com.manydesigns.portofino.shiro

Interface PortofinoRealm

All Superinterfaces:

Authorizer, CacheManagerAware, Realm

All Known Implementing Classes:

AbstractPortofinoRealm, SecurityGroovyRealm

public interface PortofinoRealm
extends Realm, Authorizer, CacheManagerAware

Portofino Shiro realm extension. Key functionality related to application users and groups is delegated to instances of this interface to allow arbitrary security implementations by developers (Security.groovy) without touching the core framework.

Author:

Paolo Predonzani - paolo.predonzani@manydesigns.com, Angelo Lupo - angelo.lupo@manydesigns.com, Giampiero Granatella - giampiero.granatella@manydesigns.com, Alessio Stalla - alessio.stalla@manydesigns.com

Field Summary

Fields

Modifier and Type	Field and Description
static String	copyright

Method Summary

Methods

Modifier and Type	Method and Description
void	changePassword(Serializable user, String oldPassword, String newPassword) Changes a user's password
String	encryptPassword(String password) Returns an encrypted or hashed password.
String	generateOneTimeToken(Serializable user) Generates a one-time token, for use in email validation and password reset.
Set<String>	getGroups() Returns the list of groups known to the system.
ClassAccessor	getSelfRegisteredUserClassAccessor() Returns a ClassAccessor that describes the properties which a self-registered user must or can provide to initiate the sign up process.
Serializable	getUserByEmail(String email) Loads a user by email address.
Serializable	getUserById(String encodedUserId) Loads a user by id.
Serializable	getUserId(Serializable user) Extracts a value that uniquely identifies the user.
String	getUserPrettyName(Serializable user) Computes a string describing the user, meant to be shown on the UI.
Map<Serializable,String>	getUsers() Returns the list of users known to the system.
String	saveSelfRegisteredUser(Object user) Saves a self-registered user on the system.
void	verifyUser(Serializable user) Marks the user as verified as a consequence of a user's action, e.g.

Methods inherited from interface org.apache.shiro.realm.Realm

getAuthenticationInfo, getName, supports

Methods inherited from interface org.apache.shiro.authz.Authorizer

checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll

Methods inherited from interface org.apache.shiro.cache.CacheManagerAware

setCacheManager

Field Detail

copyright

static final String copyright

See Also:

Constant Field Values

Method Detail

verifyUser

void verifyUser(Serializable user)

Marks the user as verified as a consequence of a user's action, e.g. clicking on a verification email or entering a verification code. This method is called in during the user's self-registration process.

Parameters:

user - the user object.

changePassword

void changePassword(Serializable user,
                  String oldPassword,
                  String newPassword)
                    throws IncorrectCredentialsException

Changes a user's password

Parameters:

user - the user object.

oldPassword - the old password provided by the user. Must match with the stored one.

newPassword - the new password.

Throws:

IncorrectCredentialsException - if the old password does not match with the one known by the system (e.g. as stored on a LDAP directory).

generateOneTimeToken

String generateOneTimeToken(Serializable user)

Generates a one-time token, for use in email validation and password reset. Unlike a password, which needs to be associated to a login to be a ShiroToken, a one-time token is valid ShiroToken.

Parameters:

user - the user object.

Returns:

the one-time token

encryptPassword

String encryptPassword(String password)

Returns an encrypted or hashed password.

Parameters:

password - the plaintext password.

Returns:

the encrypted password.

getSelfRegisteredUserClassAccessor

ClassAccessor getSelfRegisteredUserClassAccessor()

Returns a ClassAccessor that describes the properties which a self-registered user must or can provide to initiate the sign up process.

Returns:

the ClassAccessor.

saveSelfRegisteredUser

String saveSelfRegisteredUser(Object user)
                              throws RegistrationException

Saves a self-registered user on the system. The user should be in a invalid state (cannot log in) until he or she confirms registration providing a token (typically by clicking a link in an email message).

Parameters:

user - the user object to save. It is the same kind of object known by getSelfRegisteredUserClassAccessor().

Returns:

the unique token necessary to confirm the registration.

Throws:

RegistrationException - if the user could not be saved for whatever reason.

getUsers

Map<Serializable,String> getUsers()

Returns the list of users known to the system. This is used by the framework when presenting a list of possible users, e.g. when configuring permissions for a page.

Returns:

a map of user id -> pretty name. The pretty name might be the username, email address, full name, etc.

getUserById

Serializable getUserById(String encodedUserId)

Loads a user by id. The id depends on the application's security implementation: it can be, for example, a primary key in a database table, or a path in a LDAP directory.

Parameters:

encodedUserId - the user id as a String. The security implementation is expected to convert the String to a value of the appropriate type.

Returns:

the user object.

getUserByEmail

Serializable getUserByEmail(String email)

Loads a user by email address. Used by the reset password implementation.

Parameters:

email - the email address of the user.

Returns:

the user object.

getUserPrettyName

String getUserPrettyName(Serializable user)

Computes a string describing the user, meant to be shown on the UI. For example, a username, an email address, a name, etc.

Parameters:

user - the user's primary principal (as returned by loadAuthenticationInfo()).

Returns:

the pretty name.

getUserId

Serializable getUserId(Serializable user)

Extracts a value that uniquely identifies the user. For example, a database ID.

Parameters:

user - the user's primary principal (as returned by loadAuthenticationInfo()).

Returns:

the user id.

getGroups

Set<String> getGroups()

Returns the list of groups known to the system. This is used by the framework when presenting a list of possible groups, e.g. when configuring permissions for a page.

Returns:

a set of groups.