Class FessLoginAssist

java.lang.Object
org.lastaflute.web.login.TypicalLoginAssist<String,org.codelibs.fess.mylasta.action.FessUserBean,FessUser>
org.codelibs.fess.app.web.base.login.FessLoginAssist
All Implemented Interfaces:
org.lastaflute.web.login.LoginManager, org.lastaflute.web.login.PrimaryLoginManager

public class FessLoginAssist extends org.lastaflute.web.login.TypicalLoginAssist<String,org.codelibs.fess.mylasta.action.FessUserBean,FessUser> implements org.lastaflute.web.login.PrimaryLoginManager
The assist for login handling in the Fess application. This class extends TypicalLoginAssist to provide Fess-specific login functionality including user authentication, permission checking, and login history management.
  • Nested Class Summary

    Nested Classes
    Modifier and Type
    Class
    Description
    static class 
    A resolver for login credentials that wraps the standard credential resolver to provide SSO authentication support.

    Nested classes/interfaces inherited from class org.lastaflute.web.login.TypicalLoginAssist

    org.lastaflute.web.login.TypicalLoginAssist.CredentialChecker, org.lastaflute.web.login.TypicalLoginAssist.CredentialDeterminer<CREDENTIAL extends org.lastaflute.web.login.credential.LoginCredential,USER_ENTITY>, org.lastaflute.web.login.TypicalLoginAssist.CredentialEntityFinder<CREDENTIAL extends org.lastaflute.web.login.credential.LoginCredential,USER_ENTITY>, org.lastaflute.web.login.TypicalLoginAssist.CredentialResolver, org.lastaflute.web.login.TypicalLoginAssist.RememberMeCookieAgent
  • Constructor Summary

    Constructors
    Constructor
    Description
    Default constructor.
  • Method Summary

    Modifier and Type
    Method
    Description
    protected void
    checkCredential(org.lastaflute.web.login.TypicalLoginAssist<String,org.codelibs.fess.mylasta.action.FessUserBean,FessUser>.org.lastaflute.web.login.TypicalLoginAssist.CredentialChecker checker)
    Checks the credential using the provided credential checker.
    protected void
    checkPermission(org.lastaflute.web.login.LoginHandlingResource resource)
    Checks if the current user has permission to access the given resource.
    boolean
    checkUserLoginable(org.lastaflute.web.login.credential.LoginCredential credential)
    Checks if a user can login with the given credential.
    protected org.codelibs.fess.mylasta.action.FessUserBean
    Creates a user bean from the given user entity.
    protected org.dbflute.optional.OptionalEntity<FessUser>
    doAuthenticateLocal(String username, String plainPassword)
    Authenticates a local user by username and plaintext password using the PasswordHashHelper (BCrypt with legacy hex-digest fallback) and performs best-effort lazy re-hashing for credentials stored in an older format.
    protected org.dbflute.optional.OptionalEntity<FessUser>
    Finds a login user by username.
    protected org.dbflute.optional.OptionalEntity<FessUser>
    doFindLoginUser(String username, String cipheredPassword)
    Deprecated.
    Use doAuthenticateLocal(String, String) with the plaintext password.
    Overrides the default cipher-based encryption to delegate to PasswordHashHelper.encode(java.lang.String).
    protected org.dbflute.optional.OptionalThing<String>
    Gets the cookie remember-me key for persistent login.
    protected Class<?>
    Gets the login action type class.
    protected Class<org.codelibs.fess.mylasta.action.FessUserBean>
    Gets the user bean type class.
    protected void
    Inserts a login record for the given member.
    protected void
    lazyUpgradePassword(String username, String plainPassword, String currentStored, PasswordHashHelper passwordHashHelper)
    Best-effort upgrade of a legacy or obsolete-cost password hash to the currently configured algorithm/parameters.
    protected void
    resolveCredential(org.lastaflute.web.login.TypicalLoginAssist<String,org.codelibs.fess.mylasta.action.FessUserBean,FessUser>.org.lastaflute.web.login.TypicalLoginAssist.CredentialResolver resolver)
    Resolves login credentials using various authentication methods.
    protected void
    saveLoginHistory(FessUser user, org.codelibs.fess.mylasta.action.FessUserBean userBean, org.lastaflute.web.login.option.LoginSpecifiedOption option)
    Saves the login history for the given user.
    protected String
    Converts a user key to a typed user ID.

