Package com.sun.identity.idm

Class IdRepo

  • @SupportedAll
public abstract class IdRepo
extends Object
    This interface defines the methods which need to be implemented by plugins. Two plugins are supported, ldap and remote .

    • Constructor Detail

      • IdRepo

        public IdRepo()

    • Method Detail

      • initialize

        public void initialize​(Map<String,​Set<String>> configParams)
                throws IdRepoException
        Initialization paramters as configred for a given plugin.
        Parameters:
        configParams - The configuration parameters.
        Throws:
        IdRepoException - If there was an error during initialization.

      • shutdown

        public void shutdown()
        This method is invoked just before the plugin is removed from the IdRepo cache of plugins. This helps the plugin clean up after itself (connections, persistent searches etc.). This method should be overridden by plugins that need to do this.

      • getSupportedOperations

        public Set<IdOperation> getSupportedOperations​(IdType type)
        Return supported operations for a given IdType
        Parameters:
        type - Identity type
        Returns:
        set of IdOperation supported for this IdType.

      • getSupportedTypes

        public Set<IdType> getSupportedTypes()
        Returns:
        Returns a Set of IdTypes supported by this plugin. Returns the supported types of identities for this plugin. If a plugin does not override this method, it returns an empty set.

      • isExists

        public abstract boolean isExists​(SSOToken token,
                                 IdType type,
                                 String name)
                          throws IdRepoException,
                                 SSOException
        Returns true if the name object exists in the data store.
        Parameters:
        token - Single sign on token of identity performing the task.
        type - Identity type of this object.
        name - Name of the object of interest.
        Returns:
        true if name object is in data store else false
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If identity's single sign on token is invalid.

      • isActive

        public boolean isActive​(SSOToken token,
                        IdType type,
                        String name)
                 throws IdRepoException,
                        SSOException
        Returns true if the name object is active.
        Parameters:
        token - Single sign on token of identity performing the task.
        type - Identity type of this object.
        name - Name of the object of interest.
        Returns:
        true if name object is in active else false
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If identity's single sign on token is invalid.

      • setActiveStatus

        public abstract void setActiveStatus​(SSOToken token,
                                     IdType type,
                                     String name,
                                     boolean active)
                              throws IdRepoException,
                                     SSOException
        Sets the object's status to active.
        Parameters:
        token - Single sign on token of identity performing the task.
        type - Identity type of this object.
        name - Name of the object of interest.
        active - true if setting to active; false otherwise.
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If identity's single sign on token is invalid.

      • getAttributes

        public abstract Map<String,​Set<String>> getAttributes​(SSOToken token,
                                                            IdType type,
                                                            String name)
                                                     throws IdRepoException,
                                                            SSOException
        Returns all attributes and values of name object
        Parameters:
        token - Single sign on token of identity performing the task.
        type - Identity type of this object.
        name - Name of the object of interest.
        Returns:
        Map of attribute-values
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If identity's single sign on token is invalid.

      • getAttributes

        public abstract Map<String,​Set<String>> getAttributes​(SSOToken token,
                                                            IdType type,
                                                            String name,
                                                            Set<String> attrNames)
                                                     throws IdRepoException,
                                                            SSOException
        Returns requested attributes and values of name object.
        Parameters:
        token - Single sign on token of identity performing the task.
        type - Identity type of this object.
        name - Name of the object of interest.
        attrNames - Set of attribute names to be read
        Returns:
        Map of attribute-values
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If identity's single sign on token is invalid.

      • getBinaryAttributes

        public abstract Map<String,​byte[][]> getBinaryAttributes​(SSOToken token,
                                                               IdType type,
                                                               String name,
                                                               Set<String> attrNames)
                                                        throws IdRepoException,
                                                               SSOException
        Returns requested binary attributes as an array of bytes.
        Parameters:
        token - Single sign on token of identity performing the task.
        type - Identity type of this object.
        name - Name of the object of interest.
        attrNames - Set of attribute names to be read
        Returns:
        Map of attribute-values
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If identity's single sign on token is invalid.

