Package africa.absa.inception.security

Class UserDirectoryBase

java.lang.Object

africa.absa.inception.security.UserDirectoryBase

Direct Known Subclasses:

InternalUserDirectory, LDAPUserDirectory

public abstract class UserDirectoryBase
extends Object

The UserDirectoryBase class provides the base class from which all user directory classes should be derived.

Author:

Marcus Portmann

Constructor Summary

Constructors

Constructor	Description
UserDirectoryBase(UUID userDirectoryId, List<UserDirectoryParameter> parameters, GroupRepository groupRepository, UserRepository userRepository, RoleRepository roleRepository)	Constructs a new UserDirectoryBase.

Method Summary

Modifier and Type	Method	Description
void	addMemberToGroup(String groupName, GroupMemberType memberType, String memberName)	Add the group member to the group.
void	addRoleToGroup(String groupName, String roleCode)	Add the role to the group.
void	addUserToGroup(String groupName, String username)	Add the user to the group.
void	adminChangePassword(String username, String newPassword, boolean expirePassword, boolean lockUser, boolean resetPasswordHistory, PasswordChangeReason reason)	Administratively change the password for the user.
void	authenticate(String username, String password)	Authenticate the user.
void	changePassword(String username, String password, String newPassword)	Change the password for the user.
void	createGroup(Group group)	Create the new group.
void	createUser(User user, boolean expiredPassword, boolean userLocked)	Create the new user.
void	deleteGroup(String groupName)	Delete the group.
void	deleteUser(String username)	Delete the user.
List<User>	findUsers(List<UserAttribute> userAttributes)	Retrieve the users matching the user attribute criteria.
UserDirectoryCapabilities	getCapabilities()	Retrieve the capabilities the user directory supports.
List<String>	getFunctionCodesForUser(String username)	Retrieve the function codes for the user.
Group	getGroup(String groupName)	Retrieve the group.
List<String>	getGroupNames()	Retrieve all the group names.
List<String>	getGroupNamesForUser(String username)	Retrieve the names of the groups the user is a member of.
GroupRepository	getGroupRepository()	Returns the Group Repository.
List<Group>	getGroups()	Retrieve all the groups.
Groups	getGroups(String filter, africa.absa.inception.core.sorting.SortDirection sortDirection, Integer pageIndex, Integer pageSize)	Retrieve the groups.
List<Group>	getGroupsForUser(String username)	Retrieve the groups the user is a member of.
List<GroupMember>	getMembersForGroup(String groupName)	Retrieve the group members for the group.
GroupMembers	getMembersForGroup(String groupName, String filter, africa.absa.inception.core.sorting.SortDirection sortDirection, Integer pageIndex, Integer pageSize)	Retrieve the group members for the group.
List<UserDirectoryParameter>	getParameters()	Returns the parameters for the user directory.
List<String>	getRoleCodesForGroup(String groupName)	Retrieve the codes for the roles that have been assigned to the group.
List<String>	getRoleCodesForUser(String username)	Retrieve the codes for the roles that the user has been assigned.
RoleRepository	getRoleRepository()	Returns the Role Repository.
List<GroupRole>	getRolesForGroup(String groupName)	Retrieve the roles that have been assigned to the group.
User	getUser(String username)	Retrieve the user.
UUID	getUserDirectoryId()	Returns the Universally Unique Identifier (UUID) for the user directory.
String	getUserName(String username)	Retrieve the name of the user.
UserRepository	getUserRepository()	Returns the User Repository.
List<User>	getUsers()	Retrieve all the users.
Users	getUsers(String filter, UserSortBy sortBy, africa.absa.inception.core.sorting.SortDirection sortDirection, Integer pageIndex, Integer pageSize)	Retrieve the users.
boolean	isExistingUser(String username)	Does the user with the specified username exist?
protected boolean	isNullOrEmpty(Object value)	Checks whether the specified value is null or blank.
boolean	isUserInGroup(String groupName, String username)	Is the user in the group?
void	removeMemberFromGroup(String groupName, GroupMemberType memberType, String memberName)	Remove the group member from the group.
void	removeRoleFromGroup(String groupName, String roleCode)	Remove the role from the group.
void	removeUserFromGroup(String groupName, String username)	Remove the user from the group.
void	resetPassword(String username, String newPassword)	Reset the password for the user.
void	updateGroup(Group group)	Update the group.
void	updateUser(User user, boolean expirePassword, boolean lockUser)	Update the user.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

