Package cz.metacentrum.perun.core.blImpl

Class UsersManagerBlImpl

java.lang.Object

cz.metacentrum.perun.core.blImpl.UsersManagerBlImpl

All Implemented Interfaces:

UsersManagerBl

public class UsersManagerBlImpl
extends Object
implements UsersManagerBl

UsersManager business logic

Author:

Michal Prochazka michalp@ics.muni.cz, Slavek Licehammer glory@ics.muni.cz, Sona Mastrakova

Field Summary

Fields inherited from interface cz.metacentrum.perun.core.bl.UsersManagerBl

ADDITIONAL_IDENTIFIERS_ATTRIBUTE_NAME, ADDITIONAL_IDENTIFIERS_PERUN_ATTRIBUTE_NAME, MULTIVALUE_ATTRIBUTE_SEPARATOR_REGEX, ORIGIN_IDENTITY_PROVIDER_KEY

Constructor Summary

Constructors

Constructor	Description
UsersManagerBlImpl(UsersManagerImplApi usersManagerImpl)	Constructor.

Method Summary

Modifier and Type	Method	Description
void	addSpecificUserOwner(PerunSession sess, User user, User specificUser)	Add specificUser owner (the user) If not exists, create new ownership.
UserExtSource	addUserExtSource(PerunSession sess, User user, UserExtSource userExtSource)	Adds user's external sources.
void	anonymizeUser(PerunSession sess, User user, boolean force)	Anonymizes user - according to configuration, each of user's attributes is either anonymized, kept untouched or deleted.
void	blockLogins(PerunSession sess, List<String> logins, String namespace, Integer relatedUserId)	Block logins for given namespace or block logins globally (if no namespace is selected)
void	changeEmail(PerunSession sess, User user, String newEmail)	Change user's email to email from user ext source.
void	changeEmailCustom(PerunSession sess, User user, String newEmail, String url, String lang, String path, String idp)	Change user's email to custom email.
void	changeName(PerunSession sess, User user, String newUserName)	Change user's name to user's name from user ext source.
void	changeNameCustom(PerunSession sess, User user, String titleBefore, String firstName, String middleName, String lastName, String titleAfter)	Change user's name to custom name.
void	changeNonAuthzPassword(PerunSession sess, UUID token, String password, String lang)	Changes user password in defined login-namespace based on token of the password reset request.
void	changeOrganization(PerunSession sess, User user, String newOrganizationName)	Change organization from which user came to organization from user ext source.
void	changeOrganizationCustom(PerunSession sess, User user, String newOrganizationName)	Change organization from which user came to custom organization.
void	changePassword(PerunSession sess, User user, String loginNamespace, String oldPassword, String newPassword, boolean checkOldPassword)	Changes user password in defined login-namespace.
String	changePasswordRandom(PerunSession session, User user, String namespace)	Generates new random password for given user and returns String representing HTML where is the new password.
void	checkBlockedLogins(PerunSession sess, String namespace, String userLogin, boolean ignoreCase)	Check if login is blocked.
void	checkPasswordResetRequestIsValid(PerunSession sess, UUID token)	Checks if the password reset request link is valid.
void	checkPasswordStrength(PerunSession sess, String password, String namespace, String login)	Check password strength for the given namespace.
void	checkReservedLogins(PerunSession sess, String namespace, String login, boolean ignoreCase)	Check if login exists in specified namespace or in any namespace (if namespace is null).
void	checkUserExists(PerunSession sess, User user)
void	checkUserExtSourceExists(PerunSession sess, UserExtSource userExtSource)
void	checkUserExtSourceExistsById(PerunSession sess, int id)
List<RichUser>	convertRichUsersToRichUsersWithAttributes(PerunSession sess, List<RichUser> richUsers)	From List of Rich Users without attribute make list of Rich Users with attributes
User	convertUserEmptyStringsInObjectAttributesIntoNull(User user)	Get user and convert values of his object attributes: - firstName - lastName - middleName - titleBefore - titleAfter from emptyString (like "") to null.
List<RichUser>	convertUsersToRichUsers(PerunSession sess, List<User> users)	From List of Users make list of RichUsers (without attributes)
List<RichUser>	convertUsersToRichUsersWithAttributes(PerunSession sess, List<RichUser> richUsers, List<AttributeDefinition> attrsDef)	Convert RichUsers without attribute to RichUsers with specific attributes.
List<RichUser>	convertUsersToRichUsersWithAttributesByNames(PerunSession sess, List<User> users, List<String> attrNames)	From List of Users make list of RichUsers (with attributes by names)
RichUser	convertUserToRichUserWithAttributesByNames(PerunSession sess, User user, List<String> attrNames)	From User make Rich user (with attributes by names)
void	createAlternativePassword(PerunSession sess, User user, String description, String loginNamespace, String password)	Creates alternative password in external system.
User	createServiceUser(PerunSession sess, Candidate candidate, List<User> owners)	From given candidate, creates a service user and assign given owners to him.
User	createUser(PerunSession sess, Candidate candidate)	From given candidate, creates a user.
User	createUser(PerunSession sess, User user)	Inserts user into DB.
void	deleteAlternativePassword(PerunSession sess, User user, String loginNamespace, String passwordId)	Deletes alternative password in external system.
void	deletePassword(PerunSession sess, User user, String loginNamespace)	Deletes password in external system for existing user.
void	deletePassword(PerunSession sess, String userLogin, String loginNamespace)	Deletes password in external system.
void	deleteReservedLoginsForNamespace(PerunSession sess, String namespace)	Deletes all reserved logins in given namespace
void	deleteReservedLoginsOnlyByGivenApp(PerunSession sess, int appId)	Deletes reserved logins which can be deleted - they are used only in the given application.
void	deleteUser(PerunSession sess, User user)	Deletes user.
void	deleteUser(PerunSession sess, User user, boolean forceDelete)	Deletes user.
RichUser	filterOnlyAllowedAttributes(PerunSession sess, RichUser richUser)	For richUser filter all his user attributes and remove all which principal has no access to.
List<RichUser>	filterOnlyAllowedAttributes(PerunSession sess, List<RichUser> richUsers)	For list of richUser filter all their user attributes and remove all which principal has no access to.
List<RichUserExtSource>	filterOnlyAllowedAttributesForRichUserExtSources(PerunSession sess, List<RichUserExtSource> richUserExtSources)	From given list of RichUserExtSource removes the attributes which are not allowed for the current principal.
List<RichUser>	findRichUsers(PerunSession sess, String searchString)	Returns list of richusers with attributes who matches the searchString, searching name, id, uuid, email, logins.
List<RichUser>	findRichUsersByExactMatch(PerunSession sess, String searchString)	Returns list of richusers with attributes who matches the searchString, searching name, id, uuid, email, logins.
List<RichUser>	findRichUsersWithAttributes(PerunSession sess, String searchString, List<String> attrsName)	Returns list of RichUsers with selected attributes who matches the searchString, searching name, id, uuid, email, logins.
List<RichUser>	findRichUsersWithAttributesByExactMatch(PerunSession sess, String searchString, List<String> attrsName)	Returns list of RichUsers with selected attributes who matches the searchString, searching name, id, uuid, email, logins.
List<RichUser>	findRichUsersWithoutSpecificVoWithAttributes(PerunSession sess, Vo vo, String searchString, List<String> attrsName)	Return list of RichUsers who matches the searchString, searching name, email and logins and are not member in specific VO and contain selected attributes.
List<User>	findUsers(PerunSession sess, String searchString)	Returns list of users' who matches the searchString, searching name, id, uuid, email and logins.
List<User>	findUsersByExactMatch(PerunSession sess, String searchString)
List<User>	findUsersByExactName(PerunSession sess, String searchString)	Returns list of users who exactly matches the searchString
List<User>	findUsersByName(PerunSession sess, String searchString)	Returns list of users who matches the searchString
List<User>	findUsersByName(PerunSession sess, String titleBefore, String firstName, String middleName, String lastName, String titleAfter)	Returns list of users who matches the fields.
List<User>	findUsersWithExtSourceAttributeValueEnding(PerunSessionImpl sess, String attributeName, String valueEnd, List<String> excludeValueEnds)	Finds users with UserExtSource with attribute value that ends with specified string but not with specified exclude strings.
Map<String,String>	generateAccount(PerunSession sess, String loginNamespace, Map<String,String> parameters)	Generate user account in a backend system associated with login-namespace in Perun.
List<UserExtSource>	getActiveUserExtSources(PerunSession sess, User user)	Get all users userExtSources with last_access not older than (now - m), where 'm' is number of months defined in CONSTANT in UsersManagerImpl.
List<BlockedLogin>	getAllBlockedLoginsInNamespaces(PerunSession sess)	Returns all blocked logins in namespaces (if namespace is null, then this login is blocked globally)
List<Resource>	getAllowedResources(PerunSession sess, Facility facility, User user)	Get all resources from the facility which have the user access on.
List<Resource>	getAllowedResources(PerunSession sess, User user)	Get all resources which have the user access on.
List<RichUser>	getAllRichUsers(PerunSession sess, boolean includedSpecificUsers)	Get All richUsers with or without specificUsers.
List<RichUser>	getAllRichUsersWithAttributes(PerunSession sess, boolean includedSpecificUsers)	Get All richUsers with or without specificUsers.
List<RichUser>	getAllRichUsersWithAttributes(PerunSession sess, boolean includedSpecificUsers, List<String> attrsName)	Get User to RichUser with attributes.
List<UserExtSource>	getAllUserExtSourcesByTypeAndLogin(PerunSession sess, String extType, String extLogin)	Gets list of all users external sources by specific type and extLogin.
List<Resource>	getAssignedResources(PerunSession sess, Facility facility, User user)	Get all resources from the facility where the user is assigned.
List<Resource>	getAssignedResources(PerunSession sess, User user)	Get all resources where the user is assigned.
List<RichResource>	getAssignedRichResources(PerunSession sess, User user)	Get all rich resources where the user is assigned.
List<Resource>	getAssociatedResources(PerunSession sess, Facility facility, User user)	Return all resources of specified facility with which user is associated through all his members.
List<Resource>	getAssociatedResources(PerunSession sess, User user)	Get all resources with which user can be associated (similar to assigned resources, but does not require ACTIVE group-resource assignment).
Paginated<BlockedLogin>	getBlockedLoginsPage(PerunSession sess, BlockedLoginsPageQuery query)	Get page of blocked logins.
List<Group>	getGroupsWhereUserIsActive(PerunSession sess, Facility facility, User user)	Return all groups where user is active (has VALID status in VO and Group together) for specified user and facility
List<Group>	getGroupsWhereUserIsActive(PerunSession sess, Resource resource, User user)	Return all groups where user is active (has VALID status in VO and Group together) for specified user and resource
List<Group>	getGroupsWhereUserIsAdmin(PerunSession sess, User user)	Returns list of Groups in Perun, where the User is a direct Administrator or he is a VALID member of any group which is Administrator of some of these Groups.
List<Group>	getGroupsWhereUserIsAdmin(PerunSession sess, Vo vo, User user)	Returns list of Groups in selected Vo, where the User is a direct Administrator or he is a VALID member of any group which is Administrator of some of these Groups.
int	getIdOfBlockedLogin(PerunSession sess, String login, String namespace)	Return ID of blocked login
PasswordManagerModule	getPasswordManagerModule(PerunSession session, String namespace)	Returns password manager module for specified login-namespace or falls back on generic password manager module.
List<String>	getPendingPreferredEmailChanges(PerunSession sess, User user)	Return list of email addresses of user, which are awaiting validation and are inside time window for validation.
PerunBl	getPerunBl()	Gets the perunBl for this instance.
Integer	getRelatedUserIdByBlockedLoginInNamespace(PerunSession sess, String login, String namespace)	Get user id of the user who was related to the given login in the past
List<Pair<String,String>>	getReservedLoginsByApp(PerunSession sess, int appId)	Gets reserved logins which are used in the given application.
List<Pair<String,String>>	getReservedLoginsOnlyByGivenApp(PerunSession sess, int appId)	Gets reserved logins which can be deleted - they are used only in the given application.
RichUser	getRichUser(PerunSession sess, User user)	Get User to RichUser without attributes.
List<RichUserExtSource>	getRichUserExtSources(PerunSession sess, User user, List<String> attrsNames)	Gets list of all user's external sources with attributes.
List<RichUser>	getRichUsersByIds(PerunSession sess, List<Integer> ids)	Returns rich users without attributes by their ids.
List<RichUser>	getRichUsersFromListOfUsers(PerunSession sess, List<User> users)	From Users makes RichUsers without attributes.
List<RichUser>	getRichUsersWithAttributesByIds(PerunSession sess, List<Integer> ids)	Returns rich users with attributes by their ids.
List<RichUser>	getRichUsersWithAttributesFromListOfUsers(PerunSession sess, List<User> users)	From Users makes RichUsers with attributes.
List<RichUser>	getRichUsersWithoutVoAssigned(PerunSession sess)	Returns all RichUsers with attributes who are not member of any VO.
List<RichUser>	getRichUsersWithoutVoWithAttributes(PerunSession sess, List<String> attrsName)	Return list of RichUsers which are not members of any VO and contain selected attributes.
RichUser	getRichUserWithAttributes(PerunSession sess, User user)	Get User to RichUser with attributes.
List<User>	getSpecificUsers(PerunSession sess)	Return all specific Users (only specific users)
List<User>	getSpecificUsersByUser(PerunSession sess, User user)	Return all specificUsers who are owned by the user and their ownership is not in status disabled
List<User>	getSponsors(PerunSession sess, Member sponsoredMember)	Gets list of users that sponsor the member.
Map<Integer,List<Pair<User,Sponsorship>>>	getSponsorsForSponsoredMembersInVo(PerunSession sess, int voId)	Retrieves a map, that maps the ids of the sponsored members in the given VO to a list of their Sponsors with the corresponding Sponsorship objects.
List<User>	getUnanonymizedUsersBySpecificUser(PerunSession sess, User specificUser)	Return all users who owns the specificUser, their ownership is not in status disabled and are not anonymized
User	getUserByExtSourceInformation(PerunSession sess, PerunPrincipal principal)	Get user by principal's additional identifiers or extSourceName and extSourceLogin.
User	getUserByExtSourceNameAndExtLogin(PerunSession sess, String extSourceName, String extLogin)	Get user by extSourceName and extSourceLogin
User	getUserById(PerunSession sess, int id)	Returns user by his/her id.
User	getUserByMember(PerunSession sess, Member member)	Returns user by VO member.
User	getUserByUserExtSource(PerunSession sess, UserExtSource userExtSource)	Returns user by his login in external source and external source.
User	getUserByUserExtSources(PerunSession sess, List<UserExtSource> userExtSources)	Get the user based on one of the userExtSource.
UserExtSource	getUserExtSourceByExtLogin(PerunSession sess, ExtSource source, String extLogin)	Gets user's external source by the user's external login and external source.
UserExtSource	getUserExtSourceById(PerunSession sess, int id)	Get the user ext source by its id.
UserExtSource	getUserExtSourceByUniqueAttributeValue(PerunSession sess, int attrId, String uniqueValue)	Return userExtSource for specific attribute definition (specified by id) and unique value.
UserExtSource	getUserExtSourceByUniqueAttributeValue(PerunSession sess, String attrName, String uniqueValue)	Return userExtSource for specific attribute definition (specified by id) and unique value.
UserExtSource	getUserExtSourceFromMultipleIdentifiers(PerunSession sess, PerunPrincipal principal)	Iteratively searches through additional identifiers trying to find userExtSource with the same identifier.
List<UserExtSource>	getUserExtSources(PerunSession sess, User user)	Gets list of all user's external sources of the user.
List<UserExtSource>	getUserExtSourcesByIds(PerunSession sess, List<Integer> ids)	Get user ext sources by their ids.
List<User>	getUsers(PerunSession sess)	Returns all users (included specific users)
List<User>	getUsersByAttribute(PerunSession sess, Attribute attribute)	Returns all users who have set the attribute with the value.
List<User>	getUsersByAttribute(PerunSession sess, Attribute attribute, boolean ignoreCase)	Returns all users who have set the attribute with the value IGNORING CASE in the comparison.
List<User>	getUsersByAttribute(PerunSession sess, String attributeName, String attributeValue)	Search attributes directly in the DB only if the attr is def or opt and value is type of String, otherwise load all users and search in a loop.
List<User>	getUsersByAttributeValue(PerunSession sess, String attributeName, String attributeValue)	Returns all users who have the attribute with the value.
List<User>	getUsersByExtSourceTypeAndLogin(PerunSession perunSession, String extSourceType, String login)	Get all the users who have given type of the ExtSource and login.
List<User>	getUsersByIds(PerunSession sess, List<Integer> usersIds)	Batch method which returns users by theirs ids.
List<User>	getUsersByPerunBean(PerunSession sess, Facility facility)	Returns list of users connected with a facility
List<User>	getUsersByPerunBean(PerunSession sess, Group group)	Returns list of users connected with a group
List<User>	getUsersByPerunBean(PerunSession sess, Host host)	Returns list of users connected with a host
List<User>	getUsersByPerunBean(PerunSession sess, Member member)	Returns list of users connected with a member
List<User>	getUsersByPerunBean(PerunSession sess, Resource resource)	Returns list of users connected with a resource
List<User>	getUsersByPerunBean(PerunSession sess, Vo vo)	Returns list of users connected with a vo
List<User>	getUsersBySpecificUser(PerunSession sess, User specificUser)	Return all users who owns the specificUser and their ownership is not in status disabled
int	getUsersCount(PerunSession sess)	Get count of all users.
UsersManagerImplApi	getUsersManagerImpl()	Gets the usersManagerImpl for this instance.
Paginated<RichUser>	getUsersPage(PerunSession sess, UsersPageQuery query, List<String> attrNames)	Get page of users with the given attributes.
List<Pair<String,String>>	getUsersReservedLogins(PerunSession sess, User user)	Return list of all reserved logins for specific user (pair is namespace and login)
List<User>	getUsersWithoutSpecificVo(PerunSession sess, Vo vo, String searchString)	Return list of users who matches the searchString, searching name, email and logins and are not member in specific VO.
List<User>	getUsersWithoutVoAssigned(PerunSession sess)	Returns all users who are not member of any VO.
List<Vo>	getVosWhereUserIsAdmin(PerunSession sess, User user)	Returns list of VOs, where the user is an Administrator.
List<Vo>	getVosWhereUserIsMember(PerunSession sess, User user)	Returns list of VOs, where the user is a member.
boolean	isLoginAvailable(PerunSession sess, String loginNamespace, String login)	Checks if the login is available in the namespace.
boolean	isLoginBlocked(PerunSession sess, String login, boolean ignoreCase)	Return true if login is blocked (globally - for all namespaces per instance OR for some namespace), false if not.
boolean	isLoginBlockedForNamespace(PerunSession sess, String login, String namespace, boolean ignoreCase)	Return true if login is blocked for given namespace, false if not When the namespace is null, then the method behaves like isLoginBlockedGlobally(), so it checks if the login is blocked globally.
boolean	isLoginBlockedGlobally(PerunSession sess, String login)	Return true if login is blocked globally (for all namespaces per instance - represented by namespace = null), false if not Globally banned logins are ALWAYS case-insensitive.
boolean	isUserAnonymized(PerunSession sess, User user)	Checks whether user has been anonymized or not.
boolean	isUserPerunAdmin(PerunSession sess, User user)	Deprecated.
boolean	loginExist(PerunSession sess, User user, String loginNamespace)	Checks if login exists in given login-namespace.
void	moveUserExtSource(PerunSession sess, User sourceUser, User targetUser, UserExtSource userExtSource)	Take UserExtSource from sourceUser and move it to the targetUser.
void	removeAllUserExtSources(PerunSession sess, User user)	Removes all user's external sources.
void	removeSpecificUserOwner(PerunSession sess, User user, User specificUser)	Remove specificUser owner (the user) Only disable ownership of user and specificUser
void	removeSpecificUserOwner(PerunSession sess, User user, User specificUser, boolean forceDelete)	Remove specificUser owner (the user).
void	removeUserExtSource(PerunSession sess, User user, UserExtSource userExtSource)	Removes user's external sources.
void	requestPreferredEmailChange(PerunSession sess, String url, User user, String email, String lang, String path, String idp)	Request change of user's preferred email address.
void	reservePassword(PerunSession sess, User user, String loginNamespace, String password)	Reserves the password in external system.
void	reservePassword(PerunSession sess, String userLogin, String loginNamespace, String password)	Reserves the password in external system.
void	reserveRandomPassword(PerunSession sess, User user, String loginNamespace)	Reserves random password in external system.
void	setLogin(PerunSession sess, User user, String loginNamespace, String login)	Allow users to manually add login in supported namespace if same login is not reserved
void	setPerunBl(PerunBl perunBl)
User	setSpecificUser(PerunSession sess, User specificUser, SpecificUserType specificUserType, User owner)	Set specific user type for specific user and set ownership of this user for the owner.
boolean	specificUserOwnershipExists(PerunSession sess, User user, User specificUser)	Return true if ownership of user and specificUser already exists.
void	unblockLogins(PerunSession sess, List<String> logins, String namespace)	Unblock logins for given namespace or unblock logins globally (if no namespace is selected)
void	unblockLoginsById(PerunSession sess, List<Integer> loginIds)	Unblock logins by id globally, or in the namespace they were initially blocked.
void	unblockLoginsForNamespace(PerunSession sess, String namespace)	Unblock all logins for given namespace
User	unsetSpecificUser(PerunSession sess, User specificUser, SpecificUserType specificUserType)	Remove all ownerships of this specific user and unset this specific user type from this specific user.
User	updateNameTitles(PerunSession sess, User user)	Updates titles before/after users name.
User	updateUser(PerunSession sess, User user)	Updates users data in DB.
UserExtSource	updateUserExtSource(PerunSession sess, UserExtSource userExtSource)	Updates user's userExtSource in DB.
void	updateUserExtSourceLastAccess(PerunSession sess, UserExtSource userExtSource)	Updates user's userExtSource last access time in DB.
boolean	userExtSourceExists(PerunSession sess, UserExtSource userExtSource)
void	validatePassword(PerunSession sess, User user, String loginNamespace)	Validates the password in external system and sets user extSources and extSource related attributes.
void	validatePassword(PerunSession sess, String userLogin, String loginNamespace)	Validates the password in external system and sets user extSources and extSource related attributes.
String	validatePreferredEmailChange(PerunSession sess, User user, UUID token)	Validate change of user's preferred email address.
void	validateSSHKey(PerunSession sess, String sshKey)	Validate ssh public key, throws exception if validation fails