      • create

        public abstract String create​(SSOToken token,
                              IdType type,
                              String name,
                              Map<String,​Set<String>> attrMap)
                       throws IdRepoException,
                              SSOException
        Creates an identity.
        Parameters:
        token - Single sign on token of identity performing the task.
        type - Identity type of this object.
        name - Name of the object of interest.
        attrMap - Map of attribute-values assoicated with this object.
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If identity's single sign on token is invalid.

      • delete

        public abstract void delete​(SSOToken token,
                            IdType type,
                            String name)
                     throws IdRepoException,
                            SSOException
        Deletes an identity.
        Parameters:
        token - Single sign on token of identity performing the task.
        type - Identity type of this object.
        name - Name of the object of interest.
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If identity's single sign on token is invalid.

      • setAttributes

        public abstract void setAttributes​(SSOToken token,
                                   IdType type,
                                   String name,
                                   Map<String,​Set<String>> attributes,
                                   boolean isAdd)
                            throws IdRepoException,
                                   SSOException
        Set the values of attributes of the identity.
        Parameters:
        token - Single sign on token of identity performing the task.
        type - Identity type of this object.
        name - Name of the object of interest.
        attributes - Map of attribute-values to set or add.
        isAdd - if true add the attribute-values; otherwise replaces the attribute-values.
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If identity's single sign on token is invalid.

      • setBinaryAttributes

        public abstract void setBinaryAttributes​(SSOToken token,
                                         IdType type,
                                         String name,
                                         Map<String,​byte[][]> attributes,
                                         boolean isAdd)
                                  throws IdRepoException,
                                         SSOException
        Set the values of binary attributes the identity.
        Parameters:
        token - Single sign on token of identity performing the task.
        type - Identity type of this object.
        name - Name of the object of interest.
        attributes - Map of binary attribute-values to set or add.
        isAdd - if true add the attribute-values; otherwise replaces the attribute-values.
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If identity's single sign on token is invalid.

      • changePassword

        public void changePassword​(SSOToken token,
                           IdType type,
                           String name,
                           String attrName,
                           String oldPassword,
                           String newPassword)
                    throws IdRepoException,
                           SSOException
        Changes password of identity.
        Parameters:
        token - Single sign on token of identity performing the task.
        type - identity type of this object.
        name - name of the object of interest.
        attrName - password attribute name
        oldPassword - old password
        newPassword - new password
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If identity's single sign on token is invalid.

      • removeAttributes

        public abstract void removeAttributes​(SSOToken token,
                                      IdType type,
                                      String name,
                                      Set<String> attrNames)
                               throws IdRepoException,
                                      SSOException
        Removes the attributes from the identity.
        Parameters:
        token - Single sign on token of identity performing the task.
        type - Identity type of this object.
        name - Name of the object of interest.
        attrNames - Set of attribute names to remove.
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If identity's single sign on token is invalid.

      • search

        public abstract com.sun.identity.idm.RepoSearchResults search​(SSOToken token,
                                                              IdType type,
                                                              org.forgerock.openam.utils.CrestQuery crestQuery,
                                                              int maxTime,
                                                              int maxResults,
                                                              Set<String> returnAttrs,
                                                              boolean returnAllAttrs,
                                                              int filterOp,
                                                              Map<String,​Set<String>> avPairs,
                                                              boolean recursive)
                                                       throws IdRepoException,
                                                              SSOException
        Search for specific type of identities using a CrestQuery object instead of a string. This function actually supersedes the one above, since the "pattern" parameter can be wrapped in the CrestQuery parameter of this function.
        Parameters:
        token - Single sign on token of identity performing the task.
        type - Identity type of this object.
        crestQuery - pattern to search for, of type CrestQuery.
        maxTime - maximum wait time for search.
        maxResults - maximum records to return.
        returnAttrs - Set of attribute names to return.
        returnAllAttrs - return all attributes
        filterOp - filter condition.
        avPairs - additional search conditions.
        Returns:
        RepoSearchResults
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If identity's single sign on token is invalid.