UserDirectoryBase

public UserDirectoryBase(UUID userDirectoryId,
                         List<UserDirectoryParameter> parameters,
                         GroupRepository groupRepository,
                         UserRepository userRepository,
                         RoleRepository roleRepository)

Constructs a new UserDirectoryBase.

Parameters:

userDirectoryId - the Universally Unique Identifier (UUID) for the user directory

parameters - the parameters for the user directory

groupRepository - the Group Repository

userRepository - the User Repository

roleRepository - the Role Repository

Method Detail

getGroupRepository

public GroupRepository getGroupRepository()

Returns the Group Repository.

Returns:

the Group Repository

getParameters

public List<UserDirectoryParameter> getParameters()

Returns the parameters for the user directory.

Returns:

the parameters for the user directory

getRoleRepository

public RoleRepository getRoleRepository()

Returns the Role Repository.

Returns:

the Role Repository

getUserDirectoryId

public UUID getUserDirectoryId()

Returns the Universally Unique Identifier (UUID) for the user directory.

Returns:

the Universally Unique Identifier (UUID) for the user directory

getUserRepository

public UserRepository getUserRepository()

Returns the User Repository.

Returns:

the User Repository

isNullOrEmpty

protected boolean isNullOrEmpty(Object value)

Checks whether the specified value is null or blank.

Parameters:

value - the value to check

Returns:

true if the value is null or blank

addMemberToGroup

public abstract void addMemberToGroup(String groupName,
                                      GroupMemberType memberType,
                                      String memberName)
                               throws GroupNotFoundException,
                                      UserNotFoundException,
                                      africa.absa.inception.core.service.ServiceUnavailableException

Add the group member to the group.

Parameters:

groupName - the name of the group

memberType - the group member type

memberName - the group member name

Throws:

GroupNotFoundException - if the group could not be found

UserNotFoundException - if the user could not be found

africa.absa.inception.core.service.ServiceUnavailableException - if the group member could not be added to the group

addRoleToGroup

public abstract void addRoleToGroup(String groupName,
                                    String roleCode)
                             throws GroupNotFoundException,
                                    RoleNotFoundException,
                                    africa.absa.inception.core.service.ServiceUnavailableException

Add the role to the group.

Parameters:

groupName - the name of the group

roleCode - the code for the role

Throws:

GroupNotFoundException - if the group could not be found

RoleNotFoundException - if the role could not be found

africa.absa.inception.core.service.ServiceUnavailableException - if the role could not be added to the group

addUserToGroup

public abstract void addUserToGroup(String groupName,
                                    String username)
                             throws GroupNotFoundException,
                                    UserNotFoundException,
                                    africa.absa.inception.core.service.ServiceUnavailableException

Add the user to the group.

Parameters:

groupName - the name of the group

username - the username for the user

Throws:

GroupNotFoundException - if the group could not be found

UserNotFoundException - if the user could not be found

africa.absa.inception.core.service.ServiceUnavailableException - if the user could not be added to the group

adminChangePassword

public abstract void adminChangePassword(String username,
                                         String newPassword,
                                         boolean expirePassword,
                                         boolean lockUser,
                                         boolean resetPasswordHistory,
                                         PasswordChangeReason reason)
                                  throws UserNotFoundException,
                                         africa.absa.inception.core.service.ServiceUnavailableException

Administratively change the password for the user.

