Package org.camunda.bpm.engine.impl
Class IdentityServiceImpl
- java.lang.Object
-
- org.camunda.bpm.engine.impl.ServiceImpl
-
- org.camunda.bpm.engine.impl.IdentityServiceImpl
-
- All Implemented Interfaces:
IdentityService
public class IdentityServiceImpl extends ServiceImpl implements IdentityService
- Author:
- Tom Baeyens
-
-
Field Summary
-
Fields inherited from class org.camunda.bpm.engine.impl.ServiceImpl
commandExecutor
-
-
Constructor Summary
Constructors Constructor Description IdentityServiceImpl()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
checkPassword(java.lang.String userId, java.lang.String password)
Checks if the password is valid for the given user.PasswordPolicyResult
checkPasswordAgainstPolicy(java.lang.String password)
Check a given password against the configuredPasswordPolicy
.PasswordPolicyResult
checkPasswordAgainstPolicy(java.lang.String candidatePassword, User user)
Check a given password against the configuredPasswordPolicy
.PasswordPolicyResult
checkPasswordAgainstPolicy(PasswordPolicy policy, java.lang.String password)
Check a given password against a givenPasswordPolicy
.PasswordPolicyResult
checkPasswordAgainstPolicy(PasswordPolicy policy, java.lang.String candidatePassword, User user)
Check a given password against a givenPasswordPolicy
.void
clearAuthentication()
Allows clearing the current authentication.GroupQuery
createGroupQuery()
Creates aGroupQuery
thats allows to programmatically query the groups.void
createMembership(java.lang.String userId, java.lang.String groupId)
NativeUserQuery
createNativeUserQuery()
Creates aNativeUserQuery
that allows to select users with native queries.void
createTenantGroupMembership(java.lang.String tenantId, java.lang.String groupId)
Creates a new membership between the given group and tenant.TenantQuery
createTenantQuery()
Creates aTenantQuery
thats allows to programmatically query the tenants.void
createTenantUserMembership(java.lang.String tenantId, java.lang.String userId)
Creates a new membership between the given user and tenant.UserQuery
createUserQuery()
Creates aUserQuery
that allows to programmatically query the users.void
deleteGroup(java.lang.String groupId)
Deletes the group.void
deleteMembership(java.lang.String userId, java.lang.String groupId)
Delete the membership of the user in the group.void
deleteTenant(java.lang.String tenantId)
Deletes the tenant.void
deleteTenantGroupMembership(java.lang.String tenantId, java.lang.String groupId)
Deletes the membership between the given group and tenant.void
deleteTenantUserMembership(java.lang.String tenantId, java.lang.String userId)
Deletes the membership between the given user and tenant.void
deleteUser(java.lang.String userId)
void
deleteUserAccount(java.lang.String userId, java.lang.String accountName)
Delete an entry of the generic extensibility key-value pairs associated with a uservoid
deleteUserInfo(java.lang.String userId, java.lang.String key)
Delete an entry of the generic extensibility key-value pairs associated with a uservoid
deleteUserPicture(java.lang.String userId)
Deletes the picture for a given user.Authentication
getCurrentAuthentication()
PasswordPolicy
getPasswordPolicy()
Returns thePasswordPolicy
that is currently configured in the engine.Account
getUserAccount(java.lang.String userId, java.lang.String userPassword, java.lang.String accountName)
Get account information associated with a userjava.util.List<java.lang.String>
getUserAccountNames(java.lang.String userId)
Get account names associated with the given userjava.lang.String
getUserInfo(java.lang.String userId, java.lang.String key)
Generic extensibility key-value pairs associated with a userjava.util.List<java.lang.String>
getUserInfoKeys(java.lang.String userId)
Generic extensibility keys associated with a userPicture
getUserPicture(java.lang.String userId)
Retrieves the picture for a given user.boolean
isReadOnly()
Allows to inquire whether this identity service implementation provides read-only access to the user repository, false otherwise.Group
newGroup(java.lang.String groupId)
Creates a new group.Tenant
newTenant(java.lang.String tenantId)
Creates a new tenant.User
newUser(java.lang.String userId)
