com.broadleafcommerce.auth.resource.domain

Class User

java.lang.Object

com.broadleafcommerce.auth.resource.domain.User

All Implemented Interfaces:

Serializable

public class User
extends Object
implements Serializable

Represents a user which can authenticate with this service. Users can have roles and permissions.

This domain is synchronized from other services such as the admin user service (AdminUserPersistenceHandler) and the customer service (CustomerPersistenceHandler).

Author:

Samarth Dhruva (samarthd)

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor and Description
User()

Method Summary

Modifier and Type	Method and Description
protected boolean	canEqual(Object other)
boolean	equals(Object o)
Set<String>	getApplicationIds() This field only applies to UserType.ADMIN users.
<T> T	getAttribute(String key)
Map<String,Object>	getAttributes() Arbitrary attributes associated with this user.
String	getCompleteName() Get the complete name of the user.
String	getCustomerContextId() This field only applies to UserType.CUSTOMER users.
String	getEmail() The user's email address.
String	getExternalId() Intended to hold any unique identifier for this user as known by an external (non-BLC) system.
String	getFirstName() The first name of the user, if the fullName is not being used for the user.
String	getFullName() The full name of the user, if the component parts firstName, middleName, and lastName are not being used to comprise the full name.
String	getId()
String	getLastName() The last name of the user, if the fullName is not being used for the user.
Instant	getLastUpdated() Indicates when this record was last updated.
Instant	getLockedTime() If this user is locked out, the time that the user was locked.
String	getMiddleName() The middle name of the user, if the fullName is not being used for the user.
String	getPassword() Encrypted password that should generally only be used in mapping exercises before saving into the data store
Set<UserPermissionRef>	getPermissions() The permissions that this user is directly assigned (in addition to permissions granted through roles).
Set<RestrictedPermission>	getRestrictedPermissions() The permissions that this user is directly assigned that are restricted to only apply when accessing certain segments of data.
Set<RestrictedRole>	getRestrictedRoles() The roles that this user is directly assigned that are restricted to only apply when accessing certain segments of data.
Set<Restriction>	getRestrictions() The data restrictions that control the data this user is permitted to access.
Set<UserRoleRef>	getRoles() The roles that this user is assigned.
String	getServerId() The ID of the authorization server that this user is a member of.
String	getServiceId() If this user was synchronized from a BLC service (ex: the admin user service or the customer service), this field will be the ID value used by that service for this user.
String	getTenantId() The id of the tenant this user is associated with.
String	getType() Represents the type of user this is.
String	getUsername() What this user uses to actually log in.
boolean	hasAttribute(String key)
int	hashCode()
boolean	isActive() A flag indicating whether the user account is enabled.
boolean	isApplicationAccess() Indicates whether this user has access at the application level or not.
boolean	isArchived() This entity is soft-deleted instead of hard-deleted, and this field is set to true when the entity is soft-deleted.
boolean	isChangePasswordRequired() A flag indicating whether the admin user account requires a password reset.
boolean	isExpired() A flag indicating whether the admin user account is expired.
boolean	isImpersonationAllowed() A flag indicated whether or not this user is allowed to be impersonated.
boolean	isLocked() A flag indicating whether the admin user account is locked.
boolean	isTenantAccess() Indicates whether this user has access at the tenant level or not.
void	setActive(boolean active) A flag indicating whether the user account is enabled.
void	setApplicationAccess(boolean applicationAccess) Indicates whether this user has access at the application level or not.
void	setApplicationIds(Set<String> applicationIds) This field only applies to UserType.ADMIN users.
void	setArchived(boolean archived) This entity is soft-deleted instead of hard-deleted, and this field is set to true when the entity is soft-deleted.
void	setAttributes(Map<String,Object> attributes) Arbitrary attributes associated with this user.
void	setChangePasswordRequired(boolean changePasswordRequired) A flag indicating whether the admin user account requires a password reset.
void	setCustomerContextId(String customerContextId) This field only applies to UserType.CUSTOMER users.
void	setEmail(String email) The user's email address.
void	setExpired(boolean expired) A flag indicating whether the admin user account is expired.
void	setExternalId(String externalId) Intended to hold any unique identifier for this user as known by an external (non-BLC) system.
void	setFirstName(String firstName) The first name of the user, if the fullName is not being used for the user.
void	setFullName(String fullName) The full name of the user, if the component parts firstName, middleName, and lastName are not being used to comprise the full name.
void	setId(String id)
void	setImpersonationAllowed(boolean impersonationAllowed) A flag indicated whether or not this user is allowed to be impersonated.
void	setLastName(String lastName) The last name of the user, if the fullName is not being used for the user.
void	setLastUpdated(Instant lastUpdated) Indicates when this record was last updated.
void	setLocked(boolean locked) A flag indicating whether the admin user account is locked.
void	setLockedTime(Instant lockedTime) If this user is locked out, the time that the user was locked.
void	setMiddleName(String middleName) The middle name of the user, if the fullName is not being used for the user.
void	setPassword(String password) Encrypted password that should generally only be used in mapping exercises before saving into the data store
void	setPermissions(Set<UserPermissionRef> permissions) The permissions that this user is directly assigned (in addition to permissions granted through roles).
void	setRestrictedPermissions(Set<RestrictedPermission> restrictedPermissions) The permissions that this user is directly assigned that are restricted to only apply when accessing certain segments of data.
void	setRestrictedRoles(Set<RestrictedRole> restrictedRoles) The roles that this user is directly assigned that are restricted to only apply when accessing certain segments of data.
void	setRestrictions(Set<Restriction> restrictions) The data restrictions that control the data this user is permitted to access.
void	setRoles(Set<UserRoleRef> roles) The roles that this user is assigned.
void	setServerId(String serverId) The ID of the authorization server that this user is a member of.
void	setServiceId(String serviceId) If this user was synchronized from a BLC service (ex: the admin user service or the customer service), this field will be the ID value used by that service for this user.
void	setTenantAccess(boolean tenantAccess) Indicates whether this user has access at the tenant level or not.
void	setTenantId(String tenantId) The id of the tenant this user is associated with.
void	setType(String type) Represents the type of user this is.
void	setUsername(String username) What this user uses to actually log in.
String	toString()

