Google Git
Sign in
apache / guacamole-client / c6b9acde229ac7d64fed53ab72019f12a0c231c9 / . / extensions / guacamole-auth-jdbc / modules / guacamole-auth-jdbc-base / src / main / java / org / apache / guacamole / auth / jdbc / user / UserModel.java
blob: a6cf997d3a7d214121fe21d5ad59b19cd0b4702c [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.jdbc.user;
import java.sql.Date;
import java.sql.Time;
import java.sql.Timestamp;
import org.apache.guacamole.auth.jdbc.base.ObjectModel;
/**
* Object representation of a Guacamole user, as represented in the database.
*/
public class UserModel extends ObjectModel {
/**
* The SHA-256 hash of the password and salt.
*/
private byte[] passwordHash;
/**
* The 32-byte random binary password salt that was appended to the
* password prior to hashing.
*/
private byte[] passwordSalt;
/**
* The time this user's password was last reset.
*/
private Timestamp passwordDate;
/**
* Whether the user account is disabled. Disabled accounts exist and can
* be modified, but cannot be used.
*/
private boolean disabled;
/**
* Whether the user's password is expired. If a user's password is expired,
* it must be changed immediately upon login, and the account cannot be
* used until this occurs.
*/
private boolean expired;
/**
* The time each day after which this user account may be used, stored in
* local time according to the value of timeZone.
*/
private Time accessWindowStart;
/**
* The time each day after which this user account may NOT be used, stored
* in local time according to the value of timeZone.
*/
private Time accessWindowEnd;
/**
* The day after which this account becomes valid and usable. Account
* validity begins at midnight of this day. Time information within the
* Date object is ignored.
*/
private Date validFrom;
/**
* The day after which this account can no longer be used. Account validity
* ends at midnight of the day following this day. Time information within
* the Date object is ignored.
*/
private Date validUntil;
/**
* The ID of the time zone used for all time comparisons for this user.
* Both accessWindowStart and accessWindowEnd values will use this time
* zone, as will checks for whether account validity dates have passed. If
* unset, the server's local time zone is used.
*/
private String timeZone;
/**
* The user's full name, or null if this is not known.
*/
private String fullName;
/**
* The email address of the user, or null if this is not known.
*/
private String emailAddress;
/**
* The organization, company, group, etc. that the user belongs to, or null
* if this is not known.
*/
private String organization;
/**
* The role that the user has at the organization, company, group, etc.
* they belong to, or null if this is not known.
*/
private String organizationalRole;
/**
* The date and time that this user was last active, or null if this user
* has never logged in.
*/
private Timestamp lastActive;
/**
* Creates a new, empty user.
*/
public UserModel() {
}
/**
* Returns the hash of this user's password and password salt. This may be
* null if the user was not retrieved from the database, and setPassword()
* has not yet been called.
*
* @return
* The hash of this user's password and password salt.
*/
public byte[] getPasswordHash() {
return passwordHash;
}
/**
* Sets the hash of this user's password and password salt. This is
* normally only set upon retrieval from the database, or through a call
* to the higher-level setPassword() function.
*
* @param passwordHash
* The hash of this user's password and password salt.
*/
public void setPasswordHash(byte[] passwordHash) {
this.passwordHash = passwordHash;
}
/**
* Returns the random salt that was used when generating this user's
* password hash. This may be null if the user was not retrieved from the
* database, and setPassword() has not yet been called.
*
* @return
* The random salt that was used when generating this user's password
* hash.
*/
public byte[] getPasswordSalt() {
return passwordSalt;
}
/**
* Sets the random salt that was used when generating this user's password
* hash. This is normally only set upon retrieval from the database, or
* through a call to the higher-level setPassword() function.
*
* @param passwordSalt
* The random salt used when generating this user's password hash.
*/
public void setPasswordSalt(byte[] passwordSalt) {
this.passwordSalt = passwordSalt;
}
/**
* Returns the date that this user's password was last set/reset. This
* value is required to be manually updated whenever the user's password is
* changed; it will not be automatically updated by the database.
*
* @return
* The date that this user's password was last set/reset.
*/
public Timestamp getPasswordDate() {
return passwordDate;
}
/**
* Sets the date that this user's password was last set/reset. This
* value is required to be manually updated whenever the user's password is
* changed; it will not be automatically updated by the database.
*
* @param passwordDate
* The date that this user's password was last set/reset.
*/
public void setPasswordDate(Timestamp passwordDate) {
this.passwordDate = passwordDate;
}
/**
* Returns whether this user account has been disabled. The credentials of
* disabled user accounts are treated as invalid, effectively disabling
* that user's access to data for which they would otherwise have
* permission.
*
* @return
* true if this user account is disabled, false otherwise.
*/
public boolean isDisabled() {
return disabled;
}
/**
* Sets whether this user account has been disabled. The credentials of
* disabled user accounts are treated as invalid, effectively disabling
* that user's access to data for which they would otherwise have
* permission.
*
* @param disabled
* true if this user account should be disabled, false otherwise.
*/
public void setDisabled(boolean disabled) {
this.disabled = disabled;
}
/**
* Returns whether this user's password has expired. If a user's password
* is expired, it must be immediately changed upon login. A user account
* with an expired password cannot be used until the password has been
* changed.
*
* @return
* true if this user's password has expired, false otherwise.
*/
public boolean isExpired() {
return expired;
}
/**
* Sets whether this user's password is expired. If a user's password is
* expired, it must be immediately changed upon login. A user account with
* an expired password cannot be used until the password has been changed.
*
* @param expired
* true if this user's password has expired, false otherwise.
*/
public void setExpired(boolean expired) {
this.expired = expired;
}
/**
* Returns the time each day after which this user account may be used. The
* time returned will be local time according to the time zone set with
* setTimeZone().
