|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.owasp.esapi.reference.DefaultUser
public class DefaultUser
Reference implementation of the User interface. This implementation is serialized into a flat file in a simple format.
User
,
Serialized FormField Summary |
---|
Fields inherited from interface org.owasp.esapi.User |
---|
ANONYMOUS |
Constructor Summary | |
---|---|
DefaultUser(java.lang.String accountName)
Instantiates a new user. |
Method Summary | |
---|---|
void |
addRole(java.lang.String role)
Adds a role to this user's account. |
void |
addRoles(java.util.Set<java.lang.String> newRoles)
Adds a set of roles to this user's account. |
void |
addSession(javax.servlet.http.HttpSession s)
Adds a session for this User. |
void |
changePassword(java.lang.String oldPassword,
java.lang.String newPassword1,
java.lang.String newPassword2)
Sets the user's password, performing a verification of the user's old password, the equality of the two new passwords, and the strength of the new password. |
java.lang.Object |
clone()
Override clone and make final to prevent duplicate user objects. |
void |
disable()
Disable this user's account. |
void |
enable()
Enable this user's account. |
long |
getAccountId()
Gets this user's account id number. |
java.lang.String |
getAccountName()
Gets this user's account name. |
java.lang.String |
getCSRFToken()
Gets the CSRF token for this user's current sessions. |
java.util.HashMap |
getEventMap()
Returns the hashmap used to store security events for this user. |
java.util.Date |
getExpirationTime()
Returns the date that this user's account will expire. |
int |
getFailedLoginCount()
Returns the number of failed login attempts since the last successful login for an account. |
java.util.Date |
getLastFailedLoginTime()
Returns the date of the last failed login time for a user. |
java.lang.String |
getLastHostAddress()
Returns the last host address used by the user. |
java.util.Date |
getLastLoginTime()
Returns the date of the last successful login time for a user. |
java.util.Date |
getLastPasswordChangeTime()
Gets the date of user's last password change. |
java.util.Locale |
getLocale()
|
java.lang.String |
getName()
|
java.util.Set<java.lang.String> |
getRoles()
Gets the roles assigned to a particular account. |
java.lang.String |
getScreenName()
Gets the screen name (alias) for the current user. |
java.util.Set |
getSessions()
Returns the list of sessions associated with this User. |
void |
incrementFailedLoginCount()
Increment failed login count. |
boolean |
isAnonymous()
Checks if user is anonymous. |
boolean |
isEnabled()
Checks if this user's account is currently enabled. |
boolean |
isExpired()
Checks if this user's account is expired. |
boolean |
isInRole(java.lang.String role)
Checks if this user's account is assigned a particular role. |
boolean |
isLocked()
Checks if this user's account is locked. |
boolean |
isLoggedIn()
Tests to see if the user is currently logged in. |
boolean |
isSessionAbsoluteTimeout()
Tests to see if this user's session has exceeded the absolute time out based on ESAPI's configuration settings. |
boolean |
isSessionTimeout()
Tests to see if the user's session has timed out from inactivity based on ESAPI's configuration settings. |
void |
lock()
Lock this user's account. |
void |
loginWithPassword(java.lang.String password)
Login with password. |
void |
logout()
Logout this user. |
void |
removeRole(java.lang.String role)
Removes a role from this user's account. |
void |
removeSession(javax.servlet.http.HttpSession s)
Removes a session for this User. |
java.lang.String |
resetCSRFToken()
Returns a token to be used as a prevention against CSRF attacks. In this implementation, we have chosen to use a random token that is stored in the User object. |
void |
setAccountName(java.lang.String accountName)
Sets this user's account name. |
void |
setExpirationTime(java.util.Date expirationTime)
Sets the date and time when this user's account will expire. |
void |
setLastFailedLoginTime(java.util.Date lastFailedLoginTime)
Set the time of the last failed login for this user. |
void |
setLastHostAddress(java.lang.String remoteHost)
Set the last remote host address used by this user. |
void |
setLastLoginTime(java.util.Date lastLoginTime)
Set the time of the last successful login for this user. |
void |
setLastPasswordChangeTime(java.util.Date lastPasswordChangeTime)
Set the time of the last password change for this user. |
void |
setLocale(java.util.Locale locale)
|
void |
setRoles(java.util.Set<java.lang.String> roles)
Sets the roles for this account. |
void |
setScreenName(java.lang.String screenName)
Sets the screen name (username alias) for this user. |
java.lang.String |
toString()
|
void |
unlock()
Unlock this user's account. |
boolean |
verifyPassword(java.lang.String password)
Verify that the supplied password matches the password for this user. |
Methods inherited from class java.lang.Object |
---|
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Methods inherited from interface java.security.Principal |
---|
equals, hashCode |
Constructor Detail |
---|
public DefaultUser(java.lang.String accountName)
accountName
- The name of this user's account.Method Detail |
---|
public void addRole(java.lang.String role) throws AuthenticationException
addRole
in interface User
role
- the role to add
AuthenticationException
