Package org.forgerock.am.identity.persistence

Interface IdentityStore

  • All Known Implementing Classes:
    AMIdentityRepository
    public interface IdentityStore
    Represents an identity store in which user/role/group and other identity data is configured. This interface provides access to methods which will search, create and delete identities.

    • Method Detail

      • getAllowedIdOperations

        Set<IdOperation> getAllowedIdOperations​(IdType type)
                                 throws IdRepoException,
                                        SSOException
        Get allowed identity operations.
        Parameters:
        type - type of identity being searched for
        Returns:
        the allowed identity operations
        Throws:
        IdRepoException - if there are repository related error conditions
        SSOException - if there is an SSO token related error

      • searchIdentities

        IdSearchResults searchIdentities​(IdType type,
                                 String pattern,
                                 IdSearchControl ctrl)
                          throws IdRepoException,
                                 SSOException
        Search for identities of certain types from each plugin and returns a combined result. Note: The AMIdentity objects representing IdType.REALM can be used for services related operations only. The realm AMIdentity object can be used to assign and unassign services containing dynamic attributes to this realm.
        Parameters:
        type - type of identity being searched for
        pattern - the query identity pattern
        ctrl - IdSearchControl which can be used to set up various search controls on the search to be performed
        Returns:
        Returns the combined results in an object IdSearchResults
        Throws:
        IdRepoException - if there are repository related error conditions
        SSOException - if user's single sign on token is invalid
        See Also:
        IdSearchControl, IdSearchResults

      • searchIdentitiesByUsername

        IdSearchResults searchIdentitiesByUsername​(IdType type,
                                           String pattern,
                                           IdSearchControl ctrl)
                                    throws IdRepoException,
                                           SSOException
        Search for a single identity based on the identity of certain types from each plugin. Callers should fail if multiple identities are returned. Note: The AMIdentity objects representing IdType.REALM can be used for services related operations only. The realm AMIdentity object can be used to assign and unassign services containing dynamic attributes to this realm.
        Parameters:
        type - type of identity being searched for
        pattern - the query identity pattern
        ctrl - IdSearchControl which can be used to set up various search controls on the search to be performed
        Returns:
        Returns the combined results in an object IdSearchResults
        Throws:
        IdRepoException - if there are repository related error conditions
        SSOException - if user's single sign on token is invalid
        See Also:
        IdSearchControl, IdSearchResults

      • searchIdentities

        IdSearchResults searchIdentities​(IdType type,
                                 org.forgerock.openam.utils.CrestQuery crestQuery,
                                 IdSearchControl ctrl)
                          throws IdRepoException,
                                 SSOException
        Searches for identities of certain types from each plugin and returns a combined result Note: The AMIdentity objects representing IdType.REALM can be used for services related operations only. The realm AMIdentity object can be used to assign and unassign services containing dynamic attributes to this realm.
        Parameters:
        type - Type of identity being searched for.
        crestQuery - Basically just an object which supports both _queryId and _queryFilter
        ctrl - IdSearchControl which can be used to set up various search controls on the search to be performed.
        Returns:
        Returns the combined results in an object IdSearchResults.
        Throws:
        IdRepoException - if there are repository related error conditions.
        SSOException - if user's single sign on token is invalid.
        See Also:
        IdSearchControl, IdSearchResults

      • authenticate

        boolean authenticate​(Callback[] credentials)
              throws IdRepoException,
                     AuthLoginException
        Non-javadoc, non-public methods Returns true if the data store has successfully authenticated the identity with the provided credentials. In case the data store requires additional credentials, the list would be returned via the IdRepoException exception.
        Parameters:
        credentials - Array of callback objects containing information such as username and password.
        Returns:
        true if data store authenticates the identity; else false
        Throws:
        IdRepoException
        AuthLoginException

      • authenticate

        boolean authenticate​(IdType idType,
                     Callback[] credentials)
              throws IdRepoException,
                     AuthLoginException
        Non-javadoc, non-public methods Returns true if the data store has successfully authenticated the identity with the provided credentials. In case the data store requires additional credentials, the list would be returned via the IdRepoException exception.
        Parameters:
        credentials - Array of callback objects containing information such as username and password.
        idType - The type of identity to authenticate as, or null for any.
        Returns:
        true if data store authenticates the identity; else false
        Throws:
        IdRepoException
        AuthLoginException

