com.sun.identity.idm

Class AMIdentity

java.lang.Object

com.sun.identity.idm.AMIdentity

public class AMIdentity
extends Object

This class represents an Identity which needs to be managed by Access Manager. This identity could exist in multiple repositories, which are configured for a given realm or organization. When any operation is performed from this class, it executes all plugins that are configured for performing that operation. For eg: getAttributes. The application gets access to constructing AMIdentity objects by using AMIdentityRepository interfaces. For example:

 AMIdentityRepository idrepo = new AMIdentityRepository(token, org);
 AMIdentity id = idrepo.getRealmIdentity();

 

The id returned above is the AMIdentity object of the user's single sign-on token passed above. The results obtained from search performed using AMIdentityRepository also return AMIdentity objects. The type of an object can be determined by doing the following:

 IdType type = identity.getType();

 

The name of an object can be determined by:

 String name = identity.getName();

 

Field Summary

Fields

Modifier and Type	Field and Description
static String	COS_PRIORITY
protected String	univDN

Constructor Summary

Constructors

Constructor and Description
AMIdentity(org.forgerock.opendj.ldap.DN universalId, SSOToken ssotoken)
AMIdentity(org.forgerock.opendj.ldap.DN amsdkdn, SSOToken token, String name, IdType type, String orgName)
AMIdentity(SSOToken ssotoken) Constructor for the AMIdentity object.
AMIdentity(SSOToken ssotoken, String universalId) Constructor for the AMIdentity object.
AMIdentity(SSOToken token, String name, IdType type, String orgName, String amsdkdn) Constructor for the AMIdentity object.

Method Summary

Modifier and Type	Method and Description
void	addMember(AMIdentity identity) If membership is supported then add the new identity as a member.
void	assignService(String serviceName, Map attributes) Assigns the service and service related attributes to the identity.
void	changePassword(String oldPassword, String newPassword) Changes password for the identity.
boolean	equals(Object o) Returns true if the given object is equal to this object.
Set<String>	getAssignableServices() Returns all services which can be assigned to this entity.
Set<String>	getAssignedServices() Returns the set of services already assigned to this identity.
Set	getAttribute(String attrName) Returns the values of the requested attribute.
Map	getAttributes() Returns all attributes and values of this identity.
Map	getAttributes(Set attrNames) Returns requested attributes and values of this object.
Map	getBinaryAttributes(Set attrNames) Returns requested attributes and values of this object.
Map	getBinaryServiceAttributes(String serviceName) Returns attributes related to a service, if the service is assigned to the identity.
String	getDN() Returns universal distinguished name of this object.
protected Set	getFullyQualifiedNames()
Set	getMembers(IdType mtype) Return all members of a given identity type of this identity as a Set of AMIdentity objects.
Set	getMemberships(IdType mtype) Returns the set of identities that this identity belongs to.
String	getName() Returns the name of the identity.
String	getRealm() Returns the realm for this identity.
Map<String,Set<String>>	getServiceAttributes(String serviceName) Returns attributes related to a service, if the service is assigned to the identity.
Map	getServiceAttributesAscending(String serviceName) Returns attributes related to a service, if the service is assigned to the identity.
IdType	getType() Returns the Type of the Identity.
String	getUniversalId() Returns the universal identifier of this object.
int	hashCode() Non-javadoc, non-public methods
boolean	isActive() If there is a status attribute configured, then verifies if the identity is active and returns true.
boolean	isExists() This method determines if the identity exists and returns true or false.
boolean	isMember(AMIdentity identity) Verifies if this identity is a member of the identity being passed.
void	modifyService(String serviceName, Map attrMap) Set attributes related to a specific service.
void	removeAttributes(Set attrNames) Removes the attributes from the identity entry.
void	removeMember(AMIdentity identity) Removes the identity from this identity's membership.
void	removeMembers(Set identityObjects) Removes the identities from this identity's membership.
void	removeServiceAttributes(String serviceName, Set attrNames) Removes attributes value related to a specific service by setting it to empty.
void	setActiveStatus(boolean active) If there is a status attribute configured, then set its status to true or activated state if the parameter active is true.
void	setAttributes(Map attrMap) Sets the values of attributes.
void	setBinaryAttributes(Map attrMap) Set the values of binary attributes.
void	setDN(String dn) Nonjavadoc, non-public methods
void	store() Stores the attributes of the object.
String	toString() Returns String representation of the AMIdentity object.
void	unassignService(String serviceName) Removes a service from the identity.

