public class Authentication
extends java.lang.Object
The intended usage is that a server authentication system would require the
user to log in, then provide data about the currently logged in user via Auth.setCurrentUser()
and setRoles()
. This data is then available in the Rule Scope
so that components can use it to enable or disable or hide
themselves, via properties such as FormItem.readOnlyWhen
.
The format for user records is not explicitly defined or restricted by the Authentication
subsystem but we recommend using the format described by getUserSchema()
.
Having a standardized user record allows application designers to rely on a well-known set of
field names at design time, and then at deployment time when a particular authentication system is chosen, the deployer
can simply fill in the standardized user record from the data that the chosen authentication system returns. This
also allows authentication systems to be swapped out in the future without the need to change application code.
The
DataSource returned by getUserSchema()
is used solely for
visual tools to help with application authoring.
It is not intended to be used directly to store and retrieve user
data, and while we recommend this format it is not a requirement that user records conform to it.
There are no
security implications to calling setRoles()
or other APIs on the Authentication
class. The
provided data affects only client-side components. All actual security enforcement must be done server-side - see the
QuickStart Guide, especially the sections on Declarative Security, to understand how role-based authorization can be
used on the server.
Constructor and Description |
---|
Authentication() |
Modifier and Type | Method and Description |
---|---|
static java.lang.String[] |
getAvailableRoles()
Returns the full set of available user roles specified by
setAvailableRoles() . |
static Record |
getCurrentUser()
Returns the current user specified by
setCurrentUser() . |
static java.lang.String |
getCurrentUserId()
Convenience method to return the
"userId" attribute of the current user if there is one. |
static java.lang.String[] |
getRoles()
Returns the current set of user roles.
|
static DataSource |
getUserSchema()
Returns a DataSource describing the standard schema for user data.
|
static java.lang.Boolean |
hasRole(java.lang.String role)
Is the current user assigned to the specified role?
|
static void |
isSuperUser(java.lang.Boolean isSuperUser)
Has the current user been marked as a super-user via
setSuperUser() ? |
static void |
setAvailableRoles(java.lang.String[] roles)
Specify the full set of available user roles.
|
static void |
setCurrentUser(Record user)
Set up the current user.
|
static void |
setRoles(java.lang.String[] roles)
Set the user roles for the current user.
|
static void |
setSuperUser(java.lang.Boolean isSuperUser)
Mark the current user as a super-user.
|
public static java.lang.String[] getAvailableRoles()
setAvailableRoles()
.public static Record getCurrentUser()
setCurrentUser()
.
This method returns the user record currently available in the Canvas.ruleScope
as "auth.currentUser".
public static java.lang.String getCurrentUserId()
"userId"
attribute of the current user
if there is one.current user record
if there
is one.public static java.lang.String[] getRoles()
super users
this
will be the intersection of any roles specified by setRoles()
and the full set of available roles
- otherwise it
will be the set of roles specified by setRoles()
. Current
set of user roles are available in the Canvas.ruleScope
as a
top-level property "userRoles", so that it can be used in criteria such as Canvas.visibleWhen
or FormItem.readOnlyWhen
.
public static DataSource getUserSchema()
The schema contains the following fields:
Field Name | Type |
"userId" | "text" |
"email" | "text" |
"firstName" | "text" |
"lastName" | "text" |
"title" | "text" |
"phone" | "phoneNumber" |
"superUser" | "boolean" |
public static java.lang.Boolean hasRole(java.lang.String role)
role
- role to check in current rolesgetRoles()
list; false
otherwisegetRoles()
public static void isSuperUser(java.lang.Boolean isSuperUser)
setSuperUser()
?isSuperUser
- New super user statuspublic static void setAvailableRoles(java.lang.String[] roles)
Note that if the current user has been marked as a superUser
, getRoles()
will return the full set of available roles.
roles
- full set of possible user roles.public static void setCurrentUser(Record user)
Canvas.ruleScope
as "auth.currentUser".user
- Record with attributes detailing the current userpublic static void setRoles(java.lang.String[] roles)
getRoles()
. Calling setRoles() makes the specified set of user
roles available in the Canvas.ruleScope
as a top-level property
"userRoles", so that it can be used in criteria such as Canvas.visibleWhen
or FormItem.readOnlyWhen
.
Note that if this current user has been marked as a
super-user
, getRoles()
will return the full set of available
roles rather than the set of roles specified here.
roles
- set of roles which apply to the current userpublic static void setSuperUser(java.lang.Boolean isSuperUser)
getRoles()
to return the full set of available roles
if specifiedisSuperUser
- New super user status