- the authentication exceptionpublic void addRoles(java.util.Set<java.lang.String> newRoles) throws AuthenticationException
addRoles
in interface User
newRoles
- the new roles to add
AuthenticationException
- the authentication exceptionpublic void changePassword(java.lang.String oldPassword, java.lang.String newPassword1, java.lang.String newPassword2) throws AuthenticationException, EncryptionException
changePassword
in interface User
oldPassword
- the old passwordnewPassword1
- the new passwordnewPassword2
- the new password - used to verify that the new password was typed correctly
AuthenticationException
- if newPassword1 does not match newPassword2, if oldPassword does not match the stored old password, or if the new password does not meet complexity requirements
EncryptionException
public void disable()
disable
in interface User
public void enable()
enable
in interface User
public long getAccountId()
getAccountId
in interface User
public java.lang.String getAccountName()
getAccountName
in interface User
public java.lang.String getCSRFToken()
getCSRFToken
in interface User
public java.util.Date getExpirationTime()
getExpirationTime
in interface User
public int getFailedLoginCount()
getFailedLoginCount
in interface User
public java.util.Date getLastFailedLoginTime()
getLastFailedLoginTime
in interface User
public java.lang.String getLastHostAddress()
getLastHostAddress
in interface User
public java.util.Date getLastLoginTime()
getLastLoginTime
in interface User
public java.util.Date getLastPasswordChangeTime()
getLastPasswordChangeTime
in interface User
public java.lang.String getName()
getName
in interface java.security.Principal
public java.util.Set<java.lang.String> getRoles()
getRoles
in interface User
public java.lang.String getScreenName()
getScreenName
in interface User
public void addSession(javax.servlet.http.HttpSession s)
addSession
in interface User
s
- The session to associate with this user.public void removeSession(javax.servlet.http.HttpSession s)
removeSession
in interface User
s
- The session to remove from being associated with this user.public java.util.Set getSessions()
getSessions
in interface User
public void incrementFailedLoginCount()
incrementFailedLoginCount
in interface User
public boolean isAnonymous()
isAnonymous
in interface User
public boolean isEnabled()
isEnabled
in interface User
public boolean isExpired()
isExpired
in interface User
public boolean isInRole(java.lang.String role)
isInRole
in interface User
role
- the role for which to check
public boolean isLocked()
isLocked
in interface User
public boolean isLoggedIn()
isLoggedIn
in interface User
public boolean isSessionAbsoluteTimeout()
isSessionAbsoluteTimeout
in interface User
public boolean isSessionTimeout()
isSessionTimeout
in interface User
public void lock()
lock
in interface User
public void loginWithPassword(java.lang.String password) throws AuthenticationException
loginWithPassword
in interface User
password
- the password
AuthenticationException
- if login failspublic void logout()
logout
in interface User
public void removeRole(java.lang.String role)
removeRole
in interface User
role
- the role to removepublic java.lang.String resetCSRFToken()
resetCSRFToken
in interface User
public void setAccountName(java.lang.String accountName)
setAccountName
in interface User
accountName
- the new account namepublic void setExpirationTime(java.util.Date expirationTime)
setExpirationTime
in interface User
expirationTime
- the new expiration timepublic void setLastFailedLoginTime(java.util.Date lastFailedLoginTime)
setLastFailedLoginTime
in interface User
lastFailedLoginTime
- the date and time when the user just failed to login correctly.public void setLastHostAddress(java.lang.String remoteHost) throws AuthenticationHostException
setLastHostAddress
in interface User
remoteHost
- The address of the user's current source host.
AuthenticationHostException
public void setLastLoginTime(java.util.Date lastLoginTime)
setLastLoginTime
in interface User
lastLoginTime
- the date and time when the user just successfully logged in.public void setLastPasswordChangeTime(java.util.Date lastPasswordChangeTime)
setLastPasswordChangeTime
in interface User
lastPasswordChangeTime
- the date and time when the user just successfully changed his/her password.public void setRoles(java.util.Set<java.lang.String> roles) throws AuthenticationException
setRoles
in interface User
roles
- the new roles
AuthenticationException
- the authentication exceptionpublic void setScreenName(java.lang.String screenName)
setScreenName
in interface User
screenName
- the new screen namepublic java.lang.String toString()
toString
in interface java.security.Principal
toString
in class java.lang.Object
public void unlock()
unlock
in interface User
public boolean verifyPassword(java.lang.String password)
verifyPassword
in interface User
password
- the password that the user entered
public final java.lang.Object clone() throws java.lang.CloneNotSupportedException
clone
in class java.lang.Object
java.lang.CloneNotSupportedException
public java.util.Locale getLocale()
getLocale
in interface User
public void setLocale(java.util.Locale locale)
setLocale
in interface User
locale
- the locale to setpublic java.util.HashMap getEventMap()
User
getEventMap
in interface User
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |