Package org.camunda.bpm.engine

Interface IdentityService

All Known Implementing Classes:

IdentityServiceImpl

public interface IdentityService

Service to manage Users and Groups.

Author:

Tom Baeyens, Daniel Meyer

Method Summary

Modifier and Type	Method	Description
boolean	checkPassword(String userId, String password)	Checks if the password is valid for the given user.
PasswordPolicyResult	checkPasswordAgainstPolicy(String password)	Check a given password against the configured PasswordPolicy.
PasswordPolicyResult	checkPasswordAgainstPolicy(String candidatePassword, User user)	Check a given password against the configured PasswordPolicy.
PasswordPolicyResult	checkPasswordAgainstPolicy(PasswordPolicy policy, String password)	Check a given password against a given PasswordPolicy.
PasswordPolicyResult	checkPasswordAgainstPolicy(PasswordPolicy policy, String candidatePassword, User user)	Check a given password against a given PasswordPolicy.
void	clearAuthentication()	Allows clearing the current authentication.
GroupQuery	createGroupQuery()	Creates a GroupQuery thats allows to programmatically query the groups.
void	createMembership(String userId, String groupId)
NativeUserQuery	createNativeUserQuery()	Creates a NativeUserQuery that allows to select users with native queries.
void	createTenantGroupMembership(String tenantId, String groupId)	Creates a new membership between the given group and tenant.
TenantQuery	createTenantQuery()	Creates a TenantQuery thats allows to programmatically query the tenants.
void	createTenantUserMembership(String tenantId, String userId)	Creates a new membership between the given user and tenant.
UserQuery	createUserQuery()	Creates a UserQuery that allows to programmatically query the users.
void	deleteGroup(String groupId)	Deletes the group.
void	deleteMembership(String userId, String groupId)	Delete the membership of the user in the group.
void	deleteTenant(String tenantId)	Deletes the tenant.
void	deleteTenantGroupMembership(String tenantId, String groupId)	Deletes the membership between the given group and tenant.
void	deleteTenantUserMembership(String tenantId, String userId)	Deletes the membership between the given user and tenant.
void	deleteUser(String userId)
void	deleteUserAccount(String userId, String accountName)	Deprecated.
void	deleteUserInfo(String userId, String key)	Delete an entry of the generic extensibility key-value pairs associated with a user
void	deleteUserPicture(String userId)	Deletes the picture for a given user.
Authentication	getCurrentAuthentication()
PasswordPolicy	getPasswordPolicy()	Returns the PasswordPolicy that is currently configured in the engine.
Account	getUserAccount(String userId, String userPassword, String accountName)	Deprecated.
List<String>	getUserAccountNames(String userId)	Deprecated.
String	getUserInfo(String userId, String key)	Generic extensibility key-value pairs associated with a user
List<String>	getUserInfoKeys(String userId)	Generic extensibility keys associated with a user
Picture	getUserPicture(String userId)	Retrieves the picture for a given user.
boolean	isReadOnly()	Allows to inquire whether this identity service implementation provides read-only access to the user repository, false otherwise.
Group	newGroup(String groupId)	Creates a new group.
Tenant	newTenant(String tenantId)	Creates a new tenant.
User	newUser(String userId)	Creates a new user.
void	saveGroup(Group group)	Saves the group.
void	saveTenant(Tenant tenant)	Saves the tenant.
void	saveUser(User user)	Saves the user.
void	setAuthenticatedUserId(String authenticatedUserId)	Passes the authenticated user id for this thread.
void	setAuthentication(String userId, List<String> groups)	Passes the authenticated user id and groupIds for this thread.
void	setAuthentication(String userId, List<String> groups, List<String> tenantIds)	Passes the authenticated user id, group ids and tenant ids for this thread.
void	setAuthentication(Authentication currentAuthentication)
void	setUserAccount(String userId, String userPassword, String accountName, String accountUsername, String accountPassword, Map<String,String> accountDetails)	Deprecated.
void	setUserInfo(String userId, String key, String value)	Generic extensibility key-value pairs associated with a user
void	setUserPicture(String userId, Picture picture)	Sets the picture for a given user.
void	unlockUser(String userId)

Method Detail

isReadOnly

boolean isReadOnly()

Allows to inquire whether this identity service implementation provides read-only access to the user repository, false otherwise.

