Package org.camunda.bpm.engine
Interface IdentityService
- 
- All Known Implementing Classes:
- IdentityServiceImpl
 
 public interface IdentityService- Author:
- Tom Baeyens, Daniel Meyer
 
- 
- 
Method SummaryAll Methods Instance Methods Abstract Methods Deprecated Methods Modifier and Type Method Description booleancheckPassword(String userId, String password)Checks if the password is valid for the given user.PasswordPolicyResultcheckPasswordAgainstPolicy(String password)Check a given password against the configuredPasswordPolicy.PasswordPolicyResultcheckPasswordAgainstPolicy(String candidatePassword, User user)Check a given password against the configuredPasswordPolicy.PasswordPolicyResultcheckPasswordAgainstPolicy(PasswordPolicy policy, String password)Check a given password against a givenPasswordPolicy.PasswordPolicyResultcheckPasswordAgainstPolicy(PasswordPolicy policy, String candidatePassword, User user)Check a given password against a givenPasswordPolicy.voidclearAuthentication()Allows clearing the current authentication.GroupQuerycreateGroupQuery()Creates aGroupQuerythats allows to programmatically query the groups.voidcreateMembership(String userId, String groupId)NativeUserQuerycreateNativeUserQuery()Creates aNativeUserQuerythat allows to select users with native queries.voidcreateTenantGroupMembership(String tenantId, String groupId)Creates a new membership between the given group and tenant.TenantQuerycreateTenantQuery()Creates aTenantQuerythats allows to programmatically query the tenants.voidcreateTenantUserMembership(String tenantId, String userId)Creates a new membership between the given user and tenant.UserQuerycreateUserQuery()Creates aUserQuerythat allows to programmatically query the users.voiddeleteGroup(String groupId)Deletes the group.voiddeleteMembership(String userId, String groupId)Delete the membership of the user in the group.voiddeleteTenant(String tenantId)Deletes the tenant.voiddeleteTenantGroupMembership(String tenantId, String groupId)Deletes the membership between the given group and tenant.voiddeleteTenantUserMembership(String tenantId, String userId)Deletes the membership between the given user and tenant.voiddeleteUser(String userId)voiddeleteUserAccount(String userId, String accountName)Deprecated.voiddeleteUserInfo(String userId, String key)Delete an entry of the generic extensibility key-value pairs associated with a uservoiddeleteUserPicture(String userId)Deletes the picture for a given user.AuthenticationgetCurrentAuthentication()PasswordPolicygetPasswordPolicy()Returns thePasswordPolicythat is currently configured in the engine.AccountgetUserAccount(String userId, String userPassword, String accountName)Deprecated.List<String>getUserAccountNames(String userId)Deprecated.StringgetUserInfo(String userId, String key)Generic extensibility key-value pairs associated with a userList<String>getUserInfoKeys(String userId)Generic extensibility keys associated with a userPicturegetUserPicture(String userId)Retrieves the picture for a given user.booleanisReadOnly()Allows to inquire whether this identity service implementation provides read-only access to the user repository, false otherwise.GroupnewGroup(String groupId)Creates a new group.TenantnewTenant(String tenantId)Creates a new tenant.UsernewUser(String userId)Creates a new user.voidsaveGroup(Group group)Saves the group.voidsaveTenant(Tenant tenant)Saves the tenant.voidsaveUser(User user)Saves the user.voidsetAuthenticatedUserId(String authenticatedUserId)Passes the authenticated user id for this thread.voidsetAuthentication(String userId, List<String> groups)Passes the authenticated user id and groupIds for this thread.voidsetAuthentication(String userId, List<String> groups, List<String> tenantIds)Passes the authenticated user id, group ids and tenant ids for this thread.voidsetAuthentication(Authentication currentAuthentication)voidsetUserAccount(String userId, String userPassword, String accountName, String accountUsername, String accountPassword, Map<String,String> accountDetails)Deprecated.voidsetUserInfo(String userId, String key, String value)Generic extensibility key-value pairs associated with a uservoidsetUserPicture(String userId, Picture picture)Sets the picture for a given user.voidunlockUser(String userId)
 
- 
- 
- 
Method Detail- 
isReadOnlyboolean isReadOnly() Allows to inquire whether this identity service implementation provides read-only access to the user repository, false otherwise. Read only identity service implementations do not support the following methods:-  newUser(String)
-  saveUser(User)
-  deleteUser(String)
-  newGroup(String)
-  saveGroup(Group)
-  deleteGroup(String)
-  newTenant(String)
-  saveTenant(Tenant)
-  deleteTenant(String)
-  createMembership(String, String)
-  deleteMembership(String, String)
-  createTenantUserMembership(String, String)
-  createTenantGroupMembership(String, String)
-  deleteTenantUserMembership(String, String)
-  deleteTenantGroupMembership(String, String)
 If these methods are invoked on a read-only identity service implementation, the invocation will throw an UnsupportedOperationException.- Returns:
- true if this identity service implementation provides read-only access to the user repository, false otherwise.
 