      • modifyMemberShip

        public abstract void modifyMemberShip​(SSOToken token,
                                      IdType type,
                                      String name,
                                      Set<String> members,
                                      IdType membersType,
                                      int operation)
                               throws IdRepoException,
                                      SSOException
        Modify membership of the identity. Set of members is a set of unique identifiers of other identities.
        Parameters:
        token - Single sign on token of identity performing the task.
        type - Identity type of this object.
        name - Name of the object of interest.
        members - Set of names to be added as members of name
        membersType - IdType of members.
        operation - operations to perform on members ADDMEMBER or REMOVEMEMBER.
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If identity's single sign on token is invalid.

      • getMembers

        public abstract Set<String> getMembers​(SSOToken token,
                                       IdType type,
                                       String name,
                                       IdType membersType)
                                throws IdRepoException,
                                       SSOException
        Returns the memberships of an identity. For example, returns the groups or roles that a user belongs to. The list retrieved here for a user MUST be consistent with member queries against the corresponding groups.
        Parameters:
        token - Single sign on token of identity performing the task.
        type - Identity type of this object.
        name - Name of the object of interest.
        membersType - IdType of members of name object.
        Returns:
        Set of of members belongs to name
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If identity's single sign on token is invalid.

      • getMemberships

        public abstract Set<String> getMemberships​(SSOToken token,
                                           IdType type,
                                           String name,
                                           IdType membershipType)
                                    throws IdRepoException,
                                           SSOException
        Returns the memberships of an identity. For example, returns the groups or roles that a user belongs to.
        Parameters:
        token - Single sign on token of identity performing the task.
        type - Identity type of this object.
        name - Name of the object of interest.
        membershipType - IdType of memberships to return.
        Returns:
        Set of objects that name is a member of.
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If identity's single sign on token is invalid.

      • assignService

        public abstract void assignService​(SSOToken token,
                                   IdType type,
                                   String name,
                                   String serviceName,
                                   SchemaType stype,
                                   Map<String,​Set<String>> attrMap)
                            throws IdRepoException,
                                   SSOException
        This method is used to assign a service to the given identity. The behavior of this method will be different, depending on how each plugin will implement the services model. The map of attribute-values has already been validated and default values have already been inherited by the framework. The plugin has to verify if the service is assigned (in which case it should throw an exception), and assign the service and the attributes to the identity (if supported).
        Parameters:
        token - Single sign on token of identity performing the task.
        type - Identity type of this object.
        name - Name of the object of interest.
        serviceName - service to assign
        stype - The schema type for the service.
        attrMap - Map of attribute-values.
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If identity's single sign on token is invalid.

      • getAssignedServices

        public abstract Set<String> getAssignedServices​(SSOToken token,
                                                IdType type,
                                                String name,
                                                Map<String,​Set<String>> mapOfServicesAndOCs)
                                         throws IdRepoException,
                                                SSOException
        Returns the set of services assigned to this identity. The framework has to check if the values are objectclasses, then map it to service names. Or if they are servicenames, then there is no mapping needed.
        Parameters:
        token - Single sign on token of identity performing the task.
        type - Identity type of this object.
        name - Name of the object of interest.
        mapOfServicesAndOCs - The service->objectclass mapping.
        Returns:
        Set of name of services assigned to name
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If identity's single sign on token is invalid.

      • unassignService

        public abstract void unassignService​(SSOToken token,
                                     IdType type,
                                     String name,
                                     String serviceName,
                                     Map<String,​Set<String>> attrMap)
                              throws IdRepoException,
                                     SSOException
        If the service is already assigned to the identity then this method unassigns the service and removes the related attributes from the entry.
        Parameters:
        token - Single sign on token of identity performing the task.
        type - Identity type of this object.
        name - Name of the object of interest.
        serviceName - Service name to remove.
        attrMap - Map of attribute-values to remove
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If identity's single sign on token is invalid.