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

User

public User()

Method Detail

getCompleteName

public String getCompleteName()

Get the complete name of the user. This will provide either the full name, or the combined first, middle, and last names. fullName takes priority. Whether a single name or multiple name fields are used is a client implementation detail.

Returns:

The name of the user.

getAttribute

public <T> T getAttribute(String key)

hasAttribute

public boolean hasAttribute(String key)

getId

public String getId()

getFirstName

public String getFirstName()

The first name of the user, if the fullName is not being used for the user.

Returns:

the first name of the user

getMiddleName

public String getMiddleName()

The middle name of the user, if the fullName is not being used for the user.

Returns:

the middle name of the user

getLastName

public String getLastName()

The last name of the user, if the fullName is not being used for the user.

Returns:

the last name of the user

getFullName

public String getFullName()

The full name of the user, if the component parts firstName, middleName, and lastName are not being used to comprise the full name.

Returns:

the full name of the user

getUsername

public String getUsername()

What this user uses to actually log in. May be the same as email, but that is not required.

The username is case insensitive, so it will always be stored lowercase.

getEmail

public String getEmail()

The user's email address.

getServiceId

@Nullable
public String getServiceId()

If this user was synchronized from a BLC service (ex: the admin user service or the customer service), this field will be the ID value used by that service for this user.

If this value is set, there should also be a value set for type.

There is a requirement that only if both values are non-null, a combination of this field and type will be unique across all records. There is no uniqueness guarantee for records which have a null service ID or null type.

See Also:

type

getType

@Nullable
public String getType()

Represents the type of user this is. This value must be supplied if serviceId is set.

See Also:

UserType, serviceId

getExternalId

@Nullable
public String getExternalId()

Intended to hold any unique identifier for this user as known by an external (non-BLC) system. For example, many implementations may integrate or import/export data from other systems that manage their own unique identifiers.

Returns:

a unique identifier for this user in a non-BLC system

getTenantId

@Nullable
public String getTenantId()

The id of the tenant this user is associated with.

getApplicationIds

public Set<String> getApplicationIds()

This field only applies to UserType.ADMIN users.

The ids of applications this user is a member of. If this is non-empty, this user is restricted to these applications.

isTenantAccess

public boolean isTenantAccess()

Indicates whether this user has access at the tenant level or not.

This field only applies to UserType.ADMIN users.

Returns:

Does this user have tenant level access?

isApplicationAccess

public boolean isApplicationAccess()

Indicates whether this user has access at the application level or not.

This field only applies to UserType.ADMIN users. UserType.CUSTOMER will always have application level access regardless of this value.

