com.sun.identity.idm

Class AMIdentityRepository

java.lang.Object

com.sun.identity.idm.AMIdentityRepository

public class AMIdentityRepository
extends Object

The class AMIdentityRepository represents an object to access the repositories in which user/role/group and other identity data is configured. This class provides access to methods which will search, create and delete identities. An instance of this class can be obtained in the following manner:

 AMIdentityRepository idRepo = new AMIdentityRepository(ssoToken, realmName);

 

Field Summary

Fields

Modifier and Type	Field and Description
static Debug	debug
static Map	listeners

Constructor Summary

Constructors

Constructor and Description
AMIdentityRepository(SSOToken ssotoken, String realmName) Deprecated. in 13.0.0, use AMIdentityRepository(String, com.iplanet.sso.SSOToken) instead
AMIdentityRepository(String realmName, SSOToken ssoToken) Constructor for the AMIdentityRepository object.

Method Summary

Modifier and Type	Method and Description
static void	addCreationListener(IdRepoCreationListener listener) Adds a creation listener that will be notified each time a AMIdentityRepository is created .
int	addEventListener(IdEventListener listener) Adds a listener, which should receive notifications for all changes that occurred in this organization.
boolean	authenticate(Callback[] credentials) Non-javadoc, non-public methods Returns true if the data store has successfully authenticated the identity with the provided credentials.
boolean	authenticate(IdType idType, Callback[] credentials) Non-javadoc, non-public methods Returns true if the data store has successfully authenticated the identity with the provided credentials.
static void	clearCache() Clears the cache.
Set	createIdentities(IdType type, Map identityNamesAndAttrs) Creates multiple objects of the same type.
AMIdentity	createIdentity(IdType type, String idName, Map attrMap) Creates a single object of a type.
void	deleteIdentities(IdType type, Set identities) Deprecated. As of release AM 7.1, replaced by deleteIdentities(Set)
void	deleteIdentities(Set identities) Deletes identities.
Set	getAllowedIdOperations(IdType type) Returns the set of Operations for a given IdType, IdOperations that can be performed on an Identity.
AMIdentity	getRealmIdentity() Returns a handle of the Identity object representing this realm for services related operations only.
IdSearchResults	getSpecialIdentities(IdType type) Return the special identities for this realm for a given type.
IdSearchResults	getSpecialIdentities(SSOToken token, IdType type, String orgName)
Set	getSupportedIdTypes() Returns the set of supported object types IdType for this deployment.
static boolean	removeCreationListener(IdRepoCreationListener listener) Removes a creation listener so that it will no longer be notified when a AMIdentityRepository is created.
void	removeEventListener(int identifier) Removes listener as the application is no longer interested in receiving notifications.
IdSearchResults	searchIdentities(IdType type, CrestQuery crestQuery, IdSearchControl ctrl) Searches for identities of certain types from each plugin and returns a combined result Note: The AMIdentity objects representing IdType.REALM can be used for services related operations only.
IdSearchResults	searchIdentities(IdType type, String pattern, IdSearchControl ctrl) Searches for identities of certain types from each plugin and returns a combined result.
IdSearchResults	searchIdentities(IdType type, String pattern, Map avPairs, boolean recursive, int maxResults, int maxTime, Set returnAttributes, boolean returnAllAttributes) Deprecated. This method is deprecated. Use searchIdentities(IdType type,String pattern, IdSearchControl ctrl)
String	toString() Return String representation of the AMIdentityRepository object.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

debug

public static Debug debug

listeners

public static Map listeners

Constructor Detail

AMIdentityRepository

@Deprecated
public AMIdentityRepository(SSOToken ssotoken,
                                        String realmName)
                                 throws IdRepoException,
                                        SSOException

Deprecated. in 13.0.0, use AMIdentityRepository(String, com.iplanet.sso.SSOToken) instead

Constructor for the AMIdentityRepository object. If a null is passed for the organization identifier realmName, then the "root" realm is assumed.

Parameters:

ssotoken - Single sign on token of the user

realmName - Name of the realm (can be a Fully qualified DN)

Throws:

IdRepoException - Never thrown, required by legacy code.

SSOException - Never thrown, required by legacy code.

AMIdentityRepository

@Inject
public AMIdentityRepository(@Nullable
                                    String realmName,
                                    SSOToken ssoToken)

Constructor for the AMIdentityRepository object. If a null is passed for the organization identifier realmName, then the "root" realm is assumed.

Parameters:

ssoToken - Single sign on token of the user.

realmName - Name of the realm (can be a Fully qualified DN).

Method Detail

addCreationListener

public static void addCreationListener(IdRepoCreationListener listener)

Adds a creation listener that will be notified each time a AMIdentityRepository is created .