*
* @return
* The time each day after which this user account may be used, or null
* if this restriction does not apply.
*/
public Time getAccessWindowStart() {
return accessWindowStart;
}
/**
* Sets the time each day after which this user account may be used. The
* time given must be in local time according to the time zone set with
* setTimeZone().
*
* @param accessWindowStart
* The time each day after which this user account may be used, or null
* if this restriction does not apply.
*/
public void setAccessWindowStart(Time accessWindowStart) {
this.accessWindowStart = accessWindowStart;
}
/**
* Returns the time each day after which this user account may NOT be used.
* The time returned will be local time according to the time zone set with
* setTimeZone().
*
* @return
* The time each day after which this user account may NOT be used, or
* null if this restriction does not apply.
*/
public Time getAccessWindowEnd() {
return accessWindowEnd;
}
/**
* Sets the time each day after which this user account may NOT be used.
* The time given must be in local time according to the time zone set with
* setTimeZone().
*
* @param accessWindowEnd
* The time each day after which this user account may NOT be used, or
* null if this restriction does not apply.
*/
public void setAccessWindowEnd(Time accessWindowEnd) {
this.accessWindowEnd = accessWindowEnd;
}
/**
* Returns the day after which this account becomes valid and usable.
* Account validity begins at midnight of this day. Any time information
* within the returned Date object must be ignored.
*
* @return
* The day after which this account becomes valid and usable, or null
* if this restriction does not apply.
*/
public Date getValidFrom() {
return validFrom;
}
/**
* Sets the day after which this account becomes valid and usable. Account
* validity begins at midnight of this day. Any time information within
* the provided Date object will be ignored.
*
* @param validFrom
* The day after which this account becomes valid and usable, or null
* if this restriction does not apply.
*/
public void setValidFrom(Date validFrom) {
this.validFrom = validFrom;
}
/**
* Returns the day after which this account can no longer be used. Account
* validity ends at midnight of the day following this day. Any time
* information within the returned Date object must be ignored.
*
* @return
* The day after which this account can no longer be used, or null if
* this restriction does not apply.
*/
public Date getValidUntil() {
return validUntil;
}
/**
* Sets the day after which this account can no longer be used. Account
* validity ends at midnight of the day following this day. Any time
* information within the provided Date object will be ignored.
*
* @param validUntil
* The day after which this account can no longer be used, or null if
* this restriction does not apply.
*/
public void setValidUntil(Date validUntil) {
this.validUntil = validUntil;
}
/**
* Returns the Java ID of the time zone to be used for all time comparisons
* for this user. This ID should correspond to a value returned by
* TimeZone.getAvailableIDs(). If unset or invalid, the server's local time
* zone must be used.
*
* @return
* The ID of the time zone to be used for all time comparisons, which
* should correspond to a value returned by TimeZone.getAvailableIDs().
*/
public String getTimeZone() {
return timeZone;
}
/**
* Sets the Java ID of the time zone to be used for all time comparisons
* for this user. This ID should correspond to a value returned by
* TimeZone.getAvailableIDs(). If unset or invalid, the server's local time
* zone will be used.
*
* @param timeZone
* The ID of the time zone to be used for all time comparisons, which
* should correspond to a value returned by TimeZone.getAvailableIDs().
*/
public void setTimeZone(String timeZone) {
this.timeZone = timeZone;
}
/**
* Returns the user's full name, if known. If not available, null is
* returned.
*
* @return
* The user's full name, or null if this is not known.
*/
public String getFullName() {
return fullName;
}
/**
* Sets the user's full name.
*
* @param fullName
* The user's full name, or null if this is not known.
*/
public void setFullName(String fullName) {
this.fullName = fullName;
}
/**
* Returns the email address of the user, if known. If not available, null
* is returned.
*
* @return
* The email address of the user, or null if this is not known.
*/
public String getEmailAddress() {
return emailAddress;
}
/**
* Sets the email address of the user.
*
* @param emailAddress
* The email address of the user, or null if this is not known.
*/
public void setEmailAddress(String emailAddress) {
this.emailAddress = emailAddress;
}
/**
* Returns the organization, company, group, etc. that the user belongs to,
* if known. If not available, null is returned.
*
* @return
* The organization, company, group, etc. that the user belongs to, or
* null if this is not known.
*/
public String getOrganization() {
return organization;
}
/**
* Sets the organization, company, group, etc. that the user belongs to.
*
* @param organization
* The organization, company, group, etc. that the user belongs to, or
* null if this is not known.
*/
public void setOrganization(String organization) {
this.organization = organization;
}
/**
* Returns the role that the user has at the organization, company, group,
* etc. they belong to. If not available, null is returned.
*
* @return
* The role that the user has at the organization, company, group, etc.
* they belong to, or null if this is not known.
*/
public String getOrganizationalRole() {
return organizationalRole;
}
/**
* Sets the role that the user has at the organization, company, group,
* etc. they belong to.
*
* @param organizationalRole
* The role that the user has at the organization, company, group, etc.
* they belong to, or null if this is not known.
*/
public void setOrganizationalRole(String organizationalRole) {
this.organizationalRole = organizationalRole;
}
/**
* Returns the date and time that this user was last active, or null if
* this user has never logged in.
*
* @return
* The date and time that this user was last active, or null if this
* user has never logged in.
*/
public Timestamp getLastActive() {
return lastActive;
}
/**
* Sets the date and time that this user was last active. This value is
* expected to be set automatically via queries, derived from user history
* records. It does NOT correspond to an actual column, and values set
* manually through invoking this function will not persist.
*
* @param lastActive
* The date and time that this user was last active, or null if this
* user has never logged in.
*/
public void setLastActive(Timestamp lastActive) {
this.lastActive = lastActive;
}
}