Package org.camunda.bpm.engine

Interface IdentityService

  • All Known Implementing Classes:
    IdentityServiceImpl
    public interface IdentityService
    Service to manage Users and Groups.
    Author:
    Tom Baeyens, Daniel Meyer

    • Method Detail

      • createUserQuery

        UserQuery createUserQuery()
        Creates a UserQuery that allows to programmatically query the users.

      • deleteUser

        void deleteUser​(java.lang.String userId)
        Parameters:
        userId - id of user to delete, cannot be null. When an id is passed for an unexisting user, this operation is ignored.
        Throws:
        java.lang.UnsupportedOperationException - if identity service implementation is read only. See isReadOnly()
        AuthorizationException - if the user has no Permissions.DELETE permissions on Resources.USER.

      • unlockUser

        void unlockUser​(java.lang.String userId)

      • createNativeUserQuery

        NativeUserQuery createNativeUserQuery()
        Creates a NativeUserQuery that allows to select users with native queries.
        Returns:
        NativeUserQuery

      • createGroupQuery

        GroupQuery createGroupQuery()
        Creates a GroupQuery thats allows to programmatically query the groups.

      • deleteGroup

        void deleteGroup​(java.lang.String groupId)
        Deletes the group. When no group exists with the given id, this operation is ignored.
        Parameters:
        groupId - id of the group that should be deleted, cannot be null.
        Throws:
        java.lang.UnsupportedOperationException - if identity service implementation is read only. See isReadOnly()
        AuthorizationException - if the user has no Permissions.DELETE permissions on Resources.GROUP.

      • createMembership

        void createMembership​(java.lang.String userId,
                      java.lang.String groupId)
        Parameters:
        userId - the userId, cannot be null.
        groupId - the groupId, cannot be null.
        Throws:
        java.lang.RuntimeException - when the given user or group doesn't exist or when the user is already member of the group.
        java.lang.UnsupportedOperationException - if identity service implementation is read only. See isReadOnly()
        AuthorizationException - if the user has no Permissions.CREATE permissions on Resources.GROUP_MEMBERSHIP.

      • deleteMembership

        void deleteMembership​(java.lang.String userId,
                      java.lang.String groupId)
        Delete the membership of the user in the group. When the group or user don't exist or when the user is not a member of the group, this operation is ignored.
        Parameters:
        userId - the user's id, cannot be null.
        groupId - the group's id, cannot be null.
        Throws:
        java.lang.UnsupportedOperationException - if identity service implementation is read only. See isReadOnly()
        AuthorizationException - if the user has no Permissions.DELETE permissions on Resources.GROUP_MEMBERSHIP.

      • createTenantQuery

        TenantQuery createTenantQuery()
        Creates a TenantQuery thats allows to programmatically query the tenants.

      • deleteTenant

        void deleteTenant​(java.lang.String tenantId)
        Deletes the tenant. When no tenant exists with the given id, this operation is ignored.
        Parameters:
        tenantId - id of the tenant that should be deleted, cannot be null.
        Throws:
        java.lang.UnsupportedOperationException - if identity service implementation is read only. See isReadOnly()
        AuthorizationException - if the user has no Permissions.DELETE permissions on Resources.TENANT.

      • createTenantUserMembership

        void createTenantUserMembership​(java.lang.String tenantId,
                                java.lang.String userId)
        Creates a new membership between the given user and tenant.
        Parameters:
        tenantId - the id of the tenant, cannot be null.
        userId - the id of the user, cannot be null.
        Throws:
        java.lang.RuntimeException - when the given tenant or user doesn't exist or the user is already a member of this tenant.
        java.lang.UnsupportedOperationException - if identity service implementation is read only. See isReadOnly()
        AuthorizationException - if the user has no Permissions.CREATE permissions on Resources.TENANT_MEMBERSHIP.