Returns:

Does this user have application level access?

getCustomerContextId

@Nullable
public String getCustomerContextId()

This field only applies to UserType.CUSTOMER users.

The id of the customer context this user is a member of. If this is set, this user is restricted to this customer context.

getAttributes

public Map<String,Object> getAttributes()

Arbitrary attributes associated with this user. May include custom claims, customer segment ids, or any other attributes that are not first class user fields.

getPassword

public String getPassword()

Encrypted password that should generally only be used in mapping exercises before saving into the data store

isActive

public boolean isActive()

A flag indicating whether the user account is enabled. If false, they will not be able to log in.

This flag should be used if a user needs to be enabled/disabled for administrative reasons.

Returns:

true if the user account is enabled, false otherwise

isLocked

public boolean isLocked()

A flag indicating whether the admin user account is locked. If false, they will not be able to log in and a LockedException will be thrown on a login attempt.

This flag is used to limit invalid login attempt.

Returns:

true if the user account is locked, false otherwise

isExpired

public boolean isExpired()

A flag indicating whether the admin user account is expired. If false, they will not be able to log in.

This flag can be used to declare an account as expired and unusable, but currently there is no logic for that. It will always be false.

Returns:

true if the admin user account is expired, false otherwise

isChangePasswordRequired

public boolean isChangePasswordRequired()

A flag indicating whether the admin user account requires a password reset. If true, they will not be able to log in until they reset their password.

Returns:

true if the admin user's password is expired and requires a reset, false otherwise

isImpersonationAllowed

public boolean isImpersonationAllowed()

A flag indicated whether or not this user is allowed to be impersonated.

Returns:

true if impersonation allowed

getServerId

public String getServerId()

The ID of the authorization server that this user is a member of.

Returns:

The authorization server ID

getLastUpdated

public Instant getLastUpdated()

Indicates when this record was last updated.

isArchived

public boolean isArchived()

This entity is soft-deleted instead of hard-deleted, and this field is set to true when the entity is soft-deleted.

getRoles

public Set<UserRoleRef> getRoles()

The roles that this user is assigned. The user is granted all permissions that each of these roles are directly assigned or inherit from their ancestors.

getPermissions

public Set<UserPermissionRef> getPermissions()

The permissions that this user is directly assigned (in addition to permissions granted through roles).

getRestrictions

public Set<Restriction> getRestrictions()

The data restrictions that control the data this user is permitted to access.

getRestrictedRoles

public Set<RestrictedRole> getRestrictedRoles()

The roles that this user is directly assigned that are restricted to only apply when accessing certain segments of data.

getRestrictedPermissions

public Set<RestrictedPermission> getRestrictedPermissions()

The permissions that this user is directly assigned that are restricted to only apply when accessing certain segments of data.

getLockedTime

public Instant getLockedTime()

If this user is locked out, the time that the user was locked.

setId

public void setId(String id)

setFirstName

public void setFirstName(String firstName)

The first name of the user, if the fullName is not being used for the user.

Parameters:

firstName - the first name of the user

setMiddleName

public void setMiddleName(String middleName)

The middle name of the user, if the fullName is not being used for the user.

Parameters:

middleName - the middle name of the user

setLastName

public void setLastName(String lastName)

The last name of the user, if the fullName is not being used for the user.

Parameters:

lastName - the last name of the user

setFullName

public void setFullName(String fullName)

The full name of the user, if the component parts firstName, middleName, and lastName are not being used to comprise the full name.

Parameters:

fullName - the full name of the user

setUsername

public void setUsername(String username)

What this user uses to actually log in. May be the same as email, but that is not required.

The username is case insensitive, so it will always be stored lowercase.

setEmail

public void setEmail(String email)

The user's email address.

setServiceId

public void setServiceId(@Nullable
                         String serviceId)

If this user was synchronized from a BLC service (ex: the admin user service or the customer service), this field will be the ID value used by that service for this user.

If this value is set, there should also be a value set for type.

There is a requirement that only if both values are non-null, a combination of this field and type will be unique across all records. There is no uniqueness guarantee for records which have a null service ID or null type.

See Also:

type

setType

public void setType(@Nullable
                    String type)

Represents the type of user this is. This value must be supplied if serviceId is set.

See Also:

UserType, serviceId

setExternalId

public void setExternalId(@Nullable
                          String externalId)

Intended to hold any unique identifier for this user as known by an external (non-BLC) system. For example, many implementations may integrate or import/export data from other systems that manage their own unique identifiers.