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

UsersManagerBlImpl

public UsersManagerBlImpl(UsersManagerImplApi usersManagerImpl)

Constructor.

Parameters:

usersManagerImpl - connection pool

Method Details

addSpecificUserOwner

public void addSpecificUserOwner(PerunSession sess,
 User user,
 User specificUser)
                          throws RelationExistsException

Description copied from interface: UsersManagerBl

Add specificUser owner (the user) If not exists, create new ownership. If exists, only enable ownership for user and specificUser

Specified by:

addSpecificUserOwner in interface UsersManagerBl

Parameters:

sess -

user - the user

specificUser - the specificUser

Throws:

RelationExistsException - If there is such user (the user) who try to add

addUserExtSource

public UserExtSource addUserExtSource(PerunSession sess,
 User user,
 UserExtSource userExtSource)
                               throws UserExtSourceExistsException

Description copied from interface: UsersManagerBl

Adds user's external sources.

Specified by:

addUserExtSource in interface UsersManagerBl

Parameters:

sess -

user -

userExtSource -

Returns:

user external auth object with newly generated ID

Throws:

UserExtSourceExistsException

anonymizeUser

public void anonymizeUser(PerunSession sess,
 User user,
 boolean force)
                   throws RelationExistsException,
AnonymizationNotSupportedException

Description copied from interface: UsersManagerBl

Anonymizes user - according to configuration, each of user's attributes is either anonymized, kept untouched or deleted. Also deletes other user's related data, e.g. authorships of users publications, mail change and password reset requests, bans... If force is true then also removes associated members.

Specified by:

anonymizeUser in interface UsersManagerBl

Parameters:

sess -

user -

force -

Throws:

RelationExistsException - if the user has some members assigned

AnonymizationNotSupportedException - if an attribute should be anonymized but its module doesn't specify the anonymization process or if the anonymization is not supported at this instance

blockLogins

public void blockLogins(PerunSession sess,
 List<String> logins,
 String namespace,
 Integer relatedUserId)
                 throws LoginIsAlreadyBlockedException,
LoginExistsException

Description copied from interface: UsersManagerBl

Block logins for given namespace or block logins globally (if no namespace is selected)

Specified by:

blockLogins in interface UsersManagerBl

Parameters:

sess -

logins - list of logins to be blocked

namespace - namespace where the logins should be blocked (null means block the logins globally)

relatedUserId - id of the user related to the login or null if the relatedUserId should not be stored

Throws:

LoginIsAlreadyBlockedException

LoginExistsException

changeNonAuthzPassword

public void changeNonAuthzPassword(PerunSession sess,
 UUID token,
 String password,
 String lang)
                            throws LoginNotExistsException,
PasswordChangeFailedException,
PasswordOperationTimeoutException,
PasswordStrengthFailedException,
InvalidLoginException,
PasswordStrengthException,
PasswordResetLinkExpiredException,
PasswordResetLinkNotValidException,
UserNotExistsException

Description copied from interface: UsersManagerBl

Changes user password in defined login-namespace based on token of the password reset request.