      • createTenantGroupMembership

        void createTenantGroupMembership​(java.lang.String tenantId,
                                 java.lang.String groupId)
        Creates a new membership between the given group and tenant.
        Parameters:
        tenantId - the id of the tenant, cannot be null.
        groupId - the id of the group, cannot be null.
        Throws:
        java.lang.RuntimeException - when the given tenant or group doesn't exist or when the group is already a member of this tenant.
        java.lang.UnsupportedOperationException - if identity service implementation is read only. See isReadOnly()
        AuthorizationException - if the user has no Permissions.CREATE permissions on Resources.TENANT_MEMBERSHIP.

      • deleteTenantUserMembership

        void deleteTenantUserMembership​(java.lang.String tenantId,
                                java.lang.String userId)
        Deletes the membership between the given user and tenant. The operation is ignored when the given user, tenant or membership don't exist.
        Parameters:
        tenantId - the id of the tenant, cannot be null.
        userId - the id of the user, cannot be null.
        Throws:
        java.lang.UnsupportedOperationException - if identity service implementation is read only. See isReadOnly()
        AuthorizationException - if the user has no Permissions.DELETE permissions on Resources.TENANT_MEMBERSHIP.

      • deleteTenantGroupMembership

        void deleteTenantGroupMembership​(java.lang.String tenantId,
                                 java.lang.String groupId)
        Deletes the membership between the given group and tenant. The operation is ignored when the given group, tenant or membership don't exist.
        Parameters:
        tenantId - the id of the tenant, cannot be null.
        groupId - the id of the group, cannot be null.
        Throws:
        java.lang.UnsupportedOperationException - if identity service implementation is read only. See isReadOnly()
        AuthorizationException - if the user has no Permissions.DELETE permissions on Resources.TENANT_MEMBERSHIP.

      • checkPassword

        boolean checkPassword​(java.lang.String userId,
                      java.lang.String password)
        Checks if the password is valid for the given user. Arguments userId and password are nullsafe.

      • checkPasswordAgainstPolicy

        PasswordPolicyResult checkPasswordAgainstPolicy​(java.lang.String password)
        Check a given password against the configured PasswordPolicy. The result is returned as PasswordPolicyResult which contains all passed and violated rules as well as a flag indicating if the password is valid.
        Parameters:
        password - the password that should be tested
        Returns:
        a PasswordPolicyResult containing passed and failed rules

      • checkPasswordAgainstPolicy

        PasswordPolicyResult checkPasswordAgainstPolicy​(java.lang.String candidatePassword,
                                                User user)
        Check a given password against the configured PasswordPolicy. The result is returned as PasswordPolicyResult which contains all passed and violated rules as well as a flag indicating if the password is valid.
        Parameters:
        candidatePassword - which is checked against a password policy
        user - to be taken into account when checking the candidate password
        Returns:
        a PasswordPolicyResult containing passed and failed rules

      • checkPasswordAgainstPolicy

        PasswordPolicyResult checkPasswordAgainstPolicy​(PasswordPolicy policy,
                                                java.lang.String password)
        Check a given password against a given PasswordPolicy. The result is returned as PasswordPolicyResult which contains all passed and violated rules as well as a flag indicating if the password is valid.
        Parameters:
        policy - the PasswordPolicy against which the password is tested
        password - the password that should be tested
        Returns:
        a PasswordPolicyResult containing passed and failed rules

      • checkPasswordAgainstPolicy

        PasswordPolicyResult checkPasswordAgainstPolicy​(PasswordPolicy policy,
                                                java.lang.String candidatePassword,
                                                User user)
        Check a given password against a given PasswordPolicy. The result is returned as PasswordPolicyResult which contains all passed and violated rules as well as a flag indicating if the password is valid.
        Parameters:
        policy - the PasswordPolicy against which the password is tested
        candidatePassword - which is checked against a password policy
        user - to be taken into account when checking the candidate password
        Returns:
        a PasswordPolicyResult containing passed and failed rules

      • getPasswordPolicy

        PasswordPolicy getPasswordPolicy()
        Returns the PasswordPolicy that is currently configured in the engine.
        Returns:
        the current PasswordPolicy or null if no policy is set or the configured policy is disabled.