      • getServiceAttributes

        public abstract Map<String,​Set<String>> getServiceAttributes​(SSOToken token,
                                                                   IdType type,
                                                                   String name,
                                                                   String serviceName,
                                                                   Set<String> attrNames)
                                                            throws IdRepoException,
                                                                   SSOException
        Returns the attribute values of the service attributes.
        Parameters:
        token - Single sign on token of identity performing the task.
        type - Identity type of this object.
        name - Name of the object of interest.
        serviceName - Name of service.
        attrNames - Set of attribute names.
        Returns:
        Map of attribute-values.
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If identity's single sign on token is invalid.

      • getBinaryServiceAttributes

        public abstract Map<String,​byte[][]> getBinaryServiceAttributes​(SSOToken token,
                                                                      IdType type,
                                                                      String name,
                                                                      String serviceName,
                                                                      Set<String> attrNames)
                                                               throws IdRepoException,
                                                                      SSOException
        Returns the requested binary attribute values of the service attributes as an array of bytes.
        Parameters:
        token - Single sign on token of identity performing the task.
        type - Identity type of this object.
        name - Name of the object of interest.
        serviceName - Name of service.
        attrNames - Set of attribute names.
        Returns:
        Map of attribute-values.
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If identity's single sign on token is invalid.

      • modifyService

        public abstract void modifyService​(SSOToken token,
                                   IdType type,
                                   String name,
                                   String serviceName,
                                   SchemaType sType,
                                   Map<String,​Set<String>> attrMap)
                            throws IdRepoException,
                                   SSOException
        Modifies the attribute values of the service attributes.
        Parameters:
        token - Single sign on token of identity performing the task.
        type - Identity type of this object.
        name - Name of the object of interest.
        serviceName - Name of service.
        sType - The schema type for the service.
        attrMap - map of attribute-values.
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If identity's single sign on token is invalid.

      • addListener

        public abstract int addListener​(SSOToken token,
                                IdRepoListener listener)
                         throws IdRepoException,
                                SSOException
        Adds a listener for changes in the repository
        Parameters:
        token - Single sign on token of identity performing the task.
        listener - The listener to register.
        Returns:
        status code
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If identity's single sign on token is invalid.

      • removeListener

        public abstract void removeListener()
        Removes the listener added using addListener method. This is called by the IdRepo framework when the plugin is being shutdown due to configuration change, so that a new instance can be created with the new configuration map.

      • getConfiguration

        public Map<String,​Set<String>> getConfiguration()
        Return the configuration map
        Returns:
        configuration map

      • getFullyQualifiedName

        public String getFullyQualifiedName​(SSOToken token,
                                    IdType type,
                                    String name)
                             throws IdRepoException,
                                    SSOException
        Returns the fully qualified name for the identity. It is expected that the fully qualified name would be unique, hence it is recommended to prefix the name with the data store name or protocol. Used by IdRepo framework to check for equality of two identities
        Parameters:
        token - administrator SSOToken that can be used by the datastore to determine the fully qualified name
        type - type of the identity
        name - name of the identity
        Returns:
        fully qualified name for the identity within the data store
        Throws:
        IdRepoException - If there are repository related error conditions.
        SSOException - If identity's single sign on token is invalid.

      • supportsAuthentication

        public boolean supportsAuthentication()
        Returns true if the data store supports authentication of identities. Used by IdRepo framework to authenticate identities.
        Returns:
        true if data store supports authentication of of identities; else false

      • authenticate

        public boolean authenticate​(Callback[] credentials)
                     throws IdRepoException,
                            AuthLoginException
        Returns true if the data store successfully authenticates the identity with the provided credentials. In case the data store requires additional credentials, the list would be returned via the IdRepoException exception.
        Parameters:
        credentials - Array of callback objects containing information such as username and password.
        Returns:
        true if data store authenticates the identity; else false
        Throws:
        IdRepoException
        AuthLoginException