Specified by:

changeNonAuthzPassword in interface UsersManagerBl

Parameters:

sess - PerunSession

token - token for the password reset request

password - new password

lang - Language to get notification in

Throws:

LoginNotExistsException - When user doesn't have login in specified namespace

PasswordChangeFailedException - When password change failed

PasswordOperationTimeoutException - When password change timed out

InvalidLoginException - When login of user has invalid syntax (is not allowed)

PasswordStrengthException - When password doesn't match expected strength by namespace configuration

PasswordResetLinkExpiredException - When the password reset request expired

PasswordResetLinkNotValidException - When the password reset request was already used or has never existed

UserNotExistsException - When the user who requested the password reset doesn't exist

PasswordStrengthFailedException

changePassword

public void changePassword(PerunSession sess,
 User user,
 String loginNamespace,
 String oldPassword,
 String newPassword,
 boolean checkOldPassword)
                    throws LoginNotExistsException,
PasswordDoesntMatchException,
PasswordChangeFailedException,
PasswordOperationTimeoutException,
PasswordStrengthFailedException,
InvalidLoginException,
PasswordStrengthException

Description copied from interface: UsersManagerBl

Changes user password in defined login-namespace. If checkOldPassword is true, then ask authentication system if old password is correct. user must exists.

Specified by:

changePassword in interface UsersManagerBl

Parameters:

sess -

user - user object which is used to get userLogin from the loginNamespace

loginNamespace -

oldPassword -

newPassword -

checkOldPassword -

Throws:

LoginNotExistsException - When user doesn't have login in specified namespace

PasswordDoesntMatchException - When old password does not match

PasswordChangeFailedException

InvalidLoginException - When login of user has invalid syntax (is not allowed)

PasswordStrengthException - When password doesn't match expected strength by namespace configuration

PasswordOperationTimeoutException

PasswordStrengthFailedException

changePasswordRandom

public String changePasswordRandom(PerunSession session,
 User user,
 String namespace)
                            throws PasswordOperationTimeoutException,
LoginNotExistsException,
PasswordChangeFailedException,
InvalidLoginException,
PasswordStrengthException

Description copied from interface: UsersManagerBl

Generates new random password for given user and returns String representing HTML where is the new password.

The HTML template is taken from entityless attribute randomPwdResetTemplate and the loginNamespace is used as a key.

Specified by:

changePasswordRandom in interface UsersManagerBl

Parameters:

session - session

user - user

namespace - login namespace

Returns:

String representing HTML with data about new generated password

Throws:

PasswordOperationTimeoutException - password change timed out

LoginNotExistsException - When user doesn't have login in specified namespace

PasswordChangeFailedException - password change failed

InvalidLoginException - When When login of user has invalid syntax (is not allowed)

PasswordStrengthException - When password doesn't match expected strength by namespace configuration

checkBlockedLogins

public void checkBlockedLogins(PerunSession sess,
 String namespace,
 String userLogin,
 boolean ignoreCase)
                        throws LoginIsAlreadyBlockedException

Description copied from interface: UsersManagerBl

Check if login is blocked. Login can be blocked by default (used by internal components), globally or in namespace.

Specified by:

checkBlockedLogins in interface UsersManagerBl

Parameters:

sess - session

namespace - attribute

userLogin - login

ignoreCase - ignore case (work as case-insensitive)

Throws:

LoginIsAlreadyBlockedException - when login is blocked

checkPasswordResetRequestIsValid

public void checkPasswordResetRequestIsValid(PerunSession sess,
 UUID token)
                                      throws PasswordResetLinkExpiredException,
PasswordResetLinkNotValidException

Description copied from interface: UsersManagerBl

Checks if the password reset request link is valid. The request is valid, if it was created, never used and hasn't expired yet.

Specified by:

checkPasswordResetRequestIsValid in interface UsersManagerBl

Parameters:

sess - PerunSession

token - token for the request to check

Throws:

PasswordResetLinkExpiredException - when the reset link expired

PasswordResetLinkNotValidException - when the reset link was already used or has never existed

checkPasswordStrength

public void checkPasswordStrength(PerunSession sess,
 String password,
 String namespace,
 String login)
                           throws PasswordStrengthException

Description copied from interface: UsersManagerBl

Check password strength for the given namespace. If the password is too weak, the PasswordStrengthException is thrown

Specified by:

checkPasswordStrength in interface UsersManagerBl

Parameters:

password - password, that will be checked

namespace - namespace, that will be used to check the strength of the password

login - login, which may be required for correct password strength check

Throws:

PasswordStrengthException - When password doesn't match expected strength by namespace configuration

checkReservedLogins

public void checkReservedLogins(PerunSession sess,
 String namespace,
 String login,
 boolean ignoreCase)
                         throws AlreadyReservedLoginException

Description copied from interface: UsersManagerBl

Check if login exists in specified namespace or in any namespace (if namespace is null).

Specified by:

checkReservedLogins in interface UsersManagerBl

Parameters:

sess -

namespace - namespace for login, null for all namespace

login - login to check

ignoreCase - TRUE to perform case-insensitive check

Throws:

AlreadyReservedLoginException - throw this exception if login already exist in table of reserved logins

checkUserExists

public void checkUserExists(PerunSession sess,
 User user)
                     throws UserNotExistsException

Specified by:

checkUserExists in interface UsersManagerBl

Throws:

UserNotExistsException

checkUserExtSourceExists

public void checkUserExtSourceExists(PerunSession sess,
 UserExtSource userExtSource)
                              throws UserExtSourceNotExistsException

Specified by:

checkUserExtSourceExists in interface UsersManagerBl

Throws:

UserExtSourceNotExistsException

checkUserExtSourceExistsById

public void checkUserExtSourceExistsById(PerunSession sess,
 int id)
                                  throws UserExtSourceNotExistsException

Specified by:

checkUserExtSourceExistsById in interface UsersManagerBl

Throws:

UserExtSourceNotExistsException

convertRichUsersToRichUsersWithAttributes

public List<RichUser> convertRichUsersToRichUsersWithAttributes(PerunSession sess,
 List<RichUser> richUsers)
                                                         throws UserNotExistsException

Description copied from interface: UsersManagerBl

From List of Rich Users without attribute make list of Rich Users with attributes

Specified by:

convertRichUsersToRichUsersWithAttributes in interface UsersManagerBl

Parameters:

sess -

richUsers -

Returns:

list of Rich Users with attributes

Throws:

UserNotExistsException

convertUserEmptyStringsInObjectAttributesIntoNull

public User convertUserEmptyStringsInObjectAttributesIntoNull(User user)

Description copied from interface: UsersManagerBl

Get user and convert values of his object attributes: - firstName - lastName - middleName - titleBefore - titleAfter from emptyString (like "") to null.

If these values are not empty strings, do not change them. If user is null, return null.

Specified by:

convertUserEmptyStringsInObjectAttributesIntoNull in interface UsersManagerBl

Parameters:

user - user to converting

Returns:

converted user

convertUserToRichUserWithAttributesByNames

public RichUser convertUserToRichUserWithAttributesByNames(PerunSession sess,
 User user,
 List<String> attrNames)

Description copied from interface: UsersManagerBl

From User make Rich user (with attributes by names)

Specified by:

convertUserToRichUserWithAttributesByNames in interface UsersManagerBl

Parameters:

sess - session

user - user to be converted

attrNames - list of Strings with attribute names

Returns:

RichUser with attributes

convertUsersToRichUsers

public List<RichUser> convertUsersToRichUsers(PerunSession sess,
 List<User> users)

Description copied from interface: UsersManagerBl

From List of Users make list of RichUsers (without attributes)

Specified by:

convertUsersToRichUsers in interface UsersManagerBl

Parameters:

sess -

users -

Returns:

list of RIch Users without attributes

convertUsersToRichUsersWithAttributes

public List<RichUser> convertUsersToRichUsersWithAttributes(PerunSession sess,
 List<RichUser> richUsers,
 List<AttributeDefinition> attrsDef)

Description copied from interface: UsersManagerBl

Convert RichUsers without attribute to RichUsers with specific attributes. Specific by list of Attributes. If in list of Attributes is some notUser attribute, it is skipped.

Specified by:

convertUsersToRichUsersWithAttributes in interface UsersManagerBl

Parameters:

sess -

richUsers -

attrsDef -

Returns:

list of RichUsers with specific attributes

convertUsersToRichUsersWithAttributesByNames

public List<RichUser> convertUsersToRichUsersWithAttributesByNames(PerunSession sess,
 List<User> users,
 List<String> attrNames)

Description copied from interface: UsersManagerBl

From List of Users make list of RichUsers (with attributes by names)

Specified by:

convertUsersToRichUsersWithAttributesByNames in interface UsersManagerBl

Parameters:

sess -

users -

Returns:

list of RIch Users without attributes

createAlternativePassword

public void createAlternativePassword(PerunSession sess,
 User user,
 String description,
 String loginNamespace,
 String password)
                               throws PasswordCreationFailedException,
LoginNotExistsException,
PasswordStrengthException

Description copied from interface: UsersManagerBl

Creates alternative password in external system.

Specified by:

createAlternativePassword in interface UsersManagerBl

Parameters:

sess -

user -

description - - description of a password (e.g. 'mobile phone', 'tablet', ...)

loginNamespace -

password - string representation of password

Throws:

PasswordCreationFailedException

LoginNotExistsException - When user doesn't have login in specified namespace

PasswordStrengthException - When password doesn't match expected strength by namespace configuration

createServiceUser

public User createServiceUser(PerunSession sess,
 Candidate candidate,
 List<User> owners)
                       throws WrongAttributeAssignmentException,
UserExtSourceExistsException,
WrongReferenceAttributeValueException,
WrongAttributeValueException,
AttributeNotExistsException

Description copied from interface: UsersManagerBl

From given candidate, creates a service user and assign given owners to him. This method also checks if some of given userExtSources do exist. If so, this method throws a UserExtSourceExistsException. This method can also set only user-def and user-opt attributes for the given candidate.

Specified by:

createServiceUser in interface UsersManagerBl

Parameters:

sess - session

candidate - candidate

owners - owners to be set for the new user

Returns:

created service user

Throws:

WrongAttributeAssignmentException - if some of the given attributes have unsupported namespace

UserExtSourceExistsException - if some of the given UES already exist

WrongReferenceAttributeValueException - if some of the given attribute value cannot be set because of some other attribute constraint

WrongAttributeValueException - if some of the given attribute value is invalid

AttributeNotExistsException - if some of the given attributes dont exist

createUser

public User createUser(PerunSession sess,
 User user)

Description copied from interface: UsersManagerBl

Inserts user into DB.

Specified by:

createUser in interface UsersManagerBl

Parameters:

sess -

user -

createUser

public User createUser(PerunSession sess,
 Candidate candidate)
                throws UserExtSourceExistsException,
WrongAttributeAssignmentException,
WrongAttributeValueException,
WrongReferenceAttributeValueException,
AttributeNotExistsException

Description copied from interface: UsersManagerBl

From given candidate, creates a user. This method also checks if some of given userExtSources do exist. If so, this method throws a UserExtSourceExistsException. This method can also set only user-def and user-opt attributes for the given candidate.

Specified by:

createUser in interface UsersManagerBl

Parameters:

sess - session

candidate - candidate

Returns:

created user

Throws:

UserExtSourceExistsException - if some of the given UES already exist

WrongAttributeAssignmentException - if some of the given attributes have unsupported namespace

WrongAttributeValueException - if some of the given attribute value is invalid

WrongReferenceAttributeValueException - if some of the given attribute value cannot be set because of some other attribute constraint

AttributeNotExistsException - if some of the given attributes dont exist

deleteAlternativePassword

public void deleteAlternativePassword(PerunSession sess,
 User user,
 String loginNamespace,
 String passwordId)
                               throws PasswordDeletionFailedException,
LoginNotExistsException

Description copied from interface: UsersManagerBl

Deletes alternative password in external system.

