org.picketlink.idm

Interface IdentityManager

All Superinterfaces:

Serializable

public interface IdentityManager
extends Serializable

Manages all Identity Management related operations.

Author:

Shane Bryzak

Method Summary

Methods

Modifier and Type	Method and Description
void	add(IdentityType identityType) Adds the given IdentityType instance to the configured identity store.
void	add(Relationship relationship) Adds the given Relationship instance to the configured identity store.
void	addToGroup(Agent agent, Group group) Adds the given Agent as a member of the provided Group.
<T extends IdentityType> IdentityQuery<T>	createIdentityQuery(Class<T> identityType) Creates an IdentityQuery that can be used to query for IdentityType instances.
<T extends Relationship> RelationshipQuery<T>	createRelationshipQuery(Class<T> relationshipType) Creates an RelationshipQuery that can be used to query for Relationship instances.
Agent	getAgent(String loginName) Returns an Agent with the given loginName.
Group	getGroup(String groupPath) Returns the Group with the specified groupPath.
Group	getGroup(String groupName, Group parent) Returns the Group with the given name and child of the given parent Group.
Role	getRole(String name) Returns an Role with the given name.
User	getUser(String loginName) Returns an User with the given loginName.
void	grantGroupRole(IdentityType assignee, Role role, Group group) Creates a GroupRole relationship for the given IdentityType, Role and Group instances.
void	grantRole(IdentityType identityType, Role role) Grants the given Role to the provided IdentityType.
boolean	hasGroupRole(IdentityType assignee, Role role, Group group) Checks if the given IdentityType, Role and Group instances maps to a GroupRole relationship.
boolean	hasRole(IdentityType identityType, Role role) Checks if the given Role is granted to the provided IdentityType.
boolean	isMember(IdentityType identityType, Group group) Checks if the given IdentityType is a member of a specific Group.
void	loadAttribute(IdentityType identityType, String attributeName)
<T extends IdentityType> T	lookupIdentityById(Class<T> identityType, String id) Retrieves an IdentityType with the given identifier.
void	remove(IdentityType value) Removes the given IdentityType instance from the configured identity store.
void	remove(Relationship relationship) Removes the given Relationship instance.
void	removeFromGroup(Agent member, Group group) Removes the given Agent from the provided Group.
<T extends CredentialStorage> List<T>	retrieveCredentials(Agent agent, Class<T> storageClass) Returns a list of all stored credential values for the specified agent and credential storage class
<T extends CredentialStorage> T	retrieveCurrentCredential(Agent agent, Class<T> storageClass) Returns the current stored credential value for the specific agent and credential storage class
void	revokeGroupRole(IdentityType assignee, Role role, Group group) Revokes a GroupRole relationship for the given IdentityType, Role and Group instances.
void	revokeRole(IdentityType identityType, Role role) Revokes the given Role from the provided IdentityType.
void	update(IdentityType identityType) Updates the given IdentityType instance.
void	update(Relationship relationship) Updates the given Relationship instance.
void	updateCredential(Agent agent, Object credential) Updates a credential for the given Agent.
void	updateCredential(Agent agent, Object credential, Date effectiveDate, Date expiryDate) Updates a credential for the given Agent.
void	validateCredentials(Credentials credentials) Validates the given Credentials.

Method Detail

add

void add(IdentityType identityType)
         throws IdentityManagementException

Adds the given IdentityType instance to the configured identity store.

Parameters:

identityType -

Throws:

IdentityManagementException - If cannot store the provided IdentityType instance.

update

void update(IdentityType identityType)
            throws IdentityManagementException

Updates the given IdentityType instance. The instance must have an identifier, otherwise a exception will be thrown.

Parameters:

identityType -

Throws:

IdentityManagementException - If cannot update the provided IdentityType instance.

remove

void remove(IdentityType value)
            throws IdentityManagementException

Removes the given IdentityType instance from the configured identity store. The instance must have an identifier, otherwise a exception will be thrown.

Parameters:

value -

Throws:

IdentityManagementException - If cannot remove the provided IdentityType instance.

add

void add(Relationship relationship)
         throws IdentityManagementException

Adds the given Relationship instance to the configured identity store.

Parameters:

relationship -

Throws:

IdentityManagementException - If cannot add the provided Relationship instance.

update

void update(Relationship relationship)

Updates the given Relationship instance. The instance must have an identifier, otherwise a exception will be thrown.

Parameters:

relationship -

Throws:

IdentityManagementException - If cannot update the provided Relationship instance.

remove

void remove(Relationship relationship)

Removes the given Relationship instance. The instance must have an identifier, otherwise a exception will be thrown.

Parameters:

relationship -

Throws:

IdentityManagementException - If cannot remove the provided Relationship instance.

getAgent

Agent getAgent(String loginName)
               throws IdentityManagementException

Returns an Agent with the given loginName. User are also agents, so if the loginName maps to the an User it will be returned.

Parameters:

loginName -

Throws:

IdentityManagementException - If cannot retrieve the Agent.

getUser

User getUser(String loginName)

Returns an User with the given loginName.