-  
 - 
newUserUser newUser(String userId) Creates a new user. The user is transient and must be saved usingsaveUser(User).- Parameters:
- userId- id for the new user, cannot be null.
- Throws:
- UnsupportedOperationException- if identity service implementation is read only. See- isReadOnly()
- AuthorizationException- if the user has no- Permissions.CREATEpermissions on- Resources.USER.
 
 - 
saveUservoid saveUser(User user) Saves the user. If the user already existed, the user is updated.- Parameters:
- user- user to save, cannot be null.
- Throws:
- ProcessEngineException- when- ProcessEngineConfiguration.enablePasswordPolicyis- trueand password violates password policy
- ProcessEngineException- when user id violates:
- RuntimeException- when a user with the same name already exists.
- UnsupportedOperationException- if identity service implementation is read only. See- isReadOnly()
- AuthorizationException- if the user has no- Permissions.UPDATEpermissions on- Resources.USER(update existing user) or if user has no- Permissions.CREATEpermissions on- Resources.USER(save new user).
 
 - 
createUserQueryUserQuery createUserQuery() Creates aUserQuerythat allows to programmatically query the users.
 - 
deleteUservoid deleteUser(String userId) - Parameters:
- userId- id of user to delete, cannot be null. When an id is passed for an unexisting user, this operation is ignored.
- Throws:
- UnsupportedOperationException- if identity service implementation is read only. See- isReadOnly()
- AuthorizationException- if the user has no- Permissions.DELETEpermissions on- Resources.USER.
 
 - 
unlockUservoid unlockUser(String userId) 
 - 
newGroupGroup newGroup(String groupId) Creates a new group. The group is transient and must be saved usingsaveGroup(Group).- Parameters:
- groupId- id for the new group, cannot be null.
- Throws:
- UnsupportedOperationException- if identity service implementation is read only. See- isReadOnly()
- AuthorizationException- if the user has no- Permissions.CREATEpermissions on- Resources.GROUP.
 
 - 
createNativeUserQueryNativeUserQuery createNativeUserQuery() Creates aNativeUserQuerythat allows to select users with native queries.- Returns:
- NativeUserQuery
 
 - 
createGroupQueryGroupQuery createGroupQuery() Creates aGroupQuerythats allows to programmatically query the groups.
 - 
saveGroupvoid saveGroup(Group group) Saves the group. If the group already existed, the group is updated.- Parameters:
- group- group to save. Cannot be null.
- Throws:
- ProcessEngineException- when group id violates:
- RuntimeException- when a group with the same name already exists.
- UnsupportedOperationException- if identity service implementation is read only. See- isReadOnly()
- AuthorizationException- if the user has no- Permissions.UPDATEpermissions on- Resources.GROUP(update existing group) or if user has no- Permissions.CREATEpermissions on- Resources.GROUP(save new group).
 
 - 
deleteGroupvoid deleteGroup(String groupId) Deletes the group. When no group exists with the given id, this operation is ignored.- Parameters:
- groupId- id of the group that should be deleted, cannot be null.
- Throws:
- UnsupportedOperationException- if identity service implementation is read only. See- isReadOnly()
- AuthorizationException- if the user has no- Permissions.DELETEpermissions on- Resources.GROUP.
 
 - 
createMembershipvoid createMembership(String userId, String groupId) - Parameters:
- userId- the userId, cannot be null.
- groupId- the groupId, cannot be null.
- Throws:
- RuntimeException- when the given user or group doesn't exist or when the user is already member of the group.
- UnsupportedOperationException- if identity service implementation is read only. See- isReadOnly()
- AuthorizationException- if the user has no- Permissions.CREATEpermissions on- Resources.GROUP_MEMBERSHIP.
 
 - 
deleteMembershipvoid deleteMembership(String userId, String groupId) Delete the membership of the user in the group. When the group or user don't exist or when the user is not a member of the group, this operation is ignored.- Parameters:
- userId- the user's id, cannot be null.
- groupId- the group's id, cannot be null.
- Throws:
- UnsupportedOperationException- if identity service implementation is read only. See- isReadOnly()
- AuthorizationException- if the user has no- Permissions.DELETEpermissions on- Resources.GROUP_MEMBERSHIP.
 
