Package com.sun.identity.idm

Class AMIdentity

java.lang.Object
org.forgerock.am.identity.domain.UniversalId
com.sun.identity.idm.AMIdentity
All Implemented Interfaces:
Identity
@Supported public class AMIdentity extends UniversalId implements Identity
This class represents an Identity which needs to be managed by Access Manager. This identity could exist in multiple repositories, which are configured for a given realm or organization. When any operation is performed from this class, it executes all plugins that are configured for performing that operation. For eg: getAttributes. The application gets access to constructing AMIdentity objects by using AMIdentityRepository interfaces. For example: 

 

 AMIdentityRepository idrepo = new AMIdentityRepository(org);
 AMIdentity id = idrepo.getRealmIdentity();

The id returned above is the AMIdentity object of the user's single sign-on token passed above. The results obtained from search performed using AMIdentityRepository also return AMIdentity objects. The type of an object can be determined by doing the following: 

 

 IdType type = identity.getType();

The name of an object can be determined by: 

 

 String name = identity.getName();

  • Constructor Details

    • AMIdentity

      @Supported public AMIdentity(SSOToken token) throws SSOException, IdRepoException
      Constructs a new AMIdentity instance from the passed token.
      Parameters:
      token - non-null token from which to create an identity instance
      Throws:
      SSOException - should an error occur handling the token
      IdRepoException - should an identity repo error occur

    • AMIdentity

      @Supported public AMIdentity(SSOToken token, String universalId) throws IdRepoException
      Constructs a new AMIdentity instance from the passed universal ID.
      Parameters:
      token - token used to authenticate the use of any service calls
      universalId - the universal ID from which to create an identity instance
      Throws:
      IdRepoException - should an identity repo error occur

  • Method Details

    • getName

      @Supported public String getName()
      Returns the name of the identity.
      Overrides:
      getName in class UniversalId
      Returns:
      Name of the identity

    • getType

      @Supported public IdType getType()
      Returns the Type of the Identity.
      Overrides:
      getType in class UniversalId
      Returns:
      IdType representing the type of this object.

    • getRealm

      @Supported public String getRealm()
      Returns the realm for this identity.
      Returns:
      String representing realm name.

    • getUniversalId

      @Supported public String getUniversalId()
      Returns the universal identifier of this object.
      Overrides:
      getUniversalId in class UniversalId
      Returns:
      String representing the universal identifier of this object.

    • isActive

      @Supported public boolean isActive() throws IdRepoException, SSOException
      If there is a status attribute configured, then verifies if the identity is active and returns true. This method is only valid for AMIdentity objects of type User and Agent.
      Returns:
      true if the identity is active or if it is not configured for a status attribute, false otherwise.
      Throws:
      IdRepoException - If there are repository related error conditions.
      SSOException - If user's single sign on token is invalid.

    • setActiveStatus

      @Supported public void setActiveStatus(boolean active) throws IdRepoException, SSOException
      If there is a status attribute configured, then set its status to true or activated state if the parameter active is true. This method is only valid for AMIdentity objects of type User and Agent.
      Parameters:
      active - The state value to assign to status attribute. The actual value assigned to the status attribute will depend on what is configured for that particular plugin. If active is true, the status will be assigned the value corresponding to activated.
      Throws:
      IdRepoException - If there are repository related error conditions.
      SSOException - If user's single sign on token is invalid.

    • getAttributes

      @Supported public Map getAttributes() throws IdRepoException, SSOException
      Returns all attributes and values of this identity. This method is only valid for AMIdentity objects of type User, Agent, Group, and Role.
      Specified by:
      getAttributes in interface Identity
      Returns:
      Map of attribute-values
      Throws:
      IdRepoException - If there are repository related error conditions.
      SSOException - If user's single sign on token is invalid.

    • getAttributes

      @Supported public Map getAttributes(Set<String> attrNames) throws IdRepoException, SSOException
      Returns requested attributes and values of this object.

      This method is only valid for AMIdentity object of type User, Agent, Group, and Role.

      Specified by:
      getAttributes in interface Identity
      Parameters:
      attrNames - Set of attribute names to be read
      Returns:
      Map of attribute-values.
      Throws:
      IdRepoException - If there are repository related error conditions.
      SSOException - If user's single sign on token is invalid.

    • getBinaryAttributes

      @Supported public Map getBinaryAttributes(Set attrNames) throws IdRepoException, SSOException
      Returns requested attributes and values of this object.

      This method is only valid for AMIdentity objects of type User, Agent, Group, and Role.

      Parameters:
      attrNames - Set of attribute names to be read
      Returns:
      Map of attribute-values.
      Throws:
      IdRepoException - If there are repository related error conditions.
      SSOException - If user's single sign on token is invalid.

