Package org.forgerock.am.identity.persistence

Interface IdentityStore

All Known Implementing Classes:
AMIdentityRepository
public interface IdentityStore
Represents an identity store in which user/role/group and other identity data is configured. This interface provides access to methods which will search, create and delete identities.

  • Method Details

    • getSupportedIdTypes

      Set<IdType> getSupportedIdTypes() throws IdRepoException, SSOException
      Get supported identity types.
      Returns:
      the supported identity types
      Throws:
      IdRepoException - if there are repository related error conditions
      SSOException - if there is an SSO token related error

    • getAllowedIdOperations

      Set<IdOperation> getAllowedIdOperations(IdType type) throws IdRepoException, SSOException
      Get allowed identity operations.
      Parameters:
      type - type of identity being searched for
      Returns:
      the allowed identity operations
      Throws:
      IdRepoException - if there are repository related error conditions
      SSOException - if there is an SSO token related error

    • searchIdentities

      IdSearchResults searchIdentities(IdType type, String pattern, IdSearchControl ctrl) throws IdRepoException, SSOException
      Search for identities of certain types from each plugin and returns a combined result. Note: The AMIdentity objects representing IdType.REALM can be used for services related operations only. The realm AMIdentity object can be used to assign and unassign services containing dynamic attributes to this realm.
      Parameters:
      type - type of identity being searched for
      pattern - the query identity pattern
      ctrl - IdSearchControl which can be used to set up various search controls on the search to be performed
      Returns:
      Returns the combined results in an object IdSearchResults
      Throws:
      IdRepoException - if there are repository related error conditions
      SSOException - if user's single sign on token is invalid
      See Also:

    • searchIdentitiesByUsername

      IdSearchResults searchIdentitiesByUsername(IdType type, String pattern, IdSearchControl ctrl) throws IdRepoException, SSOException
      Search for a single identity based on the identity of certain types from each plugin. Callers should fail if multiple identities are returned. Note: The AMIdentity objects representing IdType.REALM can be used for services related operations only. The realm AMIdentity object can be used to assign and unassign services containing dynamic attributes to this realm.
      Parameters:
      type - type of identity being searched for
      pattern - the query identity pattern
      ctrl - IdSearchControl which can be used to set up various search controls on the search to be performed
      Returns:
      Returns the combined results in an object IdSearchResults
      Throws:
      IdRepoException - if there are repository related error conditions
      SSOException - if user's single sign on token is invalid
      See Also:

    • searchIdentities

      IdSearchResults searchIdentities(IdType type, org.forgerock.openam.utils.CrestQuery crestQuery, IdSearchControl ctrl) throws IdRepoException, SSOException
      Searches for identities of certain types from each plugin and returns a combined result Note: The AMIdentity objects representing IdType.REALM can be used for services related operations only. The realm AMIdentity object can be used to assign and unassign services containing dynamic attributes to this realm.
      Parameters:
      type - Type of identity being searched for.
      crestQuery - Basically just an object which supports both _queryId and _queryFilter
      ctrl - IdSearchControl which can be used to set up various search controls on the search to be performed.
      Returns:
      Returns the combined results in an object IdSearchResults.
      Throws:
      IdRepoException - if there are repository related error conditions.
      SSOException - if user's single sign on token is invalid.
      See Also:

    • getRealmIdentity

      AMIdentity getRealmIdentity() throws IdRepoException, SSOException
      Get the realm AMIdentity object.
      Returns:
      the realm identity
      Throws:
      IdRepoException - if there are repository related error conditions
      SSOException - if there is an SSO token related error

    • createIdentity

      AMIdentity createIdentity(IdType type, String idName, Map<String,Set<String>> attrMap) throws IdRepoException, SSOException
      Create an AMIdentity object.
      Parameters:
      type - type of identity being searched for
      idName - the id name
      attrMap - the attr map
      Returns:
      the am identity
      Throws:
      IdRepoException - if there are repository related error conditions
      SSOException - if there is an SSO token related error

    • deleteIdentity

      void deleteIdentity(AMIdentity identity) throws IdRepoException, SSOException
      Delete an AMIdentitys.
      Parameters:
      identity - the identity to delete
      Throws:
      IdRepoException - if there are repository related error conditions
      SSOException - if there is an SSO token related error

    • authenticate

      boolean authenticate(Callback[] credentials) throws IdRepoException, AuthLoginException
      Non-javadoc, non-public methods Returns true if the data store has successfully authenticated the identity with the provided credentials. In case the data store requires additional credentials, the list would be returned via the IdRepoException exception.
      Parameters:
      credentials - Array of callback objects containing information such as username and password.
      Returns:
      true if data store authenticates the identity; else false
      Throws:
      IdRepoException
      AuthLoginException