Parameters:

externalId - a unique identifier for this user in a non-BLC system

setTenantId

public void setTenantId(@Nullable
                        String tenantId)

The id of the tenant this user is associated with.

setApplicationIds

public void setApplicationIds(Set<String> applicationIds)

This field only applies to UserType.ADMIN users.

The ids of applications this user is a member of. If this is non-empty, this user is restricted to these applications.

setTenantAccess

public void setTenantAccess(boolean tenantAccess)

Indicates whether this user has access at the tenant level or not.

This field only applies to UserType.ADMIN users.

Parameters:

tenantAccess - Does this user have tenant level access?

setApplicationAccess

public void setApplicationAccess(boolean applicationAccess)

Indicates whether this user has access at the application level or not.

This field only applies to UserType.ADMIN users. UserType.CUSTOMER will always have application level access regardless of this value.

Parameters:

applicationAccess - Does this user have application level access?

setCustomerContextId

public void setCustomerContextId(@Nullable
                                 String customerContextId)

This field only applies to UserType.CUSTOMER users.

The id of the customer context this user is a member of. If this is set, this user is restricted to this customer context.

setAttributes

public void setAttributes(Map<String,Object> attributes)

Arbitrary attributes associated with this user. May include custom claims, customer segment ids, or any other attributes that are not first class user fields.

setPassword

public void setPassword(String password)

Encrypted password that should generally only be used in mapping exercises before saving into the data store

setActive

public void setActive(boolean active)

A flag indicating whether the user account is enabled. If false, they will not be able to log in.

This flag should be used if a user needs to be enabled/disabled for administrative reasons.

Parameters:

active - true if the user account is enabled, false otherwise

setLocked

public void setLocked(boolean locked)

A flag indicating whether the admin user account is locked. If false, they will not be able to log in and a LockedException will be thrown on a login attempt.

This flag is used to limit invalid login attempt.

Parameters:

locked - true if the admin user account is locked, false otherwise

setExpired

public void setExpired(boolean expired)

A flag indicating whether the admin user account is expired. If false, they will not be able to log in.

This flag can be used to declare an account as expired and unusable, but currently there is no logic for that. It will always be false.

Parameters:

expired - true if the admin user account is expired, false otherwise

setChangePasswordRequired

public void setChangePasswordRequired(boolean changePasswordRequired)

A flag indicating whether the admin user account requires a password reset. If true, they will not be able to log in until they reset their password.

Parameters:

changePasswordRequired - true if the admin user's password is expired and requires a reset, false otherwise

setImpersonationAllowed

public void setImpersonationAllowed(boolean impersonationAllowed)

A flag indicated whether or not this user is allowed to be impersonated.

Parameters:

impersonationAllowed - true if impersonation is allowed

setServerId

public void setServerId(String serverId)

The ID of the authorization server that this user is a member of.

Parameters:

serverId - The authorization server ID

setLastUpdated

public void setLastUpdated(Instant lastUpdated)

Indicates when this record was last updated.

setArchived

public void setArchived(boolean archived)

This entity is soft-deleted instead of hard-deleted, and this field is set to true when the entity is soft-deleted.

setRoles

public void setRoles(Set<UserRoleRef> roles)

The roles that this user is assigned. The user is granted all permissions that each of these roles are directly assigned or inherit from their ancestors.

setPermissions

public void setPermissions(Set<UserPermissionRef> permissions)

The permissions that this user is directly assigned (in addition to permissions granted through roles).

setRestrictions

public void setRestrictions(Set<Restriction> restrictions)

The data restrictions that control the data this user is permitted to access.

setRestrictedRoles

public void setRestrictedRoles(Set<RestrictedRole> restrictedRoles)

The roles that this user is directly assigned that are restricted to only apply when accessing certain segments of data.

setRestrictedPermissions

public void setRestrictedPermissions(Set<RestrictedPermission> restrictedPermissions)

The permissions that this user is directly assigned that are restricted to only apply when accessing certain segments of data.

setLockedTime

public void setLockedTime(Instant lockedTime)

If this user is locked out, the time that the user was locked.

toString

public String toString()

Overrides:

toString in class Object

equals

public boolean equals(Object o)

Overrides:

equals in class Object

canEqual

protected boolean canEqual(Object other)

hashCode

public int hashCode()

Overrides:

hashCode in class Object