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

univDN

protected String univDN

COS_PRIORITY

public static String COS_PRIORITY

Constructor Detail

AMIdentity

public AMIdentity(SSOToken ssotoken)
           throws SSOException,
                  IdRepoException

Constructor for the AMIdentity object.

Parameters:

ssotoken - Single sign on token of the user

Throws:

SSOException - if user's single sign on token is invalid.

IdRepoException - if the single sign on token does not have a a valid universal identifier

AMIdentity

public AMIdentity(SSOToken ssotoken,
                  String universalId)
           throws IdRepoException

Constructor for the AMIdentity object.

Parameters:

ssotoken - Single sign on token to construct the identity object. Access permission to Identity object would be based on this user

universalId - Universal Identifier of the identity.

Throws:

IdRepoException - if the universal identifier is invalid

AMIdentity

public AMIdentity(org.forgerock.opendj.ldap.DN universalId,
                  SSOToken ssotoken)
           throws IdRepoException

Throws:

IdRepoException

AMIdentity

public AMIdentity(SSOToken token,
                  String name,
                  IdType type,
                  String orgName,
                  String amsdkdn)

Constructor for the AMIdentity object.

Parameters:

token - Single sign on token to construct the identity object. Access permission to Identity object would be based on this user

name - the name associated with this identity.

type - the IdType of this identity.

orgName - the organizaton name this identity belongs to.

amsdkdn - the amsdk name assoicated with this identity if any.

AMIdentity

public AMIdentity(org.forgerock.opendj.ldap.DN amsdkdn,
                  SSOToken token,
                  String name,
                  IdType type,
                  String orgName)

Method Detail

getName

public String getName()

Returns the name of the identity.

Returns:

Name of the identity

getType

public IdType getType()

Returns the Type of the Identity.

Returns:

IdType representing the type of this object.

getRealm

public String getRealm()

Returns the realm for this identity.

Returns:

String representing realm name.

isActive

public boolean isActive()
                 throws IdRepoException,
                        SSOException

If there is a status attribute configured, then verifies if the identity is active and returns true. This method is only valid for AMIdentity objects of type User and Agent.

Returns:

true if the identity is active or if it is not configured for a status attribute, false otherwise.

Throws:

IdRepoException - If there are repository related error conditions.

SSOException - If user's single sign on token is invalid.

setActiveStatus

public void setActiveStatus(boolean active)
                     throws IdRepoException,
                            SSOException

If there is a status attribute configured, then set its status to true or activated state if the parameter active is true. This method is only valid for AMIdentity objects of type User and Agent.

Parameters:

active - The state value to assign to status attribute. The actual value assigned to the status attribute will depend on what is configured for that particular plugin. If active is true, the status will be assigned the value corresponding to activated.

Throws:

IdRepoException - If there are repository related error conditions.

SSOException - If user's single sign on token is invalid.

getAttributes

public Map getAttributes()
                  throws IdRepoException,
                         SSOException

Returns all attributes and values of this identity. This method is only valid for AMIdentity objects of type User, Agent, Group, and Role.

Returns:

Map of attribute-values

Throws:

IdRepoException - If there are repository related error conditions.

SSOException - If user's single sign on token is invalid.

getAttributes

public Map getAttributes(Set attrNames)
                  throws IdRepoException,
                         SSOException

Returns requested attributes and values of this object. This method is only valid for AMIdentity object of type User, Agent, Group, and Role.

Parameters:

attrNames - Set of attribute names to be read

Returns:

Map of attribute-values.

Throws:

IdRepoException - If there are repository related error conditions.

SSOException - If user's single sign on token is invalid.

getBinaryAttributes

public Map getBinaryAttributes(Set attrNames)
                        throws IdRepoException,
                               SSOException

Returns requested attributes and values of this object. This method is only valid for AMIdentity objects of type User, Agent, Group, and Role.

Parameters:

attrNames - Set of attribute names to be read

Returns:

Map of attribute-values.

Throws:

IdRepoException - If there are repository related error conditions.

SSOException - If user's single sign on token is invalid.

getAttribute

public Set getAttribute(String attrName)
                 throws IdRepoException,
                        SSOException

Returns the values of the requested attribute. Returns an empty set, if the attribute is not set in the object. This method is only valid for AMIdentity objects of type User, Agent, Group, and Role.

Parameters:

attrName - Name of attribute

Returns:

Set of attribute values.

Throws:

IdRepoException - if there are repository related error conditions.

SSOException - If user's single sign on token is invalid.

setAttributes

public void setAttributes(Map attrMap)
                   throws IdRepoException,
                          SSOException

Sets the values of attributes. This method should be followed by the method "store" to commit the changes to the Repository. This method is only valid for AMIdentity objects of type User and Agent.