Parameters:

username - the username for the user

newPassword - the new password

expirePassword - expire the user's password

lockUser - lock the user

resetPasswordHistory - reset the user's password history

reason - the reason for changing the password

Throws:

UserNotFoundException - if the user could not be found

africa.absa.inception.core.service.ServiceUnavailableException - if the password could not be administratively changed

authenticate

public abstract void authenticate(String username,
                                  String password)
                           throws AuthenticationFailedException,
                                  UserLockedException,
                                  ExpiredPasswordException,
                                  UserNotFoundException,
                                  africa.absa.inception.core.service.ServiceUnavailableException

Authenticate the user.

Parameters:

username - the username for the user

password - the password being used to authenticate

Throws:

AuthenticationFailedException - if the authentication failed

UserLockedException - if the user is locked

ExpiredPasswordException - if the password for the user has expired

UserNotFoundException - if the user could not be found

africa.absa.inception.core.service.ServiceUnavailableException - if the user could not be authenticated

changePassword

public abstract void changePassword(String username,
                                    String password,
                                    String newPassword)
                             throws AuthenticationFailedException,
                                    UserLockedException,
                                    ExistingPasswordException,
                                    africa.absa.inception.core.service.ServiceUnavailableException

Change the password for the user.

Parameters:

username - the username for the user

password - the password for the user that is used to authorise the operation

newPassword - the new password

Throws:

AuthenticationFailedException - if the authentication failed

UserLockedException - if the user is locked

ExistingPasswordException - if the user has previously used the new password

africa.absa.inception.core.service.ServiceUnavailableException - if the password could not be changed

createGroup

public abstract void createGroup(Group group)
                          throws DuplicateGroupException,
                                 africa.absa.inception.core.service.ServiceUnavailableException

Create the new group.

Parameters:

group - the group

Throws:

DuplicateGroupException - if the group already exists

africa.absa.inception.core.service.ServiceUnavailableException - if the group could not be created

createUser

public abstract void createUser(User user,
                                boolean expiredPassword,
                                boolean userLocked)
                         throws DuplicateUserException,
                                africa.absa.inception.core.service.ServiceUnavailableException

Create the new user.

Parameters:

user - the user

expiredPassword - create the user with its password expired

userLocked - create the user locked

Throws:

DuplicateUserException - if the user already exists

africa.absa.inception.core.service.ServiceUnavailableException - if the user could not be created

deleteGroup

public abstract void deleteGroup(String groupName)
                          throws GroupNotFoundException,
                                 ExistingGroupMembersException,
                                 africa.absa.inception.core.service.ServiceUnavailableException

Delete the group.

Parameters:

groupName - the name of the group

Throws:

GroupNotFoundException - if the group could not be found

ExistingGroupMembersException - if the group has existing members

africa.absa.inception.core.service.ServiceUnavailableException - if the group could not be deleted

deleteUser

public abstract void deleteUser(String username)
                         throws UserNotFoundException,
                                africa.absa.inception.core.service.ServiceUnavailableException

Delete the user.

Parameters:

username - the username for the user

Throws:

UserNotFoundException - if the user could not be found

africa.absa.inception.core.service.ServiceUnavailableException - if the user could not be deleted

findUsers

public abstract List<User> findUsers(List<UserAttribute> userAttributes)
                              throws InvalidAttributeException,
                                     africa.absa.inception.core.service.ServiceUnavailableException

Retrieve the users matching the user attribute criteria.

Parameters:

userAttributes - the user attribute criteria used to select the users

Returns:

the users whose attributes match the user attribute criteria

Throws:

InvalidAttributeException - if an attribute is invalid

africa.absa.inception.core.service.ServiceUnavailableException - if the users matching the user attribute criteria could not be found

getCapabilities

public abstract UserDirectoryCapabilities getCapabilities()
                                                   throws africa.absa.inception.core.service.ServiceUnavailableException

Retrieve the capabilities the user directory supports.

