uk.ac.ed.epcc.webapp.session

Interface Summary
Interface	Description
AppUserCommitObserver<AU extends AppUser>	An interface for `Composite`s that contribute to commits.
AppUserTransitionContributor<AU extends AppUser>	Interface for `AppUserComposite`s that add additional transitions to the AppUser transitions.
EmailParamContributor<AU extends AppUser>	An interface implemented by `AppUserComposite` this specifies additional/override email template parameters that should be set when email-ing the `AppUser`
NameComposite<AU extends AppUser>	Interface for a `Composite` that generates a more user friendly name for an `AppUser` but not a `NameFinder`
NewSignupAction<AU extends AppUser>	Interface for `AppUserComposite` that observe new user Signups.
PasswordChangeListener	A Listener to be notified of password changes.
PasswordTarget
RegisterTrigger<AU extends AppUser>	An interface for objects (Usually the `AppUserFactory` or its `Composite`s that can trigger an existing user to visit the registration page.
RequiredPage<U extends AppUser>	Object representing a page that a user is redirected to if certain conditions are met.
RequiredPageProvider<AU extends AppUser>
ReRegisterComposite<A extends AppUser>	An interface for `AppUserComposite`s that need to implements side-effects when a user re-registers an account.
SessionService<A extends AppUser>	`AppContextService` for managing session information.
SignupCustomiser
SortNameContributor<T>	An interface for `Composite`s that contribute to the sorting order and name type
StateRoleProvider<A extends AppUser>	An Interface for an `AppUserFactory` or its `Composite`s that can permit access to a role.
UpdateNoteProvider<T extends AppUser>	Interface to allow `Composite`s to add notes to the update form.

Class Summary
Class	Description
AbstractRequestFactory<R extends AbstractRequestFactory.AbstractRequest>	Abstract class for building request links (with expiry time).
AbstractRequestFactory.AbstractRequest
AbstractSessionService<A extends AppUser>	Abstract base implementation of `SessionService`
AbstractTargetRequestFactory<A extends DataObject,R extends AbstractTargetRequestFactory.AbstractRequest<A>>	A `AbstractRequestFactory` for requests tied to a specific target object.
AbstractTargetRequestFactory.AbstractRequest<A extends DataObject>
AbstractUserRequestFactory<A extends AppUser,R extends AbstractUserRequestFactory.AbstractRequest<A>>	A `AbstractRequestFactory` for requests tied to a specific `AppUser`
AbstractUserRequestFactory.AbstractRequest<A extends AppUser>
AppUser	AppUser Generic Object representing a user of the Web application potentially sub-classed by actual Webapps.
AppUserComposite<AU extends AppUser,X extends AppUserComposite>	A superclass for `Composite`s on The `AppUserFactory` The only purpose of this class is to make the class hierarchy easier to navigate
AppUserFactory<AU extends AppUser>	A Factory for creating `AppUser` objects that represent users of the system.
AppUserFactory.AppUserNameInput<A extends AppUser>
AppUserFactory.SignupFormCreator<T extends AppUser>	Form for first time visitors to self register optionally this can also provide a name for the default realm if the servlet uses external authentication.
AppUserKey<AU extends AppUser>
AppUserNameFinder<AU extends AppUser,X extends AppUserNameFinder>	An `Composite` that implements the `NameFinder` logic for an `AppUserFactory`.
AppUserTransitionProvider<AU extends AppUser>	A `TransitionProvider` for operations on `AppUser`s
AppUserTransitionProvider.SUTransition<AU extends AppUser>
AppUserUpdater<A extends AppUser>
AvatarComposite<AU extends AppUser>
AvatarServeDataProducer<AU extends AppUser>
CertificateComposite
CurrentUserKey	An `AppUserKey` for operations that (primarily) act on the current user.
DatabasePasswordComposite<T extends AppUser>
DatabasePasswordComposite.PasswordStatus
DirectoryComposite<AU extends AppUser>	An `AppUserComposite` that adds information to the person summary from a directory lookup.
EmailChangeRequestFactory<A extends AppUser>
EmailNameFinder<AU extends AppUser>	A `AppUserNameFinder` to handle users canonical Email The email address is required not to resolve to an existing name on the factory unless it corresponds to the current object.
FieldNameFinder<AU extends AppUser,F extends FieldNameFinder>	A generic `AppUserNameFinder` that stores the name in a database field.
GlobalNamePolicy<AU extends AppUser,X extends GlobalNamePolicy>	Policy object to add an auto-generated global name to an `AppUser`.
LdapPasswordComposite<T extends AppUser>	A `PasswordAuthComposite` that queries an external pre-populated LDAP server for authentication.
MultiKeyComposite
MultiNameFactory<N extends MultiNameFactory.Name,AU extends AppUser>	A factory for multi value `AppUser` names
MultiNameFinder<AU extends AppUser,X extends MultiNameFinder>	An `AppUserNameFinder` where multiple name mappings are held in a seperate table Configuration parameters: NameFinder.realm.label label defaults to realm. NameFinder.realm.table construction tag for a `MultiNameFactory` to hold the names
OldSingleKeyComposite
ParseFactoryValidator<BDO>	An `FieldValidator` that checks the value does not already resolve in a `ParseFactory`.
PasswordAuthComposite<T extends AppUser>	An abstract `Composite` that implements password authentication.
PasswordChangeRequestFactory<A extends AppUser>	Holds an one use id-string associated with a user for resetting the login password.
PasswordUpdateFormBuilder<U extends AppUser>	A class that build password update forms
PreferedView
PreferedViewFactory
PreferredViewComposite<AU extends AppUser>	An `AppUserComposite` that returns an optional preferred view for `AppUser`s.
PublicKeyComposite<X>	A `Composite` that adds a SSH public key to an `AppUser`
RandomService	An `AppContextService` to generate random tokens and passwords.
RealNameComposite<AU extends AppUser>
RegistrationDateComposite<AU extends AppUser>	A `SignupDateComposite` that implements `RegisterTrigger` This is used to force an auto-created account to the registration page the first time a user logs in.
RelationshipAppUserKey<AU extends AppUser>
RequiredPageNotifyHearbeatListener<AU extends AppUser>
RoleAction<U extends AppUser>
RoleAppUserKey
RoleFilterProvider<T extends AppUser>	A `NamedFilterProvider` that selects `AppUser`s via their role names (as defined in the role table)
RoleNameInput	An input for valid role names.
RoleNodeMaker	A `NodeMaker` that adds role toggle links.
RoleUpdate<U extends AppUser>
SecondaryNameFinder<AU extends AppUser>	A trivial sub-class of `FieldNameFinder`.
SerialisableSoftReference<T>	A Serializable wrapper that around a SoftReference.
SessionDataProducer	A serveDataProducer that stores the data in the Session This is stores as a serialised byte array to avoid any possibility of a class-loader leak.
SetRoleTransition<U extends AppUser>
ShibAttributeListener<AU extends AppUser>	Class to record request attributes (e.g.
SignupDateComposite<BDO extends DataObject>	Add a field to record the date the record was created.
SimpleSessionService<A extends AppUser>	SessionService where the session information is just stored in the AppContext therefore only suitable for command line apps where there is a single AppContext
SingleKeyComposite
TargetlessAppUserKey
TertiaryNameFinder<AU extends AppUser>	A trivial sub-class of `FieldNameFinder`.
UpdateDetailsTransition<A extends AppUser>
UUIDNamePolicy<AU extends AppUser>	A `GlobalNamePolicy` that assigns a random UUID for the `AppUser` These can safely be anonymised without risk of re-issue so aresuitable for ids sent to external providers.
WebNameFinder<AU extends AppUser>	Default Web-name `AppUserNameFinder`.

