: UserPolicy can be set for each userType.

: User schema(nodeType) by userType is matched.

User schema

: It means manager, admin, customer node type.

user type

valueType CODE

code	label

code	label
`manager`	Manager
`admin`	Admin
`customer`	Customer

allowedLoginDuplication

로그인 중복 허용

valueType BOOLEAN
- true
  - Multiple users can log in with one account
- false
  - Multiple users cannot log in with one account
  - End previous user session if there is already a logged in user
    Notifying that the previous user session has ended.
    Just log in again.

allowedLoginFailCount

허용된 로그인 실패 횟수

valueType INT
Can set the number of login failures
Reach the number of failures & set enableUserLock
- Account lockout
  Must be released by the administrator

loginFailCount

: This is a property type in the user schema

When a user fails to log in, the number increases

If not, create a property type (valueType : INT)

passwordChangeCycle

비밀번호 변경 주기

valueType CODE

code	label

code	label
`P1M`	1개월, 1 month
`P3M`	3개월, 3 months
`P6M`	6개월, 6 months
`P1Y`	1년, 1 year

If the change cycle has arrived based on lastPasswordChangeDate& set enableUserLock
- true
  - 비밀번호 변경 기간(" + label + ") 이 초과하여 계정이 잠겨 있습니다. 시스템 관리자에게 문의해 주시기 바랍니다.
- false
  - label + " 이상 비밀번호를 변경하지 않으셨습니다. 비밀번호를 변경하시기 바랍니다."

lastPasswordChangeDate

: This is a property type in the user schema

When the user changes the password, the date is updated.

If not, create a property type (valueType : DATE)

passwordChangeExtendPeriod

비밀번호 변경 연장기간

valueType CODE

code	label

code	label
`P1M`	1개월, 1 month
`P3M`	3개월, 3 months
`P6M`	6개월, 6 months
`P1Y`	1년, 1 year

isEmpty
- Unable to extend password change
notEmpty
- Password change can be extended

unconnectablePeriod

미접속 가능 기간

valueType CODE

code	label

code	label
`P1M`	1개월, 1 month
`P3M`	3개월, 3 months
`P6M`	6개월, 6 months
`P1Y`	1년, 1 year

“미접속 가능 기간이 초과하여 계정이 잠겨 있습니다.\n시스템 관리자에게 문의해 주시기 바랍니다.”

enableUserLock

사용자 잠금 사용 여부

valueType CODES

When the allowedLoginFailCount, passwordChangeCycle, unconnectablePeriod setting values arrive
You can choose whether to lock the user or not.

SAMPLE DATA

(설명) admin 사용자에 대하여 
- 중복로그인을 허용하지 않고
- 비밀번호 실패 횟수 5회 설정
- 비밀번호 변경 주기 3개월
- 미접속가능기간 1년
- 비밀번호 실패횟수 또는 미접속 가능 기간이 도래한 경우 사용자 계정 잠금 처리

{{protocol}}://{{hostname}}:{{port}}/node/userPolicy/1871395741

{
    "result": "200",
    "resultMessage": "SUCCESS",
    "item": {
        "id": "1871395741",
        "label": "admin",
        "userType": {
            "value": "admin",
            "label": "Admin"
        },
        "site": null,
        "allowedLoginDuplication": false,
        "allowedLoginFailCount": 5,
        "passwordChangeCycle": {
            "value": "P3M",
            "label": "3개월"
        },
        "passwordChangeExtendPeriod": null,
        "unconnectablePeriod": {
            "value": "P1Y",
            "label": "1년"
        },
        "enableUserLock": [
            {
                "value": "allowedLoginFailCount",
                "label": "허용 된 로그인 실패 횟수"
            },
            {
                "value": "unconnectablePeriod",
                "label": "미접속 가능 기간"
            }
        ]
    }
}

SessionProcess

SessionProcess can define signIn, signUp, withdraw, and initPassword for each user type.

You can customize the SessionProcess for each project.

Create a class that inherits the SessionProcess interface.
- Path : net/ion/ice/core/session/process/SessionProcess.java
- Naming convention : sessionProcessProjectId
If you don't create a project's SessionProcess, the default is used.
- SessionProcessDefault.java

SessionService.java

@PostConstruct
public void init() {
    this.project = configuration.getProject();
    sessionCloser = new SessionCloser(sessionTimeoutConfiguration,
            clusterService,
            this);
    sessionCloser.setDaemon(true);
    sessionCloser.start();
    try {
        sessionProcess = (SessionProcess) ApplicationContextManager.getBean("sessionProcess" + WordUtils.capitalize(project));
    } catch (NoSuchBeanDefinitionException e) {
        logger.error(e.getMessage());
        sessionProcess = (SessionProcess) ApplicationContextManager.getBean("sessionProcessDefault");
    }
}

SessionProcessDefault.java

public class SessionProcessDefault implements SessionProcess {
    static Logger logger = LoggerFactory.getLogger(SessionProcess.class);

    protected final SessionService sessionService;

    public SessionProcessDefault(SessionService sessionService) {
        this.sessionService = sessionService;
    }

    @Override
    public Map<String, Object> signInAdmin(String id, String password, Map<String, Object> session, HttpServletRequest request) {
        Map<String, Object> result = new HashMap<>(session);

        UserAccount account = new UserAccount(id, getAdmin(id));
        account.validate(request, session, "adm", "admin", id, password);

        session.putAll(SessionUtils.getSessionService().initAdminSession(id, account.getUser()));

        result.put("user", account.getUser());
        result.put("result", "200");
        result.put("resultMessage", "SUCCESS");
        return result;
    }
    
    ...
    
}

UserAccount.java

UserPolicy.java

[BO] Platform Console > Account/Authority > User Policy Setting

ICE4 PRODUCT

User Policy

Analytics