Module io.inverno.mod.security

Package io.inverno.mod.security.authentication.user

Class RedisUserRepository<A extends Identity,B extends User<A>>

java.lang.Object

io.inverno.mod.security.authentication.user.RedisUserRepository<A,B>

Type Parameters:

A - the identity type

B - the user type

All Implemented Interfaces:

CredentialsResolver<B>, UserRepository<A,B>

public class RedisUserRepository<A extends Identity,B extends User<A>>
extends Object
implements UserRepository<A,B>

A UserRepository implementation that stores users in a Redis data store.

Users are stored as string entries serialized as JSON, the user key is of the form: keyPrefix ":USER:" username. Groups are stored as set entries, the group key is of the form: keyPrefix ":GROUP:" group.

Since:

1.5

Author:

Jeremy Kuhn

Constructor Summary

Constructors

Constructor	Description
RedisUserRepository(RedisClient<String,String> redisClient, com.fasterxml.jackson.databind.ObjectMapper mapper)	Creates a Redis user repository with the specified Redis client and mapper.
RedisUserRepository(RedisClient<String,String> redisClient, com.fasterxml.jackson.databind.ObjectMapper mapper, Password.Encoder<?,?> passwordEncoder)	Creates a Redis user repository with the specified Redis client mapper and password encoder.
RedisUserRepository(RedisClient<String,String> redisClient, com.fasterxml.jackson.databind.ObjectMapper mapper, Password.Encoder<?,?> passwordEncoder, PasswordPolicy<B,?> passwordPolicy)	Creates a Redis user repository with the specified Redis client, mapper, password encoder and password policy.
RedisUserRepository(RedisClient<String,String> redisClient, com.fasterxml.jackson.databind.ObjectMapper mapper, PasswordPolicy<B,?> passwordPolicy)	Creates a Redis user repository with the specified Redis client, mapper and password policy.

Method Summary

Modifier and Type	Method	Description
Mono<B>	addUserToGroups(String username, String... groups)	Adds the user identified by the specified username to the specified groups.
Mono<B>	changePassword(LoginCredentials credentials, String rawPassword)	Changes the password of the user identified by the specified credentials.
Mono<B>	createUser(B user)	Creates a user.
Mono<B>	deleteUser(String username)	Deletes the he user identified by the specified username from the repository.
final String	getKeyPrefix()	Returns the prefix used to format user and group entry keys.
Password.Encoder<?,?>	getPasswordEncoder()	Returns the password encoder used to encode passwords.
PasswordPolicy<B,?>	getPasswordPolicy()	Returns the password policy used to verify passwords.
Mono<B>	getUser(String username)	Returns the user identified by the specified username.
Flux<B>	listUsers()	Lists the users in the repository.
Mono<B>	lockUser(String username)	Locks the user identified by the specified username.
Mono<B>	removeUserFromGroups(String username, String... groups)	Removes the user identified by the specified username from the specified groups.
Mono<B>	resolveCredentials(String id)	Returns trusted credentials for the specified identifier.
final void	setKeyPrefix(String keyPrefix)	Sets the prefix used to format user and group entry keys.
Mono<B>	unlockUser(String username)	Unlocks the user identified by the specified username.
Mono<B>	updateUser(B user)	Updates the specified user.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

RedisUserRepository

public RedisUserRepository(RedisClient<String,String> redisClient,
 com.fasterxml.jackson.databind.ObjectMapper mapper)

Creates a Redis user repository with the specified Redis client and mapper.

Parameters:

redisClient - a Redis client

mapper - an object mapper

RedisUserRepository

public RedisUserRepository(RedisClient<String,String> redisClient,
 com.fasterxml.jackson.databind.ObjectMapper mapper,
 PasswordPolicy<B,?> passwordPolicy)

Creates a Redis user repository with the specified Redis client, mapper and password policy.

Parameters:

redisClient - a Redis client

mapper - an object mapper

passwordPolicy - a password policy

RedisUserRepository

public RedisUserRepository(RedisClient<String,String> redisClient,
 com.fasterxml.jackson.databind.ObjectMapper mapper,
 Password.Encoder<?,?> passwordEncoder)

Creates a Redis user repository with the specified Redis client mapper and password encoder.

Parameters:

redisClient - a Redis client

mapper - an object mapper

passwordEncoder - a password encoder

RedisUserRepository

public RedisUserRepository(RedisClient<String,String> redisClient,
 com.fasterxml.jackson.databind.ObjectMapper mapper,
 Password.Encoder<?,?> passwordEncoder,
 PasswordPolicy<B,?> passwordPolicy)

Creates a Redis user repository with the specified Redis client, mapper, password encoder and password policy.

Parameters:

redisClient - a Redis client

mapper - an object mapper

passwordEncoder - a password encoder

passwordPolicy - a password policy

Method Details

getPasswordEncoder

public Password.Encoder<?,?> getPasswordEncoder()

Returns the password encoder used to encode passwords.

Returns:

the password encoder

getPasswordPolicy

public PasswordPolicy<B,?> getPasswordPolicy()

Returns the password policy used to verify passwords.

Returns:

the password policy

getKeyPrefix

public final String getKeyPrefix()

Returns the prefix used to format user and group entry keys.

• A user key is of the form: keyPrefix ":USER:" username.
• A group key is of the form: keyPrefix ":GROUP:" group.

Returns:

the key prefix

setKeyPrefix

public final void setKeyPrefix(String keyPrefix)

Sets the prefix used to format user and group entry keys.

