UserService

Allows the domain object to obtain the identity of the user interacting with said object.

If SudoService has been used to temporarily override the user and/or roles, then this service will report the overridden values instead. This is within the context of a thread.

In addition, if impersonation has been invoked through the ImpersonateMenu , then this service will report the impersonated user, with the companion ImpersonatedUserHolder taking responsibilty for remembering the impersonated user over multiple (http) requests, eg using an http session. It’s important to note that under these circumstances the user reported by this service (the "effective" user) will not be the same as the user held in the InteractionContext , as obtained by InteractionLayerTracker#currentInteractionContext() InteractionLayerTracker (the "real" user).

API

UserService.java
class UserService {
  public static final String NOBODY;     (1)
  Optional<UserMemento> currentUser()     (2)
  UserMemento getUser()     (3)
  UserMemento currentUserElseFail()     (4)
  Optional<String> currentUserName()     (5)
  String currentUserNameElseNobody()     (6)
  boolean isImpersonating()     (7)
  boolean supportsImpersonation()     (8)
  void impersonateUser(final String userName, final List<String> roles, final String multiTenancyToken)     (9)
  void stopImpersonating()     (10)
}
1 NOBODY

Default returned from #currentUserNameElseNobody() .

2 currentUser()

Returns the details about the current user, either the "effective" user (if being #impersonateUser(String, List, String) impersonated ) otherwise the "real" user (as obtained from the InteractionContext of the current thread).

3 getUser()

Gets the details about the #currentUser() current user, if any (and returning null if there is none).

4 currentUserElseFail()

Gets the details about the #currentUser() current user, throwing an exception if there is none.

5 currentUserName()

Optionally gets the #currentUser() current user 's name, obtained from UserMemento .

6 currentUserNameElseNobody()

Returns either the current user’s name or else #NOBODY .

7 isImpersonating()

Whether or not the user currently reported (in #currentUser() and similar) is actually an impersonated user.

8 supportsImpersonation()

Whether impersonation is available for this request.

9 impersonateUser(String, List, String)

Allows implementations to override the current user with another user.

10 stopImpersonating()

For implementations that support impersonation, this is to programmatically stop impersonating a user

Members

NOBODY

Default returned from #currentUserNameElseNobody() .

currentUser()

Returns the details about the current user, either the "effective" user (if being #impersonateUser(String, List, String) impersonated ) otherwise the "real" user (as obtained from the InteractionContext of the current thread).

getUser()

Gets the details about the #currentUser() current user, if any (and returning null if there is none).

currentUserElseFail()

Gets the details about the #currentUser() current user, throwing an exception if there is none.

currentUserName()

Optionally gets the #currentUser() current user 's name, obtained from UserMemento .

currentUserNameElseNobody()

Returns either the current user’s name or else #NOBODY .

isImpersonating()

Whether or not the user currently reported (in #currentUser() and similar) is actually an impersonated user.

supportsImpersonation()

Whether impersonation is available for this request.

The typical implementation uses an HTTP session, which is not guaranteed to be available for all viewers. Specifically, the Wicket viewer does use HTTP sessions and therefore supports impersonation, but the RestfulObjects viewer does not . This means that the result of this call varies on a request-by-request basis.

impersonateUser(String, List, String)

Allows implementations to override the current user with another user.

If this service (for this request) does not #supportsImpersonation() support impersonation , then the request is just ignored.

this is intended for non-production environments only, where it can be invaluable (from a support perspective) to be able to quickly use the application "as if" logged in as another user.

stopImpersonating()

For implementations that support impersonation, this is to programmatically stop impersonating a user

If this service (for this request) does not #supportsImpersonation() support impersonation , then the request is just ignored.

Intended to be called at some point after #impersonateUser(String, List, String) would have been called.

Implementation

The core framework provides a default implementation of this service (o.a.i.core.runtime.services.user.UserServiceDefault).

Usage by Framework

The roles associated with the UserMemento will be based on the configured security (typically Shiro).

In addition, when using the Web UI (Wicket viewer) there will be an additional "org.apache.isis.viewer.wicket.roles.USER" role; this is used internally to restrict access to web pages without authenticating.