Package com.sun.identity.idm

Class AMIdentity

  • All Implemented Interfaces:
    Identity
    @Supported
public class AMIdentity
extends UniversalId
implements Identity
    This class represents an Identity which needs to be managed by Access Manager. This identity could exist in multiple repositories, which are configured for a given realm or organization. When any operation is performed from this class, it executes all plugins that are configured for performing that operation. For eg: getAttributes. The application gets access to constructing AMIdentity objects by using AMIdentityRepository interfaces. For example: 

     
    
 AMIdentityRepository idrepo = new AMIdentityRepository(org);
 AMIdentity id = idrepo.getRealmIdentity();

    The id returned above is the AMIdentity object of the user's single sign-on token passed above. The results obtained from search performed using AMIdentityRepository also return AMIdentity objects. The type of an object can be determined by doing the following: 

     
    
 IdType type = identity.getType();

    The name of an object can be determined by: 

     
    
 String name = identity.getName();

    • Constructor Detail

      • AMIdentity

        @Supported
public AMIdentity​(SSOToken token,
                  String universalId)
           throws IdRepoException
        Constructs a new AMIdentity instance from the passed universal ID.
        Parameters:
        token - token used to authenticate the use of any service calls
        universalId - the universal ID from which to create an identity instance
        Throws:
        IdRepoException - should an identity repo error occur

    • Method Detail

      • getType

        @Supported
public IdType getType()
        Returns the Type of the Identity.
        Overrides:
        getType in class UniversalId
        Returns:
        IdType representing the type of this object.

      • getRealm

        @Supported
public String getRealm()
        Returns the realm for this identity.
        Returns:
        String representing realm name.

      • getUniversalId

        @Supported
public String getUniversalId()
        Returns the universal identifier of this object.
        Overrides:
        getUniversalId in class UniversalId
        Returns:
        String representing the universal identifier of this object.

      • isActive

        @Supported
public boolean isActive()
                 throws IdRepoException,
                        SSOException
        If there is a status attribute configured, then verifies if the identity is active and returns true. This method is only valid for AMIdentity objects of type User and Agent.
        Returns:
        true if the identity is active or if it is not configured for a status attribute, false otherwise.
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • setActiveStatus

        @Supported
public void setActiveStatus​(boolean active)
                     throws IdRepoException,
                            SSOException
        If there is a status attribute configured, then set its status to true or activated state if the parameter active is true. This method is only valid for AMIdentity objects of type User and Agent.
        Parameters:
        active - The state value to assign to status attribute. The actual value assigned to the status attribute will depend on what is configured for that particular plugin. If active is true, the status will be assigned the value corresponding to activated.
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • getAttributes

        @Supported
public Map getAttributes()
                  throws IdRepoException,
                         SSOException
        Returns all attributes and values of this identity. This method is only valid for AMIdentity objects of type User, Agent, Group, and Role.
        Specified by:
        getAttributes in interface Identity
        Returns:
        Map of attribute-values
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • getAttributes

        @Supported
public Map getAttributes​(Set<String> attrNames)
                  throws IdRepoException,
                         SSOException
        Returns requested attributes and values of this object.

        This method is only valid for AMIdentity object of type User, Agent, Group, and Role.

        Specified by:
        getAttributes in interface Identity
        Parameters:
        attrNames - Set of attribute names to be read
        Returns:
        Map of attribute-values.
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • getBinaryAttributes

        @Supported
public Map getBinaryAttributes​(Set attrNames)
                        throws IdRepoException,
                               SSOException
        Returns requested attributes and values of this object.

        This method is only valid for AMIdentity objects of type User, Agent, Group, and Role.

        Parameters:
        attrNames - Set of attribute names to be read
        Returns:
        Map of attribute-values.
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • getAttribute

        @Supported
public Set<String> getAttribute​(String attrName)
                         throws IdRepoException,
                                SSOException
        Returns the values of the requested attribute. Returns an empty set, if the attribute is not set in the object.

        This method is only valid for AMIdentity objects of type User, Agent, Group, and Role.

        Specified by:
        getAttribute in interface Identity
        Parameters:
        attrName - Name of attribute
        Returns:
        Set of attribute values.
        Throws:
        IdRepoException - if there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • setAttributes

        @Supported
public void setAttributes​(Map attrMap)
                   throws IdRepoException,
                          SSOException
        Sets the values of attributes. This method should be followed by the method "store" to commit the changes to the Repository. This method is only valid for AMIdentity objects of type User and Agent.
        Parameters:
        attrMap - is a map of attribute name (String) to a Set of attribute values (String). It is arranged as: Map::attrMap --> Key: String::AttributeName Value: Set::AttributeValues (Set of String)
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • setBinaryAttributes

        @Supported
public void setBinaryAttributes​(Map attrMap)
                         throws IdRepoException,
                                SSOException
        Set the values of binary attributes. This method should be followed by the method "store" to commit the changes to the Repository

        This method is only valid for AMIdentity objects of type User and Agent.

        Parameters:
        attrMap - Map of attribute-values to be set in the repository or repositories (if multiple plugins are configured for "edit").
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • removeAttributes

        @Supported
public void removeAttributes​(Set<String> attrNames)
                      throws IdRepoException,
                             SSOException
        Removes the attributes from the identity entry. This method should be followed by a "store" to commit the changes to the Repository.

