Package com.sun.identity.idm

Class AMIdentity

  • public class AMIdentity
extends Object
    This class represents an Identity which needs to be managed by Access Manager. This identity could exist in multiple repositories, which are configured for a given realm or organization. When any operation is performed from this class, it executes all plugins that are configured for performing that operation. For eg: getAttributes. The application gets access to constructing AMIdentity objects by using AMIdentityRepository interfaces. For example: 

    
 AMIdentityRepository idrepo = new AMIdentityRepository(token, org);
 AMIdentity id = idrepo.getRealmIdentity();
    The id returned above is the AMIdentity object of the user's single sign-on token passed above. The results obtained from search performed using AMIdentityRepository also return AMIdentity objects. The type of an object can be determined by doing the following: 

    
 IdType type = identity.getType();
    The name of an object can be determined by: 

    
 String name = identity.getName();

    • Field Detail

      • univDN

        protected String univDN

      • COS_PRIORITY

        public static String COS_PRIORITY

    • Constructor Detail

      • AMIdentity

        public AMIdentity​(SSOToken ssotoken)
           throws SSOException,
                  IdRepoException
        Constructor for the AMIdentity object.
        Parameters:
        ssotoken - Single sign on token of the user
        Throws:
        SSOException - if user's single sign on token is invalid.
        IdRepoException - if the single sign on token does not have a a valid universal identifier

      • AMIdentity

        public AMIdentity​(SSOToken ssotoken,
                  String universalId)
           throws IdRepoException
        Constructor for the AMIdentity object.
        Parameters:
        ssotoken - Single sign on token to construct the identity object. Access permission to Identity object would be based on this user
        universalId - Universal Identifier of the identity.
        Throws:
        IdRepoException - if the universal identifier is invalid

      • AMIdentity

        public AMIdentity​(SSOToken token,
                  String name,
                  IdType type,
                  String orgName,
                  String amsdkdn)
        Constructor for the AMIdentity object.
        Parameters:
        token - Single sign on token to construct the identity object. Access permission to Identity object would be based on this user
        name - the name associated with this identity.
        type - the IdType of this identity.
        orgName - the organizaton name this identity belongs to.
        amsdkdn - the amsdk name assoicated with this identity if any.

      • AMIdentity

        public AMIdentity​(org.forgerock.opendj.ldap.DN amsdkdn,
                  SSOToken token,
                  String name,
                  IdType type,
                  String orgName)

    • Method Detail

      • getName

        public String getName()
        Returns the name of the identity.
        Returns:
        Name of the identity

      • getType

        public IdType getType()
        Returns the Type of the Identity.
        Returns:
        IdType representing the type of this object.

      • getRealm

        public String getRealm()
        Returns the realm for this identity.
        Returns:
        String representing realm name.

      • isActive

        public boolean isActive()
                 throws IdRepoException,
                        SSOException
        If there is a status attribute configured, then verifies if the identity is active and returns true. This method is only valid for AMIdentity objects of type User and Agent.
        Returns:
        true if the identity is active or if it is not configured for a status attribute, false otherwise.
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • setActiveStatus

        public void setActiveStatus​(boolean active)
                     throws IdRepoException,
                            SSOException
        If there is a status attribute configured, then set its status to true or activated state if the parameter active is true. This method is only valid for AMIdentity objects of type User and Agent.
        Parameters:
        active - The state value to assign to status attribute. The actual value assigned to the status attribute will depend on what is configured for that particular plugin. If active is true, the status will be assigned the value corresponding to activated.
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • getAttributes

        public Map getAttributes()
                  throws IdRepoException,
                         SSOException
        Returns all attributes and values of this identity. This method is only valid for AMIdentity objects of type User, Agent, Group, and Role.
        Returns:
        Map of attribute-values
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • getAttributes

        public Map getAttributes​(Set attrNames)
                  throws IdRepoException,
                         SSOException
        Returns requested attributes and values of this object. This method is only valid for AMIdentity object of type User, Agent, Group, and Role.
        Parameters:
        attrNames - Set of attribute names to be read
        Returns:
        Map of attribute-values.
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • getBinaryAttributes

        public Map getBinaryAttributes​(Set attrNames)
                        throws IdRepoException,
                               SSOException
        Returns requested attributes and values of this object. This method is only valid for AMIdentity objects of type User, Agent, Group, and Role.
        Parameters:
        attrNames - Set of attribute names to be read
        Returns:
        Map of attribute-values.
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • getAttribute

