Package com.sun.identity.idm

Class AMIdentityRepository

  • public class AMIdentityRepository
extends Object
    The class AMIdentityRepository represents an object to access the repositories in which user/role/group and other identity data is configured. This class provides access to methods which will search, create and delete identities. An instance of this class can be obtained in the following manner: 

    
 AMIdentityRepository idRepo = new AMIdentityRepository(ssoToken, realmName);

    • Field Detail

      • debug

        public static Debug debug

      • listeners

        public static Map listeners

    • Constructor Detail

      • AMIdentityRepository

        @Inject
public AMIdentityRepository​(@Nullable
                            String realmName,
                            SSOToken ssoToken)
        Constructor for the AMIdentityRepository object. If a null is passed for the organization identifier realmName, then the "root" realm is assumed.
        Parameters:
        ssoToken - Single sign on token of the user.
        realmName - Name of the realm (can be a Fully qualified DN).

    • Method Detail

      • addCreationListener

        public static void addCreationListener​(IdRepoCreationListener listener)
        Adds a creation listener that will be notified each time a AMIdentityRepository is created .
        Parameters:
        listener - The listener.

      • removeCreationListener

        public static boolean removeCreationListener​(IdRepoCreationListener listener)
        Removes a creation listener so that it will no longer be notified when a AMIdentityRepository is created.
        Parameters:
        listener - The listener.
        Returns:
        true if the listener was removed.

      • getSupportedIdTypes

        public Set getSupportedIdTypes()
                        throws IdRepoException,
                               SSOException
        Returns the set of supported object types IdType for this deployment. This is not realm specific.
        Returns:
        Set of supported IdType objects.
        Throws:
        IdRepoException - if there are repository related error conditions.
        SSOException - if user's single sign on token is invalid.

      • getAllowedIdOperations

        public Set getAllowedIdOperations​(IdType type)
                           throws IdRepoException,
                                  SSOException
        Returns the set of Operations for a given IdType, IdOperations that can be performed on an Identity. This varies for each organization (and each plugin?).
        Parameters:
        type - Type of identity
        Returns:
        Set of IdOperation objects.
        Throws:
        IdRepoException - if there are repository related error conditions.
        SSOException - if user's single sign on token is invalid.

      • getSpecialIdentities

        public IdSearchResults getSpecialIdentities​(IdType type)
                                     throws IdRepoException,
                                            SSOException
        Return the special identities for this realm for a given type. These identities cannot be deleted and hence have to be shown in the admin console as non-deletable.
        Parameters:
        type - Type of the identity
        Returns:
        IdSearchResult
        Throws:
        IdRepoException - if there is a datastore exception
        SSOException - if the user's single sign on token is not valid.

      • searchIdentities

        public IdSearchResults searchIdentities​(IdType type,
                                        String pattern,
                                        Map avPairs,
                                        boolean recursive,
                                        int maxResults,
                                        int maxTime,
                                        Set returnAttributes,
                                        boolean returnAllAttributes)
                                 throws IdRepoException,
                                        SSOException
        Deprecated.
        This method is deprecated. Use searchIdentities(IdType type,String pattern, IdSearchControl ctrl)
        Searches for identities of a certain type. The iterator returns AMIdentity objects for use by the application.
        Parameters:
        type - Type of identity being searched for.
        pattern - Search pattern, like "a*" or "*".
        avPairs - Map of attribute-values which can further help qualify the search pattern.
        recursive - If true, then the search is performed on the entire subtree (if applicable)
        maxResults - Maximum number of results to be returned. A -1 means no limit on the result set.
        maxTime - Maximum amount of time after which the search should return with partial results.
        returnAttributes - Set of attributes to be read when performing the search.
        returnAllAttributes - If true, then read all the attributes of the entries.
        Returns:
        results containing AMIdentity objects.
        Throws:
        IdRepoException - if there are repository related error conditions.
        SSOException - if user's single sign on token is invalid.

      • searchIdentities

        public IdSearchResults searchIdentities​(IdType type,
                                        String pattern,
                                        IdSearchControl ctrl)
                                 throws IdRepoException,
                                        SSOException
        Searches for identities of certain types from each plugin and returns a combined result. Note: The AMIdentity objects representing IdType.REALM can be used for services related operations only. The realm AMIdentity object can be used to assign and unassign services containing dynamic attributes to this realm.
        Parameters:
        type - Type of identity being searched for.
        pattern - Pattern to be used when searching.
        ctrl - IdSearchControl which can be used to set up various search controls on the search to be performed.
        Returns:
        Returns the combined results in an object IdSearchResults.
        Throws:
        IdRepoException - if there are repository related error conditions.
        SSOException - if user's single sign on token is invalid.
        See Also:
        IdSearchControl, IdSearchResults

      • searchIdentities

        public IdSearchResults searchIdentities​(IdType type,
                                        CrestQuery crestQuery,
                                        IdSearchControl ctrl)
                                 throws IdRepoException,
                                        SSOException
        Searches for identities of certain types from each plugin and returns a combined result Note: The AMIdentity objects representing IdType.REALM can be used for services related operations only. The realm AMIdentity object can be used to assign and unassign services containing dynamic attributes to this realm.
        Parameters:
        type - Type of identity being searched for.
        crestQuery - Basically just an object which supports both _queryId and _queryFilter
        ctrl - IdSearchControl which can be used to set up various search controls on the search to be performed.
        Returns:
        Returns the combined results in an object IdSearchResults.
        Throws:
        IdRepoException - if there are repository related error conditions.
        SSOException - if user's single sign on token is invalid.
        See Also:
        IdSearchControl, IdSearchResults

      • getRealmIdentity

        public AMIdentity getRealmIdentity()
                            throws IdRepoException,
                                   SSOException
        Returns a handle of the Identity object representing this realm for services related operations only. This AMIdentity object can be used to assign and unassign services containing dynamic attributes to this realm
        Returns:
        a handle of the Identity object.
        Throws:
        IdRepoException - if there are repository related error conditions.
        SSOException - if user's single sign on token is invalid.