      • setAuthenticatedUserId

        void setAuthenticatedUserId​(java.lang.String authenticatedUserId)
        Passes the authenticated user id for this thread. All service method (from any service) invocations done by the same thread will have access to this authenticatedUserId. Should be followed by a call to clearAuthentication() once the interaction is terminated.
        Parameters:
        authenticatedUserId - the id of the current user.

      • setAuthentication

        void setAuthentication​(java.lang.String userId,
                       java.util.List<java.lang.String> groups)
        Passes the authenticated user id and groupIds for this thread. All service method (from any service) invocations done by the same thread will have access to this authentication. Should be followed by a call to clearAuthentication() once the interaction is terminated.
        Parameters:
        authenticatedUserId - the id of the current user.
        groups - the groups of the current user.

      • setAuthentication

        void setAuthentication​(java.lang.String userId,
                       java.util.List<java.lang.String> groups,
                       java.util.List<java.lang.String> tenantIds)
        Passes the authenticated user id, group ids and tenant ids for this thread. All service method (from any service) invocations done by the same thread will have access to this authentication. Should be followed by a call to clearAuthentication() once the interaction is terminated.
        Parameters:
        userId - the id of the current user.
        groups - the groups of the current user.
        tenantIds - the tenants of the current user.

      • setAuthentication

        void setAuthentication​(Authentication currentAuthentication)
        Parameters:
        currentAuthentication -

      • getCurrentAuthentication

        Authentication getCurrentAuthentication()
        Returns:
        the current authentication for this process engine.

      • clearAuthentication

        void clearAuthentication()
        Allows clearing the current authentication. Does not throw exception if no authentication exists.

      • setUserPicture

        void setUserPicture​(java.lang.String userId,
                    Picture picture)
        Sets the picture for a given user.
        Parameters:
        picture - can be null to delete the picture.
        Throws:
        ProcessEngineException - if the user doesn't exist.

      • getUserPicture

        Picture getUserPicture​(java.lang.String userId)
        Retrieves the picture for a given user.
        Throws:
        ProcessEngineException - if the user doesn't exist.

      • deleteUserPicture

        void deleteUserPicture​(java.lang.String userId)
        Deletes the picture for a given user. If the user does not have a picture or if the user doesn't exists the call is ignored.
        Throws:
        ProcessEngineException - if the user doesn't exist.

      • setUserInfo

        void setUserInfo​(java.lang.String userId,
                 java.lang.String key,
                 java.lang.String value)
        Generic extensibility key-value pairs associated with a user

      • getUserInfo

        java.lang.String getUserInfo​(java.lang.String userId,
                             java.lang.String key)
        Generic extensibility key-value pairs associated with a user

      • getUserInfoKeys

        java.util.List<java.lang.String> getUserInfoKeys​(java.lang.String userId)
        Generic extensibility keys associated with a user

      • deleteUserInfo

        void deleteUserInfo​(java.lang.String userId,
                    java.lang.String key)
        Delete an entry of the generic extensibility key-value pairs associated with a user

      • setUserAccount

        @Deprecated
void setUserAccount​(java.lang.String userId,
                    java.lang.String userPassword,
                    java.lang.String accountName,
                    java.lang.String accountUsername,
                    java.lang.String accountPassword,
                    java.util.Map<java.lang.String,​java.lang.String> accountDetails)
        Deprecated.
        Store account information for a remote system

      • getUserAccountNames

        @Deprecated
java.util.List<java.lang.String> getUserAccountNames​(java.lang.String userId)
        Deprecated.
        Get account names associated with the given user

      • getUserAccount

        @Deprecated
Account getUserAccount​(java.lang.String userId,
                       java.lang.String userPassword,
                       java.lang.String accountName)
        Deprecated.
        Get account information associated with a user

      • deleteUserAccount

        @Deprecated
void deleteUserAccount​(java.lang.String userId,
                       java.lang.String accountName)
        Deprecated.
        Delete an entry of the generic extensibility key-value pairs associated with a user