Specified by:

deleteAlternativePassword in interface UsersManagerBl

Parameters:

sess -

loginNamespace -

passwordId - passwords ID

Throws:

PasswordDeletionFailedException

LoginNotExistsException - When user doesn't have login in specified namespace

deletePassword

public void deletePassword(PerunSession sess,
 String userLogin,
 String loginNamespace)
                    throws LoginNotExistsException,
PasswordDeletionFailedException,
PasswordOperationTimeoutException,
InvalidLoginException

Description copied from interface: UsersManagerBl

Deletes password in external system. User must not exists.

Specified by:

deletePassword in interface UsersManagerBl

Parameters:

sess -

userLogin - string representation of the userLogin

loginNamespace -

Throws:

LoginNotExistsException - When user doesn't have login in specified namespace

PasswordDeletionFailedException

InvalidLoginException - When login of user has invalid syntax (is not allowed)

PasswordOperationTimeoutException

deletePassword

public void deletePassword(PerunSession sess,
 User user,
 String loginNamespace)
                    throws LoginNotExistsException,
PasswordDeletionFailedException,
PasswordOperationTimeoutException,
InvalidLoginException

Description copied from interface: UsersManagerBl

Deletes password in external system for existing user. User's login for specified namespace must exist in Perun.

Specified by:

deletePassword in interface UsersManagerBl

Parameters:

sess - perunSession

user - for which the password will be deleted

loginNamespace - from which the password will be deleted

Throws:

LoginNotExistsException - When user doesn't have login in specified namespace

PasswordDeletionFailedException

PasswordOperationTimeoutException

InvalidLoginException - When login of user has invalid syntax (is not allowed)

deleteReservedLoginsForNamespace

public void deleteReservedLoginsForNamespace(PerunSession sess,
 String namespace)

Description copied from interface: UsersManagerBl

Deletes all reserved logins in given namespace

Specified by:

deleteReservedLoginsForNamespace in interface UsersManagerBl

Parameters:

sess - PerunSession

namespace - Namespace

deleteReservedLoginsOnlyByGivenApp

public void deleteReservedLoginsOnlyByGivenApp(PerunSession sess,
 int appId)
                                        throws PasswordOperationTimeoutException,
InvalidLoginException,
PasswordDeletionFailedException

Description copied from interface: UsersManagerBl

Deletes reserved logins which can be deleted - they are used only in the given application. Deletes them from both KDC and DB.

Specified by:

deleteReservedLoginsOnlyByGivenApp in interface UsersManagerBl

Parameters:

sess -

appId -

Throws:

PasswordOperationTimeoutException

InvalidLoginException

PasswordDeletionFailedException

deleteUser

public void deleteUser(PerunSession sess,
 User user)
                throws RelationExistsException,
MemberAlreadyRemovedException,
UserAlreadyRemovedException,
SpecificUserAlreadyRemovedException,
DeletionNotSupportedException

Description copied from interface: UsersManagerBl

Deletes user.

Specified by:

deleteUser in interface UsersManagerBl

Parameters:

sess -

user -

Throws:

RelationExistsException - if user has some members assigned

MemberAlreadyRemovedException - if there is at least 1 member deleted but not affected by deleting from DB

UserAlreadyRemovedException - if there are no rows affected by deleting user in DB

SpecificUserAlreadyRemovedException - if there are no rows affected by deleting specific user in DB

DeletionNotSupportedException - if the deletion of users is not supported at this instance

deleteUser

public void deleteUser(PerunSession sess,
 User user,
 boolean forceDelete)
                throws RelationExistsException,
MemberAlreadyRemovedException,
UserAlreadyRemovedException,
SpecificUserAlreadyRemovedException,
DeletionNotSupportedException

Description copied from interface: UsersManagerBl

Deletes user. If forceDelete is true, then removes also associated members.

Specified by:

deleteUser in interface UsersManagerBl

Parameters:

sess -

user -

forceDelete - if true, deletes also all members if they are assigned to the user

Throws:

RelationExistsException - if forceDelete is false and the user has some members assigned

MemberAlreadyRemovedException - if there is at least 1 member deleted but not affected by deleting from DB

UserAlreadyRemovedException - if there are no rows affected by deleting user in DB

SpecificUserAlreadyRemovedException - if there are no rows affected by deleting specific user in DBn

DeletionNotSupportedException - if the deletion of users is not supported at this instance

filterOnlyAllowedAttributes

public RichUser filterOnlyAllowedAttributes(PerunSession sess,
 RichUser richUser)

Description copied from interface: UsersManagerBl

For richUser filter all his user attributes and remove all which principal has no access to.

Specified by:

filterOnlyAllowedAttributes in interface UsersManagerBl

Parameters:

sess -

richUser -

Returns:

richUser with only allowed attributes

filterOnlyAllowedAttributes

public List<RichUser> filterOnlyAllowedAttributes(PerunSession sess,
 List<RichUser> richUsers)

Description copied from interface: UsersManagerBl

For list of richUser filter all their user attributes and remove all which principal has no access to.

Specified by:

filterOnlyAllowedAttributes in interface UsersManagerBl

Parameters:

sess -

richUsers -

Returns:

list of RichUsers with only allowed attributes

filterOnlyAllowedAttributesForRichUserExtSources

public List<RichUserExtSource> filterOnlyAllowedAttributesForRichUserExtSources(PerunSession sess,
 List<RichUserExtSource> richUserExtSources)

Description copied from interface: UsersManagerBl

From given list of RichUserExtSource removes the attributes which are not allowed for the current principal. The attributes are removed from the given list and the list is also returned.

Specified by:

filterOnlyAllowedAttributesForRichUserExtSources in interface UsersManagerBl

Parameters:

sess - session

richUserExtSources - richUserExtSources to be filtered

Returns:

list of filtered richUserExtSources

findRichUsers

public List<RichUser> findRichUsers(PerunSession sess,
 String searchString)
                             throws UserNotExistsException

Description copied from interface: UsersManagerBl

Returns list of richusers with attributes who matches the searchString, searching name, id, uuid, email, logins.

Specified by:

findRichUsers in interface UsersManagerBl

Parameters:

sess -

searchString -

Returns:

list of richusers

Throws:

UserNotExistsException

findRichUsersByExactMatch

public List<RichUser> findRichUsersByExactMatch(PerunSession sess,
 String searchString)
                                         throws UserNotExistsException

Description copied from interface: UsersManagerBl

Returns list of richusers with attributes who matches the searchString, searching name, id, uuid, email, logins. Name part is searched for exact match.

Specified by:

findRichUsersByExactMatch in interface UsersManagerBl

Parameters:

sess -

searchString -

Returns:

list of richusers

Throws:

UserNotExistsException

findRichUsersWithAttributes

public List<RichUser> findRichUsersWithAttributes(PerunSession sess,
 String searchString,
 List<String> attrsName)
                                           throws UserNotExistsException

Description copied from interface: UsersManagerBl

Returns list of RichUsers with selected attributes who matches the searchString, searching name, id, uuid, email, logins.

Specified by:

findRichUsersWithAttributes in interface UsersManagerBl

Parameters:

sess -

searchString -

attrsName -

Returns:

list of RichUsers

Throws:

UserNotExistsException

findRichUsersWithAttributesByExactMatch

public List<RichUser> findRichUsersWithAttributesByExactMatch(PerunSession sess,
 String searchString,
 List<String> attrsName)
                                                       throws UserNotExistsException

Description copied from interface: UsersManagerBl

Returns list of RichUsers with selected attributes who matches the searchString, searching name, id, uuid, email, logins. Name part is searched for exact match.

Specified by:

findRichUsersWithAttributesByExactMatch in interface UsersManagerBl

Parameters:

sess -

searchString -

attrsName -

Returns:

list of RichUsers

Throws:

UserNotExistsException

findRichUsersWithoutSpecificVoWithAttributes

public List<RichUser> findRichUsersWithoutSpecificVoWithAttributes(PerunSession sess,
 Vo vo,
 String searchString,
 List<String> attrsName)
                                                            throws UserNotExistsException

Description copied from interface: UsersManagerBl

Return list of RichUsers who matches the searchString, searching name, email and logins and are not member in specific VO and contain selected attributes.

Specified by:

findRichUsersWithoutSpecificVoWithAttributes in interface UsersManagerBl

Parameters:

sess -

vo -

searchString -

attrsName -

Returns:

list of RichUser

Throws:

UserNotExistsException

findUsers

public List<User> findUsers(PerunSession sess,
 String searchString)

Description copied from interface: UsersManagerBl

Returns list of users' who matches the searchString, searching name, id, uuid, email and logins.

Specified by:

findUsers in interface UsersManagerBl

Parameters:

sess -

searchString -

Returns:

list of users

findUsersByExactMatch

public List<User> findUsersByExactMatch(PerunSession sess,
 String searchString)

findUsersByExactName

public List<User> findUsersByExactName(PerunSession sess,
 String searchString)

Description copied from interface: UsersManagerBl

Returns list of users who exactly matches the searchString

Specified by:

findUsersByExactName in interface UsersManagerBl

Parameters:

sess -

searchString -

Returns:

list of users

findUsersByName

public List<User> findUsersByName(PerunSession sess,
 String searchString)

Description copied from interface: UsersManagerBl

Returns list of users who matches the searchString

Specified by:

findUsersByName in interface UsersManagerBl

Parameters:

sess -

searchString -

Returns:

list of users

findUsersByName

public List<User> findUsersByName(PerunSession sess,
 String titleBefore,
 String firstName,
 String middleName,
 String lastName,
 String titleAfter)

Description copied from interface: UsersManagerBl

Returns list of users who matches the fields.

Specified by:

findUsersByName in interface UsersManagerBl

Parameters:

sess -

titleBefore -

firstName -

middleName -

lastName -

titleAfter -

Returns:

list of users

findUsersWithExtSourceAttributeValueEnding

public List<User> findUsersWithExtSourceAttributeValueEnding(PerunSessionImpl sess,
 String attributeName,
 String valueEnd,
 List<String> excludeValueEnds)
                                                      throws AttributeNotExistsException

Description copied from interface: UsersManagerBl

Finds users with UserExtSource with attribute value that ends with specified string but not with specified exclude strings. This method is written to find all users with schacHomeOrganization domains ending with valueEnd, but not with exludeValueEnds.

Specified by:

findUsersWithExtSourceAttributeValueEnding in interface UsersManagerBl

Parameters:

sess - session

attributeName - UserExtSource attribute name

valueEnd - required attribute value ending

excludeValueEnds - exclude these attribute value endings

Returns:

list of users

Throws:

AttributeNotExistsException

generateAccount

public Map<String,String> generateAccount(PerunSession sess,
 String loginNamespace,
 Map<String,String> parameters)
                                   throws PasswordStrengthException

Description copied from interface: UsersManagerBl

Generate user account in a backend system associated with login-namespace in Perun.

This method consumes optional parameters map. Requirements are implementation-dependant for each login-namespace.

Returns map with 1: key=login-namespace attribute urn, value=generated login 2: rest of opt response attributes...

Specified by:

generateAccount in interface UsersManagerBl

Parameters:

sess -

loginNamespace - Namespace to generate account in

parameters - Optional parameters

Returns:

Map of data from backed response

Throws:

PasswordStrengthException - When password doesn't match expected strength by namespace configuration

getActiveUserExtSources

public List<UserExtSource> getActiveUserExtSources(PerunSession sess,
 User user)

Description copied from interface: UsersManagerBl

Get all users userExtSources with last_access not older than (now - m), where 'm' is number of months defined in CONSTANT in UsersManagerImpl.

Specified by:

getActiveUserExtSources in interface UsersManagerBl

Parameters:

sess -

user - user to get extSources for

Returns:

list of active user extSources (not older than now - m)

getAllBlockedLoginsInNamespaces

public List<BlockedLogin> getAllBlockedLoginsInNamespaces(PerunSession sess)

Description copied from interface: UsersManagerBl

Returns all blocked logins in namespaces (if namespace is null, then this login is blocked globally)

Specified by:

getAllBlockedLoginsInNamespaces in interface UsersManagerBl

Parameters:

sess -

Returns:

list of all blocked logins in namespaces

getAllRichUsers

public List<RichUser> getAllRichUsers(PerunSession sess,
 boolean includedSpecificUsers)

Description copied from interface: UsersManagerBl

Get All richUsers with or without specificUsers. If includedSpecificUsers is true, you got all Users included specificUsers If includedSpecificUsers is false, you get all Users without specificUsers

Specified by:

getAllRichUsers in interface UsersManagerBl

Parameters:

sess -

includedSpecificUsers - true or false if you want or dont want get specificUsers too

Returns:

list of RichUsers

getAllRichUsersWithAttributes

public List<RichUser> getAllRichUsersWithAttributes(PerunSession sess,
 boolean includedSpecificUsers)
                                             throws UserNotExistsException

Description copied from interface: UsersManagerBl

Get All richUsers with or without specificUsers. If includedSpecificUsers is true, you got all Users included specificUsers If includedSpecificUsers is false, you get all Users without specificUsers

This method get all RichUsers included Attributes.