      • createIdentity

        public AMIdentity createIdentity​(IdType type,
                                 String idName,
                                 Map attrMap)
                          throws IdRepoException,
                                 SSOException
        Creates a single object of a type. The object is created in all the plugins that support creation of this type of object. This method is only valid for:
        1. IdType.AGENT
        2. IdType.USER
        3. IdType.REALM

        Note: For creating IdType.REALM identities, a map of sunIdentityRepositoryService attributes need to be passed. Also, AMIdentity object representing this realm can be used for services related operations only. This AMIdentity object can be used to assign and unassign services containing dynamic attributes to this realm
        Parameters:
        type - IdType of object to be created.
        idName - Name of object. If the type is IdType.REALM then enter a valid realm name.
        attrMap - Map of attribute-values to be set when creating the entry.
        Returns:
        Identity object representing the newly created entry.
        Throws:
        IdRepoException - if there are repository related error conditions.
        SSOException - if user's single sign on token is invalid.

      • createIdentities

        public Set createIdentities​(IdType type,
                            Map identityNamesAndAttrs)
                     throws IdRepoException,
                            SSOException
        Creates multiple objects of the same type. The objects are created in all the IdRepo plugins that support creation of these objects. This method is only valid for:
        1. IdType.AGENT
        2. (@link IdType#USER IdType.USER}
        3. IdType.REALM

        Note: For creating IdType.REALM identities, a map of sunIdentityRepositoryService attributes need to be passed. Also, AMIdentity object representing this realm can be used for services related operations only. This AMIdentity object can be used to assign and unassign services containing dynamic attributes to this realm.
        Parameters:
        type - Type of object to be created
        identityNamesAndAttrs - Names of the identities and their
        Returns:
        Set of created Identities.
        Throws:
        IdRepoException - if there are repository related error conditions.
        SSOException - if user's single sign on token is invalid.

      • deleteIdentities

        public void deleteIdentities​(IdType type,
                             Set identities)
                      throws IdRepoException,
                             SSOException
        Deprecated.
        As of release AM 7.1, replaced by deleteIdentities(Set)
        Deletes identities. The Set passed is a set of AMIdentity objects. This method is only valid for:
        1. IdType.AGENT
        2. IdType.REALM
        3. (@link IdType#USER IdType.USER}
        Parameters:
        type - Type of Identity to be deleted.
        identities - Set of AMIdentity objects to be deleted.
        Throws:
        IdRepoException - if there are repository related error conditions.
        SSOException - if user's single sign on token is invalid.

      • deleteIdentities

        public void deleteIdentities​(Set identities)
                      throws IdRepoException,
                             SSOException
        Deletes identities. The Set passed is a set of AMIdentity objects. This method is only valid for:
        1. IdType.AGENT
        2. IdType.REALM
        3. (@link IdType#USER IdType.USER}
        Parameters:
        identities - Set of AMIdentity objects to be deleted
        Throws:
        IdRepoException - if there are repository related error conditions.
        SSOException - if user's single sign on token is invalid.

      • authenticate

        public boolean authenticate​(Callback[] credentials)
                     throws IdRepoException,
                            AuthLoginException
        Non-javadoc, non-public methods Returns true if the data store has successfully authenticated the identity with the provided credentials. In case the data store requires additional credentials, the list would be returned via the IdRepoException exception.
        Parameters:
        credentials - Array of callback objects containing information such as username and password.
        Returns:
        true if data store authenticates the identity; else false
        Throws:
        IdRepoException
        AuthLoginException

      • authenticate

        public boolean authenticate​(IdType idType,
                            Callback[] credentials)
                     throws IdRepoException,
                            AuthLoginException
        Non-javadoc, non-public methods Returns true if the data store has successfully authenticated the identity with the provided credentials. In case the data store requires additional credentials, the list would be returned via the IdRepoException exception.
        Parameters:
        credentials - Array of callback objects containing information such as username and password.
        idType - The type of identity to authenticate as, or null for any.
        Returns:
        true if data store authenticates the identity; else false
        Throws:
        IdRepoException
        AuthLoginException

      • addEventListener

        public int addEventListener​(IdEventListener listener)
        Adds a listener, which should receive notifications for all changes that occurred in this organization. This method is only valid for IdType User and Agent.
        Parameters:
        listener - The callback which implements AMEventListener.
        Returns:
        Integer identifier for this listener.

      • removeEventListener

        public void removeEventListener​(int identifier)
        Removes listener as the application is no longer interested in receiving notifications.
        Parameters:
        identifier - Integer identifying the listener.

      • clearCache

        public static void clearCache()
        Clears the cache.

      • toString

        public String toString()
        Return String representation of the AMIdentityRepository object. It returns realm name.
        Overrides:
        toString in class Object
        Returns:
        String representation of AMIdentityRepository object.