Parameters:

listener - The listener.

removeCreationListener

public static boolean removeCreationListener(IdRepoCreationListener listener)

Removes a creation listener so that it will no longer be notified when a AMIdentityRepository is created.

Parameters:

listener - The listener.

Returns:

true if the listener was removed.

getSupportedIdTypes

public Set getSupportedIdTypes()
                        throws IdRepoException,
                               SSOException

Returns the set of supported object types IdType for this deployment. This is not realm specific.

Returns:

Set of supported IdType objects.

Throws:

IdRepoException - if there are repository related error conditions.

SSOException - if user's single sign on token is invalid.

getAllowedIdOperations

public Set getAllowedIdOperations(IdType type)
                           throws IdRepoException,
                                  SSOException

Returns the set of Operations for a given IdType, IdOperations that can be performed on an Identity. This varies for each organization (and each plugin?).

Parameters:

type - Type of identity

Returns:

Set of IdOperation objects.

Throws:

IdRepoException - if there are repository related error conditions.

SSOException - if user's single sign on token is invalid.

getSpecialIdentities

public IdSearchResults getSpecialIdentities(IdType type)
                                     throws IdRepoException,
                                            SSOException

Return the special identities for this realm for a given type. These identities cannot be deleted and hence have to be shown in the admin console as non-deletable.

Parameters:

type - Type of the identity

Returns:

IdSearchResult

Throws:

IdRepoException - if there is a datastore exception

SSOException - if the user's single sign on token is not valid.

searchIdentities

public IdSearchResults searchIdentities(IdType type,
                                        String pattern,
                                        Map avPairs,
                                        boolean recursive,
                                        int maxResults,
                                        int maxTime,
                                        Set returnAttributes,
                                        boolean returnAllAttributes)
                                 throws IdRepoException,
                                        SSOException

Deprecated. This method is deprecated. Use searchIdentities(IdType type,String pattern, IdSearchControl ctrl)

Searches for identities of a certain type. The iterator returns AMIdentity objects for use by the application.

Parameters:

type - Type of identity being searched for.

pattern - Search pattern, like "a*" or "*".

avPairs - Map of attribute-values which can further help qualify the search pattern.

recursive - If true, then the search is performed on the entire subtree (if applicable)

maxResults - Maximum number of results to be returned. A -1 means no limit on the result set.

maxTime - Maximum amount of time after which the search should return with partial results.

returnAttributes - Set of attributes to be read when performing the search.

returnAllAttributes - If true, then read all the attributes of the entries.

Returns:

results containing AMIdentity objects.

Throws:

IdRepoException - if there are repository related error conditions.

SSOException - if user's single sign on token is invalid.

searchIdentities

public IdSearchResults searchIdentities(IdType type,
                                        String pattern,
                                        IdSearchControl ctrl)
                                 throws IdRepoException,
                                        SSOException

Searches for identities of certain types from each plugin and returns a combined result. Note: The AMIdentity objects representing IdType.REALM can be used for services related operations only. The realm AMIdentity object can be used to assign and unassign services containing dynamic attributes to this realm.

Parameters:

type - Type of identity being searched for.

pattern - Pattern to be used when searching.

ctrl - IdSearchControl which can be used to set up various search controls on the search to be performed.

Returns:

Returns the combined results in an object IdSearchResults.

Throws:

IdRepoException - if there are repository related error conditions.

SSOException - if user's single sign on token is invalid.

See Also:

IdSearchControl, IdSearchResults

searchIdentities

public IdSearchResults searchIdentities(IdType type,
                                        CrestQuery crestQuery,
                                        IdSearchControl ctrl)
                                 throws IdRepoException,
                                        SSOException

Searches for identities of certain types from each plugin and returns a combined result Note: The AMIdentity objects representing IdType.REALM can be used for services related operations only. The realm AMIdentity object can be used to assign and unassign services containing dynamic attributes to this realm.

Parameters:

type - Type of identity being searched for.

crestQuery - Basically just an object which supports both _queryId and _queryFilter

ctrl - IdSearchControl which can be used to set up various search controls on the search to be performed.

Returns:

Returns the combined results in an object IdSearchResults.

Throws:

IdRepoException - if there are repository related error conditions.

SSOException - if user's single sign on token is invalid.

See Also:

IdSearchControl, IdSearchResults

getRealmIdentity

public AMIdentity getRealmIdentity()
                            throws IdRepoException,
                                   SSOException

Returns a handle of the Identity object representing this realm for services related operations only. This AMIdentity object can be used to assign and unassign services containing dynamic attributes to this realm

Returns:

a handle of the Identity object.

Throws:

IdRepoException - if there are repository related error conditions.

