Package com.broadleafcommerce.auth.user.service

Interface UserLockoutService

All Known Implementing Classes:
DefaultUserLockoutService
public interface UserLockoutService
Service responsible for handling login attempts. This service handles the creation, locking, unlocking, etc. of user accounts.

  • Method Details

    • createLoginAttempt

      void createLoginAttempt(User user, String loginAttemptResult)
      Create a user login attempt.
      Parameters:
      user - The user to create a login attempt for
      loginAttemptResult - The login attempt result.
      Throws:
      org.springframework.security.authentication.LockedException - if the user is locked out

    • createLoginAttempt

      void createLoginAttempt(String username, String loginAttemptResult, String clientId)
      Create a user login attempt
      Parameters:
      username - The username to create an attempt for
      loginAttemptResult - The login attempt result
      clientId - The client ID

    • unlockUser

      User unlockUser(User user)
      Manually unlock a user
      Parameters:
      user - The user to unlock

    • lockUser

      User lockUser(User user)
      Manually lock a user
      Parameters:
      user - The user to lock

    • unlockUserIfEligible

      Optional<User> unlockUserIfEligible(String username, String clientId)
      If a user is eligbile for unlocking, unlock them.
      Parameters:
      username - The username
      clientId - The client ID
      Returns:
      The user, if they exist

    • canResetPassword

      boolean canResetPassword(User user)
      Return true if this user can reset their password.

      See AuthorizationServer.getLockedUserCanResetPassword() and UserLockoutProperties.isLockedUserCanResetPassword()

      Parameters:
      user - The user to check
      Returns:
      true if the user can reset their password, otherwise false.

    • unlockUserOnPasswordResetIfEligible

      @Nullable Boolean unlockUserOnPasswordResetIfEligible(User user)
      After a password reset, unlock the user if they're eligible.

      See AuthorizationServer.getResetPasswordUnlocksUser() and UserLockoutProperties.isResetPasswordUnlocksUser()

      Parameters:
      user - The user to unlock, if eligible
      Returns:
      true if the user has been unlocked, false if the user is still locked, or null if no action was taken