Helper methods for accessing user data

1 API

Class Ax.ext.user

Method Summary

Modifier and Type

Method

Description

static boolean

exists()

Whether the user is defined in wic_user table

static IUserWrapper

get()

Gets an object containing info about the user.

static IUserWrapper

get(Ax.text.String user_code)

Returns a wrapper around wic_user.

static Ax.text.String

getCode()

static SQLResultSetArray

getDatabases()

static SQLResultSetArray

getDatabases(Ax.text.String server,Ax.text.String dict,boolean primary)

static Ax.text.String

getJsonWebToken()

Gets json web token for the current user

static Ax.text.String

getJsonWebToken(Consumer<UserJWTOptions> options)

Gets json web token for the current user

static Ax.text.String

getJsonWebTokenForUser(Ax.text.String user)

Create a JWT on behalf of a user.

static Ax.text.String

getJsonWebTokenForUser(Ax.text.String user,Consumer<UserJWTOptions> options)

Create a JWT on behalf of a user.

static Ax.crypt.Password

getKeyStoreEntryPassword(Ax.text.String keyStoreName, Ax.text.String entryAlias)

Returns a JSPassword instance encapsulating the plain entry password as configured in the table 'wic_user_keystore_entry', for the specified KS.

static Ax.ks.KeyStoreManager

getKeyStoreManager(Ax.text.String name)

Returns a keystore by name.

static Ax.crypt.Password

getKeyStorePassword(Ax.text.String name)

Returns a JSPassword instance encapsulating the plain KeyStore password as configured for the specified KS.

static SQLResultSetArray

getKeyStores()

Returns the list of KeyStores available for the executing user.

static SQLResultSetArray

getKeyStores(boolean onlyOwned)

Returns the list of KeyStores available for the executing user.

static List

getLoginToken()

Returns a List of objects representing all wic_user_token_login rows for the user

static List

getLoginToken(boolean validOnly)

Returns a List of objects representing wic_user_token_login rows for the user

static boolean

isManager()

Whether the user is manager

Method Detail

Ax.ext.user.exists

static boolean Ax.ext.user.exists()

Info:

Whether the user is defined in wic_user table

Returns:

boolean

Ax.ext.user.get

static object Ax.ext.user.get()

Info:

Gets an object containing info about the user.

Returns:

object

Example

Copy

const user       	= Ax.ext.user.get()
 const code       	= user.getCode()
 const name       	= user.getName()
 const lng        	= user.getLang()
 const country    	= user.getCountry()
 const mail       	= user.getMail()
 const group      	= user.getGroup()
 const dbgroup    	= user.getDBGroup()
 const datePattern   = user.getDatePattern()
 const numPattern	= user.getNumberPattern()
 const tsPattern    	= user.getTimestampPattern()

Ax.ext.user.get

static object Ax.ext.user.get(
	string user_code
)

Info:

Returns a wrapper around wic_user.

Parameters:

user_code - An alternate user

Returns:

object

Ax.ext.user.getCode

static string Ax.ext.user.getCode()

Returns:

string

Ax.ext.user.getDatabases

static resultset Ax.ext.user.getDatabases()

Returns:

resultset

Ax.ext.user.getDatabases

static resultset Ax.ext.user.getDatabases(
	string server,
	string dict,
	boolean primary
)

Parameters:

server - server to include DBs from this server

dict - dictionary database has to include to be listed

primary - if true, return only databases on primary servers

Returns:

resultset

Ax.ext.user.getJsonWebToken

static string Ax.ext.user.getJsonWebToken()

Info:

Gets json web token for the current user

Returns:

string

Example

Copy

let jwt = Ax.ext.user.getJsonWebToken()

Ax.ext.user.getJsonWebToken

static string Ax.ext.user.getJsonWebToken(
	object options
)

Info:

Gets json web token for the current user

Parameters:

options - the options for configuring the token

Returns:

string

Example

Copy

let jwt = Ax.ext.user.getJsonWebToken(options => {
	 	options.addClaim("x", 1);
 		options.setExpiration(new Ax.util.Date().addHour(1));
	});

Ax.ext.user.getJsonWebTokenForUser

static string Ax.ext.user.getJsonWebTokenForUser(
	string user
)

Info:

Create a JWT on behalf of a user. For security reasons this method will throw if not called by manager

Parameters:

user -

Returns:

string

Example

Copy

let jwt = Ax.ext.user.getJsonWebTokenForUser('a_user_code');

Ax.ext.user.getJsonWebTokenForUser

static string Ax.ext.user.getJsonWebTokenForUser(
	string user,
	object options
)

Info:

Create a JWT on behalf of a user. For security reasons this method will throw if not called by manager

Parameters:

user -

options -

Returns:

string

Example

Copy

let jwt = Ax.ext.user.getJsonWebTokenForUser('a_user_code', options => {
	 	options.addClaim("x", 1);
 		options.setExpiration(new Ax.util.Date().addHour(1));
	});

Ax.ext.user.getKeyStoreEntryPassword

static object Ax.ext.user.getKeyStoreEntryPassword(
	string keyStoreName,
	string entryAlias
)

Info:

Returns a JSPassword instance encapsulating the plain entry password as configured in the table 'wic_user_keystore_entry', for the specified KS. The keystore must either belong to the user, or the user must have been granted access.