        public Set getAttribute​(String attrName)
                 throws IdRepoException,
                        SSOException
        Returns the values of the requested attribute. Returns an empty set, if the attribute is not set in the object. This method is only valid for AMIdentity objects of type User, Agent, Group, and Role.
        Parameters:
        attrName - Name of attribute
        Returns:
        Set of attribute values.
        Throws:
        IdRepoException - if there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • setAttributes

        public void setAttributes​(Map attrMap)
                   throws IdRepoException,
                          SSOException
        Sets the values of attributes. This method should be followed by the method "store" to commit the changes to the Repository. This method is only valid for AMIdentity objects of type User and Agent.
        Parameters:
        attrMap - is a map of attribute name (String) to a Set of attribute values (String). It is arranged as: Map::attrMap --> Key: String::AttributeName Value: Set::AttributeValues (Set of String)
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • changePassword

        public void changePassword​(String oldPassword,
                           String newPassword)
                    throws IdRepoException,
                           SSOException
        Changes password for the identity.
        Parameters:
        oldPassword - old password
        newPassword - new password
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • setBinaryAttributes

        public void setBinaryAttributes​(Map attrMap)
                         throws IdRepoException,
                                SSOException
        Set the values of binary attributes. This method should be followed by the method "store" to commit the changes to the Repository This method is only valid for AMIdentity objects of type User and Agent.
        Parameters:
        attrMap - Map of attribute-values to be set in the repository or repositories (if multiple plugins are configured for "edit").
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • removeAttributes

        public void removeAttributes​(Set attrNames)
                      throws IdRepoException,
                             SSOException
        Removes the attributes from the identity entry. This method should be followed by a "store" to commit the changes to the Repository. This method is only valid for AMIdentity objects of type User and Agent.
        Parameters:
        attrNames - Set of attribute names to be removed
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If the user's single sign on token is invalid

      • store

        public void store()
           throws IdRepoException,
                  SSOException
        Stores the attributes of the object. This method is only valid for AMIdentity objects of type User and Agent.
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • getAssignedServices

        public Set<String> getAssignedServices()
                                throws IdRepoException,
                                       SSOException
        Returns the set of services already assigned to this identity. This method is only valid for AMIdentity object of type User.
        Returns:
        Set of serviceNames
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • getAssignableServices

        public Set<String> getAssignableServices()
                                  throws IdRepoException,
                                         SSOException
        Returns all services which can be assigned to this entity. This method is only valid for AMIdentity object of type User.
        Returns:
        Set of service names
        Throws:
        IdRepoException - if there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • assignService

        public void assignService​(String serviceName,
                          Map attributes)
                   throws IdRepoException,
                          SSOException
        Assigns the service and service related attributes to the identity. This method is only valid for AMIdentity object of type User.
        Parameters:
        serviceName - Name of service to be assigned.
        attributes - Map of attribute-values
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • unassignService

        public void unassignService​(String serviceName)
                     throws IdRepoException,
                            SSOException
        Removes a service from the identity. This method is only valid for AMIdentity object of type User.
        Parameters:
        serviceName - Name of service to be removed.
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • getServiceAttributes

        public Map<String,​Set<String>> getServiceAttributes​(String serviceName)
                                                   throws IdRepoException,
                                                          SSOException
        Returns attributes related to a service, if the service is assigned to the identity. This method is only valid for AMIdentity object of type User.
        Parameters:
        serviceName - Name of the service.
        Returns:
        Map of attribute-values.
        Throws:
        IdRepoException - if there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • getBinaryServiceAttributes

        public Map getBinaryServiceAttributes​(String serviceName)
                               throws IdRepoException,
                                      SSOException
        Returns attributes related to a service, if the service is assigned to the identity. This method is only valid for AMIdentity object of type User.
        Parameters:
        serviceName - Name of the service.
        Returns:
        Map of attribute-values in array of byte.
        Throws:
        IdRepoException - if there are repository related error conditions.
        SSOException - If user's single sign on token is invalid. iPlanet-PUBLIC-METHOD