Specified by:

getAllRichUsersWithAttributes in interface UsersManagerBl

Parameters:

sess -

includedSpecificUsers - true or false if you want or dont want get specificUsers too

Returns:

list of RichUsers

Throws:

UserNotExistsException

getAllRichUsersWithAttributes

public List<RichUser> getAllRichUsersWithAttributes(PerunSession sess,
 boolean includedSpecificUsers,
 List<String> attrsName)
                                             throws UserNotExistsException

Description copied from interface: UsersManagerBl

Get User to RichUser with attributes.

Specified by:

getAllRichUsersWithAttributes in interface UsersManagerBl

Parameters:

sess -

includedSpecificUsers -

attrsName -

Returns:

Throws:

UserNotExistsException

getAllUserExtSourcesByTypeAndLogin

public List<UserExtSource> getAllUserExtSourcesByTypeAndLogin(PerunSession sess,
 String extType,
 String extLogin)

Description copied from interface: UsersManagerBl

Gets list of all users external sources by specific type and extLogin.

Specified by:

getAllUserExtSourcesByTypeAndLogin in interface UsersManagerBl

Parameters:

sess -

extType - - type of extSource (ex. 'IDP')

extLogin - - extLogin of userExtSource

Returns:

list of userExtSources with type and login, empty list if no such userExtSource exists

getAllowedResources

public List<Resource> getAllowedResources(PerunSession sess,
 Facility facility,
 User user)

Description copied from interface: UsersManagerBl

Get all resources from the facility which have the user access on.

Specified by:

getAllowedResources in interface UsersManagerBl

Parameters:

sess -

facility -

user -

Returns:

list of resources which have the user access on

getAllowedResources

public List<Resource> getAllowedResources(PerunSession sess,
 User user)

Description copied from interface: UsersManagerBl

Get all resources which have the user access on.

Specified by:

getAllowedResources in interface UsersManagerBl

Parameters:

sess -

user -

Returns:

list of resources which have the user access on

getAssignedResources

public List<Resource> getAssignedResources(PerunSession sess,
 Facility facility,
 User user)

Description copied from interface: UsersManagerBl

Get all resources from the facility where the user is assigned.

Specified by:

getAssignedResources in interface UsersManagerBl

Parameters:

sess -

facility -

user -

Returns:

list of resources which have the user access on

getAssignedResources

public List<Resource> getAssignedResources(PerunSession sess,
 User user)

Description copied from interface: UsersManagerBl

Get all resources where the user is assigned.

Specified by:

getAssignedResources in interface UsersManagerBl

Parameters:

sess -

user -

Returns:

list of resources which have the user access on

getAssignedRichResources

public List<RichResource> getAssignedRichResources(PerunSession sess,
 User user)

Description copied from interface: UsersManagerBl

Get all rich resources where the user is assigned.

Specified by:

getAssignedRichResources in interface UsersManagerBl

Parameters:

sess -

user -

Returns:

list of rich resources which have the user access on

getAssociatedResources

public List<Resource> getAssociatedResources(PerunSession sess,
 Facility facility,
 User user)

Description copied from interface: UsersManagerBl

Return all resources of specified facility with which user is associated through all his members. Does not require ACTIVE group-resource assignment.

Specified by:

getAssociatedResources in interface UsersManagerBl

Parameters:

sess -

facility -

user -

Returns:

All resources with which user is associated

getAssociatedResources

public List<Resource> getAssociatedResources(PerunSession sess,
 User user)

Description copied from interface: UsersManagerBl

Get all resources with which user can be associated (similar to assigned resources, but does not require ACTIVE group-resource assignment).

Specified by:

getAssociatedResources in interface UsersManagerBl

Parameters:

sess -

user -

Returns:

list of resources with which the user is associated

getBlockedLoginsPage

public Paginated<BlockedLogin> getBlockedLoginsPage(PerunSession sess,
 BlockedLoginsPageQuery query)

Description copied from interface: UsersManagerBl

Get page of blocked logins.

Specified by:

getBlockedLoginsPage in interface UsersManagerBl

Parameters:

sess - session

query - query with page information

Returns:

page of requested blocked logins

getGroupsWhereUserIsActive

public List<Group> getGroupsWhereUserIsActive(PerunSession sess,
 Resource resource,
 User user)

Description copied from interface: UsersManagerBl

Return all groups where user is active (has VALID status in VO and Group together) for specified user and resource

Specified by:

getGroupsWhereUserIsActive in interface UsersManagerBl

Parameters:

sess - PerunSession

resource - Only groups assigned to this resource might be returned

user - Only groups where this user is VALID member might be returned

Returns:

List of groups where user is active (is a VALID vo and group member) on specified resource

getGroupsWhereUserIsActive

public List<Group> getGroupsWhereUserIsActive(PerunSession sess,
 Facility facility,
 User user)

Description copied from interface: UsersManagerBl

Return all groups where user is active (has VALID status in VO and Group together) for specified user and facility

Specified by:

getGroupsWhereUserIsActive in interface UsersManagerBl

Parameters:

sess - PerunSession

facility - Only groups assigned to this facility (all its resources) might be returned

user - Only groups where this user is VALID member might be returned

Returns:

List of groups where user is active (is a VALID vo and group member) on specified facility

getGroupsWhereUserIsAdmin

public List<Group> getGroupsWhereUserIsAdmin(PerunSession sess,
 User user)

Description copied from interface: UsersManagerBl

Returns list of Groups in Perun, where the User is a direct Administrator or he is a VALID member of any group which is Administrator of some of these Groups.

Specified by:

getGroupsWhereUserIsAdmin in interface UsersManagerBl

Parameters:

sess -

user -

Returns:

list of Groups, where user or some of his groups is an Administrator

getGroupsWhereUserIsAdmin

public List<Group> getGroupsWhereUserIsAdmin(PerunSession sess,
 Vo vo,
 User user)

Description copied from interface: UsersManagerBl

Returns list of Groups in selected Vo, where the User is a direct Administrator or he is a VALID member of any group which is Administrator of some of these Groups.

Specified by:

getGroupsWhereUserIsAdmin in interface UsersManagerBl

Parameters:

sess -

vo - selected Vo under which we are looking for groups

user - manager of groups we are looking for

Returns:

list of Groups, where user or some of his groups (in the Vo) is an Administrator

getIdOfBlockedLogin

public int getIdOfBlockedLogin(PerunSession sess,
 String login,
 String namespace)

Description copied from interface: UsersManagerBl

Return ID of blocked login

Specified by:

getIdOfBlockedLogin in interface UsersManagerBl

Parameters:

sess - session

login - login

namespace - namespace

Returns:

id of login blocked in specified namespace

getPasswordManagerModule

public PasswordManagerModule getPasswordManagerModule(PerunSession session,
 String namespace)

Description copied from interface: UsersManagerBl

Returns password manager module for specified login-namespace or falls back on generic password manager module. Throws exception if no module implementation is found or it can't be instantiated.

Specified by:

getPasswordManagerModule in interface UsersManagerBl

Parameters:

session - session with authz

namespace - specific namespace

Returns:

Password manager module for namespace or 'generic' module.

getPendingPreferredEmailChanges

public List<String> getPendingPreferredEmailChanges(PerunSession sess,
 User user)
                                             throws WrongAttributeAssignmentException,
AttributeNotExistsException

Description copied from interface: UsersManagerBl

Return list of email addresses of user, which are awaiting validation and are inside time window for validation.

If there is no preferred email change request pending or requests are outside time window for validation, returns empty list.

Specified by:

getPendingPreferredEmailChanges in interface UsersManagerBl

Parameters:

sess - PerunSession

user - User to check pending request for

Returns:

List user's email addresses pending validation

Throws:

WrongAttributeAssignmentException

AttributeNotExistsException

getPerunBl

public PerunBl getPerunBl()

Gets the perunBl for this instance.

Returns:

The perunBl.

getRelatedUserIdByBlockedLoginInNamespace

public Integer getRelatedUserIdByBlockedLoginInNamespace(PerunSession sess,
 String login,
 String namespace)
                                                  throws LoginIsNotBlockedException

Description copied from interface: UsersManagerBl

Get user id of the user who was related to the given login in the past

Specified by:

getRelatedUserIdByBlockedLoginInNamespace in interface UsersManagerBl

Parameters:

sess - session

login - blocked login

namespace - namespace where the login is blocked

Returns:

user id or null if there is no related user id

Throws:

LoginIsNotBlockedException

getReservedLoginsByApp

public List<Pair<String,String>> getReservedLoginsByApp(PerunSession sess,
 int appId)

Description copied from interface: UsersManagerBl

Gets reserved logins which are used in the given application.

Specified by:

getReservedLoginsByApp in interface UsersManagerBl

Parameters:

sess -

appId -

Returns:

list of logins (Pair: left - namespace, right - login)

getReservedLoginsOnlyByGivenApp

public List<Pair<String,String>> getReservedLoginsOnlyByGivenApp(PerunSession sess,
 int appId)

Description copied from interface: UsersManagerBl

Gets reserved logins which can be deleted - they are used only in the given application.

Specified by:

getReservedLoginsOnlyByGivenApp in interface UsersManagerBl

Parameters:

sess -

appId -

Returns:

list of logins (Pair: left - namespace, right - login)

getRichUser

public RichUser getRichUser(PerunSession sess,
 User user)

Description copied from interface: UsersManagerBl

Get User to RichUser without attributes.

Specified by:

getRichUser in interface UsersManagerBl

Parameters:

sess -

user -

Returns:

getRichUserExtSources

public List<RichUserExtSource> getRichUserExtSources(PerunSession sess,
 User user,
 List<String> attrsNames)

Description copied from interface: UsersManagerBl

Gets list of all user's external sources with attributes. If any of the attribute names is incorrect then the value is silently skipped. If the attrsNames is null, then this method returns all ues attributes.

Specified by:

getRichUserExtSources in interface UsersManagerBl

Parameters:

sess - session

user - user for who should be the data returned

attrsNames - list of attribute names that should be found, if null or empty return all

Returns:

list of user's external sources with attributes

getRichUserWithAttributes

public RichUser getRichUserWithAttributes(PerunSession sess,
 User user)
                                   throws UserNotExistsException

Description copied from interface: UsersManagerBl

Get User to RichUser with attributes.

Specified by:

getRichUserWithAttributes in interface UsersManagerBl

Parameters:

sess -

user -

Returns:

Throws:

UserNotExistsException

getRichUsersByIds

public List<RichUser> getRichUsersByIds(PerunSession sess,
 List<Integer> ids)

Description copied from interface: UsersManagerBl

Returns rich users without attributes by their ids.

Specified by:

getRichUsersByIds in interface UsersManagerBl

Parameters:

sess -

ids -

Returns:

list of rich users with specified ids

getRichUsersFromListOfUsers

public List<RichUser> getRichUsersFromListOfUsers(PerunSession sess,
 List<User> users)

Description copied from interface: UsersManagerBl

From Users makes RichUsers without attributes.

Specified by:

getRichUsersFromListOfUsers in interface UsersManagerBl

Parameters:

sess -

users - users to convert

Returns:

list of richUsers

getRichUsersWithAttributesByIds

public List<RichUser> getRichUsersWithAttributesByIds(PerunSession sess,
 List<Integer> ids)
                                               throws UserNotExistsException

Description copied from interface: UsersManagerBl

Returns rich users with attributes by their ids.

Specified by:

getRichUsersWithAttributesByIds in interface UsersManagerBl

Parameters:

sess -

ids -

Returns:

list of rich users with specified ids

Throws:

UserNotExistsException

getRichUsersWithAttributesFromListOfUsers

public List<RichUser> getRichUsersWithAttributesFromListOfUsers(PerunSession sess,
 List<User> users)
                                                         throws UserNotExistsException

Description copied from interface: UsersManagerBl

From Users makes RichUsers with attributes.

Specified by:

getRichUsersWithAttributesFromListOfUsers in interface UsersManagerBl

Parameters:

sess -

users - users to convert

Returns:

list of richUsers

Throws:

UserNotExistsException

getRichUsersWithoutVoAssigned

public List<RichUser> getRichUsersWithoutVoAssigned(PerunSession sess)
                                             throws UserNotExistsException

Description copied from interface: UsersManagerBl

Returns all RichUsers with attributes who are not member of any VO.

