Creative commons Attribution-NonCommercial license.
NO WARRANTY IS GIVEN OR IMPLIED, USE AT YOUR OWN RISK.
Small set of information about an authenticated user. Contains the
minimum amount of information required for the user interface to render
menus and pages correctly.
Roles assigned to this user directly or via their groups
Roles assigned to this user via the "All users" and "Authenticated users" groups.
Instantiate an instance of an unauthenticated user.
Instantiate an instance of an authenticated user.
roles Directly assigned roles
systemRoles Roles assigned via special groups.
Web forms that are vulnerable to cross-site request forgery should
- Inlcude a hidden field with this form auth token.
- Verify that user form posts contain this exact form auth token.
Because the auth token is a subset of characters from the users session
token/cookie, this token is unique on a per session basis, not a per page
load basis. While it would be possible to generate tokens on a per form
basis, this comes at a performance and storage cost that does not
outweigh the benefits for this web framework.
- Unique user session based form authentication token.
(token != null?"\"token\":\"" + tkn + "\",":"") +
User user = new User(uuid, "", "", null, null, null, ip);