Parameters:

keyStoreName -

entryAlias -

Returns:

object

Ax.ext.user.getKeyStoreManager

static object Ax.ext.user.getKeyStoreManager(
	string name
)

Info:

Returns a keystore by name. The keystore must either belong to the user, or the user must have been granted access

Parameters:

name -

Returns:

object

Ax.ext.user.getKeyStorePassword

static object Ax.ext.user.getKeyStorePassword(
	string name
)

Info:

Returns a JSPassword instance encapsulating the plain KeyStore password as configured for the specified KS. The keystore must either belong to the user, or the user must have been granted access. It will be used when signing with a certificate from inside the KS but the entry name is not known (so it's password cannot be stored in the entries table in wic_conf). In such case, the KS password will match the entry password.

Parameters:

name -

Returns:

object

Ax.ext.user.getKeyStores

static resultset Ax.ext.user.getKeyStores()

Info:

Returns the list of KeyStores available for the executing user.

Returns:

resultset

Ax.ext.user.getKeyStores

static resultset Ax.ext.user.getKeyStores(
	boolean onlyOwned
)

Info:

Returns the list of KeyStores available for the executing user. If the "onlyOwned" flag is true then the list is restricted to the KS owned, otherwise the list includes all the KS shared / granted to the executing user.

Parameters:

onlyOwned -

Returns:

resultset

Ax.ext.user.getLoginToken

static array Ax.ext.user.getLoginToken()

Info:

Returns a List of objects representing all wic_user_token_login rows for the user

Returns:

array

Ax.ext.user.getLoginToken

static array Ax.ext.user.getLoginToken(
	boolean validOnly
)

Info:

Returns a List of objects representing wic_user_token_login rows for the user

Parameters:

validOnly - Filter only valid tokens

Returns:

array

Ax.ext.user.isManager

static boolean Ax.ext.user.isManager()

Info:

Whether the user is manager

Returns:

boolean

2 Using user KeyStores

User stored KeyStore entries can be accessed from Ax JavaScript code by using the following methods:

Ax.ext.user.getKeystores(): returns the list of KS available to the executing user
Ax.ext.user.getKeystores(onlyOwned: boolean): if "onlyOwned" is true, returns the list of all available KS owned by the executing user, if false returns all available KS (owned or granted to user).
Ax.ext.user.getKeyStoreManager(ksName: String): returns the KS manager object if available to user. If the underlying Java KS is locked and it's password is stored then this instance allow accessing the KS properties and entries without asking or revealing the password to users.
Ax.ext.user.getKeyStorePassword(ksName: String): returns a JSPassword instance corresponding to the stored password for the KS. It can be used to sign documents but without revealing the password to users.
Ax.ext.user.getKeyStoreEntryPassword(ksName: String, entryAlias: String): returns a JSPassword instance corresponding to the stored password for the specified entry alias. It can be used to sign documents but without revealing the password to users.

For example, their usage allows signing content with a certificate or a key pair stored inside a shared Keystore.

Example

Copy

<script>

	let ksname = 'DEMO_KEYSTORE_TEST_TICKETBY_JACK';
	
	let ks = Ax.ext.user.getKeyStoreManager(ksname);
	console.log(ks.toResultSet());

	// Load any document (text, file ...)
	// In our example, we use a simple text
	var src = "This is a memo text that must be																																									 signed to certifify it's author";
	
	let entry_jack_pass = Ax.ext.user.getKeyStoreEntryPassword(ksname, 'jack')
	
	// Sign the document using keystore private key alias "jack"
	// with it's password provided by Ax.ext.user.getKeyStoreEntryPassword()
	// as an instance of JSPassword.
	var tmp = new Ax.crypt.CAdES(src)
		.setTspServer("http://tsa.belgium.be/connect")
		.setSignaturePackaging(Ax.crypt.CAdES.SIGNATUREPACKAGING.DETACHED)
		.setSignatureLevel(Ax.crypt.CAdES.SIGNATURELEVEL.CAdES_BASELINE_T)
		.sign(ks, "jack", entry_jack_pass);
	
	// Look at the content of the data
	console.log(tmp);
	return tmp;			

</script>

Please note that the instance obtained by Ax.ext.user.getKeyStoreEntryPassword() is not the plain password associated to the KeyStore by the owner. It is an object which contains the password and allows the application using the KS entry, but cannot provide the password back.