Specified by:

getRichUsersWithoutVoAssigned in interface UsersManagerBl

Parameters:

sess -

Returns:

list of richUsers who are not member of any VO

Throws:

UserNotExistsException

getRichUsersWithoutVoWithAttributes

public List<RichUser> getRichUsersWithoutVoWithAttributes(PerunSession sess,
 List<String> attrsName)
                                                   throws UserNotExistsException

Description copied from interface: UsersManagerBl

Return list of RichUsers which are not members of any VO and contain selected attributes.

Specified by:

getRichUsersWithoutVoWithAttributes in interface UsersManagerBl

Parameters:

sess -

attrsName -

Returns:

list of RichUsers

Throws:

UserNotExistsException

getSpecificUsers

public List<User> getSpecificUsers(PerunSession sess)

Description copied from interface: UsersManagerBl

Return all specific Users (only specific users)

Specified by:

getSpecificUsers in interface UsersManagerBl

Parameters:

sess -

Returns:

list of all specific users in perun

getSpecificUsersByUser

public List<User> getSpecificUsersByUser(PerunSession sess,
 User user)

Description copied from interface: UsersManagerBl

Return all specificUsers who are owned by the user and their ownership is not in status disabled

Specified by:

getSpecificUsersByUser in interface UsersManagerBl

Parameters:

sess -

user - the user

Returns:

list of specific users who are owned by the user

getSponsors

public List<User> getSponsors(PerunSession sess,
 Member sponsoredMember)

Description copied from interface: UsersManagerBl

Gets list of users that sponsor the member.

Specified by:

getSponsors in interface UsersManagerBl

Parameters:

sess - perun session

sponsoredMember - member which is sponsored

Returns:

list of users that sponsor the member.

getSponsorsForSponsoredMembersInVo

public Map<Integer,List<Pair<User,Sponsorship>>> getSponsorsForSponsoredMembersInVo(PerunSession sess,
 int voId)

Description copied from interface: UsersManagerBl

Retrieves a map, that maps the ids of the sponsored members in the given VO to a list of their Sponsors with the corresponding Sponsorship objects.

Specified by:

getSponsorsForSponsoredMembersInVo in interface UsersManagerBl

Parameters:

sess - perun session

voId - id of a vo for whose members to retrieve the sponsors

Returns:

Map of memberIds in the Vo with Lists of Pairs of their Sponsor and Sponsorship objects

getUserByExtSourceInformation

public User getUserByExtSourceInformation(PerunSession sess,
 PerunPrincipal principal)
                                   throws UserExtSourceNotExistsException,
UserNotExistsException,
ExtSourceNotExistsException

Description copied from interface: UsersManagerBl

Get user by principal's additional identifiers or extSourceName and extSourceLogin. Additional identifiers are used in case principal's extSource was send through proxy which has enabled multiple identifiers. extSourceName and extSourceLogin are used otherwise.

Specified by:

getUserByExtSourceInformation in interface UsersManagerBl

Parameters:

sess -

principal -

Returns:

Throws:

UserExtSourceNotExistsException

UserNotExistsException

ExtSourceNotExistsException

getUserByExtSourceNameAndExtLogin

public User getUserByExtSourceNameAndExtLogin(PerunSession sess,
 String extSourceName,
 String extLogin)
                                       throws ExtSourceNotExistsException,
UserExtSourceNotExistsException,
UserNotExistsException

Description copied from interface: UsersManagerBl

Get user by extSourceName and extSourceLogin

Specified by:

getUserByExtSourceNameAndExtLogin in interface UsersManagerBl

Parameters:

sess -

extSourceName -

extLogin -

Returns:

user

Throws:

ExtSourceNotExistsException

UserExtSourceNotExistsException

UserNotExistsException

getUserById

public User getUserById(PerunSession sess,
 int id)
                 throws UserNotExistsException

Description copied from interface: UsersManagerBl

Returns user by his/her id.

Specified by:

getUserById in interface UsersManagerBl

Parameters:

sess -

id -

Returns:

user

Throws:

UserNotExistsException

getUserByMember

public User getUserByMember(PerunSession sess,
 Member member)

Description copied from interface: UsersManagerBl

Returns user by VO member.

Specified by:

getUserByMember in interface UsersManagerBl

Parameters:

sess -

member -

Returns:

user

getUserByUserExtSource

public User getUserByUserExtSource(PerunSession sess,
 UserExtSource userExtSource)
                            throws UserNotExistsException

Description copied from interface: UsersManagerBl

Returns user by his login in external source and external source.

Specified by:

getUserByUserExtSource in interface UsersManagerBl

Parameters:

sess -

userExtSource -

Returns:

selected user or throws UserNotExistsException in case the user doesn't exists

Throws:

UserNotExistsException

getUserByUserExtSources

public User getUserByUserExtSources(PerunSession sess,
 List<UserExtSource> userExtSources)
                             throws UserNotExistsException

Description copied from interface: UsersManagerBl

Get the user based on one of the userExtSource.

Specified by:

getUserByUserExtSources in interface UsersManagerBl

Parameters:

sess -

userExtSources -

Returns:

user

Throws:

UserNotExistsException

getUserExtSourceByExtLogin

public UserExtSource getUserExtSourceByExtLogin(PerunSession sess,
 ExtSource source,
 String extLogin)
                                         throws UserExtSourceNotExistsException

Description copied from interface: UsersManagerBl

Gets user's external source by the user's external login and external source.

Specified by:

getUserExtSourceByExtLogin in interface UsersManagerBl

Parameters:

sess -

source -

extLogin -

Returns:

user external source object

Throws:

UserExtSourceNotExistsException

getUserExtSourceById

public UserExtSource getUserExtSourceById(PerunSession sess,
 int id)
                                   throws UserExtSourceNotExistsException

Description copied from interface: UsersManagerBl

Get the user ext source by its id.

Specified by:

getUserExtSourceById in interface UsersManagerBl

Parameters:

sess -

id -

Returns:

user external source for the id

Throws:

UserExtSourceNotExistsException

getUserExtSourceByUniqueAttributeValue

public UserExtSource getUserExtSourceByUniqueAttributeValue(PerunSession sess,
 int attrId,
 String uniqueValue)
                                                     throws AttributeNotExistsException,
UserExtSourceNotExistsException

Description copied from interface: UsersManagerBl

Return userExtSource for specific attribute definition (specified by id) and unique value. If not found, throw and exception.

It looks for exactly one value of the specific attribute type: - Integer -> exactly match - String -> exactly match - Map -> exactly match of "key=value" - ArrayList -> exactly match of one of the value

Specified by:

getUserExtSourceByUniqueAttributeValue in interface UsersManagerBl

Parameters:

sess -

attrId - attribute id used for founding attribute definition which has to exists, be unique and in userExtSource namespace

uniqueValue - value used for searching

Returns:

userExtSource found by attribute id and it's unique value

Throws:

AttributeNotExistsException - if attribute can't be found by it's id

UserExtSourceNotExistsException - if userExtSource can't be found

getUserExtSourceByUniqueAttributeValue

public UserExtSource getUserExtSourceByUniqueAttributeValue(PerunSession sess,
 String attrName,
 String uniqueValue)
                                                     throws AttributeNotExistsException,
UserExtSourceNotExistsException

Description copied from interface: UsersManagerBl

Return userExtSource for specific attribute definition (specified by id) and unique value. If not found, throw and exception.

It looks for exactly one value of the specific attribute type: - Integer -> exactly match - String -> exactly match - Map -> exactly match of "key=value" - ArrayList -> exactly match of one of the value

Specified by:

getUserExtSourceByUniqueAttributeValue in interface UsersManagerBl

Parameters:

sess -

attrName - attribute name used for founding attribute definition which has to exists, be unique and in userExtSource namespace

uniqueValue - value used for searching

Returns:

userExtSource found by attribute name and it's unique value

Throws:

AttributeNotExistsException - if attribute can't be found by it's name

UserExtSourceNotExistsException - if userExtSource can't be found

getUserExtSourceFromMultipleIdentifiers

public UserExtSource getUserExtSourceFromMultipleIdentifiers(PerunSession sess,
 PerunPrincipal principal)
                                                      throws UserExtSourceNotExistsException

Description copied from interface: UsersManagerBl

Iteratively searches through additional identifiers trying to find userExtSource with the same identifier. Returns first found userExtSource or throw an exception when no matching userExtSource is found.

Specified by:

getUserExtSourceFromMultipleIdentifiers in interface UsersManagerBl

Parameters:

sess - PerunSession to retrieve UserExtSource

principal - PerunPrincipal which contains additionalIdentifiers

Returns:

UserExtSource found using additionalIdentifiers

Throws:

UserExtSourceNotExistsException - When no matching userExtSource is found

getUserExtSources

public List<UserExtSource> getUserExtSources(PerunSession sess,
 User user)

Description copied from interface: UsersManagerBl

Gets list of all user's external sources of the user.

Specified by:

getUserExtSources in interface UsersManagerBl

Parameters:

sess -

user -

Returns:

list of user's external sources

getUserExtSourcesByIds

public List<UserExtSource> getUserExtSourcesByIds(PerunSession sess,
 List<Integer> ids)

Description copied from interface: UsersManagerBl

Get user ext sources by their ids.

Specified by:

getUserExtSourcesByIds in interface UsersManagerBl

Parameters:

sess -

ids -

Returns:

list of user external sources with specified ids

getUsers

public List<User> getUsers(PerunSession sess)

Description copied from interface: UsersManagerBl

Returns all users (included specific users)

Specified by:

getUsers in interface UsersManagerBl

Parameters:

sess -

Returns:

list of all users

getUsersByAttribute

public List<User> getUsersByAttribute(PerunSession sess,
 Attribute attribute)

Description copied from interface: UsersManagerBl

Returns all users who have set the attribute with the value. Searching only def and opt attributes.

Specified by:

getUsersByAttribute in interface UsersManagerBl

Parameters:

sess -

attribute -

Returns:

list of users

getUsersByAttribute

public List<User> getUsersByAttribute(PerunSession sess,
 String attributeName,
 String attributeValue)

Search attributes directly in the DB only if the attr is def or opt and value is type of String, otherwise load all users and search in a loop.

Specified by:

getUsersByAttribute in interface UsersManagerBl

Parameters:

sess -

attributeName -

attributeValue -

Returns:

list of users

getUsersByAttribute

public List<User> getUsersByAttribute(PerunSession sess,
 Attribute attribute,
 boolean ignoreCase)

Description copied from interface: UsersManagerBl

Returns all users who have set the attribute with the value IGNORING CASE in the comparison. Searching only def and opt attributes.

Specified by:

getUsersByAttribute in interface UsersManagerBl

Parameters:

sess -

attribute -

ignoreCase - TRUE to perform case-insensitive check

Returns:

list of users

getUsersByAttributeValue

public List<User> getUsersByAttributeValue(PerunSession sess,
 String attributeName,
 String attributeValue)

Description copied from interface: UsersManagerBl

Returns all users who have the attribute with the value. attributeValue is not converted to the attribute type, it is always type of String.

Specified by:

getUsersByAttributeValue in interface UsersManagerBl

Parameters:

sess -

attributeName -

attributeValue -

Returns:

list of users

getUsersByExtSourceTypeAndLogin

public List<User> getUsersByExtSourceTypeAndLogin(PerunSession perunSession,
 String extSourceType,
 String login)

Description copied from interface: UsersManagerBl

Get all the users who have given type of the ExtSource and login.

Specified by:

getUsersByExtSourceTypeAndLogin in interface UsersManagerBl

Parameters:

perunSession - perun session

extSourceType - type of the user extSource

login - login of the user

Returns:

all users with given parameters

getUsersByIds

public List<User> getUsersByIds(PerunSession sess,
 List<Integer> usersIds)

Description copied from interface: UsersManagerBl

Batch method which returns users by theirs ids.

