Package com.iizix.server.user
Class UserAuthentication
- java.lang.Object
- com.iizix.server.user.UserAuthentication
- All Implemented Interfaces:
IAuthenticatedUserProvider
public final class UserAuthentication extends java.lang.Object implements IAuthenticatedUserProvider
Helper class to perform user authentication. This class concentrates the calls to one location: here. It enabled implementation to external authentication systems such as JNDI or custom in-house through a Java API, etc.- Author:
- Christopher Mindus
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description java.lang.StringcreateNewPasswordHash(java.lang.String userName, java.lang.String password)Creates a new password hash to store in the database.static UserAuthenticationgetInstance()Gets the user authentication instance.AuthenticatedUsergetUser(long id)Gets the basic user info for a user from its unique user ID.AuthenticatedUsergetUser(java.lang.String userName)Gets the instance of a user with its information.AuthenticatedUsergetUser(java.sql.Connection conn, long id)Gets the basic user info for a user from its unique user ID.AuthenticatedUsergetUser(java.sql.Connection conn, java.lang.String userName)Gets the instance of a user with its information.AuthenticatedUsergetUser(java.sql.Connection conn, java.lang.String userName, java.lang.String password)Gets the instance of a user with its information.AuthenticatedUsergetUserFromEmail(java.lang.String emailAddress)Looks up a user from the email.java.util.List<UserLocation>getUserLocations()Finds locations of all users.booleanisOldPasswordMatching(BasicUserInfo bui, java.lang.String oldPassword, java.lang.String password)Verifies that the old password matches before changing to a new one.booleanisUserNameFree(java.lang.String userName)Checks if the user name is free to use, i.e.static voidvalidateHashPW(java.lang.String hashPW)Validates a hashed password.UserAuthenticationInfovalidateUser(UserIdentifier userIdentifier, java.lang.String appID, java.lang.String validatePassword)Authenticates a user ID and password.
Method Detail
getInstance
public static UserAuthentication getInstance()
Gets the user authentication instance.
validateHashPW
public static void validateHashPW(java.lang.String hashPW)
Validates a hashed password.- Parameters:
hashPW- The hashed password. It is based on PBKDF2 with Keyed-Hash Message Authentication Code (HMAC) with a SHA-256 hash. It can start with "EXT:" if the user has signed in using an external Sign In Provider, e.g. LinkedIn or Facebook, the remaining part of the string identifies the provider and the users identifier for that provider.- Throws:
java.lang.NullPointerException- IfhashPWisnull.java.lang.IllegalArgumentException- IfhashPWis an empty string or has invalid format.
getUserLocations
public java.util.List<UserLocation> getUserLocations()
Finds locations of all users.- Specified by:
getUserLocationsin interfaceIAuthenticatedUserProvider
isUserNameFree
public boolean isUserNameFree(java.lang.String userName) throws UserExceptionChecks if the user name is free to use, i.e. has not yet been signed up.- Parameters:
userName- The user name.- Returns:
- true if free, false if already taken.
- Throws:
UserException- If the user name is invalid.
getUser
public AuthenticatedUser getUser(java.lang.String userName) throws NotFoundException
Gets the instance of a user with its information.- Specified by:
getUserin interfaceIAuthenticatedUserProvider- Parameters:
userName- The user name.- Returns:
- The instance holding the potentially authenticated user.
- Throws:
java.lang.NullPointerException- If theuserNameisnull.NotFoundException- If the user name is not found or an SQL exception occurred.
getUserFromEmail
public AuthenticatedUser getUserFromEmail(java.lang.String emailAddress) throws NotFoundException
Looks up a user from the email.- Parameters:
emailAddress- The email address.- Throws:
java.lang.NullPointerException- If theemailAddressisnull.NotFoundException- If user is not found.
getUser
public AuthenticatedUser getUser(java.sql.Connection conn, java.lang.String userName) throws NotFoundException, java.sql.SQLException
Gets the instance of a user with its information. This always gets the information from the database and never a cached user.- Parameters:
conn- The connection.userName- The user name.- Returns:
- The instance holding the potentially authenticated user, or null if the user does not exist in the server's database.
- Throws:
NotFoundException- If user is not found.java.sql.SQLException- For SQL errors.
getUser
public AuthenticatedUser getUser(java.sql.Connection conn, java.lang.String userName, java.lang.String password) throws NotFoundException, java.sql.SQLException
Gets the instance of a user with its information.- Parameters:
conn- The database connection.userName- The user name.password- The password hash or the clear text password.- Returns:
- The instance holding the potentially authenticated user, or
nullif the user does not exist in the server's database or the password doesn't match. - Throws:
java.lang.NullPointerException- If theuserNameorpasswordisnull.NotFoundException- If user is not found.java.sql.SQLException- For SQL errors.
getUser
public AuthenticatedUser getUser(long id) throws NotFoundException
Gets the basic user info for a user from its unique user ID. The value comes fromUserInfoBase.id- Specified by:
getUserin interfaceIAuthenticatedUserProvider- Parameters:
id- The unique user ID.- Returns:
- The user information.
- Throws:
NotFoundException- If the user ID is not found or an SQL exception occurred.
getUser
public AuthenticatedUser getUser(java.sql.Connection conn, long id) throws NotFoundException, java.sql.SQLException
Gets the basic user info for a user from its unique user ID. The value comes fromUserInfoBase.id- Parameters:
conn- The connection.id- The unique user ID.- Returns:
- The user information.
- Throws:
NotFoundException- If user is not found.java.sql.SQLException- For SQL errors.
validateUser
public final UserAuthenticationInfo validateUser(UserIdentifier userIdentifier, java.lang.String appID, java.lang.String validatePassword)
Authenticates a user ID and password.- Parameters:
userIdentifier- The user identifier.appID- The app ID to validate.validatePassword- The password to validate. If the password is empty, the user is authenticated as pre-validation used e.g. by the iiziRun Developer listing possible sessions, etc. When this parameter is null, the real password is not validated.- Returns:
- The user authentication result.
createNewPasswordHash
public final java.lang.String createNewPasswordHash(java.lang.String userName, java.lang.String password)Creates a new password hash to store in the database. The password is not decryptable.- Parameters:
userName- The basic user information.password- The new password.- Returns:
- The new password hash.
isOldPasswordMatching
public final boolean isOldPasswordMatching(BasicUserInfo bui, java.lang.String oldPassword, java.lang.String password)
Verifies that the old password matches before changing to a new one.- Parameters:
bui- The basic user information.oldPassword- The old (existing) password.password- The password.- Returns:
- true for success, false if not matching.
- Throws:
java.lang.RuntimeException- If not called from inside the iiziServer.