Creates a new user.void
saveGroup(Group group)
Saves the group.void
saveTenant(Tenant tenant)
Saves the tenant.void
saveUser(User user)
Saves the user.void
saveUser(User user, boolean skipPasswordPolicy)
void
setAuthenticatedUserId(java.lang.String authenticatedUserId)
Passes the authenticated user id for this thread.void
setAuthentication(java.lang.String userId, java.util.List<java.lang.String> groups)
Passes the authenticated user id and groupIds for this thread.void
setAuthentication(java.lang.String userId, java.util.List<java.lang.String> groups, java.util.List<java.lang.String> tenantIds)
Passes the authenticated user id, group ids and tenant ids for this thread.void
setAuthentication(Authentication auth)
void
setUserAccount(java.lang.String userId, java.lang.String userPassword, java.lang.String accountName, java.lang.String accountUsername, java.lang.String accountPassword, java.util.Map<java.lang.String,java.lang.String> accountDetails)
Store account information for a remote systemvoid
setUserInfo(java.lang.String userId, java.lang.String key, java.lang.String value)
Generic extensibility key-value pairs associated with a uservoid
setUserPicture(java.lang.String userId, Picture picture)
Sets the picture for a given user.void
unlockUser(java.lang.String userId)
-
Methods inherited from class org.camunda.bpm.engine.impl.ServiceImpl
getCommandExecutor, setCommandExecutor
-
-
-
-
Method Detail
-
isReadOnly
public boolean isReadOnly()
Description copied from interface:IdentityService
Allows to inquire whether this identity service implementation provides read-only access to the user repository, false otherwise.
Read only identity service implementations do not support the following methods:-
IdentityService.newUser(String)
-
IdentityService.saveUser(User)
-
IdentityService.deleteUser(String)
-
IdentityService.newGroup(String)
-
IdentityService.saveGroup(Group)
-
IdentityService.deleteGroup(String)
-
IdentityService.newTenant(String)
-
IdentityService.saveTenant(Tenant)
-
IdentityService.deleteTenant(String)
-
IdentityService.createMembership(String, String)
-
IdentityService.deleteMembership(String, String)
-
IdentityService.createTenantUserMembership(String, String)
-
IdentityService.createTenantGroupMembership(String, String)
-
IdentityService.deleteTenantUserMembership(String, String)
-
IdentityService.deleteTenantGroupMembership(String, String)
If these methods are invoked on a read-only identity service implementation, the invocation will throw an
UnsupportedOperationException
.- Specified by:
isReadOnly
in interfaceIdentityService
- Returns:
- true if this identity service implementation provides read-only access to the user repository, false otherwise.
-
-
newGroup
public Group newGroup(java.lang.String groupId)
Description copied from interface:IdentityService
Creates a new group. The group is transient and must be saved usingIdentityService.saveGroup(Group)
.- Specified by:
newGroup
in interfaceIdentityService
- Parameters:
groupId
- id for the new group, cannot be null.
-
newUser
public User newUser(java.lang.String userId)
Description copied from interface:IdentityService
Creates a new user. The user is transient and must be saved usingIdentityService.saveUser(User)
.- Specified by:
newUser
in interfaceIdentityService
- Parameters:
userId
- id for the new user, cannot be null.
-
newTenant
public Tenant newTenant(java.lang.String tenantId)
Description copied from interface:IdentityService
Creates a new tenant. The tenant is transient and must be saved usingIdentityService.saveTenant(Tenant)
.- Specified by:
newTenant
in interfaceIdentityService
- Parameters:
tenantId
- id for the new tenant, cannot benull
.
-
saveGroup
public void saveGroup(Group group)
Description copied from interface:IdentityService
Saves the group. If the group already existed, the group is updated.- Specified by:
saveGroup
in interfaceIdentityService
- Parameters:
group
- group to save. Cannot be null.
-
saveUser
public void saveUser(User user)
Description copied from interface:IdentityService
Saves the user. If the user already existed, the user is updated.- Specified by:
saveUser
in interfaceIdentityService
- Parameters:
user
- user to save, cannot be null.