    • getAttribute

      @Supported public Set<String> getAttribute(String attrName) throws IdRepoException, SSOException
      Returns the values of the requested attribute. Returns an empty set, if the attribute is not set in the object.

      This method is only valid for AMIdentity objects of type User, Agent, Group, and Role.

      Specified by:
      getAttribute in interface Identity
      Parameters:
      attrName - Name of attribute
      Returns:
      Set of attribute values.
      Throws:
      IdRepoException - if there are repository related error conditions.
      SSOException - If user's single sign on token is invalid.

    • setAttributes

      @Supported public void setAttributes(Map attrMap) throws IdRepoException, SSOException
      Sets the values of attributes. This method should be followed by the method "store" to commit the changes to the Repository. This method is only valid for AMIdentity objects of type User and Agent.
      Parameters:
      attrMap - is a map of attribute name (String) to a Set of attribute values (String). It is arranged as: Map::attrMap --> Key: String::AttributeName Value: Set::AttributeValues (Set of String)
      Throws:
      IdRepoException - If there are repository related error conditions.
      SSOException - If user's single sign on token is invalid.

    • changePassword

      @Supported public void changePassword(String oldPassword, String newPassword) throws IdRepoException, SSOException
      Changes password for the identity.
      Parameters:
      oldPassword - old password
      newPassword - new password
      Throws:
      IdRepoException - If there are repository related error conditions.
      SSOException - If user's single sign on token is invalid.

    • setBinaryAttributes

      @Supported public void setBinaryAttributes(Map attrMap) throws IdRepoException, SSOException
      Set the values of binary attributes. This method should be followed by the method "store" to commit the changes to the Repository

      This method is only valid for AMIdentity objects of type User and Agent.

      Parameters:
      attrMap - Map of attribute-values to be set in the repository or repositories (if multiple plugins are configured for "edit").
      Throws:
      IdRepoException - If there are repository related error conditions.
      SSOException - If user's single sign on token is invalid.

    • removeAttributes

      @Supported public void removeAttributes(Set<String> attrNames) throws IdRepoException, SSOException
      Removes the attributes from the identity entry. This method should be followed by a "store" to commit the changes to the Repository.

      This method is only valid for AMIdentity objects of type User and Agent.

      Parameters:
      attrNames - Set of attribute names to be removed
      Throws:
      IdRepoException - If there are repository related error conditions.
      SSOException - If the user's single sign on token is invalid

    • store

      @Supported public void store() throws IdRepoException, SSOException
      Stores the attributes of the object.

      This method is only valid for AMIdentity objects of type User and Agent.

      Throws:
      IdRepoException - If there are repository related error conditions.
      SSOException - If user's single sign on token is invalid.

    • getAssignedServices

      @Supported public Set<String> getAssignedServices() throws IdRepoException, SSOException
      Returns the set of services already assigned to this identity.

      This method is only valid for AMIdentity object of type User.

      Returns:
      Set of serviceNames
      Throws:
      IdRepoException - If there are repository related error conditions.
      SSOException - If user's single sign on token is invalid.

    • getAssignableServices

      @Supported public Set<String> getAssignableServices() throws IdRepoException, SSOException
      Returns all services which can be assigned to this entity.

      This method is only valid for AMIdentity object of type User.

      Returns:
      Set of service names
      Throws:
      IdRepoException - if there are repository related error conditions.
      SSOException - If user's single sign on token is invalid.

    • assignService

      @Supported public void assignService(String serviceName, org.forgerock.openam.sm.ConfigurationAttributes attributes) throws IdRepoException, SSOException
      Assigns the service and service related attributes to the identity.

      This method is only valid for AMIdentity object of type User.

      Parameters:
      serviceName - Name of service to be assigned.
      attributes - Map of attribute-values
      Throws:
      IdRepoException - If there are repository related error conditions.
      SSOException - If user's single sign on token is invalid.

    • unassignService

      @Supported public void unassignService(String serviceName) throws IdRepoException, SSOException
      Removes a service from the identity.

      This method is only valid for AMIdentity object of type User.

      Parameters:
      serviceName - Name of service to be removed.
      Throws:
      IdRepoException - If there are repository related error conditions.
      SSOException - If user's single sign on token is invalid.

    • getServiceAttributes

      @Supported public Map<String,Set<String>> getServiceAttributes(String serviceName) throws IdRepoException, SSOException
      Returns attributes related to a service, if the service is assigned to the identity.

      This method is only valid for AMIdentity object of type User.

      Parameters:
      serviceName - Name of the service.
      Returns:
      Map of attribute-values.
      Throws:
      IdRepoException - if there are repository related error conditions.
      SSOException - If user's single sign on token is invalid.

