Class User
- All Implemented Interfaces:
Serializable
roles
and permissions
.
This domain is synchronized from other services such as the admin user service
(AdminUserPersistenceHandler
) and the customer service
(CustomerPersistenceHandler
).
- Author:
- Samarth Dhruva (samarthd)
- See Also:
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected boolean
boolean
Roles this user has under specific Account contexts.This field only applies toUserType.ADMIN
users.<T> T
getAttribute
(String key) Arbitrary attributes associated with this user.Get the complete name of the user.This field only applies toUserType.CUSTOMER
users.The default account for the customer.getEmail()
The user's email address.Intended to hold any unique identifier for this user as known by an external (non-BLC) system.The first name of the user, if the fullName is not being used for the user.The full name of the user, if the component parts firstName, middleName, and lastName are not being used to comprise the full name.getId()
The last name of the user, if the fullName is not being used for the user.Indicates when this record was last updated.If this user is locked out, the time that the user was locked.The middle name of the user, if the fullName is not being used for the user.Encrypted password that should generally only be used in mapping exercises before saving into the data storeThe previouspasswords
used by this user.The time the password was last updated.The permissions that this user is directly assigned (in addition to permissions granted throughroles
).The permissions that this user is directly assigned that are restricted to only apply when accessing certain segments of data.The roles that this user is directly assigned that are restricted to only apply when accessing certain segments of data.The data restrictions that control the data this user is permitted to access.getRoles()
The roles that this user is assigned.The ID of the authorization server that this user is a member of.If this user was synchronized from a BLC service (ex: the admin user service or the customer service), this field will be the ID value used by that service for this user.The id of the tenant this user is associated with.getType()
Represents the type of user this is.What this user uses to actually log in.boolean
hasAttribute
(String key) int
hashCode()
boolean
isActive()
A flag indicating whether the user account is enabled.boolean
Indicates whether this user has access at the application level or not.boolean
This entity is soft-deleted instead of hard-deleted, and this field is set totrue
when the entity is soft-deleted.boolean
A flag indicating whether the admin user account requires a password reset.boolean
A flag indicating whether the admin user account is expired.boolean
A flag indicated whether or not this user is allowed to be impersonated.boolean
isLocked()
A flag indicating whether the admin user account is locked.boolean
Indicates whether this user has access at the tenant level or not.void
setAccountRoles
(List<AccountRole> accountRoles) Roles this user has under specific Account contexts.void
setActive
(boolean active) A flag indicating whether the user account is enabled.void
setApplicationAccess
(boolean applicationAccess) Indicates whether this user has access at the application level or not.void
setApplicationIds
(Set<String> applicationIds) This field only applies toUserType.ADMIN
users.void
setArchived
(boolean archived) This entity is soft-deleted instead of hard-deleted, and this field is set totrue
when the entity is soft-deleted.void
setAttributes
(Map<String, Object> attributes) Arbitrary attributes associated with this user.void
setChangePasswordRequired
(boolean changePasswordRequired) A flag indicating whether the admin user account requires a password reset.void
setCustomerContextId
(String customerContextId) This field only applies toUserType.CUSTOMER
users.void
setDefaultAccountId
(String defaultAccountId) The default account for the customer.void
The user's email address.void
setExpired
(boolean expired) A flag indicating whether the admin user account is expired.void
setExternalId
(String externalId) Intended to hold any unique identifier for this user as known by an external (non-BLC) system.void
setFirstName
(String firstName) The first name of the user, if the fullName is not being used for the user.void
setFullName
(String fullName) The full name of the user, if the component parts firstName, middleName, and lastName are not being used to comprise the full name.void
void
setImpersonationAllowed
(boolean impersonationAllowed) A flag indicated whether or not this user is allowed to be impersonated.void
setLastName
(String lastName) The last name of the user, if the fullName is not being used for the user.void
setLastUpdated
(Instant lastUpdated) Indicates when this record was last updated.void
setLocked
(boolean locked) A flag indicating whether the admin user account is locked.void
setLockedTime
