Library: OSP
Package: Auth
Header: Poco/OSP/Auth/AuthAdminServiceImpl.h
Description
This class implements the AuthAdminService using a SQL database accessed via the POCO Data library, and optionally LDAP for password verification and permissions.
Upon successful authentication of a user, the class will cache the permissions for the user so that further permission checks are very quick.
Inheritance
Direct Base Classes: AuthAdminService
All Base Classes: AuthAdminService, AuthService, Poco::OSP::Service, Poco::RefCountedObject
Member Summary
Member Functions: addRole, addUser, addUserImpl, assignRoleToUser, attributesForUser, authenticate, authenticateDB, authenticateLDAP, authorize, changePassword, changePasswordImpl, effectivePermissionsForUser, getUserAttribute, grantPermissionsToRole, grantPermissionsToUser, init, isA, permissionsForRole, permissionsForUser, removeRole, removeRoleFromUser, removeUser, removeUserAttribute, replacePermissionsForUser, replaceRolesForUser, revokePermissionsFromRole, revokePermissionsFromUser, roleExists, roles, rolesForUser, setUserAttribute, setUserAttributeImpl, type, uncacheUser, userExists, userExistsImpl, users
Inherited Functions: addRole, addUser, assignRoleToUser, attributesForUser, authenticate, authorize, changePassword, duplicate, effectivePermissionsForUser, getUserAttribute, grantPermissionsToRole, grantPermissionsToUser, isA, permissionsForRole, permissionsForUser, referenceCount, release, removeRole, removeRoleFromUser, removeUser, removeUserAttribute, revokePermissionsFromRole, revokePermissionsFromUser, roleExists, roles, rolesForUser, setUserAttribute, type, uncacheUser, userExists, users
Nested Classes
struct AuthParams
struct LDAPParams
LDAP authentication parameters.
Types
Ptr
typedef Poco::AutoPtr < AuthAdminServiceImpl > Ptr;
Constructors
AuthAdminServiceImpl
AuthAdminServiceImpl(
const Poco::Util::AbstractConfiguration & properties,
Poco::Logger & logger,
const AuthParams & authParams,
const LDAPParams & ldapParams
);
Creates the AuthAdminServiceImpl using the given authentication and LDAP parameters.
Note: if ldapParams.uri is empty, LDAP authentication will be disabled.
See the Poco::Data::Session class for more information on connector names and connection strings.
Destructor
~AuthAdminServiceImpl
Destroys the AuthAdminServiceImpl.
Member Functions
addRole
void addRole(
const std::string & roleName
);
addUser
void addUser(
const std::string & username,
const std::string & password
);
assignRoleToUser
void assignRoleToUser(
const std::string & username,
const std::string & roleName
);
attributesForUser
void attributesForUser(
const std::string & username,
std::set < std::string > & attributes
) const;
authenticate
bool authenticate(
const std::string & username,
const std::string & credentials
) const;
authorize
bool authorize(
const std::string & username,
const std::string & permission
) const;
changePassword
void changePassword(
const std::string & username,
const std::string & password
);
effectivePermissionsForUser
void effectivePermissionsForUser(
const std::string & username,
std::set < std::string > & permissions
) const;
getUserAttribute
std::string getUserAttribute(
const std::string & username,
const std::string & attribute,
const std::string & deflt = std::string ()
) const;
grantPermissionsToRole
void grantPermissionsToRole(
const std::string & roleName,
const std::set < std::string > & permissions
);
grantPermissionsToUser
void grantPermissionsToUser(
const std::string & username,
const std::set < std::string > & permissions
);
isA
bool isA(
const std::type_info & otherType
) const;
See also: Poco::OSP::Auth::AuthAdminService::isA()
permissionsForRole
void permissionsForRole(
const std::string & roleName,
std::set < std::string > & permissions
) const;
permissionsForUser
void permissionsForUser(
const std::string & username,
std::set < std::string > & permissions
) const;
removeRole
void removeRole(
const std::string & roleName
);
removeRoleFromUser
void removeRoleFromUser(
const std::string & username,
const std::string & roleName
);
removeUser
void removeUser(
const std::string & username
);
removeUserAttribute
void removeUserAttribute(
const std::string & username,
const std::string & attribute
);
revokePermissionsFromRole
void revokePermissionsFromRole(
const std::string & roleName,
const std::set < std::string > & permissions
);
revokePermissionsFromUser
void revokePermissionsFromUser(
const std::string & username,
const std::set < std::string > & permissions
);
roleExists
bool roleExists(
const std::string & roleName
) const;
roles
void roles(
std::set < std::string > & roles
) const;
rolesForUser
void rolesForUser(
const std::string & username,
std::set < std::string > & roles
) const;
setUserAttribute
void setUserAttribute(
const std::string & username,
const std::string & attribute,
const std::string & value
);
type
const std::type_info & type() const;
uncacheUser
void uncacheUser(
const std::string & username
);
userExists
bool userExists(
const std::string & username
) const;
users
void users(
std::set < std::string > & users,
int first = 0,
int limit = 0
) const;
addUserImpl
void addUserImpl(
const std::string & username,
const std::string & password
) const;
authenticateDB
bool authenticateDB(
const std::string & username,
const std::string & credentials
) const;
authenticateLDAP
bool authenticateLDAP(
const std::string & username,
const std::string & credentials
) const;
changePasswordImpl
void changePasswordImpl(
const std::string & username,
const std::string & password
) const;
init
void init(
const std::string & dbConnector
);
replacePermissionsForUser
void replacePermissionsForUser(
const std::string & username,
const std::set < std::string > & permissions
) const;
replaceRolesForUser
void replaceRolesForUser(
const std::string & username,
const std::set < std::string > & permissions
) const;
setUserAttributeImpl
void setUserAttributeImpl(
const std::string & username,
const std::string & attribute,
const std::string & value
) const;
userExistsImpl
bool userExistsImpl(
const std::string & username
) const;