    Methods inherited from class org.lastaflute.web.login.TypicalLoginAssist

    adjustRegisteredRememberMeCookie, asLoginRequired, asNonLoginRequired, assertGivenEntityRequired, assertLoginAccountRequired, assertLoginPasswordRequired, assertUserEntityRequired, assertUserIdRequired, buildRememberMeCookieValue, checkLoginRequired, clearLoginRedirectBean, convertCookieUserKeyToUserId, createLoginOption, createLoginRedirectBean, createRememberMeKey, createRememberMeLoginOption, delegateRememberMe, doDelegateRememberMe, doLogin, doLoginByGivenEntity, doLoginByIdentity, doRememberMe, doSaveRememberMeCookie, doTryAlreadyLogin, doTryRememberMe, findLoginSessionSyncCheckUser, findLoginUser, findLoginUser, findRememberMeCookie, formatForRememberMeExpireDate, generateLoginRedirectBeanKey, getAllowAnyoneAccessAnnotationType, getLoginRedirectBean, getLoginRedirectBeanType, getLoginSessionSyncCheckInterval, getRedirectLoginActionType, getRememberMeAccessTokenExpireDays, getRememberMeCookieAgent, getRememberMeDelimiter, getSavedUserBean, getSaveKeyUserBeanType, getSessionUserBean, getUserBeanKey, givenLogin, handleLoginFailure, handleLoginSessionSyncCheckSuccess, handleLoginSuccess, handleRememberMeCookie, handleRememberMeInvalidCookie, handleUnknownLoginCredential, hasAnnotation, hasAnnotationOnClass, hasAnnotationOnMethod, identityLogin, inheritUserBeanAdditionalInfo, isExplicitAllowAnyoneAccessAction, isImplicitEverybodyOpenAction, isLoginAction, isLoginActionOrRedirectLoginAction, isLoginRedirectBeanKeptAction, isLoginRequiredAction, isRedirectLoginAction, isSilentlyWhenRememberMe, isSuppressLogoutInvalidate, isSuppressRememberMeOfNonLoginRequired, isUpdateTokenWhenRememberMe, isValidRememberMeCookie, login, loginRedirect, logout, needsLoginSessionSyncCheck, needsSavingRequestedLoginRedirect, newLoginFailureException, processOnBrightLogin, processOnSilentLogin, redirectToLoginAction, regenerateSessionId, registerRememberMeCookie, rememberMe, removeRememberMeCookie, reselectSessionUserBeanIfExists, saveLoginInfoToSession, saveRememberMeKeyToCookie, saveRequestedLoginRedirectInfo, switchToRequestedActionIfExists, syncCheckLoginSessionIfNeeds, throwLoginRequiredException, tryAlreadyLoginOrRememberMe

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface org.lastaflute.web.login.LoginManager

    checkLoginRequired, clearLoginRedirectBean, findLoginUser, findLoginUser, getLoginRedirectBean, getSavedUserBean, getSaveKeyUserBeanType, getSessionUserBean, givenLogin, identityLogin, isLoginAction, isLoginRequiredAction, login, loginRedirect, logout, redirectToLoginAction, rememberMe, reselectSessionUserBeanIfExists, saveRequestedLoginRedirectInfo, switchToRequestedActionIfExists
  • Constructor Details

    • FessLoginAssist

      public FessLoginAssist()
      Default constructor.
  • Method Details

    • checkUserLoginable

      public boolean checkUserLoginable(org.lastaflute.web.login.credential.LoginCredential credential)
      Checks if a user can login with the given credential. This method is not supported in the Fess implementation.
      Specified by:
      checkUserLoginable in interface org.lastaflute.web.login.LoginManager
      Overrides:
      checkUserLoginable in class org.lastaflute.web.login.TypicalLoginAssist<String,org.codelibs.fess.mylasta.action.FessUserBean,FessUser>
      Parameters:
      credential - the login credential to check
      Returns:
      true if the user can login, false otherwise
      Throws:
      UnsupportedOperationException - always thrown as this method is not supported
    • checkCredential