Returns:

the capabilities the user directory supports

Throws:

africa.absa.inception.core.service.ServiceUnavailableException - if the user directory capabilities could not be retrieved

getFunctionCodesForUser

public abstract List<String> getFunctionCodesForUser(String username)
                                              throws UserNotFoundException,
                                                     africa.absa.inception.core.service.ServiceUnavailableException

Retrieve the function codes for the user.

Parameters:

username - the username for the user

Returns:

the function codes for the user

Throws:

UserNotFoundException - if the user could not be found

africa.absa.inception.core.service.ServiceUnavailableException - if the function codes could not be retrieved for the user

getGroup

public abstract Group getGroup(String groupName)
                        throws GroupNotFoundException,
                               africa.absa.inception.core.service.ServiceUnavailableException

Retrieve the group.

Parameters:

groupName - the name of the group

Returns:

the group

Throws:

GroupNotFoundException - if the group could not be found

africa.absa.inception.core.service.ServiceUnavailableException - if the group could not be retrieved

getGroupNames

public abstract List<String> getGroupNames()
                                    throws africa.absa.inception.core.service.ServiceUnavailableException

Retrieve all the group names.

Returns:

the group names

Throws:

africa.absa.inception.core.service.ServiceUnavailableException - if the group names could not be retrieved

getGroupNamesForUser

public abstract List<String> getGroupNamesForUser(String username)
                                           throws UserNotFoundException,
                                                  africa.absa.inception.core.service.ServiceUnavailableException

Retrieve the names of the groups the user is a member of.

Parameters:

username - the username for the user

Returns:

the names of the groups the user is a member of

Throws:

UserNotFoundException - if the user could not be found

africa.absa.inception.core.service.ServiceUnavailableException - if the names of the groups the user is a member of could not be retrieved

getGroups

public abstract List<Group> getGroups()
                               throws africa.absa.inception.core.service.ServiceUnavailableException

Retrieve all the groups.

Returns:

the groups

Throws:

africa.absa.inception.core.service.ServiceUnavailableException - if the groups could not be retrieved

getGroups

public abstract Groups getGroups(String filter,
                                 africa.absa.inception.core.sorting.SortDirection sortDirection,
                                 Integer pageIndex,
                                 Integer pageSize)
                          throws africa.absa.inception.core.service.ServiceUnavailableException

Retrieve the groups.

Parameters:

filter - the optional filter to apply to the groups

sortDirection - the optional sort direction to apply to the groups

pageIndex - the optional page index

pageSize - the optional page size

Returns:

the groups

Throws:

africa.absa.inception.core.service.ServiceUnavailableException - if the groups could not be retrieved

getGroupsForUser

public abstract List<Group> getGroupsForUser(String username)
                                      throws UserNotFoundException,
                                             africa.absa.inception.core.service.ServiceUnavailableException

Retrieve the groups the user is a member of.

Parameters:

username - the username for the user

Returns:

the groups the user is a member of

Throws:

UserNotFoundException - if the user could not be found

africa.absa.inception.core.service.ServiceUnavailableException - if the groups the user is a member of could not be retrieved

getMembersForGroup

public abstract List<GroupMember> getMembersForGroup(String groupName)
                                              throws GroupNotFoundException,
                                                     africa.absa.inception.core.service.ServiceUnavailableException

Retrieve the group members for the group.

Parameters:

groupName - the name of the group

Returns:

the group members for the group

Throws:

GroupNotFoundException - if the group could not be found

africa.absa.inception.core.service.ServiceUnavailableException - if the group members could not be retrieved for the group

getMembersForGroup

public abstract GroupMembers getMembersForGroup(String groupName,
                                                String filter,
                                                africa.absa.inception.core.sorting.SortDirection sortDirection,
                                                Integer pageIndex,
                                                Integer pageSize)
                                         throws GroupNotFoundException,
                                                africa.absa.inception.core.service.ServiceUnavailableException

Retrieve the group members for the group.