    • getServiceAttributesAscending

      @Supported public Map getServiceAttributesAscending(String serviceName) throws IdRepoException, SSOException
      Returns attributes related to a service, if the service is assigned to the identity.

      This method is only valid for AMIdentity object of type User.

      Parameters:
      serviceName - Name of the service.
      Returns:
      Map of attribute-values.
      Throws:
      IdRepoException - if there are repository related error conditions.
      SSOException - If user's single sign on token is invalid.

    • modifyService

      @Supported public void modifyService(String serviceName, org.forgerock.openam.sm.ConfigurationAttributes attrMap) throws IdRepoException, SSOException
      Set attributes related to a specific service. The assumption is that the service is already assigned to the identity. The attributes for the service are validated against the service schema.

      This method is only valid for AMIdentity object of type User.

      Parameters:
      serviceName - Name of the service.
      attrMap - Map of attribute-values.
      Throws:
      IdRepoException - If there are repository related error conditions.
      SSOException - If user's single sign on token is invalid.

    • removeServiceAttributes

      @Supported public void removeServiceAttributes(String serviceName, Set<String> attrNames) throws IdRepoException, SSOException
      Removes attributes value related to a specific service by setting it to empty. The assumption is that the service is already assigned to the identity. The attributes for the service are validated against the service schema.

      This method is only valid for AMIdentity object of type User.

      Parameters:
      serviceName - Name of the service.
      attrNames - Set of attributes name.
      Throws:
      IdRepoException - If there are repository related error conditions.
      SSOException - If user's single sign on token is invalid.

    • isMember

      @Supported public boolean isMember(UniversalId universalId) throws IdRepoException, SSOException
      Verifies if this identity is a member of the identity being passed.

      This method is only valid for AMIdentity objects of type Role, Group and User.

      Parameters:
      universalId - AMIdentity to check membership with
      Returns:
      true if this Identity is a member of the given Identity
      Throws:
      IdRepoException - if there are repository related error conditions.
      SSOException - if user's single sign on token is invalid.

    • addMember

      @Supported public void addMember(AMIdentity identity) throws IdRepoException, SSOException
      Adds the passed identity as a member of this identity.
      Parameters:
      identity - the identity to be added
      Throws:
      IdRepoException - if there are repository related error conditions.
      SSOException - if user's single sign on token is invalid.

    • addMembers

      @Supported public void addMembers(Set<AMIdentity> identities) throws IdRepoException, SSOException
      Adds the passed identities as members of this identity.
      Parameters:
      identities - the identities to be added
      Throws:
      IdRepoException - if there are repository related error conditions.
      SSOException - if user's single sign on token is invalid.

    • removeMember

      @Supported public void removeMember(AMIdentity identity) throws IdRepoException, SSOException
      Removes the passed identity as a member of this identity.
      Parameters:
      identity - the identity to be removed
      Throws:
      IdRepoException - if there are repository related error conditions.
      SSOException - if user's single sign on token is invalid.

    • removeMembers

      @Supported public void removeMembers(Set<AMIdentity> identities) throws IdRepoException, SSOException
      Removes the passed identities as members of this identity.
      Parameters:
      identities - the identities to be removed
      Throws:
      IdRepoException - if there are repository related error conditions.
      SSOException - if user's single sign on token is invalid.

    • getMembers

      @Supported public Set<AMIdentity> getMembers(IdType mtype) throws IdRepoException, SSOException
      Return all members of a given identity type of this identity as a Set of AMIdentity objects.

      This method is only valid for AMIdentity objects of type Group and User.

      Parameters:
      mtype - Type of identity objects
      Returns:
      Set of AMIdentity objects that are members of this object.
      Throws:
      IdRepoException - if there are repository related error conditions.
      SSOException - if user's single sign on token is invalid.

    • getMemberships

      @Supported public Set<AMIdentity> getMemberships(IdType mtype) throws IdRepoException, SSOException
      Returns the set of identities that this identity belongs to.

      This method is only valid for AMIdentity objects of type User and Role.

      Parameters:
      mtype - Type of member identity.
      Returns:
      Set of AMIdentity objects of the given type that this identity belongs to.
      Throws:
      IdRepoException - if there are repository related error conditions.
      SSOException - if user's single sign on token is invalid.

    • isExists

      @Supported public boolean isExists() throws IdRepoException, SSOException
      This method determines if the identity exists and returns true or false.

      This method is only valid for AMIdentity objects of type User and Agent.

      Specified by:
      isExists in interface Identity
      Returns:
      true if the identity exists or false otherwise.
      Throws:
      IdRepoException - If there are repository related error conditions.
      SSOException - If user's single sign on token is invalid.

    • equals

      @Supported public boolean equals(Object o)
      Overrides:
      equals in class UniversalId