Read only identity service implementations do not support the following methods:

• newUser(String)
• saveUser(User)
• deleteUser(String)
• newGroup(String)
• saveGroup(Group)
• deleteGroup(String)
• newTenant(String)
• saveTenant(Tenant)
• deleteTenant(String)
• createMembership(String, String)
• deleteMembership(String, String)
• createTenantUserMembership(String, String)
• createTenantGroupMembership(String, String)
• deleteTenantUserMembership(String, String)
• deleteTenantGroupMembership(String, String)

If these methods are invoked on a read-only identity service implementation, the invocation will throw an UnsupportedOperationException.

Returns:

true if this identity service implementation provides read-only access to the user repository, false otherwise.

newUser

User newUser(String userId)

Creates a new user. The user is transient and must be saved using saveUser(User).

Parameters:

userId - id for the new user, cannot be null.

Throws:

UnsupportedOperationException - if identity service implementation is read only. See isReadOnly()

AuthorizationException - if the user has no Permissions.CREATE permissions on Resources.USER.

saveUser

void saveUser(User user)

Saves the user. If the user already existed, the user is updated.

Parameters:

user - user to save, cannot be null.

Throws:

ProcessEngineException - when ProcessEngineConfiguration.enablePasswordPolicy is true and password violates password policy

ProcessEngineException - when user id violates:

• ProcessEngineConfiguration.generalResourceWhitelistPattern OR
• ProcessEngineConfiguration.userResourceWhitelistPattern

RuntimeException - when a user with the same name already exists.

UnsupportedOperationException - if identity service implementation is read only. See isReadOnly()

AuthorizationException - if the user has no Permissions.UPDATE permissions on Resources.USER (update existing user) or if user has no Permissions.CREATE permissions on Resources.USER (save new user).

createUserQuery

UserQuery createUserQuery()

Creates a UserQuery that allows to programmatically query the users.

deleteUser

void deleteUser(String userId)

Parameters:

userId - id of user to delete, cannot be null. When an id is passed for an unexisting user, this operation is ignored.

Throws:

UnsupportedOperationException - if identity service implementation is read only. See isReadOnly()

AuthorizationException - if the user has no Permissions.DELETE permissions on Resources.USER.

unlockUser

void unlockUser(String userId)

newGroup

Group newGroup(String groupId)

Creates a new group. The group is transient and must be saved using saveGroup(Group).

Parameters:

groupId - id for the new group, cannot be null.

Throws:

UnsupportedOperationException - if identity service implementation is read only. See isReadOnly()

AuthorizationException - if the user has no Permissions.CREATE permissions on Resources.GROUP.

createNativeUserQuery

NativeUserQuery createNativeUserQuery()

Creates a NativeUserQuery that allows to select users with native queries.

Returns:

NativeUserQuery

createGroupQuery

GroupQuery createGroupQuery()

Creates a GroupQuery thats allows to programmatically query the groups.

saveGroup

void saveGroup(Group group)

Saves the group. If the group already existed, the group is updated.

Parameters:

group - group to save. Cannot be null.

Throws:

ProcessEngineException - when group id violates:

• ProcessEngineConfiguration.generalResourceWhitelistPattern OR
• ProcessEngineConfiguration.groupResourceWhitelistPattern

RuntimeException - when a group with the same name already exists.

UnsupportedOperationException - if identity service implementation is read only. See isReadOnly()

AuthorizationException - if the user has no Permissions.UPDATE permissions on Resources.GROUP (update existing group) or if user has no Permissions.CREATE permissions on Resources.GROUP (save new group).

deleteGroup

void deleteGroup(String groupId)

Deletes the group. When no group exists with the given id, this operation is ignored.

Parameters:

groupId - id of the group that should be deleted, cannot be null.

Throws:

UnsupportedOperationException - if identity service implementation is read only. See isReadOnly()

AuthorizationException - if the user has no Permissions.DELETE permissions on Resources.GROUP.

createMembership

void createMembership(String userId,
                      String groupId)

Parameters:

userId - the userId, cannot be null.

groupId - the groupId, cannot be null.

Throws:

RuntimeException - when the given user or group doesn't exist or when the user is already member of the group.

UnsupportedOperationException - if identity service implementation is read only. See isReadOnly()

AuthorizationException - if the user has no Permissions.CREATE permissions on Resources.GROUP_MEMBERSHIP.

deleteMembership

void deleteMembership(String userId,
                      String groupId)

Delete the membership of the user in the group. When the group or user don't exist or when the user is not a member of the group, this operation is ignored.

Parameters:

userId - the user's id, cannot be null.

groupId - the group's id, cannot be null.

Throws:

UnsupportedOperationException - if identity service implementation is read only. See isReadOnly()

AuthorizationException - if the user has no Permissions.DELETE permissions on Resources.GROUP_MEMBERSHIP.

newTenant

Tenant newTenant(String tenantId)

Creates a new tenant. The tenant is transient and must be saved using saveTenant(Tenant).