      • addEventListener

        int addEventListener​(IdEventListener listener)
        Add an IdEventListener to the pool of listeners.
        Parameters:
        listener - the identity event listener to add
        Returns:
        the total amount of IdEventListeners available

      • removeEventListener

        void removeEventListener​(int identifier)
        Remove an IdEventListener from the pool of listeners.
        Parameters:
        identifier - the identifier for the IdEventListener to be removed

      • getSpecialIdentities

        IdSearchResults getSpecialIdentities​(SSOToken token,
                                     IdType type,
                                     String orgName)
                              throws IdRepoException,
                                     SSOException
        Return the special identities for this realm for a given type. These identities cannot be deleted and hence have to be shown in the admin console as non-deletable.
        Parameters:
        type - Type of the identity
        Returns:
        IdSearchResult
        Throws:
        IdRepoException - if there is a datastore exception
        SSOException - if the user's single sign on token is not valid.

      • getRealmName

        String getRealmName()
        Returns the realm for the identity repository.
        Returns:
        String representing realm name.

      • getUserUsingAuthenticationUserAliases

        @Deprecated
AMIdentity getUserUsingAuthenticationUserAliases​(String uName)
        Deprecated.
        Use searchForIdentity(IdType, String) instead
        Returns an AMIdentity object representing the provided username, or if no match was found, representing a user matching the authentication user alias list. Note: the intention is that this will be extracted to an authentication specific API in the future
        Parameters:
        uName - the username of the user to retrieve
        Returns:
        identity object or null

      • getGroup

        AMIdentity getGroup​(String groupName)
        Gets the AMIdentity of a group with groupname equal to groupName that exists in realm. If no AMIdentity found using groupname it will fall back to using userSearchAttributes if supplied.
        Parameters:
        groupName - the name of the group to retrieve
        Returns:
        the AMIdentity of group with groupname equal to groupName

      • searchForIdentity

        Optional<AMIdentity> searchForIdentity​(IdType idType,
                                       String idName)
        Returns the AMIdentity object for the given type, name and realm.

        This operation will search the store for the specific identity. If no identity is found that matches the exact search requirements then Optional.empty() is returned.

        Parameters:
        idType - The IdType of the identity to search for.
        idName - The name alias of the identity to search for.
        Returns:
        A non-null, possibly empty Optional.

      • createWithoutValidatingAttributes

        AMIdentity createWithoutValidatingAttributes​(SSOToken token,
                                             IdType type,
                                             String name,
                                             Map<String,​Set<String>> attrs,
                                             String orgName)
                                      throws IdRepoException,
                                             SSOException
        Create a new identity without validating the given attributes. This method should only be used if the attributes has already been validated.
        Parameters:
        token - is the sso token of the person performing this operation.
        type - The identity type.
        name - The identity name.
        attrs - The default attributes this identity will be created with.
        orgName - Realm in which the identity will be created.
        Returns:
        The newly created identity.
        Throws:
        IdRepoException - if there are repository related error conditions.
        SSOException - if the sso token is invalid.

      • findIdentityByUsername

        Optional<AMIdentity> findIdentityByUsername​(String username,
                                            IdType type)
                                     throws IdRepoException,
                                            SSOException
        Searches for the identity using the username.
        Parameters:
        username - The username to search for
        Returns:
        An optional containing the identity if one is found, empty otherwise.
        Throws:
        IdRepoException - If an error occurred or more than one result was found
        SSOException - If an error occurred

      • findUserByUsernameOrAlias

        Optional<AMIdentity> findUserByUsernameOrAlias​(String username,
                                               Set<String> userSearchAttributes)
                                        throws IdRepoException,
                                               SSOException
        Searches for the user using the username, then uses the search attributes if nothing is found.
        Parameters:
        username - The username to search for
        userSearchAttributes - The other attributes to search for the username under
        Returns:
        An optional containing the identity if one is found, empty otherwise.
        Throws:
        IdRepoException - If an error occurred or more than one result was found
        SSOException - If an error occurred