      • getServiceAttributesAscending

        public Map getServiceAttributesAscending​(String serviceName)
                                  throws IdRepoException,
                                         SSOException
        Returns attributes related to a service, if the service is assigned to the identity. This method is only valid for AMIdentity object of type User.
        Parameters:
        serviceName - Name of the service.
        Returns:
        Map of attribute-values.
        Throws:
        IdRepoException - if there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • modifyService

        public void modifyService​(String serviceName,
                          Map attrMap)
                   throws IdRepoException,
                          SSOException
        Set attributes related to a specific service. The assumption is that the service is already assigned to the identity. The attributes for the service are validated against the service schema. This method is only valid for AMIdentity object of type User.
        Parameters:
        serviceName - Name of the service.
        attrMap - Map of attribute-values.
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • removeServiceAttributes

        public void removeServiceAttributes​(String serviceName,
                                    Set attrNames)
                             throws IdRepoException,
                                    SSOException
        Removes attributes value related to a specific service by setting it to empty. The assumption is that the service is already assigned to the identity. The attributes for the service are validated against the service schema. This method is only valid for object of type User.
        Parameters:
        serviceName - Name of the service.
        attrNames - Set of attributes name.
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • isMember

        public boolean isMember​(AMIdentity identity)
                 throws IdRepoException,
                        SSOException
        Verifies if this identity is a member of the identity being passed. This method is only valid for AMIdentity objects of type Role, Group and User.
        Parameters:
        identity - AMIdentity to check membership with
        Returns:
        true if this Identity is a member of the given Identity
        Throws:
        IdRepoException - if there are repository related error conditions.
        SSOException - if user's single sign on token is invalid.

      • addMember

        public void addMember​(AMIdentity identity)
               throws IdRepoException,
                      SSOException
        If membership is supported then add the new identity as a member.
        Parameters:
        identity - AMIdentity to be added
        Throws:
        IdRepoException - if there are repository related error conditions.
        SSOException - if user's single sign on token is invalid. non-public methods

      • removeMember

        public void removeMember​(AMIdentity identity)
                  throws IdRepoException,
                         SSOException
        Removes the identity from this identity's membership.
        Parameters:
        identity - AMIdentity to be removed from membership.
        Throws:
        IdRepoException - if there are repository related error conditions.
        SSOException - if user's single sign on token is invalid. non-public methods

      • removeMembers

        public void removeMembers​(Set identityObjects)
                   throws IdRepoException,
                          SSOException
        Removes the identities from this identity's membership.
        Parameters:
        identityObjects - Set of AMIdentity objects
        Throws:
        IdRepoException - if there are repository related error conditions.
        SSOException - if user's single sign on token is invalid. non-public methods

      • getMembers

        public Set getMembers​(IdType mtype)
               throws IdRepoException,
                      SSOException
        Return all members of a given identity type of this identity as a Set of AMIdentity objects. This method is only valid for AMIdentity objects of type Group and User.
        Parameters:
        mtype - Type of identity objects
        Returns:
        Set of AMIdentity objects that are members of this object.
        Throws:
        IdRepoException - if there are repository related error conditions.
        SSOException - if user's single sign on token is invalid.

      • getMemberships

        public Set getMemberships​(IdType mtype)
                   throws IdRepoException,
                          SSOException
        Returns the set of identities that this identity belongs to. This method is only valid for AMIdentity objects of type User and Role.
        Parameters:
        mtype - Type of member identity.
        Returns:
        Set of AMIdentity objects of the given type that this identity belongs to.
        Throws:
        IdRepoException - if there are repository related error conditions.
        SSOException - if user's single sign on token is invalid.

      • isExists

        public boolean isExists()
                 throws IdRepoException,
                        SSOException
        This method determines if the identity exists and returns true or false. This method is only valid for AMIdentity objects of type User and Agent.
        Returns:
        true if the identity exists or false otherwise.
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • equals

        public boolean equals​(Object o)
        Returns true if the given object is equal to this object.
        Overrides:
        equals in class Object
        Parameters:
        o - Object for comparison.
        Returns:
        true if the given object is equal to this object.

      • hashCode

        public int hashCode()
        Non-javadoc, non-public methods
        Overrides:
        hashCode in class Object

      • setDN

        public void setDN​(String dn)
        Nonjavadoc, non-public methods

      • getDN

        public String getDN()
        Returns universal distinguished name of this object.
        Returns:
        universal distinguished name of this object.

      • getUniversalId

        public String getUniversalId()
        Returns the universal identifier of this object.
        Returns:
        String representing the universal identifier of this object.

      • toString

        public String toString()
        Returns String representation of the AMIdentity object. It returns universal identifier, orgname, type, etc.
        Overrides:
        toString in class Object
        Returns:
        String representation of the ServiceConfig object.

      • getFullyQualifiedNames

        protected Set getFullyQualifiedNames()