java.lang.Object
com.broadleafcommerce.auth.resource.domain.User
All Implemented Interfaces:
Serializable

public class User extends Object implements Serializable
Represents a user which can authenticate with this service. Users can have roles and permissions.

This domain is synchronized from other services such as the admin user service (AdminUserPersistenceHandler) and the customer service (CustomerPersistenceHandler).

Author:
Samarth Dhruva (samarthd)
See Also:
  • Constructor Details

    • User

      public User()
  • Method Details

    • getCompleteName

      public String getCompleteName()
      Get the complete name of the user. This will provide either the full name, or the combined first, middle, and last names. fullName takes priority. Whether a single name or multiple name fields are used is a client implementation detail.
      Returns:
      The name of the user.
    • getAttribute

      public <T> T getAttribute(String key)
    • hasAttribute

      public boolean hasAttribute(String key)
    • getId

      public String getId()
    • getFirstName

      public String getFirstName()
      The first name of the user, if the fullName is not being used for the user.
      Returns:
      the first name of the user
    • getMiddleName

      public String getMiddleName()
      The middle name of the user, if the fullName is not being used for the user.
      Returns:
      the middle name of the user
    • getLastName

      public String getLastName()
      The last name of the user, if the fullName is not being used for the user.
      Returns:
      the last name of the user
    • getFullName

      public String getFullName()
      The full name of the user, if the component parts firstName, middleName, and lastName are not being used to comprise the full name.
      Returns:
      the full name of the user
    • getUsername

      public String getUsername()
      What this user uses to actually log in. May be the same as email, but that is not required.

      The username is case insensitive, so it will always be stored lowercase.

    • getEmail

      public String getEmail()
      The user's email address.
    • getServiceId

      @Nullable public String getServiceId()
      If this user was synchronized from a BLC service (ex: the admin user service or the customer service), this field will be the ID value used by that service for this user.

      If this value is set, there should also be a value set for type.

      There is a requirement that only if both values are non-null, a combination of this field and type will be unique across all records. There is no uniqueness guarantee for records which have a null service ID or null type.

      See Also:
      • type
    • getType

      @Nullable public String getType()
      Represents the type of user this is. This value must be supplied if serviceId is set.
      See Also:
    • getExternalId

      @Nullable public String getExternalId()
      Intended to hold any unique identifier for this user as known by an external (non-BLC) system. For example, many implementations may integrate or import/export data from other systems that manage their own unique identifiers.
      Returns:
      a unique identifier for this user in a non-BLC system
    • getTenantId

      @Nullable public String getTenantId()
      The id of the tenant this user is associated with.
    • getApplicationIds

      public Set<String> getApplicationIds()
      This field only applies to UserType.ADMIN users.

      The ids of applications this user is a member of. If this is non-empty, this user is restricted to these applications.

    • isTenantAccess

      public boolean isTenantAccess()
      Indicates whether this user has access at the tenant level or not.

      This field only applies to UserType.ADMIN users.

      Returns:
      Does this user have tenant level access?
    • isApplicationAccess

      public boolean isApplicationAccess()
      Indicates whether this user has access at the application level or not.

      This field only applies to UserType.ADMIN users. UserType.CUSTOMER will always have application level access regardless of this value.

      Returns:
      Does this user have application level access?
    • getCustomerContextId

      @Nullable public String getCustomerContextId()
      This field only applies to UserType.CUSTOMER users.

      The id of the customer context this user is a member of. If this is set, this user is restricted to this customer context.

    • getAttributes

      public Map<String,Object> getAttributes()
      Arbitrary attributes associated with this user. May include custom claims, customer segment ids, or any other attributes that are not first class user fields.
    • getPassword

      public String getPassword()
      Encrypted password that should generally only be used in mapping exercises before saving into the data store
    • getPasswordLastUpdated

      public Instant getPasswordLastUpdated()
      The time the password was last updated. Used to enforce rules around how long a password may remain unchanged before forcing the user to make a new one.
    • getPasswordHistory

      public List<UserHistoricalPassword> getPasswordHistory()
      The previous passwords used by this user. These remain encrypted and should only be used when setting a new password. The number of passwords to remember can be configured using PasswordValidatorProperties.getPreviousPasswordsToRemember().
    • isActive

      public boolean isActive()
      A flag indicating whether the user account is enabled. If false, they will not be able to log in.

      This flag should be used if a user needs to be enabled/disabled for administrative reasons.

      Returns:
      true if the user account is enabled, false otherwise
    • isLocked

      public boolean isLocked()
      A flag indicating whether the admin user account is locked. If false, they will not be able to log in and a LockedException will be thrown on a login attempt.

      This flag is used to limit invalid login attempt.