Parameters:

loginName -

Returns:

If there is no User with the given loginName this method returns null.

getRole

Role getRole(String name)

Returns an Role with the given name.

Parameters:

loginName -

Returns:

If there is no Role with the given name this method returns null.

getGroup

Group getGroup(String groupPath)

Returns the Group with the specified groupPath. Eg.: /groupA/groupB/groupC.

You can also provide the name only. In this case, the group returned will be the root group. Eg.: /Administrators.

Parameters:

groupPath -

Returns:

if there is no Group with the given groupPath this method returns null.

getGroup

Group getGroup(String groupName,
             Group parent)

Returns the Group with the given name and child of the given parent Group.

Parameters:

groupName -

parent - Must be a Group instance with a valid identifier.

Returns:

if there is no Group this method returns null.

isMember

boolean isMember(IdentityType identityType,
               Group group)

Checks if the given IdentityType is a member of a specific Group.

Parameters:

identityType - Must be a Agent or Group instance.

group -

Returns:

true if the IdentityType is a member of the provided Group.

addToGroup

void addToGroup(Agent agent,
              Group group)

Adds the given Agent as a member of the provided Group.

Parameters:

agent -

group -

removeFromGroup

void removeFromGroup(Agent member,
                   Group group)

Removes the given Agent from the provided Group.

Parameters:

member -

group -

hasGroupRole

boolean hasGroupRole(IdentityType assignee,
                   Role role,
                   Group group)

Checks if the given IdentityType, Role and Group instances maps to a GroupRole relationship.

Parameters:

assignee -

role -

group -

Returns:

grantGroupRole

void grantGroupRole(IdentityType assignee,
                  Role role,
                  Group group)

Creates a GroupRole relationship for the given IdentityType, Role and Group instances.

Parameters:

assignee -

role -

group -

revokeGroupRole

void revokeGroupRole(IdentityType assignee,
                   Role role,
                   Group group)

Revokes a GroupRole relationship for the given IdentityType, Role and Group instances.

Parameters:

assignee -

role -

group -

hasRole

boolean hasRole(IdentityType identityType,
              Role role)

Checks if the given Role is granted to the provided IdentityType.

Parameters:

identityType -

role -

Returns:

grantRole

void grantRole(IdentityType identityType,
             Role role)

Grants the given Role to the provided IdentityType.

Parameters:

identityType -

role -

revokeRole

void revokeRole(IdentityType identityType,
              Role role)

Revokes the given Role from the provided IdentityType.

Parameters:

identityType -

role -

lookupIdentityById

<T extends IdentityType> T lookupIdentityById(Class<T> identityType,
                                            String id)

Retrieves an IdentityType with the given identifier.

The first argument tells which IdentityType type should be returned. If you provide the IdentityType base interface any IdentityType instance that matches the given identifier will be returned.

Parameters:

identityType -

id -

Returns:

If no IdentityType is found with the given identifier this method returns null.

createIdentityQuery

<T extends IdentityType> IdentityQuery<T> createIdentityQuery(Class<T> identityType)

Creates an IdentityQuery that can be used to query for IdentityType instances.

The first argument tells which IdentityType type should be returned. If you provide the IdentityType base interface any IdentityType instance that matches the provided query parameters will be returned.

Parameters:

identityType -

Returns:

createRelationshipQuery

<T extends Relationship> RelationshipQuery<T> createRelationshipQuery(Class<T> relationshipType)

Creates an RelationshipQuery that can be used to query for Relationship instances.

The first argument tells which Relationship type should be returned. If you provide the Relationship base interface any Relationship instance that matches the provided query parameters will be returned.

Parameters:

identityType -

Returns:

validateCredentials

void validateCredentials(Credentials credentials)

Validates the given Credentials.

To check the validation status you should use the Credentials.getStatus method.

Parameters:

credentials -

updateCredential

void updateCredential(Agent agent,
                    Object credential)

Updates a credential for the given Agent.

Parameters:

agent -

credential - The credential must be a object supported by any CredentialHandler. Examples of credentials are the Password and Digest types.

updateCredential

void updateCredential(Agent agent,
                    Object credential,
                    Date effectiveDate,
                    Date expiryDate)

Updates a credential for the given Agent.

This methods also allows to specify the expiration and effective date for the credential.

Parameters:

agent -

credential - The credential must be a object supported by any CredentialHandler. Examples of credentials are the Password and Digest types.

retrieveCurrentCredential

<T extends CredentialStorage> T retrieveCurrentCredential(Agent agent,
                                                        Class<T> storageClass)

Returns the current stored credential value for the specific agent and credential storage class

Parameters:

agent -

storageClass -

Returns:

retrieveCredentials

<T extends CredentialStorage> List<T> retrieveCredentials(Agent agent,
                                                        Class<T> storageClass)

Returns a list of all stored credential values for the specified agent and credential storage class

Parameters:

agent -

storageClass -

Returns:

loadAttribute

void loadAttribute(IdentityType identityType,
                 String attributeName)

Parameters:

identityType -

attributeName -