Component org.nuxeo.ecm.platform.usermanager.UserService
In bundle org.nuxeo.ecm.platform.usermanager
Documentation
A service to interact with the list of users and groups of the platform.
Resolution Order
531
The resolution order represents the order in which this component has been resolved by the Nuxeo Runtime
framework.
You can influence this order by adding "require" tags in your component declaration, to make sure it is resolved after another component.
Start Order
845
The start order represents the order in which this component has been started by the Nuxeo Runtime framework.
This number is interesting to tweak if your Java component interacts with other components, and needs to be started before or after another one.
It can be changed by implementing the method "Component#getApplicationStartedOrder()" on your Java component: components are sorted according to this reference value, in increasing order.
The default value is 1000, and the repository initialization uses number 100. Negative values can also be used.
Implementation
Class:
org.nuxeo.ecm.platform.usermanager.UserService
Services
- org.nuxeo.ecm.platform.usermanager.MultiTenantUserManager
- org.nuxeo.ecm.platform.usermanager.UserManager
- org.nuxeo.runtime.api.login.Authenticator
- org.nuxeo.ecm.core.api.security.AdministratorGroupsProvider
Extension Points
XML Source
<?xml version='1.0' encoding='UTF-8'?>
<component name="org.nuxeo.ecm.platform.usermanager.UserService">
<documentation>
A service to interact with the list of users and groups of the platform.
</documentation>
<implementation class="org.nuxeo.ecm.platform.usermanager.UserService"/>
<service>
<provide interface="org.nuxeo.ecm.platform.usermanager.MultiTenantUserManager"/>
<provide interface="org.nuxeo.ecm.platform.usermanager.UserManager"/>
<provide interface="org.nuxeo.runtime.api.login.Authenticator"/>
<provide interface="org.nuxeo.ecm.core.api.security.AdministratorGroupsProvider"/>
</service>
<extension-point name="userManager">
<documentation>
Configure the userManager.
<p/>
The extension should use the format:
<code>
<userManager>
<users>
<directory>somedirectory</directory>
<emailField>mail</emailField>
<searchFields append="true">
<substringMatchSearchField>first</substringMatchSearchField>
<exactMatchSearchField>last</exactMatchSearchField>
</searchFields>
<listingMode>tabbed</listingMode>
<anonymousUser id="Anonymous">
<property name="firstName">Anonymous</property>
<property name="lastName">User</property>
</anonymousUser>
<virtualUser id="MyCustomAdministrator" searchable="false">
<password>********</password>
<property name="firstName">My Custom</property>
<property name="lastName">Administrator</property>
<group>administrators</group>
</virtualUser>
<virtualUser id="MyCustomMember" searchable="false">
<password>********</password>
<property name="firstName">My Custom</property>
<property name="lastName">Member</property>
<group>members</group>
<group>othergroup</group>
<propertyList name="listprop">
<value>item1</value>
<value>item2</value>
</propertyList>
</virtualUser>
<virtualUser id="ExistingVirtualUser" remove="true"/>
</users>
<defaultAdministratorId>admin</defaultAdministratorId>
<administratorsGroup>myAdministrators</administratorsGroup>
<disableDefaultAdministratorsGroup>
false
</disableDefaultAdministratorsGroup>
<userSortField>sn</userSortField>
<userPasswordPattern>^[a-zA-Z0-9]{5,}$</userPasswordPattern>
<groups>
<directory>somegroupdir</directory>
<membersField>members</membersField>
<groupLabelField>grouplabel</groupLabelField>
<subGroupsField>subgroups</subGroupsField>
<parentGroupsField>parentgroup</parentGroupsField>
<listingMode>search_only</listingMode>
<searchFields append="true">
<substringMatchSearchField>grouplabel</substringMatchSearchField>
<exactMatchSearchField>groupname</exactMatchSearchField>
</searchFields>
</groups>
<defaultGroup>members</defaultGroup>
<groupSortField>groupname</groupSortField>
</userManager>
</code>
<p/>
If the element anonymousUser has the attribute remove="true", then the
anonymous user will be disabled. The anonymous user is searchable by
default.
<p/>
If a virtual user has the attribute remove="true", it is removed from the
list of virtual users. Virtual users are searchable by default, but it is
not implemented yet... so you should keep the attribute searchable="false"
to keep the same behaviour when it will be.
<p/>
Virtual users with the "administrators" group will have the same rights
than the default administrator.
<p/>
New administrators groups can be added using the "administratorsGroup"
tag. Several groups can be defined, adding as many tags as needed. The
default group named "administrators" can be disabled by setting the
"disableDefaultAdministratorsGroup" to "true" (defaults to false): only
new defined administrators groups will then be taken into account. Note
that disabling this default group should be done after setting up custom
rights in the repository, as this group is usually defined as the group of
users who have all permissions at the root of the repository.
<p/>
Anonymous and virtual users properties have to match the users directory
schema fields to be taken into account.
<p/>
The userPasswordPattern format is specified by java.util.regex.Pattern.
<p/>
The values for users listingMode are: "all", "tabbed", "search_only".
(These values are defined in
org.nuxeo.ecm.webapp.security.UserManagerActionsBean.)
<p/>
The values for groups listingMode are: "all" and "search_only".
</documentation>
<object class="org.nuxeo.ecm.platform.usermanager.UserManagerDescriptor"/>
</extension-point>
</component>