(Instant lockedTime) If this user is locked out, the time that the user was locked.void
setMiddleName
(String middleName) The middle name of the user, if the fullName is not being used for the user.void
setPassword
(String password) Encrypted password that should generally only be used in mapping exercises before saving into the data storevoid
setPasswordHistory
(List<UserHistoricalPassword> passwordHistory) The previouspasswords
used by this user.void
setPasswordLastUpdated
(Instant passwordLastUpdated) The time the password was last updated.void
setPermissions
(Set<UserPermissionRef> permissions) The permissions that this user is directly assigned (in addition to permissions granted throughroles
).void
setRestrictedPermissions
(Set<RestrictedPermission> restrictedPermissions) The permissions that this user is directly assigned that are restricted to only apply when accessing certain segments of data.void
setRestrictedRoles
(Set<RestrictedRole> restrictedRoles) The roles that this user is directly assigned that are restricted to only apply when accessing certain segments of data.void
setRestrictions
(Set<Restriction> restrictions) The data restrictions that control the data this user is permitted to access.void
setRoles
(Set<UserRoleRef> roles) The roles that this user is assigned.void
setServerId
(String serverId) The ID of the authorization server that this user is a member of.void
setServiceId
(String serviceId) If this user was synchronized from a BLC service (ex: the admin user service or the customer service), this field will be the ID value used by that service for this user.void
setTenantAccess
(boolean tenantAccess) Indicates whether this user has access at the tenant level or not.void
setTenantId
(String tenantId) The id of the tenant this user is associated with.void
Represents the type of user this is.void
setUsername
(String username) What this user uses to actually log in.toString()
-
Constructor Details
-
User
public User()
-
-
Method Details
-
getCompleteName
Get the complete name of the user. This will provide either the full name, or the combined first, middle, and last names.fullName
takes priority. Whether a single name or multiple name fields are used is a client implementation detail.- Returns:
- The name of the user.
-
getAttribute
-
hasAttribute
-
getId
-
getFirstName
The first name of the user, if the fullName is not being used for the user.- Returns:
- the first name of the user
-
getMiddleName
The middle name of the user, if the fullName is not being used for the user.- Returns:
- the middle name of the user
-
getLastName
The last name of the user, if the fullName is not being used for the user.- Returns:
- the last name of the user
-
getFullName
The full name of the user, if the component parts firstName, middleName, and lastName are not being used to comprise the full name.- Returns:
- the full name of the user
-
getUsername
What this user uses to actually log in. May be the same asemail
, but that is not required.The username is case insensitive, so it will always be stored lowercase.
-
getEmail
The user's email address. -
getServiceId
If this user was synchronized from a BLC service (ex: the admin user service or the customer service), this field will be the ID value used by that service for this user.If this value is set, there should also be a value set for
type
.There is a requirement that only if both values are non-null, a combination of this field and
type
will be unique across all records. There is no uniqueness guarantee for records which have a null service ID or nulltype
.- See Also:
-
type
-
getType
Represents the type of user this is. This value must be supplied ifserviceId
is set.- See Also:
-
UserType
serviceId
-
getExternalId
Intended to hold any unique identifier for this user as known by an external (non-BLC) system. For example, many implementations may integrate or import/export data from other systems that manage their own unique identifiers.- Returns:
- a unique identifier for this user in a non-BLC system
-
getTenantId
The id of the tenant this user is associated with. -
getApplicationIds
This field only applies toUserType.ADMIN
users.The ids of applications this user is a member of. If this is non-empty, this user is restricted to these applications.
-
isTenantAccess
public boolean isTenantAccess()Indicates whether this user has access at the tenant level or not.This field only applies to
UserType.ADMIN
users.- Returns:
- Does this user have tenant level access?
-
isApplicationAccess
public boolean isApplicationAccess()Indicates whether this user has access at the application level or not.This field only applies to
UserType.ADMIN
users.UserType.CUSTOMER
will always have application level access regardless of this value.- Returns:
- Does this user have application level access?
-
getCustomerContextId
This field only applies toUserType.CUSTOMER
users.The id of the customer context this user is a member of. If this is set, this user is restricted to this customer context.