SSOException - if user's single sign on token is invalid.

createIdentity

public AMIdentity createIdentity(IdType type,
                                 String idName,
                                 Map attrMap)
                          throws IdRepoException,
                                 SSOException

Creates a single object of a type. The object is created in all the plugins that support creation of this type of object. This method is only valid for:

1. IdType.AGENT
2. IdType.USER
3. IdType.REALM

Note: For creating IdType.REALM identities, a map of sunIdentityRepositoryService attributes need to be passed. Also, AMIdentity object representing this realm can be used for services related operations only. This AMIdentity object can be used to assign and unassign services containing dynamic attributes to this realm

Parameters:

type - IdType of object to be created.

idName - Name of object. If the type is IdType.REALM then enter a valid realm name.

attrMap - Map of attribute-values to be set when creating the entry.

Returns:

Identity object representing the newly created entry.

Throws:

IdRepoException - if there are repository related error conditions.

SSOException - if user's single sign on token is invalid.

createIdentities

public Set createIdentities(IdType type,
                            Map identityNamesAndAttrs)
                     throws IdRepoException,
                            SSOException

Creates multiple objects of the same type. The objects are created in all the IdRepo plugins that support creation of these objects. This method is only valid for:

1. IdType.AGENT
2. (@link IdType#USER IdType.USER}
3. IdType.REALM

Note: For creating IdType.REALM identities, a map of sunIdentityRepositoryService attributes need to be passed. Also, AMIdentity object representing this realm can be used for services related operations only. This AMIdentity object can be used to assign and unassign services containing dynamic attributes to this realm.

Parameters:

type - Type of object to be created

identityNamesAndAttrs - Names of the identities and their

Returns:

Set of created Identities.

Throws:

IdRepoException - if there are repository related error conditions.

SSOException - if user's single sign on token is invalid.

deleteIdentities

public void deleteIdentities(IdType type,
                             Set identities)
                      throws IdRepoException,
                             SSOException

Deprecated. As of release AM 7.1, replaced by deleteIdentities(Set)

Deletes identities. The Set passed is a set of AMIdentity objects. This method is only valid for:

1. IdType.AGENT
2. IdType.REALM
3. (@link IdType#USER IdType.USER}

Parameters:

type - Type of Identity to be deleted.

identities - Set of AMIdentity objects to be deleted.

Throws:

IdRepoException - if there are repository related error conditions.

SSOException - if user's single sign on token is invalid.

deleteIdentities

public void deleteIdentities(Set identities)
                      throws IdRepoException,
                             SSOException

Deletes identities. The Set passed is a set of AMIdentity objects. This method is only valid for:

1. IdType.AGENT
2. IdType.REALM
3. (@link IdType#USER IdType.USER}

Parameters:

identities - Set of AMIdentity objects to be deleted

Throws:

IdRepoException - if there are repository related error conditions.

SSOException - if user's single sign on token is invalid.

authenticate

public boolean authenticate(Callback[] credentials)
                     throws IdRepoException,
                            AuthLoginException

Non-javadoc, non-public methods Returns true if the data store has successfully authenticated the identity with the provided credentials. In case the data store requires additional credentials, the list would be returned via the IdRepoException exception.

Parameters:

credentials - Array of callback objects containing information such as username and password.

Returns:

true if data store authenticates the identity; else false

Throws:

IdRepoException

AuthLoginException

authenticate

public boolean authenticate(IdType idType,
                            Callback[] credentials)
                     throws IdRepoException,
                            AuthLoginException

Non-javadoc, non-public methods Returns true if the data store has successfully authenticated the identity with the provided credentials. In case the data store requires additional credentials, the list would be returned via the IdRepoException exception.

Parameters:

credentials - Array of callback objects containing information such as username and password.

idType - The type of identity to authenticate as, or null for any.

Returns:

true if data store authenticates the identity; else false

Throws:

IdRepoException

AuthLoginException

addEventListener

public int addEventListener(IdEventListener listener)

Adds a listener, which should receive notifications for all changes that occurred in this organization. This method is only valid for IdType User and Agent.

Parameters:

listener - The callback which implements AMEventListener.

Returns:

Integer identifier for this listener.

removeEventListener

public void removeEventListener(int identifier)

Removes listener as the application is no longer interested in receiving notifications.

Parameters:

identifier - Integer identifying the listener.

clearCache

public static void clearCache()

Clears the cache.

getSpecialIdentities

public IdSearchResults getSpecialIdentities(SSOToken token,
                                            IdType type,
                                            String orgName)
                                     throws IdRepoException,
                                            SSOException

Throws:

IdRepoException

SSOException

toString

public String toString()

Return String representation of the AMIdentityRepository object. It returns realm name.

Overrides:

toString in class Object

Returns:

String representation of AMIdentityRepository object.