Parameters:

groupName - the name of the group

filter - the optional filter to apply to the group members

sortDirection - the optional sort direction to apply to the group members

pageIndex - the optional page index

pageSize - the optional page size

Returns:

the group members for the group

Throws:

GroupNotFoundException - if the group could not be found

africa.absa.inception.core.service.ServiceUnavailableException - if the group members could not be retrieved for the group

getRoleCodesForGroup

public abstract List<String> getRoleCodesForGroup(String groupName)
                                           throws GroupNotFoundException,
                                                  africa.absa.inception.core.service.ServiceUnavailableException

Retrieve the codes for the roles that have been assigned to the group.

Parameters:

groupName - the name of the group

Returns:

the codes for the roles that have been assigned to the group

Throws:

GroupNotFoundException - if the group could not be found

africa.absa.inception.core.service.ServiceUnavailableException - if the codes for the roles assigned to the group could not be retrieved

getRoleCodesForUser

public abstract List<String> getRoleCodesForUser(String username)
                                          throws UserNotFoundException,
                                                 africa.absa.inception.core.service.ServiceUnavailableException

Retrieve the codes for the roles that the user has been assigned.

Parameters:

username - the username for the user

Returns:

the codes for the roles that the user has been assigned

Throws:

UserNotFoundException - if the user could not be found

africa.absa.inception.core.service.ServiceUnavailableException - if the codes for the roles assigned to the user could not be retrieved

getRolesForGroup

public abstract List<GroupRole> getRolesForGroup(String groupName)
                                          throws GroupNotFoundException,
                                                 africa.absa.inception.core.service.ServiceUnavailableException

Retrieve the roles that have been assigned to the group.

Parameters:

groupName - the name of the group

Returns:

the roles that have been assigned to the group

Throws:

GroupNotFoundException - if the group could not be found

africa.absa.inception.core.service.ServiceUnavailableException - if the codes for the roles assigned to the group could not be retrieved

getUser

public abstract User getUser(String username)
                      throws UserNotFoundException,
                             africa.absa.inception.core.service.ServiceUnavailableException

Retrieve the user.

Parameters:

username - the username for the user

Returns:

the user

Throws:

UserNotFoundException - if the user could not be found

africa.absa.inception.core.service.ServiceUnavailableException - if the user could not be retrieved

getUserName

public abstract String getUserName(String username)
                            throws UserNotFoundException,
                                   africa.absa.inception.core.service.ServiceUnavailableException

Retrieve the name of the user.

Parameters:

username - the username for the user

Returns:

the name of the user

Throws:

UserNotFoundException - if the user could not be found

africa.absa.inception.core.service.ServiceUnavailableException - if the name of the user could not be retrieved

getUsers

public abstract List<User> getUsers()
                             throws africa.absa.inception.core.service.ServiceUnavailableException

Retrieve all the users.

Returns:

the users

Throws:

africa.absa.inception.core.service.ServiceUnavailableException - if the users could not be retrieved

getUsers

public abstract Users getUsers(String filter,
                               UserSortBy sortBy,
                               africa.absa.inception.core.sorting.SortDirection sortDirection,
                               Integer pageIndex,
                               Integer pageSize)
                        throws africa.absa.inception.core.service.ServiceUnavailableException

Retrieve the users.

Parameters:

filter - the optional filter to apply to the users

sortBy - the optional method used to sort the users e.g. by name

sortDirection - the optional sort direction to apply to the users

pageIndex - the optional page index

pageSize - the optional page size

Returns:

the users

Throws:

africa.absa.inception.core.service.ServiceUnavailableException - if the users could not be retrieved

isExistingUser

public abstract boolean isExistingUser(String username)
                                throws africa.absa.inception.core.service.ServiceUnavailableException

Does the user with the specified username exist?