        This method is only valid for AMIdentity objects of type User and Agent.

        Parameters:
        attrNames - Set of attribute names to be removed
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If the user's single sign on token is invalid

      • store

        @Supported
public void store()
           throws IdRepoException,
                  SSOException
        Stores the attributes of the object.

        This method is only valid for AMIdentity objects of type User and Agent.

        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • getAssignedServices

        @Supported
public Set<String> getAssignedServices()
                                throws IdRepoException,
                                       SSOException
        Returns the set of services already assigned to this identity.

        This method is only valid for AMIdentity object of type User.

        Returns:
        Set of serviceNames
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • getAssignableServices

        @Supported
public Set<String> getAssignableServices()
                                  throws IdRepoException,
                                         SSOException
        Returns all services which can be assigned to this entity.

        This method is only valid for AMIdentity object of type User.

        Returns:
        Set of service names
        Throws:
        IdRepoException - if there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • assignService

        @Supported
public void assignService​(String serviceName,
                          org.forgerock.openam.sm.ConfigurationAttributes attributes)
                   throws IdRepoException,
                          SSOException
        Assigns the service and service related attributes to the identity.

        This method is only valid for AMIdentity object of type User.

        Parameters:
        serviceName - Name of service to be assigned.
        attributes - Map of attribute-values
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • unassignService

        @Supported
public void unassignService​(String serviceName)
                     throws IdRepoException,
                            SSOException
        Removes a service from the identity.

        This method is only valid for AMIdentity object of type User.

        Parameters:
        serviceName - Name of service to be removed.
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • getServiceAttributes

        @Supported
public Map<String,​Set<String>> getServiceAttributes​(String serviceName)
                                                   throws IdRepoException,
                                                          SSOException
        Returns attributes related to a service, if the service is assigned to the identity.

        This method is only valid for AMIdentity object of type User.

        Parameters:
        serviceName - Name of the service.
        Returns:
        Map of attribute-values.
        Throws:
        IdRepoException - if there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • getServiceAttributesAscending

        @Supported
public Map getServiceAttributesAscending​(String serviceName)
                                  throws IdRepoException,
                                         SSOException
        Returns attributes related to a service, if the service is assigned to the identity.

        This method is only valid for AMIdentity object of type User.

        Parameters:
        serviceName - Name of the service.
        Returns:
        Map of attribute-values.
        Throws:
        IdRepoException - if there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • modifyService

        @Supported
public void modifyService​(String serviceName,
                          org.forgerock.openam.sm.ConfigurationAttributes attrMap)
                   throws IdRepoException,
                          SSOException
        Set attributes related to a specific service. The assumption is that the service is already assigned to the identity. The attributes for the service are validated against the service schema.

        This method is only valid for AMIdentity object of type User.

        Parameters:
        serviceName - Name of the service.
        attrMap - Map of attribute-values.
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • removeServiceAttributes

        @Supported
public void removeServiceAttributes​(String serviceName,
                                    Set<String> attrNames)
                             throws IdRepoException,
                                    SSOException
        Removes attributes value related to a specific service by setting it to empty. The assumption is that the service is already assigned to the identity. The attributes for the service are validated against the service schema.

        This method is only valid for AMIdentity object of type User.

        Parameters:
        serviceName - Name of the service.
        attrNames - Set of attributes name.
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.

      • isMember

        @Supported
public boolean isMember​(UniversalId universalId)
                 throws IdRepoException,
                        SSOException
        Verifies if this identity is a member of the identity being passed.

        This method is only valid for AMIdentity objects of type Role, Group and User.

        Parameters:
        universalId - AMIdentity to check membership with
        Returns:
        true if this Identity is a member of the given Identity
        Throws:
        IdRepoException - if there are repository related error conditions.
        SSOException - if user's single sign on token is invalid.

      • getMembers

        @Supported
public Set<AMIdentity> getMembers​(IdType mtype)
                           throws IdRepoException,
                                  SSOException
        Return all members of a given identity type of this identity as a Set of AMIdentity objects.

        This method is only valid for AMIdentity objects of type Group and User.

        Parameters:
        mtype - Type of identity objects
        Returns:
        Set of AMIdentity objects that are members of this object.
        Throws:
        IdRepoException - if there are repository related error conditions.
        SSOException - if user's single sign on token is invalid.

      • getMemberships

        @Supported
public Set<AMIdentity> getMemberships​(IdType mtype)
                               throws IdRepoException,
                                      SSOException
        Returns the set of identities that this identity belongs to.

        This method is only valid for AMIdentity objects of type User and Role.

        Parameters:
        mtype - Type of member identity.
        Returns:
        Set of AMIdentity objects of the given type that this identity belongs to.
        Throws:
        IdRepoException - if there are repository related error conditions.
        SSOException - if user's single sign on token is invalid.

      • isExists

        @Supported
public boolean isExists()
                 throws IdRepoException,
                        SSOException
        This method determines if the identity exists and returns true or false.

        This method is only valid for AMIdentity objects of type User and Agent.

        Specified by:
        isExists in interface Identity
        Returns:
        true if the identity exists or false otherwise.
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If user's single sign on token is invalid.