      protected void checkCredential(org.lastaflute.web.login.TypicalLoginAssist<String,org.codelibs.fess.mylasta.action.FessUserBean,FessUser>.org.lastaflute.web.login.TypicalLoginAssist.CredentialChecker checker)
      Checks the credential using the provided credential checker. This method is not supported in the Fess implementation.
      Specified by:
      checkCredential in class org.lastaflute.web.login.TypicalLoginAssist<String,org.codelibs.fess.mylasta.action.FessUserBean,FessUser>
      Parameters:
      checker - the credential checker to use
      Throws:
      UnsupportedOperationException - always thrown as this method is not supported
    • doFindLoginUser

      protected org.dbflute.optional.OptionalEntity<FessUser> doFindLoginUser(String username)
      Finds a login user by username.
      Specified by:
      doFindLoginUser in class org.lastaflute.web.login.TypicalLoginAssist<String,org.codelibs.fess.mylasta.action.FessUserBean,FessUser>
      Parameters:
      username - the username to search for
      Returns:
      an optional entity containing the found user, or empty if not found
    • createUserBean

      protected org.codelibs.fess.mylasta.action.FessUserBean createUserBean(FessUser user)
      Creates a user bean from the given user entity.
      Specified by:
      createUserBean in class org.lastaflute.web.login.TypicalLoginAssist<String,org.codelibs.fess.mylasta.action.FessUserBean,FessUser>
      Parameters:
      user - the user entity to create a bean from
      Returns:
      the created user bean
    • getCookieRememberMeKey

      protected org.dbflute.optional.OptionalThing<String> getCookieRememberMeKey()
      Gets the cookie remember-me key for persistent login. Currently returns empty as remember-me functionality is not enabled.
      Specified by:
      getCookieRememberMeKey in class org.lastaflute.web.login.TypicalLoginAssist<String,org.codelibs.fess.mylasta.action.FessUserBean,FessUser>
      Returns:
      an optional thing containing the remember-me key, or empty if not configured
    • saveLoginHistory

      protected void saveLoginHistory(FessUser user, org.codelibs.fess.mylasta.action.FessUserBean userBean, org.lastaflute.web.login.option.LoginSpecifiedOption option)
      Saves the login history for the given user. This operation is performed asynchronously.
      Specified by:
      saveLoginHistory in class org.lastaflute.web.login.TypicalLoginAssist<String,org.codelibs.fess.mylasta.action.FessUserBean,FessUser>
      Parameters:
      user - the user entity
      userBean - the user bean
      option - the login specified option
    • insertLogin

      protected void insertLogin(Object member)
      Inserts a login record for the given member. Currently this method does nothing.
      Parameters:
      member - the member to insert a login record for
    • checkPermission

      protected void checkPermission(org.lastaflute.web.login.LoginHandlingResource resource) throws org.lastaflute.web.login.exception.LoginRequiredException
      Checks if the current user has permission to access the given resource. For admin actions, verifies that the user has appropriate admin roles or meets the secured annotation requirements.
      Overrides:
      checkPermission in class org.lastaflute.web.login.TypicalLoginAssist<String,org.codelibs.fess.mylasta.action.FessUserBean,FessUser>
      Parameters:
      resource - the login handling resource to check permission for
      Throws:
      org.lastaflute.web.login.exception.LoginRequiredException - if login is required
      UserRoleLoginException - if the user doesn't have required roles
    • getUserBeanType

      protected Class<org.codelibs.fess.mylasta.action.FessUserBean> getUserBeanType()
      Gets the user bean type class.
      Specified by:
      getUserBeanType in class org.lastaflute.web.login.TypicalLoginAssist<String,org.codelibs.fess.mylasta.action.FessUserBean,FessUser>
      Returns:
      the FessUserBean class
    • getLoginActionType

      protected Class<?> getLoginActionType()
      Gets the login action type class.
      Specified by:
      getLoginActionType in class org.lastaflute.web.login.TypicalLoginAssist<String,org.codelibs.fess.mylasta.action.FessUserBean,FessUser>
      Returns:
      the LoginAction class
    • toTypedUserId