-
saveUser
public void saveUser(User user, boolean skipPasswordPolicy)
-
saveTenant
public void saveTenant(Tenant tenant)
Description copied from interface:IdentityService
Saves the tenant. If the tenant already existed, it is updated.- Specified by:
saveTenant
in interfaceIdentityService
- Parameters:
tenant
- the tenant to save. Cannot benull
.
-
createUserQuery
public UserQuery createUserQuery()
Description copied from interface:IdentityService
Creates aUserQuery
that allows to programmatically query the users.- Specified by:
createUserQuery
in interfaceIdentityService
-
createNativeUserQuery
public NativeUserQuery createNativeUserQuery()
Description copied from interface:IdentityService
Creates aNativeUserQuery
that allows to select users with native queries.- Specified by:
createNativeUserQuery
in interfaceIdentityService
- Returns:
- NativeUserQuery
-
createGroupQuery
public GroupQuery createGroupQuery()
Description copied from interface:IdentityService
Creates aGroupQuery
thats allows to programmatically query the groups.- Specified by:
createGroupQuery
in interfaceIdentityService
-
createTenantQuery
public TenantQuery createTenantQuery()
Description copied from interface:IdentityService
Creates aTenantQuery
thats allows to programmatically query the tenants.- Specified by:
createTenantQuery
in interfaceIdentityService
-
createMembership
public void createMembership(java.lang.String userId, java.lang.String groupId)
- Specified by:
createMembership
in interfaceIdentityService
- Parameters:
userId
- the userId, cannot be null.groupId
- the groupId, cannot be null.
-
deleteGroup
public void deleteGroup(java.lang.String groupId)
Description copied from interface:IdentityService
Deletes the group. When no group exists with the given id, this operation is ignored.- Specified by:
deleteGroup
in interfaceIdentityService
- Parameters:
groupId
- id of the group that should be deleted, cannot be null.
-
deleteMembership
public void deleteMembership(java.lang.String userId, java.lang.String groupId)
Description copied from interface:IdentityService
Delete the membership of the user in the group. When the group or user don't exist or when the user is not a member of the group, this operation is ignored.- Specified by:
deleteMembership
in interfaceIdentityService
- Parameters:
userId
- the user's id, cannot be null.groupId
- the group's id, cannot be null.
-
checkPassword
public boolean checkPassword(java.lang.String userId, java.lang.String password)
Description copied from interface:IdentityService
Checks if the password is valid for the given user. Arguments userId and password are nullsafe.- Specified by:
checkPassword
in interfaceIdentityService
-
checkPasswordAgainstPolicy
public PasswordPolicyResult checkPasswordAgainstPolicy(java.lang.String candidatePassword, User user)
Description copied from interface:IdentityService
Check a given password against the configuredPasswordPolicy
. The result is returned asPasswordPolicyResult
which contains all passed and violated rules as well as a flag indicating if the password is valid.- Specified by:
checkPasswordAgainstPolicy
in interfaceIdentityService
- Parameters:
candidatePassword
- which is checked against a password policyuser
- to be taken into account when checking the candidate password- Returns:
- a
PasswordPolicyResult
containing passed and failed rules
-
checkPasswordAgainstPolicy
public PasswordPolicyResult checkPasswordAgainstPolicy(java.lang.String password)
Description copied from interface:IdentityService
Check a given password against the configuredPasswordPolicy
. The result is returned asPasswordPolicyResult
which contains all passed and violated rules as well as a flag indicating if the password is valid.- Specified by:
checkPasswordAgainstPolicy
in interfaceIdentityService
- Parameters:
password
- the password that should be tested- Returns:
- a
PasswordPolicyResult
containing passed and failed rules
-
checkPasswordAgainstPolicy
public PasswordPolicyResult checkPasswordAgainstPolicy(PasswordPolicy policy, java.lang.String candidatePassword, User user)
Description copied from interface:IdentityService
Check a given password against a givenPasswordPolicy
. The result is returned asPasswordPolicyResult
which contains all passed and violated rules as well as a flag indicating if the password is valid.- Specified by:
checkPasswordAgainstPolicy
in interfaceIdentityService
- Parameters:
policy
- thePasswordPolicy
against which the password is testedcandidatePassword
- which is checked against a password policyuser
- to be taken into account when checking the candidate password- Returns:
- a
PasswordPolicyResult
containing passed and failed rules
-
checkPasswordAgainstPolicy
public PasswordPolicyResult checkPasswordAgainstPolicy(PasswordPolicy policy, java.lang.String password)
Description copied from interface:IdentityService
Check a given password against a givenPasswordPolicy
. The result is returned asPasswordPolicyResult
which contains all passed and violated rules as well as a flag indicating if the password is valid.- Specified by:
checkPasswordAgainstPolicy
in interfaceIdentityService
- Parameters:
policy
- thePasswordPolicy
against which the password is testedpassword
- the password that should be tested- Returns:
- a
PasswordPolicyResult
containing passed and failed rules
-
getPasswordPolicy
public PasswordPolicy getPasswordPolicy()
Description copied from interface:IdentityService
Returns thePasswordPolicy
that is currently configured in the engine.- Specified by:
getPasswordPolicy
in interfaceIdentityService
- Returns:
- the current
PasswordPolicy
ornull
if no policy is set or the configured policy is disabled.