      Returns:
      true if the user account is locked, false otherwise
    • isExpired

      public boolean isExpired()
      A flag indicating whether the admin user account is expired. If false, they will not be able to log in.

      This flag can be used to declare an account as expired and unusable, but currently there is no logic for that. It will always be false.

      Returns:
      true if the admin user account is expired, false otherwise
    • isChangePasswordRequired

      public boolean isChangePasswordRequired()
      A flag indicating whether the admin user account requires a password reset. If true, they will not be able to log in until they reset their password.
      Returns:
      true if the admin user's password is expired and requires a reset, false otherwise
    • isImpersonationAllowed

      public boolean isImpersonationAllowed()
      A flag indicated whether or not this user is allowed to be impersonated.
      Returns:
      true if impersonation allowed
    • getServerId

      public String getServerId()
      The ID of the authorization server that this user is a member of.
      Returns:
      The authorization server ID
    • getLastUpdated

      public Instant getLastUpdated()
      Indicates when this record was last updated.
    • isArchived

      public boolean isArchived()
      This entity is soft-deleted instead of hard-deleted, and this field is set to true when the entity is soft-deleted.
    • getRoles

      public Set<UserRoleRef> getRoles()
      The roles that this user is assigned. The user is granted all permissions that each of these roles are directly assigned or inherit from their ancestors.
    • getPermissions

      public Set<UserPermissionRef> getPermissions()
      The permissions that this user is directly assigned (in addition to permissions granted through roles).
    • getRestrictions

      public Set<Restriction> getRestrictions()
      The data restrictions that control the data this user is permitted to access.
    • getRestrictedRoles

      public Set<RestrictedRole> getRestrictedRoles()
      The roles that this user is directly assigned that are restricted to only apply when accessing certain segments of data.
    • getRestrictedPermissions

      public Set<RestrictedPermission> getRestrictedPermissions()
      The permissions that this user is directly assigned that are restricted to only apply when accessing certain segments of data.
    • getLockedTime

      public Instant getLockedTime()
      If this user is locked out, the time that the user was locked.
    • getAccountRoles

      public List<AccountRole> getAccountRoles()
      Roles this user has under specific Account contexts.
    • getDefaultAccountId

      public String getDefaultAccountId()
      The default account for the customer. If set, the customer will automatically have this account selected on login.
    • setId

      public void setId(String id)
    • setFirstName

      public void setFirstName(String firstName)
      The first name of the user, if the fullName is not being used for the user.
      Parameters:
      firstName - the first name of the user
    • setMiddleName

      public void setMiddleName(String middleName)
      The middle name of the user, if the fullName is not being used for the user.
      Parameters:
      middleName - the middle name of the user
    • setLastName

      public void setLastName(String lastName)
      The last name of the user, if the fullName is not being used for the user.
      Parameters:
      lastName - the last name of the user
    • setFullName

      public void setFullName(String fullName)
      The full name of the user, if the component parts firstName, middleName, and lastName are not being used to comprise the full name.
      Parameters:
      fullName - the full name of the user
    • setUsername

      public void setUsername(String username)
      What this user uses to actually log in. May be the same as email, but that is not required.

      The username is case insensitive, so it will always be stored lowercase.

    • setEmail

      public void setEmail(String email)
      The user's email address.
    • setServiceId

      public void setServiceId(@Nullable String serviceId)
      If this user was synchronized from a BLC service (ex: the admin user service or the customer service), this field will be the ID value used by that service for this user.

      If this value is set, there should also be a value set for type.

      There is a requirement that only if both values are non-null, a combination of this field and type will be unique across all records. There is no uniqueness guarantee for records which have a null service ID or null type.

      See Also:
      • type
    • setType

      public void setType(@Nullable String type)
      Represents the type of user this is. This value must be supplied if serviceId is set.
      See Also:
    • setExternalId

      public void setExternalId(@Nullable String externalId)
      Intended to hold any unique identifier for this user as known by an external (non-BLC) system. For example, many implementations may integrate or import/export data from other systems that manage their own unique identifiers.
      Parameters:
      externalId - a unique identifier for this user in a non-BLC system
    • setTenantId

      public void setTenantId(@Nullable String tenantId)
      The id of the tenant this user is associated with.
    • setApplicationIds

      public void setApplicationIds(Set<String> applicationIds)
      This field only applies to UserType.ADMIN users.

      The ids of applications this user is a member of. If this is non-empty, this user is restricted to these applications.

    • setTenantAccess

      public void setTenantAccess(boolean tenantAccess)
      Indicates whether this user has access at the tenant level or not.

      This field only applies to UserType.ADMIN users.

