Poco::OSP::Auth

class AuthAdminServiceImpl

Library: OSP
Package: Auth
Header: Poco/OSP/Auth/AuthAdminServiceImpl.h

Description

This class implements the AuthAdminService using a SQL database accessed via the POCO Data library, and optionally LDAP for password verification and permissions.

Upon successful authentication of a user, the class will cache the permissions for the user so that further permission checks are very quick.

Inheritance

Direct Base Classes: AuthAdminService

All Base Classes: AuthAdminService, AuthService, Poco::OSP::Service, Poco::RefCountedObject

Member Summary

Member Functions: addRole, addUser, addUserImpl, assignRoleToUser, attributesForUser, authenticate, authenticateDB, authenticateLDAP, authorize, changePassword, changePasswordImpl, effectivePermissionsForUser, getUserAttribute, grantPermissionsToRole, grantPermissionsToUser, init, isA, permissionsForRole, permissionsForUser, removeRole, removeRoleFromUser, removeUser, removeUserAttribute, replacePermissionsForUser, replaceRolesForUser, revokePermissionsFromRole, revokePermissionsFromUser, roleExists, roles, rolesForUser, setUserAttribute, setUserAttributeImpl, type, uncacheUser, userExists, userExistsImpl, users

Inherited Functions: addRole, addUser, assignRoleToUser, attributesForUser, authenticate, authorize, changePassword, duplicate, effectivePermissionsForUser, getUserAttribute, grantPermissionsToRole, grantPermissionsToUser, isA, permissionsForRole, permissionsForUser, referenceCount, release, removeRole, removeRoleFromUser, removeUser, removeUserAttribute, revokePermissionsFromRole, revokePermissionsFromUser, roleExists, roles, rolesForUser, setUserAttribute, type, uncacheUser, userExists, users

Nested Classes

struct AuthParams

 more...

struct LDAPParams

LDAP authentication parameters. more...

Types

Ptr

typedef Poco::AutoPtr < AuthAdminServiceImpl > Ptr;

Constructors

AuthAdminServiceImpl

AuthAdminServiceImpl(
    const Poco::Util::AbstractConfiguration & properties,
    Poco::Logger & logger,
    const AuthParams & authParams,
    const LDAPParams & ldapParams
);

Creates the AuthAdminServiceImpl using the given authentication and LDAP parameters.

Note: if ldapParams.uri is empty, LDAP authentication will be disabled.

See the Poco::Data::Session class for more information on connector names and connection strings.

Destructor

~AuthAdminServiceImpl virtual

~AuthAdminServiceImpl();

Destroys the AuthAdminServiceImpl.

Member Functions

addRole virtual

void addRole(
    const std::string & roleName
);

addUser virtual

void addUser(
    const std::string & username,
    const std::string & password
);

assignRoleToUser virtual

void assignRoleToUser(
    const std::string & username,
    const std::string & roleName
);

attributesForUser virtual

void attributesForUser(
    const std::string & username,
    std::set < std::string > & attributes
) const;

authenticate virtual

bool authenticate(
    const std::string & username,
    const std::string & credentials
) const;

authorize virtual

bool authorize(
    const std::string & username,
    const std::string & permission
) const;

changePassword virtual

void changePassword(
    const std::string & username,
    const std::string & password
);

effectivePermissionsForUser virtual

void effectivePermissionsForUser(
    const std::string & username,
    std::set < std::string > & permissions
) const;

getUserAttribute virtual

std::string getUserAttribute(
    const std::string & username,
    const std::string & attribute,
    const std::string & deflt = std::string ()
) const;

grantPermissionsToRole virtual

void grantPermissionsToRole(
    const std::string & roleName,
    const std::set < std::string > & permissions
);

grantPermissionsToUser virtual

void grantPermissionsToUser(
    const std::string & username,
    const std::set < std::string > & permissions
);

isA virtual

bool isA(
    const std::type_info & otherType
) const;

permissionsForRole virtual

void permissionsForRole(
    const std::string & roleName,
    std::set < std::string > & permissions
) const;

permissionsForUser virtual

void permissionsForUser(
    const std::string & username,
    std::set < std::string > & permissions
) const;

removeRole virtual

void removeRole(
    const std::string & roleName
);

removeRoleFromUser virtual

void removeRoleFromUser(
    const std::string & username,
    const std::string & roleName
);

removeUser virtual

void removeUser(
    const std::string & username
);

removeUserAttribute virtual

void removeUserAttribute(
    const std::string & username,
    const std::string & attribute
);

revokePermissionsFromRole virtual

void revokePermissionsFromRole(
    const std::string & roleName,
    const std::set < std::string > & permissions
);

revokePermissionsFromUser virtual

void revokePermissionsFromUser(
    const std::string & username,
    const std::set < std::string > & permissions
);

roleExists virtual

bool roleExists(
    const std::string & roleName
) const;

roles virtual

void roles(
    std::set < std::string > & roles
) const;

rolesForUser virtual

void rolesForUser(
    const std::string & username,
    std::set < std::string > & roles
) const;

setUserAttribute virtual

void setUserAttribute(
    const std::string & username,
    const std::string & attribute,
    const std::string & value
);

type virtual

const std::type_info & type() const;

uncacheUser virtual

void uncacheUser(
    const std::string & username
);

userExists virtual

bool userExists(
    const std::string & username
) const;

users virtual

void users(
    std::set < std::string > & users,
    int first = 0,
    int limit = 0
) const;

addUserImpl protected

void addUserImpl(
    const std::string & username,
    const std::string & password
) const;

authenticateDB protected

bool authenticateDB(
    const std::string & username,
    const std::string & credentials
) const;

authenticateLDAP protected

bool authenticateLDAP(
    const std::string & username,
    const std::string & credentials
) const;

changePasswordImpl protected

void changePasswordImpl(
    const std::string & username,
    const std::string & password
) const;

init protected

void init(
    const std::string & dbConnector
);

replacePermissionsForUser protected

void replacePermissionsForUser(
    const std::string & username,
    const std::set < std::string > & permissions
) const;

replaceRolesForUser protected

void replaceRolesForUser(
    const std::string & username,
    const std::set < std::string > & permissions
) const;

setUserAttributeImpl protected

void setUserAttributeImpl(
    const std::string & username,
    const std::string & attribute,
    const std::string & value
) const;

userExistsImpl protected

bool userExistsImpl(
    const std::string & username
) const;