available to the Auth Module at the Libertor but does not need to be available to the PermissioningDataSource. If you do not set a class, then the Auth Module will use the default SubjectMapper to determine the subject mappings for this User.
      Parameters:
      subjectMapperClassName - The fully qualified name of the class that implements theSubjectMapper interface.
      Throws:
      NoTransactionInProgressException - if this method is called outside the scope of a PermissioningDataSource transaction.
      IllegalStateException - if this User was removed from the PermissioningDatasource .

    • getSubjectMapper

      public String getSubjectMapper()
      Gets the class that implements the SubjectMapper interface for this User.
      Returns:
      The fully qualified name of the class that implements the SubjectMapper interface. If a class was not set using setSubjectMapper(String), then the returned name will be for the default SubjectMapper.
      Throws:
      IllegalStateException - if this User was removed from the PermissioningDatasource .

    • createSubjectMapper

      protected void createSubjectMapper()

    • toString

      public String toString()
      Returns a string representation of User.
      Overrides:
      toString in class Object
      Returns:
      A string of the form "User[name,password, permissions, subjectMapping, attributes, parents]".