Parameters:

tenantId - id for the new tenant, cannot be null.

Throws:

UnsupportedOperationException - if identity service implementation is read only. See isReadOnly()

AuthorizationException - if the user has no Permissions.CREATE permissions on Resources.TENANT.

createTenantQuery

TenantQuery createTenantQuery()

Creates a TenantQuery thats allows to programmatically query the tenants.

saveTenant

void saveTenant(Tenant tenant)

Saves the tenant. If the tenant already existed, it is updated.

Parameters:

tenant - the tenant to save. Cannot be null.

Throws:

ProcessEngineException - when tenant id violates:

• ProcessEngineConfiguration.generalResourceWhitelistPattern OR
• ProcessEngineConfiguration.tenantResourceWhitelistPattern

RuntimeException - when a tenant with the same name already exists.

UnsupportedOperationException - if identity service implementation is read only. See isReadOnly()

AuthorizationException - if the user has no Permissions.UPDATE permissions on Resources.TENANT (update existing tenant) or if user has no Permissions.CREATE permissions on Resources.TENANT (save new tenant).

deleteTenant

void deleteTenant(String tenantId)

Deletes the tenant. When no tenant exists with the given id, this operation is ignored.

Parameters:

tenantId - id of the tenant that should be deleted, cannot be null.

Throws:

UnsupportedOperationException - if identity service implementation is read only. See isReadOnly()

AuthorizationException - if the user has no Permissions.DELETE permissions on Resources.TENANT.

createTenantUserMembership

void createTenantUserMembership(String tenantId,
                                String userId)

Creates a new membership between the given user and tenant.

Parameters:

tenantId - the id of the tenant, cannot be null.

userId - the id of the user, cannot be null.

Throws:

RuntimeException - when the given tenant or user doesn't exist or the user is already a member of this tenant.

UnsupportedOperationException - if identity service implementation is read only. See isReadOnly()

AuthorizationException - if the user has no Permissions.CREATE permissions on Resources.TENANT_MEMBERSHIP.

createTenantGroupMembership

void createTenantGroupMembership(String tenantId,
                                 String groupId)

Creates a new membership between the given group and tenant.

Parameters:

tenantId - the id of the tenant, cannot be null.

groupId - the id of the group, cannot be null.

Throws:

RuntimeException - when the given tenant or group doesn't exist or when the group is already a member of this tenant.

UnsupportedOperationException - if identity service implementation is read only. See isReadOnly()

AuthorizationException - if the user has no Permissions.CREATE permissions on Resources.TENANT_MEMBERSHIP.

deleteTenantUserMembership

void deleteTenantUserMembership(String tenantId,
                                String userId)

Deletes the membership between the given user and tenant. The operation is ignored when the given user, tenant or membership don't exist.

Parameters:

tenantId - the id of the tenant, cannot be null.

userId - the id of the user, cannot be null.

Throws:

UnsupportedOperationException - if identity service implementation is read only. See isReadOnly()

AuthorizationException - if the user has no Permissions.DELETE permissions on Resources.TENANT_MEMBERSHIP.

deleteTenantGroupMembership

void deleteTenantGroupMembership(String tenantId,
                                 String groupId)

Deletes the membership between the given group and tenant. The operation is ignored when the given group, tenant or membership don't exist.

Parameters:

tenantId - the id of the tenant, cannot be null.

groupId - the id of the group, cannot be null.

Throws:

UnsupportedOperationException - if identity service implementation is read only. See isReadOnly()

AuthorizationException - if the user has no Permissions.DELETE permissions on Resources.TENANT_MEMBERSHIP.

checkPassword

boolean checkPassword(String userId,
                      String password)

Checks if the password is valid for the given user. Arguments userId and password are nullsafe.

checkPasswordAgainstPolicy

PasswordPolicyResult checkPasswordAgainstPolicy(String password)

Check a given password against the configured PasswordPolicy. The result is returned as PasswordPolicyResult which contains all passed and violated rules as well as a flag indicating if the password is valid.

Parameters:

password - the password that should be tested

Returns:

a PasswordPolicyResult containing passed and failed rules

checkPasswordAgainstPolicy

PasswordPolicyResult checkPasswordAgainstPolicy(String candidatePassword,
                                                User user)

Check a given password against the configured PasswordPolicy. The result is returned as PasswordPolicyResult which contains all passed and violated rules as well as a flag indicating if the password is valid.