Specified by:

getUsersByIds in interface UsersManagerBl

Parameters:

sess -

usersIds -

Returns:

getUsersByPerunBean

public List<User> getUsersByPerunBean(PerunSession sess,
 Group group)

Description copied from interface: UsersManagerBl

Returns list of users connected with a group

Specified by:

getUsersByPerunBean in interface UsersManagerBl

Parameters:

sess -

group -

Returns:

list of users connected with group

getUsersByPerunBean

public List<User> getUsersByPerunBean(PerunSession sess,
 Member member)

Description copied from interface: UsersManagerBl

Returns list of users connected with a member

Specified by:

getUsersByPerunBean in interface UsersManagerBl

Parameters:

sess -

member -

Returns:

list of users connected with member

getUsersByPerunBean

public List<User> getUsersByPerunBean(PerunSession sess,
 Resource resource)

Description copied from interface: UsersManagerBl

Returns list of users connected with a resource

Specified by:

getUsersByPerunBean in interface UsersManagerBl

Parameters:

sess -

resource -

Returns:

list of users connected with resource

getUsersByPerunBean

public List<User> getUsersByPerunBean(PerunSession sess,
 Host host)

Description copied from interface: UsersManagerBl

Returns list of users connected with a host

Specified by:

getUsersByPerunBean in interface UsersManagerBl

Parameters:

sess -

host -

Returns:

list of users connected with host

getUsersByPerunBean

public List<User> getUsersByPerunBean(PerunSession sess,
 Facility facility)

Description copied from interface: UsersManagerBl

Returns list of users connected with a facility

Specified by:

getUsersByPerunBean in interface UsersManagerBl

Parameters:

sess -

facility -

Returns:

list of users connected with facility

getUsersByPerunBean

public List<User> getUsersByPerunBean(PerunSession sess,
 Vo vo)

Description copied from interface: UsersManagerBl

Returns list of users connected with a vo

Specified by:

getUsersByPerunBean in interface UsersManagerBl

Parameters:

sess -

vo -

Returns:

list of users connected with vo

getUsersBySpecificUser

public List<User> getUsersBySpecificUser(PerunSession sess,
 User specificUser)

Description copied from interface: UsersManagerBl

Return all users who owns the specificUser and their ownership is not in status disabled

Specified by:

getUsersBySpecificUser in interface UsersManagerBl

Parameters:

sess -

specificUser - the specific User

Returns:

list of user who owns the specificUser

getUnanonymizedUsersBySpecificUser

public List<User> getUnanonymizedUsersBySpecificUser(PerunSession sess,
 User specificUser)

Description copied from interface: UsersManagerBl

Return all users who owns the specificUser, their ownership is not in status disabled and are not anonymized

Specified by:

getUnanonymizedUsersBySpecificUser in interface UsersManagerBl

Parameters:

sess -

specificUser - the specific User

Returns:

list of user who owns the specificUser

getUsersCount

public int getUsersCount(PerunSession sess)

Description copied from interface: UsersManagerBl

Get count of all users.

Specified by:

getUsersCount in interface UsersManagerBl

Parameters:

sess -

Returns:

count of all users

getUsersManagerImpl

public UsersManagerImplApi getUsersManagerImpl()

Gets the usersManagerImpl for this instance.

Returns:

The usersManagerImpl.

getUsersPage

public Paginated<RichUser> getUsersPage(PerunSession sess,
 UsersPageQuery query,
 List<String> attrNames)

Description copied from interface: UsersManagerBl

Get page of users with the given attributes.

Specified by:

getUsersPage in interface UsersManagerBl

Parameters:

sess - session

query - query with page information

attrNames - list of attribute names

Returns:

page of requested rich users

getUsersReservedLogins

public List<Pair<String,String>> getUsersReservedLogins(PerunSession sess,
 User user)

Description copied from interface: UsersManagerBl

Return list of all reserved logins for specific user (pair is namespace and login)

Specified by:

getUsersReservedLogins in interface UsersManagerBl

Parameters:

user - for which get reserved logins

Returns:

list of pairs namespace and login

getUsersWithoutSpecificVo

public List<User> getUsersWithoutSpecificVo(PerunSession sess,
 Vo vo,
 String searchString)

Description copied from interface: UsersManagerBl

Return list of users who matches the searchString, searching name, email and logins and are not member in specific VO.

Specified by:

getUsersWithoutSpecificVo in interface UsersManagerBl

Parameters:

sess -

vo -

searchString -

Returns:

list of users

getUsersWithoutVoAssigned

public List<User> getUsersWithoutVoAssigned(PerunSession sess)

Description copied from interface: UsersManagerBl

Returns all users who are not member of any VO.

Specified by:

getUsersWithoutVoAssigned in interface UsersManagerBl

Parameters:

sess -

Returns:

list of users who are not member of any VO

getVosWhereUserIsAdmin

public List<Vo> getVosWhereUserIsAdmin(PerunSession sess,
 User user)

Description copied from interface: UsersManagerBl

Returns list of VOs, where the user is an Administrator. Including VOs, where the user is a VALID member of authorized group.

Specified by:

getVosWhereUserIsAdmin in interface UsersManagerBl

Parameters:

sess -

user -

Returns:

list of VOs, where the user is an Administrator.

getVosWhereUserIsMember

public List<Vo> getVosWhereUserIsMember(PerunSession sess,
 User user)

Description copied from interface: UsersManagerBl

Returns list of VOs, where the user is a member.

Specified by:

getVosWhereUserIsMember in interface UsersManagerBl

Parameters:

sess -

user -

Returns:

list of VOs, where the user is a member.

isLoginAvailable

public boolean isLoginAvailable(PerunSession sess,
 String loginNamespace,
 String login)
                         throws InvalidLoginException

Description copied from interface: UsersManagerBl

Checks if the login is available in the namespace. Returns FALSE is is already occupied, throws exception if value is not allowed.

Specified by:

isLoginAvailable in interface UsersManagerBl

Parameters:

sess -

loginNamespace - in which the login will be checked (provide only the name of the namespace, not the whole attribute name)

login - to be checked

Returns:

true if login is available, false otherwise

Throws:

InvalidLoginException - When login to check has invalid syntax or is not allowed.

isLoginBlocked

public boolean isLoginBlocked(PerunSession sess,
 String login,
 boolean ignoreCase)

Description copied from interface: UsersManagerBl

Return true if login is blocked (globally - for all namespaces per instance OR for some namespace), false if not. Globally banned logins are ALWAYS case-insensitive (ignoreCase value is not taken into account for them).

Specified by:

isLoginBlocked in interface UsersManagerBl

Parameters:

sess -

login - login to check

ignoreCase -

Returns:

true if login is blocked

isLoginBlockedForNamespace

public boolean isLoginBlockedForNamespace(PerunSession sess,
 String login,
 String namespace,
 boolean ignoreCase)

Description copied from interface: UsersManagerBl

Return true if login is blocked for given namespace, false if not When the namespace is null, then the method behaves like isLoginBlockedGlobally(), so it checks if the login is blocked globally. Globally banned logins are ALWAYS case-insensitive.

Specified by:

isLoginBlockedForNamespace in interface UsersManagerBl

Parameters:

sess -

login - login to check

namespace - namespace for login

ignoreCase -

Returns:

true if login is blocked for given namespace (or globally for null namespace)

isLoginBlockedGlobally

public boolean isLoginBlockedGlobally(PerunSession sess,
 String login)

Description copied from interface: UsersManagerBl

Return true if login is blocked globally (for all namespaces per instance - represented by namespace = null), false if not Globally banned logins are ALWAYS case-insensitive.

Specified by:

isLoginBlockedGlobally in interface UsersManagerBl

Parameters:

sess -

login - login to check

Returns:

true if login is blocked globally

isUserAnonymized

public boolean isUserAnonymized(PerunSession sess,
 User user)

Description copied from interface: UsersManagerBl

Checks whether user has been anonymized or not.

Specified by:

isUserAnonymized in interface UsersManagerBl

Parameters:

sess -

user -

Returns:

true if user has been anonymized, false otherwise.

isUserPerunAdmin

@Deprecated
public boolean isUserPerunAdmin(PerunSession sess,
 User user)

Deprecated.

Description copied from interface: UsersManagerBl

Returns true if the user is PERUNADMIN.

Specified by:

isUserPerunAdmin in interface UsersManagerBl

Parameters:

sess -

user -

Returns:

true if the user is PERUNADMIN, false otherwise.

loginExist

public boolean loginExist(PerunSession sess,
 User user,
 String loginNamespace)

Description copied from interface: UsersManagerBl

Checks if login exists in given login-namespace.

Specified by:

loginExist in interface UsersManagerBl

Parameters:

sess - perunSession

user -

loginNamespace -

Returns:

True if login for user exists in given namespace, false otherwise

moveUserExtSource

public void moveUserExtSource(PerunSession sess,
 User sourceUser,
 User targetUser,
 UserExtSource userExtSource)

Description copied from interface: UsersManagerBl

Take UserExtSource from sourceUser and move it to the targetUser.

It removes old UserExtSource with all it's attributes from sourceUser and creates and assigns the new one with the same settings to target user.

Specified by:

moveUserExtSource in interface UsersManagerBl

Parameters:

sess -

sourceUser - user with UserExtSource to move

targetUser - user for who will be UserExtSource moved

userExtSource - the UserExtSource which will be moved from sourceUser to targetUser

removeAllUserExtSources

public void removeAllUserExtSources(PerunSession sess,
 User user)

Description copied from interface: UsersManagerBl

Removes all user's external sources. It also means removing all it's attributes.

Specified by:

removeAllUserExtSources in interface UsersManagerBl

Parameters:

sess - session

user - owner of external sources

removeSpecificUserOwner

public void removeSpecificUserOwner(PerunSession sess,
 User user,
 User specificUser)
                             throws RelationNotExistsException,
SpecificUserOwnerAlreadyRemovedException

Description copied from interface: UsersManagerBl

Remove specificUser owner (the user) Only disable ownership of user and specificUser

Specified by:

removeSpecificUserOwner in interface UsersManagerBl

Parameters:

sess -

user - the user

specificUser - the specificUser

Throws:

RelationNotExistsException - if there is no such user (the user) to remove

SpecificUserOwnerAlreadyRemovedException - if there are 0 rows affected by deleting from DB

removeSpecificUserOwner

public void removeSpecificUserOwner(PerunSession sess,
 User user,
 User specificUser,
 boolean forceDelete)
                             throws RelationNotExistsException,
SpecificUserOwnerAlreadyRemovedException

Description copied from interface: UsersManagerBl

Remove specificUser owner (the user). If forceDelete false, only disable ownership of user and specificUser. If forceDelete true, delete this ownership from DB.

Specified by:

removeSpecificUserOwner in interface UsersManagerBl

Parameters:

sess -

user - the user

specificUser - the specificUser

forceDelete - if true, remove from database, if false, only disable this ownership

Throws:

RelationNotExistsException - if there is no such user (the user) to remove

SpecificUserOwnerAlreadyRemovedException - if there are 0 rows affected by deleting from DB

removeUserExtSource

public void removeUserExtSource(PerunSession sess,
 User user,
 UserExtSource userExtSource)
                         throws UserExtSourceAlreadyRemovedException

Description copied from interface: UsersManagerBl

Removes user's external sources. It also means removing all it's attributes.

Specified by:

removeUserExtSource in interface UsersManagerBl

Parameters:

sess -

user -

userExtSource -

Throws:

UserExtSourceAlreadyRemovedException - if there are 0 rows affected by deleting from DB

requestPreferredEmailChange

public void requestPreferredEmailChange(PerunSession sess,
 String url,
 User user,
 String email,
 String lang,
 String path,
 String idp)

Description copied from interface: UsersManagerBl

Request change of user's preferred email address. Change in attribute value is not done, until email address is verified by link in email notice. (urn:perun:user:attribute-def:def:preferredEmail)

Specified by:

requestPreferredEmailChange in interface UsersManagerBl

Parameters:

sess - PerunSession

url - base URL of running perun instance passed from RPC.

user - User to request preferred email change for

email - new email address

lang - language to get confirmation mail in (optional)

path - path that is appended to the url of the verification link (optional)

idp - authentication method appended to query parameters of verification link (optional)

reservePassword

public void reservePassword(PerunSession sess,
 String userLogin,
 String loginNamespace,
 String password)
                     throws PasswordCreationFailedException,
PasswordOperationTimeoutException,
PasswordStrengthFailedException,
InvalidLoginException,
PasswordStrengthException

Description copied from interface: UsersManagerBl

Reserves the password in external system. User must not exists.

Specified by:

reservePassword in interface UsersManagerBl

Parameters:

sess -

userLogin - string representation of the userLogin

loginNamespace -

password -

Throws:

PasswordCreationFailedException

InvalidLoginException - When login of user has invalid syntax (is not allowed)

PasswordStrengthException - When password doesn't match expected strength by namespace configuration

PasswordOperationTimeoutException

PasswordStrengthFailedException

reservePassword

public void reservePassword(PerunSession sess,
 User user,
 String loginNamespace,
 String password)
                     throws PasswordCreationFailedException,
LoginNotExistsException,
PasswordOperationTimeoutException,
PasswordStrengthFailedException,
InvalidLoginException,
PasswordStrengthException

Description copied from interface: UsersManagerBl

Reserves the password in external system. User must exists. User's login for specified namespace must exist in Perun.