-
unlockUser
public void unlockUser(java.lang.String userId)
- Specified by:
unlockUser
in interfaceIdentityService
-
deleteUser
public void deleteUser(java.lang.String userId)
- Specified by:
deleteUser
in interfaceIdentityService
- Parameters:
userId
- id of user to delete, cannot be null. When an id is passed for an unexisting user, this operation is ignored.
-
deleteTenant
public void deleteTenant(java.lang.String tenantId)
Description copied from interface:IdentityService
Deletes the tenant. When no tenant exists with the given id, this operation is ignored.- Specified by:
deleteTenant
in interfaceIdentityService
- Parameters:
tenantId
- id of the tenant that should be deleted, cannot benull
.
-
setUserPicture
public void setUserPicture(java.lang.String userId, Picture picture)
Description copied from interface:IdentityService
Sets the picture for a given user.- Specified by:
setUserPicture
in interfaceIdentityService
picture
- can be null to delete the picture.
-
getUserPicture
public Picture getUserPicture(java.lang.String userId)
Description copied from interface:IdentityService
Retrieves the picture for a given user.- Specified by:
getUserPicture
in interfaceIdentityService
-
deleteUserPicture
public void deleteUserPicture(java.lang.String userId)
Description copied from interface:IdentityService
Deletes the picture for a given user. If the user does not have a picture or if the user doesn't exists the call is ignored.- Specified by:
deleteUserPicture
in interfaceIdentityService
-
setAuthenticatedUserId
public void setAuthenticatedUserId(java.lang.String authenticatedUserId)
Description copied from interface:IdentityService
Passes the authenticated user id for this thread. All service method (from any service) invocations done by the same thread will have access to this authenticatedUserId. Should be followed by a call toIdentityService.clearAuthentication()
once the interaction is terminated.- Specified by:
setAuthenticatedUserId
in interfaceIdentityService
- Parameters:
authenticatedUserId
- the id of the current user.
-
setAuthentication
public void setAuthentication(Authentication auth)
- Specified by:
setAuthentication
in interfaceIdentityService
-
setAuthentication
public void setAuthentication(java.lang.String userId, java.util.List<java.lang.String> groups)
Description copied from interface:IdentityService
Passes the authenticated user id and groupIds for this thread. All service method (from any service) invocations done by the same thread will have access to this authentication. Should be followed by a call toIdentityService.clearAuthentication()
once the interaction is terminated.- Specified by:
setAuthentication
in interfaceIdentityService
groups
- the groups of the current user.
-
setAuthentication
public void setAuthentication(java.lang.String userId, java.util.List<java.lang.String> groups, java.util.List<java.lang.String> tenantIds)
Description copied from interface:IdentityService
Passes the authenticated user id, group ids and tenant ids for this thread. All service method (from any service) invocations done by the same thread will have access to this authentication. Should be followed by a call toIdentityService.clearAuthentication()
once the interaction is terminated.- Specified by:
setAuthentication
in interfaceIdentityService
- Parameters:
userId
- the id of the current user.groups
- the groups of the current user.tenantIds
- the tenants of the current user.