Parameters:

candidatePassword - which is checked against a password policy

user - to be taken into account when checking the candidate password

Returns:

a PasswordPolicyResult containing passed and failed rules

checkPasswordAgainstPolicy

PasswordPolicyResult checkPasswordAgainstPolicy(PasswordPolicy policy,
                                                String password)

Check a given password against a given PasswordPolicy. The result is returned as PasswordPolicyResult which contains all passed and violated rules as well as a flag indicating if the password is valid.

Parameters:

policy - the PasswordPolicy against which the password is tested

password - the password that should be tested

Returns:

a PasswordPolicyResult containing passed and failed rules

checkPasswordAgainstPolicy

PasswordPolicyResult checkPasswordAgainstPolicy(PasswordPolicy policy,
                                                String candidatePassword,
                                                User user)

Check a given password against a given PasswordPolicy. The result is returned as PasswordPolicyResult which contains all passed and violated rules as well as a flag indicating if the password is valid.

Parameters:

policy - the PasswordPolicy against which the password is tested

candidatePassword - which is checked against a password policy

user - to be taken into account when checking the candidate password

Returns:

a PasswordPolicyResult containing passed and failed rules

getPasswordPolicy

PasswordPolicy getPasswordPolicy()

Returns the PasswordPolicy that is currently configured in the engine.

Returns:

the current PasswordPolicy or null if no policy is set or the configured policy is disabled.

setAuthenticatedUserId

void setAuthenticatedUserId(String authenticatedUserId)

Passes the authenticated user id for this thread. All service method (from any service) invocations done by the same thread will have access to this authenticatedUserId. Should be followed by a call to clearAuthentication() once the interaction is terminated.

Parameters:

authenticatedUserId - the id of the current user.

setAuthentication

void setAuthentication(String userId,
                       List<String> groups)

Passes the authenticated user id and groupIds for this thread. All service method (from any service) invocations done by the same thread will have access to this authentication. Should be followed by a call to clearAuthentication() once the interaction is terminated.

Parameters:

authenticatedUserId - the id of the current user.

groups - the groups of the current user.

setAuthentication

void setAuthentication(String userId,
                       List<String> groups,
                       List<String> tenantIds)

Passes the authenticated user id, group ids and tenant ids for this thread. All service method (from any service) invocations done by the same thread will have access to this authentication. Should be followed by a call to clearAuthentication() once the interaction is terminated.

Parameters:

userId - the id of the current user.

groups - the groups of the current user.

tenantIds - the tenants of the current user.

setAuthentication

void setAuthentication(Authentication currentAuthentication)

Parameters:

currentAuthentication -

getCurrentAuthentication

Authentication getCurrentAuthentication()

Returns:

the current authentication for this process engine.

clearAuthentication

void clearAuthentication()

Allows clearing the current authentication. Does not throw exception if no authentication exists.

setUserPicture

void setUserPicture(String userId,
                    Picture picture)

Sets the picture for a given user.

Parameters:

picture - can be null to delete the picture.

Throws:

ProcessEngineException - if the user doesn't exist.

getUserPicture

Picture getUserPicture(String userId)

Retrieves the picture for a given user.

Throws:

ProcessEngineException - if the user doesn't exist.

deleteUserPicture

void deleteUserPicture(String userId)

Deletes the picture for a given user. If the user does not have a picture or if the user doesn't exists the call is ignored.

Throws:

ProcessEngineException - if the user doesn't exist.

setUserInfo

void setUserInfo(String userId,
                 String key,
                 String value)

Generic extensibility key-value pairs associated with a user

getUserInfo

String getUserInfo(String userId,
                   String key)

Generic extensibility key-value pairs associated with a user

getUserInfoKeys

List<String> getUserInfoKeys(String userId)

Generic extensibility keys associated with a user

deleteUserInfo

void deleteUserInfo(String userId,
                    String key)

Delete an entry of the generic extensibility key-value pairs associated with a user

setUserAccount

@Deprecated
void setUserAccount(String userId,
                    String userPassword,
                    String accountName,
                    String accountUsername,
                    String accountPassword,
                    Map<String,String> accountDetails)

Deprecated.

Store account information for a remote system

getUserAccountNames

@Deprecated
List<String> getUserAccountNames(String userId)

Deprecated.

Get account names associated with the given user

getUserAccount

@Deprecated
Account getUserAccount(String userId,
                       String userPassword,
                       String accountName)

Deprecated.

Get account information associated with a user

deleteUserAccount

@Deprecated
void deleteUserAccount(String userId,
                       String accountName)

Deprecated.

Delete an entry of the generic extensibility key-value pairs associated with a user