Specified by:

reservePassword in interface UsersManagerBl

Parameters:

sess -

user -

loginNamespace -

password -

Throws:

PasswordCreationFailedException

LoginNotExistsException - When user doesn't have login in specified namespace

InvalidLoginException - When login of user has invalid syntax (is not allowed)

PasswordStrengthException - When password doesn't match expected strength by namespace configuration

PasswordOperationTimeoutException

PasswordStrengthFailedException

reserveRandomPassword

public void reserveRandomPassword(PerunSession sess,
 User user,
 String loginNamespace)
                           throws PasswordCreationFailedException,
LoginNotExistsException,
PasswordOperationTimeoutException,
PasswordStrengthFailedException,
InvalidLoginException

Description copied from interface: UsersManagerBl

Reserves random password in external system. User must exists. User's login for specified namespace must exist in Perun.

Specified by:

reserveRandomPassword in interface UsersManagerBl

Parameters:

sess -

user -

loginNamespace -

Throws:

PasswordCreationFailedException

LoginNotExistsException - When user doesn't have login in specified namespace

InvalidLoginException - When login of user has invalid syntax (is not allowed)

PasswordOperationTimeoutException

PasswordStrengthFailedException

setLogin

public void setLogin(PerunSession sess,
 User user,
 String loginNamespace,
 String login)

Description copied from interface: UsersManagerBl

Allow users to manually add login in supported namespace if same login is not reserved

Specified by:

setLogin in interface UsersManagerBl

Parameters:

sess -

user -

loginNamespace -

login -

setPerunBl

public void setPerunBl(PerunBl perunBl)

setSpecificUser

public User setSpecificUser(PerunSession sess,
 User specificUser,
 SpecificUserType specificUserType,
 User owner)
                     throws RelationExistsException

Description copied from interface: UsersManagerBl

Set specific user type for specific user and set ownership of this user for the owner.

Specified by:

setSpecificUser in interface UsersManagerBl

Parameters:

sess - perun session

specificUser - specific user

specificUserType - specific type of user

owner - user, who will be owner of the specific user

Returns:

specific user with specific user type set

Throws:

RelationExistsException

specificUserOwnershipExists

public boolean specificUserOwnershipExists(PerunSession sess,
 User user,
 User specificUser)

Description copied from interface: UsersManagerBl

Return true if ownership of user and specificUser already exists. Return false if not.

Looking for enabled and also for disabled ownership.

Specified by:

specificUserOwnershipExists in interface UsersManagerBl

Parameters:

sess -

user -

specificUser -

Returns:

unblockLogins

public void unblockLogins(PerunSession sess,
 List<String> logins,
 String namespace)
                   throws LoginIsNotBlockedException

Description copied from interface: UsersManagerBl

Unblock logins for given namespace or unblock logins globally (if no namespace is selected)

Specified by:

unblockLogins in interface UsersManagerBl

Parameters:

sess -

logins - logins list of logins to be unblocked

namespace - namespace where the logins should be unblocked (null means unblock the logins globally)

Throws:

LoginIsNotBlockedException

unblockLoginsById

public void unblockLoginsById(PerunSession sess,
 List<Integer> loginIds)
                       throws LoginIsNotBlockedException

Description copied from interface: UsersManagerBl

Unblock logins by id globally, or in the namespace they were initially blocked.

Specified by:

unblockLoginsById in interface UsersManagerBl

Parameters:

sess - session

loginIds - list of login ids

Throws:

LoginIsNotBlockedException - when login is not blocked

unblockLoginsForNamespace

public void unblockLoginsForNamespace(PerunSession sess,
 String namespace)

Description copied from interface: UsersManagerBl

Unblock all logins for given namespace

Specified by:

unblockLoginsForNamespace in interface UsersManagerBl

Parameters:

sess - PerunSession

namespace - Namespace or null for globally blocked

unsetSpecificUser

public User unsetSpecificUser(PerunSession sess,
 User specificUser,
 SpecificUserType specificUserType)
                       throws ServiceOnlyRoleAssignedException

Description copied from interface: UsersManagerBl

Remove all ownerships of this specific user and unset this specific user type from this specific user.

Specified by:

unsetSpecificUser in interface UsersManagerBl

Parameters:

sess - perun session

specificUser - specific user

specificUserType - specific type of user

Returns:

user who is no more specific

Throws:

ServiceOnlyRoleAssignedException - when trying to unset service flag from a user with service only role

updateNameTitles

public User updateNameTitles(PerunSession sess,
 User user)
                      throws UserNotExistsException

Description copied from interface: UsersManagerBl

Updates titles before/after users name.

New titles must be set inside User object. Setting any title to null will remove title from name. Other user's properties are ignored.

Specified by:

updateNameTitles in interface UsersManagerBl

Parameters:

sess -

user -

Returns:

updated user with new titles before/after name

Throws:

UserNotExistsException - if user not exists when method trying to update him

updateUser

public User updateUser(PerunSession sess,
 User user)
                throws UserNotExistsException

Description copied from interface: UsersManagerBl

Updates users data in DB.

Specified by:

updateUser in interface UsersManagerBl

Parameters:

sess -

user -

Returns:

updated user

Throws:

UserNotExistsException - if user not exists when method trying to update him

updateUserExtSource

public UserExtSource updateUserExtSource(PerunSession sess,
 UserExtSource userExtSource)
                                  throws UserExtSourceExistsException

Description copied from interface: UsersManagerBl

Updates user's userExtSource in DB.

Specified by:

updateUserExtSource in interface UsersManagerBl

Parameters:

sess -

userExtSource -

Returns:

updated userExtSource

Throws:

UserExtSourceExistsException - When UES with same login/extSource already exists.

updateUserExtSourceLastAccess

public void updateUserExtSourceLastAccess(PerunSession sess,
 UserExtSource userExtSource)

Description copied from interface: UsersManagerBl

Updates user's userExtSource last access time in DB. We can get information which userExtSource has been used as a last one.

Specified by:

updateUserExtSourceLastAccess in interface UsersManagerBl

Parameters:

sess -

userExtSource -

userExtSourceExists

public boolean userExtSourceExists(PerunSession sess,
 UserExtSource userExtSource)

Specified by:

userExtSourceExists in interface UsersManagerBl

validatePassword

public void validatePassword(PerunSession sess,
 String userLogin,
 String loginNamespace)
                      throws PasswordCreationFailedException,
InvalidLoginException

Description copied from interface: UsersManagerBl

Validates the password in external system and sets user extSources and extSource related attributes. User must not exists.

Specified by:

validatePassword in interface UsersManagerBl

Parameters:

sess -

userLogin - string representation of the userLogin

loginNamespace -

Throws:

PasswordCreationFailedException

InvalidLoginException - When login of user has invalid syntax (is not allowed)

validatePassword

public void validatePassword(PerunSession sess,
 User user,
 String loginNamespace)
                      throws PasswordCreationFailedException,
LoginNotExistsException,
InvalidLoginException

Description copied from interface: UsersManagerBl

Validates the password in external system and sets user extSources and extSource related attributes. User must exists. User's login for specified namespace must exist in Perun.

Specified by:

validatePassword in interface UsersManagerBl

Parameters:

sess -

user -

loginNamespace -

Throws:

PasswordCreationFailedException

LoginNotExistsException - When user doesn't have login in specified namespace

InvalidLoginException - When login of user has invalid syntax (is not allowed)

validatePreferredEmailChange

public String validatePreferredEmailChange(PerunSession sess,
 User user,
 UUID token)
                                    throws WrongAttributeValueException,
WrongAttributeAssignmentException,
AttributeNotExistsException,
WrongReferenceAttributeValueException

Description copied from interface: UsersManagerBl

Validate change of user's preferred email address. New email address is set as value of urn:perun:user:attribute-def:def:preferredEmail attribute.

Specified by:

validatePreferredEmailChange in interface UsersManagerBl

Parameters:

sess - PerunSession

user - User to validate email address for

token - token for the email change request to validate

Returns:

String return new preferred email

Throws:

WrongAttributeValueException - If new email address is in wrong format

WrongAttributeAssignmentException

AttributeNotExistsException - If user:preferredEmail attribute doesn't exists.

WrongReferenceAttributeValueException

validateSSHKey

public void validateSSHKey(PerunSession sess,
 String sshKey)
                    throws SSHKeyNotValidException

Description copied from interface: UsersManagerBl

Validate ssh public key, throws exception if validation fails

Specified by:

validateSSHKey in interface UsersManagerBl

Parameters:

sess - sess

sshKey - ssh public key to verify

Throws:

SSHKeyNotValidException - when validation fails

changeOrganization

public void changeOrganization(PerunSession sess,
 User user,
 String newOrganizationName)
                        throws PersonalDataChangeNotEnabledException,
UserExtSourceNotExistsException

Description copied from interface: UsersManagerBl

Change organization from which user came to organization from user ext source.

Specified by:

changeOrganization in interface UsersManagerBl

Parameters:

sess - session

user - user

newOrganizationName - new organization name

Throws:

PersonalDataChangeNotEnabledException - If change of organization to organization from ues is not enabled.

UserExtSourceNotExistsException - If user ext source with given organization name and required loa does not exist.

changeOrganizationCustom

public void changeOrganizationCustom(PerunSession sess,
 User user,
 String newOrganizationName)
                              throws PersonalDataChangeNotEnabledException

Description copied from interface: UsersManagerBl

Change organization from which user came to custom organization. If check from admin is required, then UserOrganizationChangeRequested audit log will be created. Otherwise, it will be set immediately.

Specified by:

changeOrganizationCustom in interface UsersManagerBl

Parameters:

sess - session

user - user

newOrganizationName - new organization name

Throws:

PersonalDataChangeNotEnabledException - If change of organization to custom organization is not enabled.

changeName

public void changeName(PerunSession sess,
 User user,
 String newUserName)
                throws UserExtSourceNotExistsException,
PersonalDataChangeNotEnabledException

Description copied from interface: UsersManagerBl

Change user's name to user's name from user ext source.

Specified by:

changeName in interface UsersManagerBl

Parameters:

sess - session

user - user

newUserName - new user's name

Throws:

UserExtSourceNotExistsException - If user ext source with given user's name and required loa does not exist.

PersonalDataChangeNotEnabledException - If change of user's name to user's name from ues is not enabled.

changeNameCustom

public void changeNameCustom(PerunSession sess,
 User user,
 String titleBefore,
 String firstName,
 String middleName,
 String lastName,
 String titleAfter)
                      throws PersonalDataChangeNotEnabledException

Description copied from interface: UsersManagerBl

Change user's name to custom name. If check from admin is required, then UserNameChangeRequest audit log will be created. Otherwise, it will be set immediately.

Specified by:

changeNameCustom in interface UsersManagerBl

Parameters:

sess - session

user - user

titleBefore - new title before

firstName - new first name

middleName - new middle name

lastName - new last name

titleAfter - new title after

Throws:

PersonalDataChangeNotEnabledException - If change of user's name to custom name is not enabled.

changeEmail

public void changeEmail(PerunSession sess,
 User user,
 String newEmail)
                 throws UserExtSourceNotExistsException,
PersonalDataChangeNotEnabledException

Description copied from interface: UsersManagerBl

Change user's email to email from user ext source.

Specified by:

changeEmail in interface UsersManagerBl

Parameters:

sess - session

user - user

newEmail - new email

Throws:

UserExtSourceNotExistsException - If user ext source with given email and required loa does not exist.

PersonalDataChangeNotEnabledException - If change of user's email to email from ues is not enabled.

changeEmailCustom

public void changeEmailCustom(PerunSession sess,
 User user,
 String newEmail,
 String url,
 String lang,
 String path,
 String idp)
                       throws PersonalDataChangeNotEnabledException

Description copied from interface: UsersManagerBl

Change user's email to custom email. If verification is required, then verification email will be sent. Otherwise, it will be set immediately.

Specified by:

changeEmailCustom in interface UsersManagerBl

Parameters:

sess - session

user - user

newEmail - new email

url - base URL of running perun instance passed from RPC.

lang - Language to get confirmation mail in (optional)

path - path that is appended to the url of the verification link (optional)

idp - authentication method appended to query parameters of verification link (optional)

Throws:

PersonalDataChangeNotEnabledException - If change of user's email to custom email is not enabled.