-
clearAuthentication
public void clearAuthentication()
Description copied from interface:IdentityService
Allows clearing the current authentication. Does not throw exception if no authentication exists.- Specified by:
clearAuthentication
in interfaceIdentityService
-
getCurrentAuthentication
public Authentication getCurrentAuthentication()
- Specified by:
getCurrentAuthentication
in interfaceIdentityService
- Returns:
- the current authentication for this process engine.
-
getUserInfo
public java.lang.String getUserInfo(java.lang.String userId, java.lang.String key)
Description copied from interface:IdentityService
Generic extensibility key-value pairs associated with a user- Specified by:
getUserInfo
in interfaceIdentityService
-
getUserInfoKeys
public java.util.List<java.lang.String> getUserInfoKeys(java.lang.String userId)
Description copied from interface:IdentityService
Generic extensibility keys associated with a user- Specified by:
getUserInfoKeys
in interfaceIdentityService
-
getUserAccountNames
public java.util.List<java.lang.String> getUserAccountNames(java.lang.String userId)
Description copied from interface:IdentityService
Get account names associated with the given user- Specified by:
getUserAccountNames
in interfaceIdentityService
-
setUserInfo
public void setUserInfo(java.lang.String userId, java.lang.String key, java.lang.String value)
Description copied from interface:IdentityService
Generic extensibility key-value pairs associated with a user- Specified by:
setUserInfo
in interfaceIdentityService
-
deleteUserInfo
public void deleteUserInfo(java.lang.String userId, java.lang.String key)
Description copied from interface:IdentityService
Delete an entry of the generic extensibility key-value pairs associated with a user- Specified by:
deleteUserInfo
in interfaceIdentityService
-
deleteUserAccount
public void deleteUserAccount(java.lang.String userId, java.lang.String accountName)
Description copied from interface:IdentityService
Delete an entry of the generic extensibility key-value pairs associated with a user- Specified by:
deleteUserAccount
in interfaceIdentityService
-
getUserAccount
public Account getUserAccount(java.lang.String userId, java.lang.String userPassword, java.lang.String accountName)
Description copied from interface:IdentityService
Get account information associated with a user- Specified by:
getUserAccount
in interfaceIdentityService
-
setUserAccount
public void setUserAccount(java.lang.String userId, java.lang.String userPassword, java.lang.String accountName, java.lang.String accountUsername, java.lang.String accountPassword, java.util.Map<java.lang.String,java.lang.String> accountDetails)
Description copied from interface:IdentityService
Store account information for a remote system- Specified by:
setUserAccount
in interfaceIdentityService
-
createTenantUserMembership
public void createTenantUserMembership(java.lang.String tenantId, java.lang.String userId)
Description copied from interface:IdentityService
Creates a new membership between the given user and tenant.- Specified by:
createTenantUserMembership
in interfaceIdentityService
- Parameters:
tenantId
- the id of the tenant, cannot be null.userId
- the id of the user, cannot be null.
-
createTenantGroupMembership
public void createTenantGroupMembership(java.lang.String tenantId, java.lang.String groupId)
Description copied from interface:IdentityService
Creates a new membership between the given group and tenant.- Specified by:
createTenantGroupMembership
in interfaceIdentityService
- Parameters:
tenantId
- the id of the tenant, cannot be null.groupId
- the id of the group, cannot be null.
-
deleteTenantUserMembership
public void deleteTenantUserMembership(java.lang.String tenantId, java.lang.String userId)
Description copied from interface:IdentityService
Deletes the membership between the given user and tenant. The operation is ignored when the given user, tenant or membership don't exist.- Specified by:
deleteTenantUserMembership
in interfaceIdentityService
- Parameters:
tenantId
- the id of the tenant, cannot be null.userId
- the id of the user, cannot be null.
-
deleteTenantGroupMembership
public void deleteTenantGroupMembership(java.lang.String tenantId, java.lang.String groupId)
Description copied from interface:IdentityService
Deletes the membership between the given group and tenant. The operation is ignored when the given group, tenant or membership don't exist.- Specified by:
deleteTenantGroupMembership
in interfaceIdentityService
- Parameters:
tenantId
- the id of the tenant, cannot be null.groupId
- the id of the group, cannot be null.
-
-