      Parameters:
      tenantAccess - Does this user have tenant level access?
    • setApplicationAccess

      public void setApplicationAccess(boolean applicationAccess)
      Indicates whether this user has access at the application level or not.

      This field only applies to UserType.ADMIN users. UserType.CUSTOMER will always have application level access regardless of this value.

      Parameters:
      applicationAccess - Does this user have application level access?
    • setCustomerContextId

      public void setCustomerContextId(@Nullable String customerContextId)
      This field only applies to UserType.CUSTOMER users.

      The id of the customer context this user is a member of. If this is set, this user is restricted to this customer context.

    • setAttributes

      public void setAttributes(Map<String,Object> attributes)
      Arbitrary attributes associated with this user. May include custom claims, customer segment ids, or any other attributes that are not first class user fields.
    • setPassword

      public void setPassword(String password)
      Encrypted password that should generally only be used in mapping exercises before saving into the data store
    • setPasswordLastUpdated

      public void setPasswordLastUpdated(Instant passwordLastUpdated)
      The time the password was last updated. Used to enforce rules around how long a password may remain unchanged before forcing the user to make a new one.
    • setPasswordHistory

      public void setPasswordHistory(List<UserHistoricalPassword> passwordHistory)
      The previous passwords used by this user. These remain encrypted and should only be used when setting a new password. The number of passwords to remember can be configured using PasswordValidatorProperties.getPreviousPasswordsToRemember().
    • setActive

      public void setActive(boolean active)
      A flag indicating whether the user account is enabled. If false, they will not be able to log in.

      This flag should be used if a user needs to be enabled/disabled for administrative reasons.

      Parameters:
      active - true if the user account is enabled, false otherwise
    • setLocked

      public void setLocked(boolean locked)
      A flag indicating whether the admin user account is locked. If false, they will not be able to log in and a LockedException will be thrown on a login attempt.

      This flag is used to limit invalid login attempt.

      Parameters:
      locked - true if the admin user account is locked, false otherwise
    • setExpired

      public void setExpired(boolean expired)
      A flag indicating whether the admin user account is expired. If false, they will not be able to log in.

      This flag can be used to declare an account as expired and unusable, but currently there is no logic for that. It will always be false.

      Parameters:
      expired - true if the admin user account is expired, false otherwise
    • setChangePasswordRequired

      public void setChangePasswordRequired(boolean changePasswordRequired)
      A flag indicating whether the admin user account requires a password reset. If true, they will not be able to log in until they reset their password.
      Parameters:
      changePasswordRequired - true if the admin user's password is expired and requires a reset, false otherwise
    • setImpersonationAllowed

      public void setImpersonationAllowed(boolean impersonationAllowed)
      A flag indicated whether or not this user is allowed to be impersonated.
      Parameters:
      impersonationAllowed - true if impersonation is allowed
    • setServerId

      public void setServerId(String serverId)
      The ID of the authorization server that this user is a member of.
      Parameters:
      serverId - The authorization server ID
    • setLastUpdated

      public void setLastUpdated(Instant lastUpdated)
      Indicates when this record was last updated.
    • setArchived

      public void setArchived(boolean archived)
      This entity is soft-deleted instead of hard-deleted, and this field is set to true when the entity is soft-deleted.
    • setRoles

      public void setRoles(Set<UserRoleRef> roles)
      The roles that this user is assigned. The user is granted all permissions that each of these roles are directly assigned or inherit from their ancestors.
    • setPermissions

      public void setPermissions(Set<UserPermissionRef> permissions)
      The permissions that this user is directly assigned (in addition to permissions granted through roles).
    • setRestrictions

      public void setRestrictions(Set<Restriction> restrictions)
      The data restrictions that control the data this user is permitted to access.
    • setRestrictedRoles

      public void setRestrictedRoles(Set<RestrictedRole> restrictedRoles)
      The roles that this user is directly assigned that are restricted to only apply when accessing certain segments of data.
    • setRestrictedPermissions

      public void setRestrictedPermissions(Set<RestrictedPermission> restrictedPermissions)
      The permissions that this user is directly assigned that are restricted to only apply when accessing certain segments of data.
    • setLockedTime

      public void setLockedTime(Instant lockedTime)
      If this user is locked out, the time that the user was locked.
    • setAccountRoles

      public void setAccountRoles(List<AccountRole> accountRoles)
      Roles this user has under specific Account contexts.
    • setDefaultAccountId

      public void setDefaultAccountId(String defaultAccountId)
      The default account for the customer. If set, the customer will automatically have this account selected on login.
    • toString

      public String toString()
      Overrides:
      toString in class Object
    • equals

      public boolean equals(Object o)
      Overrides:
      equals in class Object
    • canEqual

      protected boolean canEqual(Object other)
    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object