 - 
newTenantTenant newTenant(String tenantId) Creates a new tenant. The tenant is transient and must be saved usingsaveTenant(Tenant).- Parameters:
- tenantId- id for the new tenant, cannot be- null.
- Throws:
- UnsupportedOperationException- if identity service implementation is read only. See- isReadOnly()
- AuthorizationException- if the user has no- Permissions.CREATEpermissions on- Resources.TENANT.
 
 - 
createTenantQueryTenantQuery createTenantQuery() Creates aTenantQuerythats allows to programmatically query the tenants.
 - 
saveTenantvoid saveTenant(Tenant tenant) Saves the tenant. If the tenant already existed, it is updated.- Parameters:
- tenant- the tenant to save. Cannot be- null.
- Throws:
- ProcessEngineException- when tenant id violates:
- RuntimeException- when a tenant with the same name already exists.
- UnsupportedOperationException- if identity service implementation is read only. See- isReadOnly()
- AuthorizationException- if the user has no- Permissions.UPDATEpermissions on- Resources.TENANT(update existing tenant) or if user has no- Permissions.CREATEpermissions on- Resources.TENANT(save new tenant).
 
 - 
deleteTenantvoid deleteTenant(String tenantId) Deletes the tenant. When no tenant exists with the given id, this operation is ignored.- Parameters:
- tenantId- id of the tenant that should be deleted, cannot be- null.
- Throws:
- UnsupportedOperationException- if identity service implementation is read only. See- isReadOnly()
- AuthorizationException- if the user has no- Permissions.DELETEpermissions on- Resources.TENANT.
 
 - 
createTenantUserMembershipvoid createTenantUserMembership(String tenantId, String userId) Creates a new membership between the given user and tenant.- Parameters:
- tenantId- the id of the tenant, cannot be null.
- userId- the id of the user, cannot be null.
- Throws:
- RuntimeException- when the given tenant or user doesn't exist or the user is already a member of this tenant.
- UnsupportedOperationException- if identity service implementation is read only. See- isReadOnly()
- AuthorizationException- if the user has no- Permissions.CREATEpermissions on- Resources.TENANT_MEMBERSHIP.
 
 - 
createTenantGroupMembershipvoid createTenantGroupMembership(String tenantId, String groupId) Creates a new membership between the given group and tenant.- Parameters:
- tenantId- the id of the tenant, cannot be null.
- groupId- the id of the group, cannot be null.
- Throws:
- RuntimeException- when the given tenant or group doesn't exist or when the group is already a member of this tenant.
- UnsupportedOperationException- if identity service implementation is read only. See- isReadOnly()
- AuthorizationException- if the user has no- Permissions.CREATEpermissions on- Resources.TENANT_MEMBERSHIP.
 
 - 
deleteTenantUserMembershipvoid deleteTenantUserMembership(String tenantId, String userId) Deletes the membership between the given user and tenant. The operation is ignored when the given user, tenant or membership don't exist.- Parameters:
- tenantId- the id of the tenant, cannot be null.
- userId- the id of the user, cannot be null.
- Throws:
- UnsupportedOperationException- if identity service implementation is read only. See- isReadOnly()
- AuthorizationException- if the user has no- Permissions.DELETEpermissions on- Resources.TENANT_MEMBERSHIP.
 
 - 
deleteTenantGroupMembershipvoid deleteTenantGroupMembership(String tenantId, String groupId) Deletes the membership between the given group and tenant. The operation is ignored when the given group, tenant or membership don't exist.- Parameters:
- tenantId- the id of the tenant, cannot be null.
- groupId- the id of the group, cannot be null.
- Throws:
- UnsupportedOperationException- if identity service implementation is read only. See- isReadOnly()
- AuthorizationException- if the user has no- Permissions.DELETEpermissions on- Resources.TENANT_MEMBERSHIP.
 
 - 
checkPasswordboolean checkPassword(String userId, String password) Checks if the password is valid for the given user. Arguments userId and password are nullsafe.
 - 
checkPasswordAgainstPolicyPasswordPolicyResult checkPasswordAgainstPolicy(String password) Check a given password against the configuredPasswordPolicy. The result is returned asPasswordPolicyResultwhich contains all passed and violated rules as well as a flag indicating if the password is valid.- Parameters:
- password- the password that should be tested
- Returns:
- a PasswordPolicyResultcontaining passed and failed rules
 
 - 
checkPasswordAgainstPolicyPasswordPolicyResult checkPasswordAgainstPolicy(String candidatePassword, User user) Check a given password against the configuredPasswordPolicy. The result is returned asPasswordPolicyResultwhich contains all passed and violated rules as well as a flag indicating if the password is valid.- Parameters:
- candidatePassword- which is checked against a password policy
- user- to be taken into account when checking the candidate password
- Returns:
- a PasswordPolicyResultcontaining passed and failed rules
 