Parameters:

username - the username for the user

Returns:

true if a user with specified username exists or false otherwise

Throws:

africa.absa.inception.core.service.ServiceUnavailableException - if the check for the existing user failed

isUserInGroup

public abstract boolean isUserInGroup(String groupName,
                                      String username)
                               throws UserNotFoundException,
                                      GroupNotFoundException,
                                      africa.absa.inception.core.service.ServiceUnavailableException

Is the user in the group?

Parameters:

groupName - the name of the group

username - the username for the user

Returns:

true if the user is a member of the group or false otherwise

Throws:

UserNotFoundException - if the user could not be found

GroupNotFoundException - if the group could not be found

africa.absa.inception.core.service.ServiceUnavailableException - if the check to confirm if the user is a member of the group failed

removeMemberFromGroup

public abstract void removeMemberFromGroup(String groupName,
                                           GroupMemberType memberType,
                                           String memberName)
                                    throws GroupNotFoundException,
                                           GroupMemberNotFoundException,
                                           africa.absa.inception.core.service.ServiceUnavailableException

Remove the group member from the group.

Parameters:

groupName - the name of the group

memberType - the group member type

memberName - the group member name

Throws:

GroupNotFoundException - if the group could not be found

GroupMemberNotFoundException - if the group member could not be found

africa.absa.inception.core.service.ServiceUnavailableException - if the group member could not be removed from the group

removeRoleFromGroup

public abstract void removeRoleFromGroup(String groupName,
                                         String roleCode)
                                  throws GroupNotFoundException,
                                         GroupRoleNotFoundException,
                                         africa.absa.inception.core.service.ServiceUnavailableException

Remove the role from the group.

Parameters:

groupName - the name of the group

roleCode - the code for the role

Throws:

GroupNotFoundException - if the group could not be found

GroupRoleNotFoundException - if the group role could not be found

africa.absa.inception.core.service.ServiceUnavailableException - if the role could not be removed from the group

removeUserFromGroup

public abstract void removeUserFromGroup(String groupName,
                                         String username)
                                  throws GroupNotFoundException,
                                         UserNotFoundException,
                                         africa.absa.inception.core.service.ServiceUnavailableException

Remove the user from the group.

Parameters:

groupName - the name of the group

username - the username for the user

Throws:

GroupNotFoundException - if the group could not be found

UserNotFoundException - if the user could not be found

africa.absa.inception.core.service.ServiceUnavailableException - if the user could not be removed from the group

resetPassword

public abstract void resetPassword(String username,
                                   String newPassword)
                            throws UserNotFoundException,
                                   UserLockedException,
                                   ExistingPasswordException,
                                   africa.absa.inception.core.service.ServiceUnavailableException

Reset the password for the user.

Parameters:

username - the username for the user

newPassword - the new password

Throws:

UserNotFoundException - if the user could not be found

UserLockedException - if the user is locked

ExistingPasswordException - if the user has previously used the new password

africa.absa.inception.core.service.ServiceUnavailableException - if the password for the user could not be reset

updateGroup

public abstract void updateGroup(Group group)
                          throws GroupNotFoundException,
                                 africa.absa.inception.core.service.ServiceUnavailableException

Update the group.

Parameters:

group - the group

Throws:

GroupNotFoundException - if the group could not be found

africa.absa.inception.core.service.ServiceUnavailableException - if the group could not be updated

updateUser

public abstract void updateUser(User user,
                                boolean expirePassword,
                                boolean lockUser)
                         throws UserNotFoundException,
                                africa.absa.inception.core.service.ServiceUnavailableException

Update the user.

Parameters:

user - the user

expirePassword - expire the user's password as part of the update

lockUser - lock the user as part of the update

Throws:

UserNotFoundException - if the user could not be found

africa.absa.inception.core.service.ServiceUnavailableException - if the user could not be updated