-
getAttributes
Arbitrary attributes associated with this user. May include custom claims, customer segment ids, or any other attributes that are not first class user fields. -
getPassword
Encrypted password that should generally only be used in mapping exercises before saving into the data store -
getPasswordLastUpdated
The time the password was last updated. Used to enforce rules around how long a password may remain unchanged before forcing the user to make a new one. -
getPasswordHistory
The previouspasswords
used by this user. These remain encrypted and should only be used when setting a newpassword
. The number of passwords to remember can be configured usingPasswordValidatorProperties.getPreviousPasswordsToRemember()
. -
isActive
public boolean isActive()A flag indicating whether the user account is enabled. If false, they will not be able to log in.This flag should be used if a user needs to be enabled/disabled for administrative reasons.
- Returns:
- true if the user account is enabled, false otherwise
-
isLocked
public boolean isLocked()A flag indicating whether the admin user account is locked. If false, they will not be able to log in and aLockedException
will be thrown on a login attempt.This flag is used to limit invalid login attempt.
- Returns:
- true if the user account is locked, false otherwise
-
isExpired
public boolean isExpired()A flag indicating whether the admin user account is expired. If false, they will not be able to log in.This flag can be used to declare an account as expired and unusable, but currently there is no logic for that. It will always be
false
.- Returns:
- true if the admin user account is expired, false otherwise
-
isChangePasswordRequired
public boolean isChangePasswordRequired()A flag indicating whether the admin user account requires a password reset. If true, they will not be able to log in until they reset their password.- Returns:
- true if the admin user's password is expired and requires a reset, false otherwise
-
isImpersonationAllowed
public boolean isImpersonationAllowed()A flag indicated whether or not this user is allowed to be impersonated.- Returns:
- true if impersonation allowed
-
getServerId
The ID of the authorization server that this user is a member of.- Returns:
- The authorization server ID
-
getLastUpdated
Indicates when this record was last updated. -
isArchived
public boolean isArchived()This entity is soft-deleted instead of hard-deleted, and this field is set totrue
when the entity is soft-deleted. -
getRoles
The roles that this user is assigned. The user is granted all permissions that each of these roles are directly assigned or inherit from their ancestors. -
getPermissions
The permissions that this user is directly assigned (in addition to permissions granted throughroles
). -
getRestrictions
The data restrictions that control the data this user is permitted to access. -
getRestrictedRoles
The roles that this user is directly assigned that are restricted to only apply when accessing certain segments of data. -
getRestrictedPermissions
The permissions that this user is directly assigned that are restricted to only apply when accessing certain segments of data. -
getLockedTime
If this user is locked out, the time that the user was locked. -
getAccountRoles
Roles this user has under specific Account contexts. -
getDefaultAccountId
The default account for the customer. If set, the customer will automatically have this account selected on login. -
setId
-
setFirstName
The first name of the user, if the fullName is not being used for the user.- Parameters:
firstName
- the first name of the user
-
setMiddleName
The middle name of the user, if the fullName is not being used for the user.- Parameters:
middleName
- the middle name of the user
-
setLastName
The last name of the user, if the fullName is not being used for the user.- Parameters:
lastName
- the last name of the user
-
setFullName
The full name of the user, if the component parts firstName, middleName, and lastName are not being used to comprise the full name.- Parameters:
fullName
- the full name of the user
-
setUsername
What this user uses to actually log in. May be the same asemail
, but that is not required.The username is case insensitive, so it will always be stored lowercase.
-
setEmail
The user's email address. -
setServiceId
If this user was synchronized from a BLC service (ex: the admin user service or the customer service), this field will be the ID value used by that service for this user.If this value is set, there should also be a value set for
type
.There is a requirement that only if both values are non-null, a combination of this field and
type
will be unique across all records. There is no uniqueness guarantee for records which have a null service ID or nulltype
.- See Also:
-
type
-
setType
Represents the type of user this is. This value must be supplied ifserviceId
is set.- See Also:
-
UserType
serviceId
-
setExternalId
Intended to hold any unique identifier for this user as known by an external (non-BLC) system. For example, many implementations may integrate or import/export data from other systems that manage their own unique identifiers.- Parameters:
externalId
- a unique identifier for this user in a non-BLC system
-
setTenantId
The id of the tenant this user is associated with. -
setApplicationIds
This field only applies toUserType.ADMIN
users.The ids of applications this user is a member of. If this is non-empty, this user is restricted to these applications.