 - 
checkPasswordAgainstPolicyPasswordPolicyResult checkPasswordAgainstPolicy(PasswordPolicy policy, String password) Check a given password against a givenPasswordPolicy. The result is returned asPasswordPolicyResultwhich contains all passed and violated rules as well as a flag indicating if the password is valid.- Parameters:
- policy- the- PasswordPolicyagainst which the password is tested
- password- the password that should be tested
- Returns:
- a PasswordPolicyResultcontaining passed and failed rules
 
 - 
checkPasswordAgainstPolicyPasswordPolicyResult checkPasswordAgainstPolicy(PasswordPolicy policy, String candidatePassword, User user) Check a given password against a givenPasswordPolicy. The result is returned asPasswordPolicyResultwhich contains all passed and violated rules as well as a flag indicating if the password is valid.- Parameters:
- policy- the- PasswordPolicyagainst which the password is tested
- candidatePassword- which is checked against a password policy
- user- to be taken into account when checking the candidate password
- Returns:
- a PasswordPolicyResultcontaining passed and failed rules
 
 - 
getPasswordPolicyPasswordPolicy getPasswordPolicy() Returns thePasswordPolicythat is currently configured in the engine.- Returns:
- the current PasswordPolicyornullif no policy is set or the configured policy is disabled.
 
 - 
setAuthenticatedUserIdvoid setAuthenticatedUserId(String authenticatedUserId) Passes the authenticated user id for this thread. All service method (from any service) invocations done by the same thread will have access to this authenticatedUserId. Should be followed by a call toclearAuthentication()once the interaction is terminated.- Parameters:
- authenticatedUserId- the id of the current user.
 
 - 
setAuthenticationvoid setAuthentication(String userId, List<String> groups) Passes the authenticated user id and groupIds for this thread. All service method (from any service) invocations done by the same thread will have access to this authentication. Should be followed by a call toclearAuthentication()once the interaction is terminated.- Parameters:
- authenticatedUserId- the id of the current user.
- groups- the groups of the current user.
 
 - 
setAuthenticationvoid setAuthentication(String userId, List<String> groups, List<String> tenantIds) Passes the authenticated user id, group ids and tenant ids for this thread. All service method (from any service) invocations done by the same thread will have access to this authentication. Should be followed by a call toclearAuthentication()once the interaction is terminated.- Parameters:
- userId- the id of the current user.
- groups- the groups of the current user.
- tenantIds- the tenants of the current user.
 
 - 
setAuthenticationvoid setAuthentication(Authentication currentAuthentication) - Parameters:
- currentAuthentication-
 
 - 
getCurrentAuthenticationAuthentication getCurrentAuthentication() - Returns:
- the current authentication for this process engine.
 
 - 
clearAuthenticationvoid clearAuthentication() Allows clearing the current authentication. Does not throw exception if no authentication exists.
 - 
setUserPicturevoid setUserPicture(String userId, Picture picture) Sets the picture for a given user.- Parameters:
- picture- can be null to delete the picture.
- Throws:
- ProcessEngineException- if the user doesn't exist.
 
 - 
getUserPicturePicture getUserPicture(String userId) Retrieves the picture for a given user.- Throws:
- ProcessEngineException- if the user doesn't exist.
 
 - 
deleteUserPicturevoid deleteUserPicture(String userId) Deletes the picture for a given user. If the user does not have a picture or if the user doesn't exists the call is ignored.- Throws:
- ProcessEngineException- if the user doesn't exist.
 
 - 
setUserInfovoid setUserInfo(String userId, String key, String value) Generic extensibility key-value pairs associated with a user
 - 
getUserInfoString getUserInfo(String userId, String key) Generic extensibility key-value pairs associated with a user
 - 
getUserInfoKeysList<String> getUserInfoKeys(String userId) Generic extensibility keys associated with a user
 - 
deleteUserInfovoid deleteUserInfo(String userId, String key) Delete an entry of the generic extensibility key-value pairs associated with a user
 - 
setUserAccount@Deprecated void setUserAccount(String userId, String userPassword, String accountName, String accountUsername, String accountPassword, Map<String,String> accountDetails) Deprecated.Store account information for a remote system
 - 
getUserAccountNames@Deprecated List<String> getUserAccountNames(String userId) Deprecated.Get account names associated with the given user
 - 
getUserAccount@Deprecated Account getUserAccount(String userId, String userPassword, String accountName) Deprecated.Get account information associated with a user
 - 
deleteUserAccount@Deprecated void deleteUserAccount(String userId, String accountName) Deprecated.Delete an entry of the generic extensibility key-value pairs associated with a user
 
- 
 
-