Parameters:

attrMap - is a map of attribute name (String) to a Set of attribute values (String). It is arranged as: Map::attrMap --> Key: String::AttributeName Value: Set::AttributeValues (Set of String)

Throws:

IdRepoException - If there are repository related error conditions.

SSOException - If user's single sign on token is invalid.

changePassword

public void changePassword(String oldPassword,
                           String newPassword)
                    throws IdRepoException,
                           SSOException

Changes password for the identity.

Parameters:

oldPassword - old password

newPassword - new password

Throws:

IdRepoException - If there are repository related error conditions.

SSOException - If user's single sign on token is invalid.

setBinaryAttributes

public void setBinaryAttributes(Map attrMap)
                         throws IdRepoException,
                                SSOException

Set the values of binary attributes. This method should be followed by the method "store" to commit the changes to the Repository This method is only valid for AMIdentity objects of type User and Agent.

Parameters:

attrMap - Map of attribute-values to be set in the repository or repositories (if multiple plugins are configured for "edit").

Throws:

IdRepoException - If there are repository related error conditions.

SSOException - If user's single sign on token is invalid.

removeAttributes

public void removeAttributes(Set attrNames)
                      throws IdRepoException,
                             SSOException

Removes the attributes from the identity entry. This method should be followed by a "store" to commit the changes to the Repository. This method is only valid for AMIdentity objects of type User and Agent.

Parameters:

attrNames - Set of attribute names to be removed

Throws:

IdRepoException - If there are repository related error conditions.

SSOException - If the user's single sign on token is invalid

store

public void store()
           throws IdRepoException,
                  SSOException

Stores the attributes of the object. This method is only valid for AMIdentity objects of type User and Agent.

Throws:

IdRepoException - If there are repository related error conditions.

SSOException - If user's single sign on token is invalid.

getAssignedServices

public Set<String> getAssignedServices()
                                throws IdRepoException,
                                       SSOException

Returns the set of services already assigned to this identity. This method is only valid for AMIdentity object of type User.

Returns:

Set of serviceNames

Throws:

IdRepoException - If there are repository related error conditions.

SSOException - If user's single sign on token is invalid.

getAssignableServices

public Set<String> getAssignableServices()
                                  throws IdRepoException,
                                         SSOException

Returns all services which can be assigned to this entity. This method is only valid for AMIdentity object of type User.

Returns:

Set of service names

Throws:

IdRepoException - if there are repository related error conditions.

SSOException - If user's single sign on token is invalid.

assignService

public void assignService(String serviceName,
                          Map attributes)
                   throws IdRepoException,
                          SSOException

Assigns the service and service related attributes to the identity. This method is only valid for AMIdentity object of type User.

Parameters:

serviceName - Name of service to be assigned.

attributes - Map of attribute-values

Throws:

IdRepoException - If there are repository related error conditions.

SSOException - If user's single sign on token is invalid.

unassignService

public void unassignService(String serviceName)
                     throws IdRepoException,
                            SSOException

Removes a service from the identity. This method is only valid for AMIdentity object of type User.

Parameters:

serviceName - Name of service to be removed.

Throws:

IdRepoException - If there are repository related error conditions.

SSOException - If user's single sign on token is invalid.

getServiceAttributes

public Map<String,Set<String>> getServiceAttributes(String serviceName)
                                             throws IdRepoException,
                                                    SSOException

Returns attributes related to a service, if the service is assigned to the identity. This method is only valid for AMIdentity object of type User.

Parameters:

serviceName - Name of the service.

Returns:

Map of attribute-values.

Throws:

IdRepoException - if there are repository related error conditions.

SSOException - If user's single sign on token is invalid.

getBinaryServiceAttributes

public Map getBinaryServiceAttributes(String serviceName)
                               throws IdRepoException,
                                      SSOException

Returns attributes related to a service, if the service is assigned to the identity. This method is only valid for AMIdentity object of type User.

Parameters:

serviceName - Name of the service.

Returns:

Map of attribute-values in array of byte.

Throws:

IdRepoException - if there are repository related error conditions.

SSOException - If user's single sign on token is invalid. iPlanet-PUBLIC-METHOD

getServiceAttributesAscending

public Map getServiceAttributesAscending(String serviceName)
                                  throws IdRepoException,
                                         SSOException

Returns attributes related to a service, if the service is assigned to the identity. This method is only valid for AMIdentity object of type User.

Parameters:

serviceName - Name of the service.

Returns:

Map of attribute-values.

