public class Authentication extends java.lang.Object
The intended usage is that a server authentication system would require the
user to log in, then provide data about the currently logged in user via
setRoles(). This data is then available in the
Rule Scope so that components can use it to enable or disable or hide
themselves, via properties such as
The format for user records is not explicitly defined or restricted by the Authentication
subsystem but we recommend using the format described by
Having a standardized user record allows application designers to rely on a well-known set of field names at design time, and then at deployment time when a particular authentication system is chosen, the deployer can simply fill in the standardized user record from the data that the chosen authentication system returns. This also allows authentication systems to be swapped out in the future without the need to change application code.
DataSource returned by
getUserSchema() is used solely for
visual tools to help with application authoring.
It is not intended to be used directly to store and retrieve user data, and while we recommend this format it is not a requirement that user records conform to it.
There are no
security implications to calling
setRoles() or other APIs on the
Authentication class. The
provided data affects only client-side components. All actual security enforcement must be done server-side - see the
QuickStart Guide, especially the sections on Declarative Security, to understand how role-based authorization can be
used on the server.
|Constructor and Description|
|Modifier and Type||Method and Description|
Returns the full set of available user roles specified by
Returns the current user specified by
Returns the current set of user roles.
Returns a DataSource describing the standard schema for user data.
Is the current user assigned to the specified role?
Has the current user been marked as a super-user via
Specify the full set of available user roles.
Set up the current user.
Set the user roles for the current user.
Mark the current user as a super-user.
public static java.lang.String getAvailableRoles()
public static Record getCurrentUser()
This method returns the user record currently available in the
Canvas.ruleScope as "auth.currentUser".
public static java.lang.String getRoles()
super usersthis will be the intersection of any roles specified by
setRoles()and the full set of
available roles- otherwise it will be the set of roles specified by
public static DataSource getUserSchema()
The schema contains the following fields:
public static java.lang.Boolean hasRole(java.lang.String role)
public static void isSuperUser(java.lang.Boolean isSuperUser)
isSuperUser- New super user status
public static void setAvailableRoles(java.lang.String roles)
roles- full set of possible user roles.
public static void setCurrentUser(Record user)
user- Record with attributes detailing the current user
public static void setRoles(java.lang.String roles)
Calling setRoles() makes the specified set of user
roles available in the
Canvas.ruleScope as a top-level property
"userRoles", so that it can be used in criteria such as
roles- set of roles which apply to the current user