-
setTenantAccess
public void setTenantAccess(boolean tenantAccess) Indicates whether this user has access at the tenant level or not.This field only applies to
UserType.ADMIN
users.- Parameters:
tenantAccess
- Does this user have tenant level access?
-
setApplicationAccess
public void setApplicationAccess(boolean applicationAccess) Indicates whether this user has access at the application level or not.This field only applies to
UserType.ADMIN
users.UserType.CUSTOMER
will always have application level access regardless of this value.- Parameters:
applicationAccess
- Does this user have application level access?
-
setCustomerContextId
This field only applies toUserType.CUSTOMER
users.The id of the customer context this user is a member of. If this is set, this user is restricted to this customer context.
-
setAttributes
Arbitrary attributes associated with this user. May include custom claims, customer segment ids, or any other attributes that are not first class user fields. -
setPassword
Encrypted password that should generally only be used in mapping exercises before saving into the data store -
setPasswordLastUpdated
The time the password was last updated. Used to enforce rules around how long a password may remain unchanged before forcing the user to make a new one. -
setPasswordHistory
The previouspasswords
used by this user. These remain encrypted and should only be used when setting a newpassword
. The number of passwords to remember can be configured usingPasswordValidatorProperties.getPreviousPasswordsToRemember()
. -
setActive
public void setActive(boolean active) A flag indicating whether the user account is enabled. If false, they will not be able to log in.This flag should be used if a user needs to be enabled/disabled for administrative reasons.
- Parameters:
active
- true if the user account is enabled, false otherwise
-
setLocked
public void setLocked(boolean locked) A flag indicating whether the admin user account is locked. If false, they will not be able to log in and aLockedException
will be thrown on a login attempt.This flag is used to limit invalid login attempt.
- Parameters:
locked
- true if the admin user account is locked, false otherwise
-
setExpired
public void setExpired(boolean expired) A flag indicating whether the admin user account is expired. If false, they will not be able to log in.This flag can be used to declare an account as expired and unusable, but currently there is no logic for that. It will always be
false
.- Parameters:
expired
- true if the admin user account is expired, false otherwise
-
setChangePasswordRequired
public void setChangePasswordRequired(boolean changePasswordRequired) A flag indicating whether the admin user account requires a password reset. If true, they will not be able to log in until they reset their password.- Parameters:
changePasswordRequired
- true if the admin user's password is expired and requires a reset, false otherwise
-
setImpersonationAllowed
public void setImpersonationAllowed(boolean impersonationAllowed) A flag indicated whether or not this user is allowed to be impersonated.- Parameters:
impersonationAllowed
- true if impersonation is allowed
-
setServerId
The ID of the authorization server that this user is a member of.- Parameters:
serverId
- The authorization server ID
-
setLastUpdated
Indicates when this record was last updated. -
setArchived
public void setArchived(boolean archived) This entity is soft-deleted instead of hard-deleted, and this field is set totrue
when the entity is soft-deleted. -
setRoles
The roles that this user is assigned. The user is granted all permissions that each of these roles are directly assigned or inherit from their ancestors. -
setPermissions
The permissions that this user is directly assigned (in addition to permissions granted throughroles
). -
setRestrictions
The data restrictions that control the data this user is permitted to access. -
setRestrictedRoles
The roles that this user is directly assigned that are restricted to only apply when accessing certain segments of data. -
setRestrictedPermissions
The permissions that this user is directly assigned that are restricted to only apply when accessing certain segments of data. -
setLockedTime
If this user is locked out, the time that the user was locked. -
setAccountRoles
Roles this user has under specific Account contexts. -
setDefaultAccountId
The default account for the customer. If set, the customer will automatically have this account selected on login. -
toString
-
equals
-
canEqual
-
hashCode
public int hashCode()
-