Enum Summary
Enum	Description
Hash	Enum of possible password hash algorithms When stored in the database we can use numeric codes to avoid making the algorithm used too explicit if data is exposed.

Exception Summary
Exception Description

UnknownRelationshipException
An Exception thrown when an unrecognized relationship string is encountered

Exception Summary
Exception	Description
UnknownRelationshipException	An Exception thrown when an unrecognized relationship string is encountered

Package uk.ac.ed.epcc.webapp.session Description

The package uk.ac.ed.epcc.webapp.session contains classes related to authentication, session management and logins.

The most important of these is the SessionService which is an AppContextService that represents all known information about the current logged in user. This is usually a sub-class of AbstractSessionService

Known users of the system are usually recorded using some sub-class of the AppUser class and its associated factory AppUserFactory. In most cases access control logic should use the SessionService rather than an instance of the AppUser. This is because the SessionService also has access to session specific state and information from the container. In principle it is possible to not record users in the database at all and only use container authentication.

Typically there is a unique name that can be used to identify a system user. Frequently there is more than one such name and the exact configuration depends on local requirements. These unique names are therefore implemented as AppUserNameFinder Composites. These names play an important part in authentication. When using container level authentication the identity provided by the container is mapped to a database record by name. Container level authentication can be set globally or multiple authentications mechanisms can be supported via explicit authentication servlets at different URLs. We can also support password based authentication if the AppUserFactory contains a Composite registered as a PasswordAuthComposite. Password based authentication can be by an explicit login form or using basic-auth.

There are two key abstractions for the permissions model:

Roles These represent capabilities belonging to users. They are represented as strings. Role-mappings can be defined in configuration parameters so that a small number of meta-roles can be assigned to users which are then mapped to a large number of specific roles used to access different functions of the application.
Relationships These are like roles but apply to specific model objects. For example a user might have the manager relationship with one project but not with another.

Roles can be set to be togglable. In this case the user with the role can turn it on and off during their session. The role mechanism is also a key extension point and can be customised by creating a new SessionService class. Though role settings are normally stored in the database, roles defined in the servlet container can be imported into the application and made available. In addition model specific information (like project membership) can be made available as roles.

Relationships are accessed as filters. The SessionService can generate a filter for all objects of a certain type that the current user has a specified relationship with. Similarly it can generate a filter for people that have a relationship with a specified object. Most of this information comes from model objects and is frequently a combination of data from different sources. classes can contribute to relationships by implementing AccessRoleProvider.