: UserPolicy can be set for each userType.
: User schema(nodeType) by userType is matched.
User schema : It means manager, admin, customer node type. |
valueType CODE
code | label |
|---|---|
| Manager |
| Admin |
| Customer |
로그인 중복 허용
valueType BOOLEAN
true
Multiple users can log in with one account
false
Multiple users cannot log in with one account
End previous user session if there is already a logged in user
Notifying that the previous user session has ended.
Just log in again.
허용된 로그인 실패 횟수
valueType INT
Can set the number of login failures
Reach the number of failures & set enableUserLock
Account lockout
Must be released by the administrator
loginFailCount : This is a property type in the user schema When a user fails to log in, the number increases If not, create a property type (valueType : |
비밀번호 변경 주기
valueType CODE
code | label |
|---|---|
| 1개월, 1 month |
| 3개월, 3 months |
| 6개월, 6 months |
| 1년, 1 year |
If the change cycle has arrived based on lastPasswordChangeDate& set enableUserLock
true
비밀번호 변경 기간(" + label + ") 이 초과하여 계정이 잠겨 있습니다. 시스템 관리자에게 문의해 주시기 바랍니다.
false
label + " 이상 비밀번호를 변경하지 않으셨습니다. 비밀번호를 변경하시기 바랍니다."
lastPasswordChangeDate : This is a property type in the user schema When the user changes the password, the date is updated. If not, create a property type (valueType : |
비밀번호 변경 연장기간
valueType CODE
code | label |
|---|---|
| 1개월, 1 month |
| 3개월, 3 months |
| 6개월, 6 months |
| 1년, 1 year |
isEmpty
Unable to extend password change
notEmpty
Password change can be extended
It is necessary to implement a separate process for extending the password change period on the login page. |
미접속 가능 기간
valueType CODE
code | label |
|---|---|
| 1개월, 1 month |
| 3개월, 3 months |
| 6개월, 6 months |
| 1년, 1 year |
“미접속 가능 기간이 초과하여 계정이 잠겨 있습니다.\n시스템 관리자에게 문의해 주시기 바랍니다.”
lastConnectionTime : This is a property type in the user schema When the user login, the date is updated. If not, create a property type (valueType : |
사용자 잠금 사용 여부
valueType CODES
When the allowedLoginFailCount, passwordChangeCycle, unconnectablePeriod setting values arrive
You can choose whether to lock the user or not.
isLock : This is a property type in the user schema If not, create a property type (valueType : |
(설명) admin 사용자에 대하여
- 중복로그인을 허용하지 않고
- 비밀번호 실패 횟수 5회 설정
- 비밀번호 변경 주기 3개월
- 미접속가능기간 1년
- 비밀번호 실패횟수 또는 미접속 가능 기간이 도래한 경우 사용자 계정 잠금 처리
{{protocol}}://{{hostname}}:{{port}}/node/userPolicy/1871395741
{
"result": "200",
"resultMessage": "SUCCESS",
"item": {
"id": "1871395741",
"label": "admin",
"userType": {
"value": "admin",
"label": "Admin"
},
"site": null,
"allowedLoginDuplication": false,
"allowedLoginFailCount": 5,
"passwordChangeCycle": {
"value": "P3M",
"label": "3개월"
},
"passwordChangeExtendPeriod": null,
"unconnectablePeriod": {
"value": "P1Y",
"label": "1년"
},
"enableUserLock": [
{
"value": "allowedLoginFailCount",
"label": "허용 된 로그인 실패 횟수"
},
{
"value": "unconnectablePeriod",
"label": "미접속 가능 기간"
}
]
}
} |
SessionProcess can define signIn, signUp, withdraw, and initPassword for each user type.
You can customize the SessionProcess for each project.
Create a class that inherits the SessionProcess interface.
Path : net/ion/ice/core/session/process/SessionProcess.java
Naming convention : sessionProcessProjectId
If you don't create a project's SessionProcess, the default is used.
SessionProcessDefault.java
SessionService.java
@PostConstruct
public void init() {
this.project = configuration.getProject();
sessionCloser = new SessionCloser(sessionTimeoutConfiguration,
clusterService,
this);
sessionCloser.setDaemon(true);
sessionCloser.start();
try {
sessionProcess = (SessionProcess) ApplicationContextManager.getBean("sessionProcess" + WordUtils.capitalize(project));
} catch (NoSuchBeanDefinitionException e) {
logger.error(e.getMessage());
sessionProcess = (SessionProcess) ApplicationContextManager.getBean("sessionProcessDefault");
}
} |
SessionProcessDefault.java
public class SessionProcessDefault implements SessionProcess {
static Logger logger = LoggerFactory.getLogger(SessionProcess.class);
protected final SessionService sessionService;
public SessionProcessDefault(SessionService sessionService) {
this.sessionService = sessionService;
}
@Override
public Map<String, Object> signInAdmin(String id, String password, Map<String, Object> session, HttpServletRequest request) {
Map<String, Object> result = new HashMap<>(session);
UserAccount account = new UserAccount(id, getAdmin(id));
account.validate(request, session, "adm", "admin", id, password);
session.putAll(SessionUtils.getSessionService().initAdminSession(id, account.getUser()));
result.put("user", account.getUser());
result.put("result", "200");
result.put("resultMessage", "SUCCESS");
return result;
}
...
} |
UserAccount.java
public UserAccount(String id, Node user) {
if (StringUtils.isEmpty(id) || user == null) {
throw new ApiException(ApiResCode.NotFoundUser);
}
this.user = user;
this.userPolicy = new UserPolicy(user);
} |
UserPolicy.java
public UserPolicy(Node node) {
this.user = node;
if (StringUtils.equals(node.getTypeId(), "customer")) {
List<Node> list = NodeUtils.getNodeList(USERPOLICY, "userType_matching=customer&site_matching=" + node.getStringValue("site"));
if (list.size() == 0) {
this.userPolicy = null;
} else {
this.userPolicy = list.get(0);
}
} else {
this.userPolicy = ((List<Node>) NodeQuery.build(USERPOLICY).matching("userType", node.getTypeId()).getList()).stream().findFirst().orElse(null);
}
} |
.png?version=1&modificationDate=1602648864786&cacheVersion=1&api=v2 "ICE4 PRODUCT > User Policy > 관리자-페이지 (2).png")