AMIdentityRepository.java revision 8af80418ba1ec431c8027fa9668e5678658d3611
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: AMIdentityRepository.java,v 1.21 2010/01/06 01:58:26 veiming Exp $
*
*/
/*
* Portions Copyrighted [2011] [ForgeRock AS]
*/
/**
* The class <code> AMIdentityRepository </code> represents an object to access
* configured. This class provides access to methods which will search, create
* and delete identities. An instance of this class can be obtained in the
* following manner:
* <p>
*
* <PRE>
*
* AMIdentityRepository idRepo = new AMIdentityRepository(ssoToken, realmName);
*
* </PRE>
*
* @supported.api
*/
public final class AMIdentityRepository {
private String organizationDN;
private String idRealmName;
/**
* @supported.api
*
* Constructor for the <code>AMIdentityRepository</code> object. If a null
* is passed for the organization identifier <code>realmName</code>, then
* the "root" realm is assumed.
*
* @param ssotoken
* Single sign on token of the user
* @param realmName
* Name of the realm (can be a Fully qualified DN)
* @throws IdRepoException
* if there are repository related error conditions.
* @throws SSOException
* if user's single sign on token is invalid.
*/
throws IdRepoException, SSOException {
}
/**
* @supported.api
*
* Returns the set of supported object types <code>IdType</code> for this
* deployment. This is not realm specific.
*
* @return Set of supported <code> IdType </code> objects.
* @throws IdRepoException
* if there are repository related error conditions.
* @throws SSOException
* if user's single sign on token is invalid.
*/
return res;
}
/**
* @supported.api
*
* Returns the set of Operations for a given <code>IdType</code>,
* <code>IdOperations</code> that can be performed on an Identity. This
* varies for each organization (and each plugin?).
*
* @param type
* Type of identity
* @return Set of <code>IdOperation</code> objects.
* @throws IdRepoException
* if there are repository related error conditions.
* @throws SSOException
* if user's single sign on token is invalid.
*/
}
/**
*
* Return the special identities for this realm for a given type. These
* identities cannot be deleted and hence have to be shown in the admin
* console as non-deletable.
*
* @param type
* Type of the identity
* @return IdSearchResult
* @throws IdRepoException
* if there is a datastore exception
* @throws SSOException
* if the user's single sign on token is not valid.
*/
throws IdRepoException, SSOException {
// Iterating through to get out the names and remove only amadmin
// anonymous as per AM console requirement.
&& !remUser.equalsIgnoreCase(
{
}
}
}
}
return results;
}
/**
* Searches for identities of a certain type. The iterator returns
* AMIdentity objects for use by the application.
*
* @deprecated This method is deprecated. Use
* {@link #searchIdentities(IdType type,String pattern,
* IdSearchControl ctrl)}
* @param type
* Type of identity being searched for.
* @param pattern
* Search pattern, like "a*" or "*".
* @param avPairs
* Map of attribute-values which can further help qualify the
* search pattern.
* @param recursive
* If true, then the search is performed on the entire subtree
* (if applicable)
* @param maxResults
* Maximum number of results to be returned. A -1 means no limit
* on the result set.
* @param maxTime
* Maximum amount of time after which the search should return
* with partial results.
* @param returnAttributes
* Set of attributes to be read when performing the search.
* @param returnAllAttributes
* If true, then read all the attributes of the entries.
* @return results containing <code>AMIdentity</code> objects.
* @throws IdRepoException
* if there are repository related error conditions.
* @throws SSOException
* if user's single sign on token is invalid.
*/
throws IdRepoException, SSOException {
// Call search method that takes IdSearchControl
}
/**
* @supported.api
*
* Searches for identities of certain types from each plugin and returns a
* combined result
*
* <b>Note:</b> The AMIdentity objects representing IdType.REALM can be
* used for services related operations only. The realm <code>AMIdentity
* </code> object can be used to assign and unassign services containing
* dynamic attributes to this realm.
*
* @param type
* Type of identity being searched for.
* @param pattern
* Pattern to be used when searching.
* @param ctrl
* IdSearchControl which can be used to set up various search
* controls on the search to be performed.
* @return Returns the combined results in an object IdSearchResults.
* @see com.sun.identity.idm.IdSearchControl
* @see com.sun.identity.idm.IdSearchResults
* @throws IdRepoException
* if there are repository related error conditions.
* @throws SSOException
* if user's single sign on token is invalid.
*/
try {
if (realmNames != null) {
// TODO: To add attribute support to realms.
// Un comment this part once the support is added.
}
}
} catch (SMSException sme) {
+ ":", sme);
}
} else {
}
return idSearchResults;
}
/**
* @supported.api
*
* Returns a handle of the Identity object representing this
* realm for services related operations only. This <code> AMIdentity
* </code> object can be used to assign and unassign services containing
* dynamic attributes to this realm
*
* @return a handle of the Identity object.
* @throws IdRepoException
* if there are repository related error conditions.
* @throws SSOException
* if user's single sign on token is invalid.
*/
}
throws IdRepoException {
}
}
}
/**
* @supported.api
*
* Creates a single object of a type. The object is
* created in all the plugins that support creation of this type of object.
