UserService
Allows the domain object to obtain the identity of the user interacting with said object.
If SudoService has been used to temporarily override the user and/or roles, then this service will report the overridden values instead. This is within the context of a thread.
In addition, if impersonation has been invoked through the ImpersonateMenu , then this service will report the impersonated user, with the companion KeyValueSessionStore taking responsibilty for remembering the impersonated user over multiple (http) requests, eg using an http session. It’s important to note that under these circumstances the user reported by this service (the "effective" user) will not be the same as the user held in the InteractionContext , as obtained by InteractionLayerTracker#currentInteractionContext() InteractionLayerTracker (the "real" user).
API
class UserService {
public static final String NOBODY; (1)
Optional<UserMemento> currentUser() (2)
boolean isCurrentUserWithSudoAccessAllRole() (3)
UserMemento getUser() (4)
UserMemento currentUserElseFail() (5)
Optional<String> currentUserName() (6)
String currentUserNameElseNobody() (7)
boolean isImpersonating() (8)
boolean supportsImpersonation() (9)
void impersonateUser(String userName, List<String> roles, String multiTenancyToken) (10)
Optional<UserMemento> lookupImpersonatedUser() (11)
void stopImpersonating() (12)
}
1 | NOBODY
Default returned from #currentUserNameElseNobody() . |
2 | currentUser()
Returns the details about the current user, either the "effective" user (if being #impersonateUser(String, List, String) impersonated ) otherwise the "real" user (as obtained from the InteractionContext of the current thread). |
3 | isCurrentUserWithSudoAccessAllRole()
Whether the current user is the system user (as obtained from the InteractionContext of the current thread). |
4 | getUser()
Gets the details about the #currentUser() current user, if any (and returning |
5 | currentUserElseFail()
Gets the details about the #currentUser() current user, throwing an exception if there is none. |
6 | currentUserName()
Optionally gets the #currentUser() current user 's name, obtained from UserMemento . |
7 | currentUserNameElseNobody()
Returns either the current user’s name or else #NOBODY . |
8 | isImpersonating()
Whether or not the user currently reported (in #currentUser() and similar) is actually an impersonated user. |
9 | supportsImpersonation()
Whether impersonation is available for this request. |
10 | impersonateUser(String, List, String)
Allows implementations to override the current user with another user. |
11 | lookupImpersonatedUser()
Optionally the impersonated user, based on whether a call to #impersonateUser(String, List, String) was made within the current HTTP session. |
12 | stopImpersonating()
For implementations that support impersonation, this is to programmatically stop impersonating a user |
Members
currentUser()
Returns the details about the current user, either the "effective" user (if being #impersonateUser(String, List, String) impersonated ) otherwise the "real" user (as obtained from the InteractionContext of the current thread).
isCurrentUserWithSudoAccessAllRole()
Whether the current user is the system user (as obtained from the InteractionContext of the current thread).
getUser()
Gets the details about the #currentUser() current user, if any (and returning null
if there is none).
currentUserElseFail()
Gets the details about the #currentUser() current user, throwing an exception if there is none.
currentUserName()
Optionally gets the #currentUser() current user 's name, obtained from UserMemento .
isImpersonating()
Whether or not the user currently reported (in #currentUser() and similar) is actually an impersonated user.
supportsImpersonation()
Whether impersonation is available for this request.
The typical implementation uses an HTTP session, which is not guaranteed to be available for all viewers. Specifically, the Wicket viewer does use HTTP sessions and therefore supports impersonation, but the RestfulObjects viewer does not . This means that the result of this call varies on a request-by-request basis.
impersonateUser(String, List, String)
Allows implementations to override the current user with another user.
If this service (for this request) does not #supportsImpersonation() support impersonation , then the request is just ignored.
this is intended for non-production environments only, where it can be invaluable (from a support perspective) to be able to quickly use the application "as if" logged in as another user. |
lookupImpersonatedUser()
Optionally the impersonated user, based on whether a call to #impersonateUser(String, List, String) was made within the current HTTP session.
stopImpersonating()
For implementations that support impersonation, this is to programmatically stop impersonating a user
If this service (for this request) does not #supportsImpersonation() support impersonation , then the request is just ignored.
Intended to be called at some point after #impersonateUser(String, List, String) would have been called.
Implementation
The core framework provides a default implementation of this service (o.a.c.core.runtime.services.user.UserServiceDefault
).
Usage by Framework
The roles associated with the UserMemento
will be based on the configured security (typically Shiro).
In addition, when using the Web UI (Wicket viewer) there will be an additional "org.apache.causeway.viewer.wicket.roles.USER" role; this is used internally to restrict access to web pages without authenticating.