public interface User extends Principal, Serializable
A user account can be in one of several states. When first created, a User should be disabled, not expired, and unlocked. To start using the account, an administrator should enable the account. The account can be locked for a number of reasons, most commonly because they have failed login for too many times. Finally, the account can expire after the expiration date has been reached. The User must be enabled, not expired, and unlocked in order to pass authentication.
Modifier and Type | Field and Description |
---|---|
static User |
ANONYMOUS
The ANONYMOUS user is used to represent an unidentified user.
|
Modifier and Type | Method and Description |
---|---|
void |
addRole(String role)
Adds a role to this user's account.
|
void |
addRoles(Set<String> newRoles)
Adds a set of roles to this user's account.
|
void |
addSession(javax.servlet.http.HttpSession s)
Adds a session for this User.
|
void |
changePassword(String oldPassword,
String newPassword1,
String newPassword2)
Sets the user's password, performing a verification of the user's old password, the equality of the two new
passwords, and the strength of the new password.
|
void |
disable()
Disable this user's account.
|
void |
enable()
Enable this user's account.
|
long |
getAccountId()
Gets this user's account id number.
|
String |
getAccountName()
Gets this user's account name.
|
String |
getCSRFToken()
Gets the CSRF token for this user's current sessions.
|
HashMap |
getEventMap()
Returns the hashmap used to store security events for this user.
|
Date |
getExpirationTime()
Returns the date that this user's account will expire.
|
int |
getFailedLoginCount()
Returns the number of failed login attempts since the last successful login for an account.
|
Date |
getLastFailedLoginTime()
Returns the date of the last failed login time for a user.
|
String |
getLastHostAddress()
Returns the last host address used by the user.
|
Date |
getLastLoginTime()
Returns the date of the last successful login time for a user.
|
Date |
getLastPasswordChangeTime()
Gets the date of user's last password change.
|
Locale |
getLocale() |
Set<String> |
getRoles()
Gets the roles assigned to a particular account.
|
String |
getScreenName()
Gets the screen name (alias) for the current user.
|
Set |
getSessions()
Returns a Set containing the sessions associated with this User.
|
void |
incrementFailedLoginCount()
Increment failed login count.
|
boolean |
isAnonymous()
Checks if user is anonymous.
|
boolean |
isEnabled()
Checks if this user's account is currently enabled.
|
boolean |
isExpired()
Checks if this user's account is expired.
|
boolean |
isInRole(String role)
Checks if this user's account is assigned a particular role.
|
boolean |
isLocked()
Checks if this user's account is locked.
|
boolean |
isLoggedIn()
Tests to see if the user is currently logged in.
|
boolean |
isSessionAbsoluteTimeout()
Tests to see if this user's session has exceeded the absolute time out based
on ESAPI's configuration settings.
|
boolean |
isSessionTimeout()
Tests to see if the user's session has timed out from inactivity based
on ESAPI's configuration settings.
|
void |
lock()
Lock this user's account.
|
void |
loginWithPassword(String password)
Login with password.
|
void |
logout()
Logout this user.
|
void |
removeRole(String role)
Removes a role from this user's account.
|
void |
removeSession(javax.servlet.http.HttpSession s)
Removes a session for this User.
|
String |
resetCSRFToken()
Returns a token to be used as a prevention against CSRF attacks.
|
void |
setAccountName(String accountName)
Sets this user's account name.
|
void |
setExpirationTime(Date expirationTime)
Sets the date and time when this user's account will expire.
|
void |
setLastFailedLoginTime(Date lastFailedLoginTime)
Set the time of the last failed login for this user.
|
void |
setLastHostAddress(String remoteHost)
Set the last remote host address used by this user.
|
void |
setLastLoginTime(Date lastLoginTime)
Set the time of the last successful login for this user.
|
void |
setLastPasswordChangeTime(Date lastPasswordChangeTime)
Set the time of the last password change for this user.
|
void |
setLocale(Locale locale) |
void |
setRoles(Set<String> roles)
Sets the roles for this account.
|
void |
setScreenName(String screenName)
Sets the screen name (username alias) for this user.
|
void |
unlock()
Unlock this user's account.
|
boolean |
verifyPassword(String password)
Verify that the supplied password matches the password for this user.
|
static final User ANONYMOUS
Locale getLocale()
void setLocale(Locale locale)
locale
- the locale to setvoid addRole(String role) throws AuthenticationException
role
- the role to addAuthenticationException
- the authentication exceptionvoid addRoles(Set<String> newRoles) throws AuthenticationException
newRoles
- the new roles to addAuthenticationException
- the authentication exceptionvoid changePassword(String oldPassword, String newPassword1, String newPassword2) throws AuthenticationException, EncryptionException
oldPassword
- the old passwordnewPassword1
- the new passwordnewPassword2
- the new password - used to verify that the new password was typed correctlyAuthenticationException
- if newPassword1 does not match newPassword2, if oldPassword does not match the stored old password, or if the new password does not meet complexity requirementsEncryptionException
void disable()
void enable()
long getAccountId()
String getAccountName()
String getCSRFToken()
Date getExpirationTime()
int getFailedLoginCount()
String getLastHostAddress()
Date getLastFailedLoginTime() throws AuthenticationException
AuthenticationException
- the authentication exceptionDate getLastLoginTime()
Date getLastPasswordChangeTime()
Set<String> getRoles()
String getScreenName()
void addSession(javax.servlet.http.HttpSession s)
s
- The session to associate with this user.void removeSession(javax.servlet.http.HttpSession s)
s
- The session to remove from being associated with this user.Set getSessions()
void incrementFailedLoginCount()
boolean isAnonymous()
boolean isEnabled()
boolean isExpired()
boolean isInRole(String role)
role
- the role for which to checkboolean isLocked()
boolean isLoggedIn()
boolean isSessionAbsoluteTimeout()
boolean isSessionTimeout()
void lock()
void loginWithPassword(String password) throws AuthenticationException
password
- the passwordAuthenticationException
- if login failsvoid logout()
void removeRole(String role) throws AuthenticationException
role
- the role to removeAuthenticationException
- the authentication exceptionString resetCSRFToken() throws AuthenticationException
AuthenticationException
- the authentication exceptionvoid setAccountName(String accountName)
accountName
- the new account namevoid setExpirationTime(Date expirationTime)
expirationTime
- the new expiration timevoid setRoles(Set<String> roles) throws AuthenticationException
roles
- the new rolesAuthenticationException
- the authentication exceptionvoid setScreenName(String screenName)
screenName
- the new screen namevoid unlock()
boolean verifyPassword(String password) throws EncryptionException
password
- the password that the user enteredEncryptionException
void setLastFailedLoginTime(Date lastFailedLoginTime)
lastFailedLoginTime
- the date and time when the user just failed to login correctly.void setLastHostAddress(String remoteHost) throws AuthenticationHostException
remoteHost
- The address of the user's current source host.AuthenticationHostException
void setLastLoginTime(Date lastLoginTime)
lastLoginTime
- the date and time when the user just successfully logged in.void setLastPasswordChangeTime(Date lastPasswordChangeTime)
lastPasswordChangeTime
- the date and time when the user just successfully changed his/her password.HashMap getEventMap()
Copyright © 2022 The Open Web Application Security Project (OWASP). All rights reserved.