*
* This method is only valid for:
*
* <ol>
* <li> {@link IdType#AGENT IdType.AGENT} </li>
* <li> {@link IdType#USER IdType.USER} </li>
* <li> {@link IdType#REALM IdType.REALM} </li>
* </ol>
*
* <br>
* <b>Note:</b> For creating {@link IdType#REALM IdType.REALM} identities,
* a map of <code>sunIdentityRepositoryService</code> attributes need to
* be passed. Also, AMIdentity object representing this realm can be
* used for services related operations only. This <code> AMIdentity
* </code> object can be used to assign and unassign services containing
* dynamic attributes to this realm
*
*
* @param type
* <code>IdType</code> of object to be created.
* @param idName
* Name of object. If the type is <code>IdType.REALM</code>
* then enter a valid realm name.
* @param attrMap
* Map of attribute-values to be set when creating the entry.
* @return Identity object representing the newly created entry.
* @throws IdRepoException
* if there are repository related error conditions.
* @throws SSOException
* if user's single sign on token is invalid.
*/
throws IdRepoException, SSOException {
}
/**
* @supported.api
*
* Creates multiple objects of the same type. The objects are created in all
* the <code>IdRepo</code> plugins that support creation of these objects.
*
* This method is only valid for:
*
* <ol>
* <li> {@link IdType#AGENT IdType.AGENT} </li>
* <li> (@link IdType#USER IdType.USER} </li>
* <li> {@link IdType#REALM IdType.REALM} </li>
* </ol>
*
* <br>
* <b>Note:</b> For creating {@link IdType#REALM IdType.REALM} identities,
* a map of <code>sunIdentityRepositoryService</code> attributes need to
* be passed. Also, AMIdentity object representing this realm can be
* used for services related operations only. This <code> AMIdentity
* </code> object can be used to assign and unassign services containing
* dynamic attributes to this realm.
*
* @param type
* Type of object to be created
* @param identityNamesAndAttrs
* Names of the identities and their
* @return Set of created Identities.
* @throws IdRepoException
* if there are repository related error conditions.
* @throws SSOException
* if user's single sign on token is invalid.
*/
throws IdRepoException, SSOException {
}
}
return results;
}
/**
* @supported.api
*
* Deletes identities. The Set passed is a set of <code>AMIdentity</code>
* objects.
*
* This method is only valid for:
* <ol>
* <li> {@link IdType#AGENT IdType.AGENT} </li>
* <li> {@link IdType#REALM IdType.REALM} </li>
* <li> (@link IdType#USER IdType.USER} </li>
* </ol>
*
* @param type Type of Identity to be deleted.
* @param identities Set of <code>AMIdentity</code> objects to be deleted.
* @throws IdRepoException if there are repository related error conditions.
* @throws SSOException if user's single sign on token is invalid.
* @deprecated As of release AM 7.1, replaced by
* {@link #deleteIdentities(Set)}
*/
throws IdRepoException, SSOException {
}
/**
* @supported.api
*
* Deletes identities. The Set passed is a set of <code>AMIdentity</code>
* objects.
*
* This method is only valid for:
* <ol>
* <li> {@link IdType#AGENT IdType.AGENT} </li>
* <li> {@link IdType#REALM IdType.REALM} </li>
* <li> (@link IdType#USER IdType.USER} </li>
* </ol>
*
* @param identities Set of <code>AMIdentity</code> objects to be deleted
* @throws IdRepoException if there are repository related error conditions.
* @throws SSOException if user's single sign on token is invalid.
*/
}
}
}
/**
* Non-javadoc, non-public methods Returns <code>true</code> if the data
* store has successfully authenticated the identity with the provided
* credentials. In case the data store requires additional credentials, the
* list would be returned via the <code>IdRepoException</code> exception.
*
* @param credentials
* Array of callback objects containing information such as
* username and password.
*
* @return <code>true</code> if data store authenticates the identity;
* else <code>false</code>
*/
}
/**
* @supported.api
*
* Adds a listener, which should receive notifications for all changes that
* occurred in this organization.
*
* This method is only valid for IdType User and Agent.
*
* @param listener
* The callback which implements <code>AMEventListener</code>.
* @return Integer identifier for this listener.
*/
if (listOfListeners == null) {
listOfListeners = new ArrayList();
}
synchronized (listeners) {
}
}
/**
* @supported.api
*
* Removes listener as the application is no longer interested in receiving
* notifications.
*
* @param identifier
* Integer identifying the listener.
*/
public void removeEventListener(int identifier) {
if (listOfListeners != null) {
synchronized (listeners) {
}
}
}
/**
* @supported.api
*
* Clears the cache.
*/
public static void clearCache() {
}
}
/**
* Return String representation of the <code>AMIdentityRepository
* </code> object. It returns realm name.
*
* @return String representation of <code>AMIdentityRepository</code>
* object.
*/
}
// TODO:
// FIXME: Move these utilities to a util class
return attrMap;
}
} else {
resultMap = new CaseInsensitiveHashMap();
} else {
}
}
}
return resultMap;
}
if (amsdkIncluded) {
}
}
for (int i = 0; i < sizeOfArray; i++) {
}
}
}
true);
}
return results;
}
return null;
} else {
if (eqIndex > -1) {
} else {
}
}
return returnArray;
}
}
// Map resultMap = new CaseInsensitiveHashMap();
if (isString) {
} else {
/*
* create a new Set so that we do not alter the set
* that is referenced in setOfMaps
*/
}
} else { // binary attributes
byte[][] tmpSet = new byte[combinedSize][];
}
}
} else {
}
}
}
}
}
return resultMap;
}
}