Throws:

IdRepoException - if there are repository related error conditions.

SSOException - If user's single sign on token is invalid.

modifyService

public void modifyService(String serviceName,
                          Map attrMap)
                   throws IdRepoException,
                          SSOException

Set attributes related to a specific service. The assumption is that the service is already assigned to the identity. The attributes for the service are validated against the service schema. This method is only valid for AMIdentity object of type User.

Parameters:

serviceName - Name of the service.

attrMap - Map of attribute-values.

Throws:

IdRepoException - If there are repository related error conditions.

SSOException - If user's single sign on token is invalid.

removeServiceAttributes

public void removeServiceAttributes(String serviceName,
                                    Set attrNames)
                             throws IdRepoException,
                                    SSOException

Removes attributes value related to a specific service by setting it to empty. The assumption is that the service is already assigned to the identity. The attributes for the service are validated against the service schema. This method is only valid for object of type User.

Parameters:

serviceName - Name of the service.

attrNames - Set of attributes name.

Throws:

IdRepoException - If there are repository related error conditions.

SSOException - If user's single sign on token is invalid.

isMember

public boolean isMember(AMIdentity identity)
                 throws IdRepoException,
                        SSOException

Verifies if this identity is a member of the identity being passed. This method is only valid for AMIdentity objects of type Role, Group and User.

Parameters:

identity - AMIdentity to check membership with

Returns:

true if this Identity is a member of the given Identity

Throws:

IdRepoException - if there are repository related error conditions.

SSOException - if user's single sign on token is invalid.

addMember

public void addMember(AMIdentity identity)
               throws IdRepoException,
                      SSOException

If membership is supported then add the new identity as a member.

Parameters:

identity - AMIdentity to be added

Throws:

IdRepoException - if there are repository related error conditions.

SSOException - if user's single sign on token is invalid. non-public methods

removeMember

public void removeMember(AMIdentity identity)
                  throws IdRepoException,
                         SSOException

Removes the identity from this identity's membership.

Parameters:

identity - AMIdentity to be removed from membership.

Throws:

IdRepoException - if there are repository related error conditions.

SSOException - if user's single sign on token is invalid. non-public methods

removeMembers

public void removeMembers(Set identityObjects)
                   throws IdRepoException,
                          SSOException

Removes the identities from this identity's membership.

Parameters:

identityObjects - Set of AMIdentity objects

Throws:

IdRepoException - if there are repository related error conditions.

SSOException - if user's single sign on token is invalid. non-public methods

getMembers

public Set getMembers(IdType mtype)
               throws IdRepoException,
                      SSOException

Return all members of a given identity type of this identity as a Set of AMIdentity objects. This method is only valid for AMIdentity objects of type Group and User.

Parameters:

mtype - Type of identity objects

Returns:

Set of AMIdentity objects that are members of this object.

Throws:

IdRepoException - if there are repository related error conditions.

SSOException - if user's single sign on token is invalid.

getMemberships

public Set getMemberships(IdType mtype)
                   throws IdRepoException,
                          SSOException

Returns the set of identities that this identity belongs to. This method is only valid for AMIdentity objects of type User and Role.

Parameters:

mtype - Type of member identity.

Returns:

Set of AMIdentity objects of the given type that this identity belongs to.

Throws:

IdRepoException - if there are repository related error conditions.

SSOException - if user's single sign on token is invalid.

isExists

public boolean isExists()
                 throws IdRepoException,
                        SSOException

This method determines if the identity exists and returns true or false. This method is only valid for AMIdentity objects of type User and Agent.

Returns:

true if the identity exists or false otherwise.

Throws:

IdRepoException - If there are repository related error conditions.

SSOException - If user's single sign on token is invalid.

equals

public boolean equals(Object o)

Returns true if the given object is equal to this object.

Overrides:

equals in class Object

Parameters:

o - Object for comparison.

Returns:

true if the given object is equal to this object.

hashCode

public int hashCode()

Non-javadoc, non-public methods

Overrides:

hashCode in class Object

setDN

public void setDN(String dn)

Nonjavadoc, non-public methods

getDN

public String getDN()

Returns universal distinguished name of this object.

Returns:

universal distinguished name of this object.

getUniversalId

public String getUniversalId()

Returns the universal identifier of this object.

Returns:

String representing the universal identifier of this object.

toString

public String toString()

Returns String representation of the AMIdentity object. It returns universal identifier, orgname, type, etc.

Overrides:

toString in class Object

Returns:

String representation of the ServiceConfig object.

getFullyQualifiedNames

protected Set getFullyQualifiedNames()