      protected String toTypedUserId(String userKey)
      Converts a user key to a typed user ID. In this implementation, returns the user key as-is.
      Specified by:
      toTypedUserId in class org.lastaflute.web.login.TypicalLoginAssist<String,org.codelibs.fess.mylasta.action.FessUserBean,FessUser>
      Parameters:
      userKey - the user key to convert
      Returns:
      the typed user ID
    • resolveCredential

      protected void resolveCredential(org.lastaflute.web.login.TypicalLoginAssist<String,org.codelibs.fess.mylasta.action.FessUserBean,FessUser>.org.lastaflute.web.login.TypicalLoginAssist.CredentialResolver resolver)
      Resolves login credentials using various authentication methods. This method handles local user authentication, LDAP authentication, and SSO authentication through configured authenticators.
      Specified by:
      resolveCredential in class org.lastaflute.web.login.TypicalLoginAssist<String,org.codelibs.fess.mylasta.action.FessUserBean,FessUser>
      Parameters:
      resolver - the credential resolver to use
    • doAuthenticateLocal

      protected org.dbflute.optional.OptionalEntity<FessUser> doAuthenticateLocal(String username, String plainPassword)
      Authenticates a local user by username and plaintext password using the PasswordHashHelper (BCrypt with legacy hex-digest fallback) and performs best-effort lazy re-hashing for credentials stored in an older format.

      Timing-attack countermeasure: every failure path must pay approximately one BCrypt verification worth of CPU, regardless of whether the user exists and regardless of the stored hash format. When PasswordHashHelper.matches(java.lang.String, java.lang.String) already consumed a BCrypt cost (stored value carries a {bcrypt} prefix), no additional padding is applied — otherwise the failure branch would pay two BCrypt costs and become distinguishable from unknown-user failures.

      Parameters:
      username - the login name to look up
      plainPassword - the raw, user-supplied password
      Returns:
      an optional entity containing the found user on success, or empty otherwise
    • lazyUpgradePassword

      protected void lazyUpgradePassword(String username, String plainPassword, String currentStored, PasswordHashHelper passwordHashHelper)
      Best-effort upgrade of a legacy or obsolete-cost password hash to the currently configured algorithm/parameters. A failure here never fails the login and never propagates an exception to the caller.

      Logs only the username (never the plaintext or hash values).

      Parameters:
      username - the user whose stored hash is being upgraded
      plainPassword - the plaintext password (already verified to match)
      currentStored - the currently stored hash value
      passwordHashHelper - the password manager to use
    • encryptPassword

      public String encryptPassword(String plainText)
      Overrides the default cipher-based encryption to delegate to PasswordHashHelper.encode(java.lang.String). This override exists solely so that any internal LastaFlute login path that still calls encryptPassword produces a hash in the new {bcrypt}$2a$... format. All Fess write paths (user creation, password change, initial admin bootstrap) call PasswordHashHelper.encode(String) directly via ComponentUtil.getPasswordHashHelper(); do not add new callers of this method from outside the login framework.
      Specified by:
      encryptPassword in interface org.lastaflute.web.login.LoginManager
      Overrides:
      encryptPassword in class org.lastaflute.web.login.TypicalLoginAssist<String,org.codelibs.fess.mylasta.action.FessUserBean,FessUser>
      Parameters:
      plainText - the plaintext password
      Returns:
      the encoded (hashed) password with prefix
    • doFindLoginUser

      @Deprecated protected org.dbflute.optional.OptionalEntity<FessUser> doFindLoginUser(String username, String cipheredPassword)
      Deprecated.
      Use doAuthenticateLocal(String, String) with the plaintext password. BCrypt uses per-record salts, so an exact-match DB lookup on a hashed value is no longer meaningful. Retained for any subclass or legacy caller.
      Finds a login user by username and encrypted password.
      Parameters:
      username - the username to search for
      cipheredPassword - ignored; retained only for source-level backward compatibility. Local authentication now goes through doAuthenticateLocal(String, String).
      Returns:
      an optional entity containing the found user when the stored password exactly matches the supplied ciphered value, otherwise empty