    • authenticate

      boolean authenticate(IdType idType, Callback[] credentials) throws IdRepoException, AuthLoginException
      Non-javadoc, non-public methods Returns true if the data store has successfully authenticated the identity with the provided credentials. In case the data store requires additional credentials, the list would be returned via the IdRepoException exception.
      Parameters:
      credentials - Array of callback objects containing information such as username and password.
      idType - The type of identity to authenticate as, or null for any.
      Returns:
      true if data store authenticates the identity; else false
      Throws:
      IdRepoException
      AuthLoginException

    • addEventListener

      int addEventListener(IdEventListener listener)
      Add an IdEventListener to the pool of listeners.
      Parameters:
      listener - the identity event listener to add
      Returns:
      the total amount of IdEventListeners available

    • removeEventListener

      void removeEventListener(int identifier)
      Remove an IdEventListener from the pool of listeners.
      Parameters:
      identifier - the identifier for the IdEventListener to be removed

    • getSpecialIdentities

      IdSearchResults getSpecialIdentities(SSOToken token, IdType type, String orgName) throws IdRepoException, SSOException
      Return the special identities for this realm for a given type. These identities cannot be deleted and hence have to be shown in the admin console as non-deletable.
      Parameters:
      type - Type of the identity
      Returns:
      IdSearchResult
      Throws:
      IdRepoException - if there is a datastore exception
      SSOException - if the user's single sign on token is not valid.

    • getRealmName

      String getRealmName()
      Returns the realm for the identity repository.
      Returns:
      String representing realm name.

    • getIdentity

      @Deprecated AMIdentity getIdentity(String uName)
      Deprecated.
      Use findIdentityByUsername(java.lang.String, IdType) instead
      Returns an AMIdentity object representing the provided username.
      Parameters:
      uName - the username of the user to retrieve
      Returns:
      identity object or null

    • getUserUsingAuthenticationUserAliases

      @Deprecated AMIdentity getUserUsingAuthenticationUserAliases(String uName)
      Deprecated.
      Use searchForIdentity(IdType, String) instead
      Returns an AMIdentity object representing the provided username, or if no match was found, representing a user matching the authentication user alias list. Note: the intention is that this will be extracted to an authentication specific API in the future
      Parameters:
      uName - the username of the user to retrieve
      Returns:
      identity object or null

    • getGroup

      AMIdentity getGroup(String groupName)
      Gets the AMIdentity of a group with groupname equal to groupName that exists in realm. If no AMIdentity found using groupname it will fall back to using userSearchAttributes if supplied.
      Parameters:
      groupName - the name of the group to retrieve
      Returns:
      the AMIdentity of group with groupname equal to groupName

    • searchForIdentity

      Optional<AMIdentity> searchForIdentity(IdType idType, String idName)
      Returns the AMIdentity object for the given type, name and realm.

      This operation will search the store for the specific identity. If no identity is found that matches the exact search requirements then Optional.empty() is returned.

      Parameters:
      idType - The IdType of the identity to search for.
      idName - The name alias of the identity to search for.
      Returns:
      A non-null, possibly empty Optional.

    • createWithoutValidatingAttributes

      AMIdentity createWithoutValidatingAttributes(SSOToken token, IdType type, String name, Map<String,Set<String>> attrs, String orgName) throws IdRepoException, SSOException
      Create a new identity without validating the given attributes. This method should only be used if the attributes has already been validated.
      Parameters:
      token - is the sso token of the person performing this operation.
      type - The identity type.
      name - The identity name.
      attrs - The default attributes this identity will be created with.
      orgName - Realm in which the identity will be created.
      Returns:
      The newly created identity.
      Throws:
      IdRepoException - if there are repository related error conditions.
      SSOException - if the sso token is invalid.

    • findIdentityByUsername

      Optional<AMIdentity> findIdentityByUsername(String username, IdType type) throws IdRepoException, SSOException
      Searches for the identity using the username.
      Parameters:
      username - The username to search for
      Returns:
      An optional containing the identity if one is found, empty otherwise.
      Throws:
      IdRepoException - If an error occurred or more than one result was found
      SSOException - If an error occurred

    • findUserByUsernameOrAlias

      Optional<AMIdentity> findUserByUsernameOrAlias(String username, Set<String> userSearchAttributes) throws IdRepoException, SSOException
      Searches for the user using the username, then uses the search attributes if nothing is found.
      Parameters:
      username - The username to search for
      userSearchAttributes - The other attributes to search for the username under
      Returns:
      An optional containing the identity if one is found, empty otherwise.
      Throws:
      IdRepoException - If an error occurred or more than one result was found
      SSOException - If an error occurred