• A user key is of the form: keyPrefix ":USER:" username.
• A group key is of the form: keyPrefix ":GROUP:" group.

Parameters:

keyPrefix - the key prefix to set

createUser

public Mono<B> createUser(B user)
                   throws UserRepositoryException

Description copied from interface: UserRepository

Creates a user.

Specified by:

createUser in interface UserRepository<A extends Identity,B extends User<A>>

Parameters:

user - the user to create

Returns:

a mono emitting the created user

Throws:

UserRepositoryException - if there was an error creating the user

updateUser

public Mono<B> updateUser(B user)
                   throws UserRepositoryException

Description copied from interface: UserRepository

Updates the specified user.

Note that this method does not update password nor groups and can not be used to lock a user, adhoc methods UserRepository.changePassword(io.inverno.mod.security.authentication.LoginCredentials, java.lang.String), UserRepository.addUserToGroups(java.lang.String, java.lang.String...), UserRepository.lockUser(java.lang.String) must be used instead.

Specified by:

updateUser in interface UserRepository<A extends Identity,B extends User<A>>

Parameters:

user - the user to update

Returns:

a mono emitting the updated user

Throws:

UserRepositoryException - if there was an error updating the user

getUser

public Mono<B> getUser(String username)
                throws UserRepositoryException

Description copied from interface: UserRepository

Returns the user identified by the specified username.

Specified by:

getUser in interface UserRepository<A extends Identity,B extends User<A>>

Parameters:

username - a username

Returns:

a mono emittin the user or an empty mono if no user exists with the specified name

Throws:

UserRepositoryException - if there was an error fetchin the user

listUsers

public Flux<B> listUsers()
                  throws UserRepositoryException

Description copied from interface: UserRepository

Lists the users in the repository.

Specified by:

listUsers in interface UserRepository<A extends Identity,B extends User<A>>

Returns:

a publisher of users

Throws:

UserRepositoryException - if there was an error fetching users

changePassword

public Mono<B> changePassword(LoginCredentials credentials,
 String rawPassword)
                       throws AuthenticationException,
PasswordPolicyException,
PasswordException,
UserRepositoryException

Description copied from interface: UserRepository

Changes the password of the user identified by the specified credentials.

Implementors must make sure the provided credentials are valid before actually updating the password. Whether a full authentiation is performed or a simple password match is implementation specific.

Specified by:

changePassword in interface UserRepository<A extends Identity,B extends User<A>>

Parameters:

credentials - the current login credentials of the user for which password must be changed

rawPassword - the new raw password value

Returns:

a mono emitting the updated user

Throws:

AuthenticationException - if there was an error authenticating the credentials

PasswordPolicyException - if the new password is not compliant with the password policy

PasswordException - if there was an error processing the new password

UserRepositoryException - if there was an error updating the user

lockUser

public Mono<B> lockUser(String username)
                 throws UserRepositoryException

Description copied from interface: UserRepository

Locks the user identified by the specified username.

Specified by:

lockUser in interface UserRepository<A extends Identity,B extends User<A>>

Parameters:

username - the name of the user to lock

Returns:

a mono emitting the updated user

Throws:

UserRepositoryException - if there was an error updating the user

unlockUser

public Mono<B> unlockUser(String username)
                   throws UserRepositoryException

Description copied from interface: UserRepository

Unlocks the user identified by the specified username.

Specified by:

unlockUser in interface UserRepository<A extends Identity,B extends User<A>>

Parameters:

username - the name of the user to unlock

Returns:

a mono emitting the updated user

Throws:

UserRepositoryException - if there was an error updating the user

addUserToGroups

public Mono<B> addUserToGroups(String username,
 String... groups)
                        throws UserRepositoryException

Description copied from interface: UserRepository

Adds the user identified by the specified username to the specified groups.

Specified by:

addUserToGroups in interface UserRepository<A extends Identity,B extends User<A>>

Parameters:

username - a username

groups - a list of groups

Returns:

a mono emitting the updated user

Throws:

UserRepositoryException - if there was an error updating the user

removeUserFromGroups

public Mono<B> removeUserFromGroups(String username,
 String... groups)
                             throws UserRepositoryException

Description copied from interface: UserRepository

Removes the user identified by the specified username from the specified groups.

Specified by:

removeUserFromGroups in interface UserRepository<A extends Identity,B extends User<A>>

Parameters:

username - a username

groups - a list of groups

Returns:

a mono emitting the updated user

Throws:

UserRepositoryException - if there was an error updating the user

deleteUser

public Mono<B> deleteUser(String username)
                   throws UserRepositoryException

Description copied from interface: UserRepository

Deletes the he user identified by the specified username from the repository.

Specified by:

deleteUser in interface UserRepository<A extends Identity,B extends User<A>>

Parameters:

username - a username

Returns:

a mono emitting the deleted user or an empty mono if no user exists with the specified name

Throws:

UserRepositoryException - if there was an error deleting the user

resolveCredentials

public Mono<B> resolveCredentials(String id)
                           throws SecurityException

Description copied from interface: CredentialsResolver

Returns trusted credentials for the specified identifier.

Specified by:

resolveCredentials in interface CredentialsResolver<A extends Identity>

Parameters:

id - the identifier of the credentials to resolve

Returns:

a mono emitting the credentials or an empty mono if no credentials exist with the specified identifier

Throws:

SecurityException - if there was an error during the resolution of credentials