Package org.camunda.bpm.engine.impl
Class IdentityServiceImpl
java.lang.Object
org.camunda.bpm.engine.impl.ServiceImpl
org.camunda.bpm.engine.impl.IdentityServiceImpl
- All Implemented Interfaces:
IdentityService
- Author:
- Tom Baeyens
-
Field Summary
Fields inherited from class org.camunda.bpm.engine.impl.ServiceImpl
commandExecutor
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionboolean
checkPassword
(String userId, String password) Checks if the password is valid for the given user.checkPasswordAgainstPolicy
(String password) Check a given password against the configuredPasswordPolicy
.checkPasswordAgainstPolicy
(String candidatePassword, User user) Check a given password against the configuredPasswordPolicy
.checkPasswordAgainstPolicy
(PasswordPolicy policy, String password) Check a given password against a givenPasswordPolicy
.checkPasswordAgainstPolicy
(PasswordPolicy policy, String candidatePassword, User user) Check a given password against a givenPasswordPolicy
.void
Allows clearing the current authentication.Creates aGroupQuery
thats allows to programmatically query the groups.void
createMembership
(String userId, String groupId) Creates aNativeUserQuery
that allows to select users with native queries.void
createTenantGroupMembership
(String tenantId, String groupId) Creates a new membership between the given group and tenant.Creates aTenantQuery
thats allows to programmatically query the tenants.void
createTenantUserMembership
(String tenantId, String userId) Creates a new membership between the given user and tenant.Creates aUserQuery
that allows to programmatically query the users.void
deleteGroup
(String groupId) Deletes the group.void
deleteMembership
(String userId, String groupId) Delete the membership of the user in the group.void
deleteTenant
(String tenantId) Deletes the tenant.void
deleteTenantGroupMembership
(String tenantId, String groupId) Deletes the membership between the given group and tenant.void
deleteTenantUserMembership
(String tenantId, String userId) Deletes the membership between the given user and tenant.void
deleteUser
(String userId) void
deleteUserAccount
(String userId, String accountName) Delete an entry of the generic extensibility key-value pairs associated with a uservoid
deleteUserInfo
(String userId, String key) Delete an entry of the generic extensibility key-value pairs associated with a uservoid
deleteUserPicture
(String userId) Deletes the picture for a given user.Returns thePasswordPolicy
that is currently configured in the engine.getUserAccount
(String userId, String userPassword, String accountName) Get account information associated with a usergetUserAccountNames
(String userId) Get account names associated with the given usergetUserInfo
(String userId, String key) Generic extensibility key-value pairs associated with a usergetUserInfoKeys
(String userId) Generic extensibility keys associated with a usergetUserPicture
(String userId) Retrieves the picture for a given user.boolean
Allows to inquire whether this identity service implementation provides read-only access to the user repository, false otherwise.Creates a new group.Creates a new tenant.Creates a new user.void
Saves the group.void
saveTenant
(Tenant tenant) Saves the tenant.void
Saves the user.void
void
setAuthenticatedUserId
(String authenticatedUserId) Passes the authenticated user id for this thread.void
setAuthentication
(String userId, List<String> groups) Passes the authenticated user id and groupIds for this thread.void
Passes the authenticated user id, group ids and tenant ids for this thread.void
void
setUserAccount
(String userId, String userPassword, String accountName, String accountUsername, String accountPassword, Map<String, String> accountDetails) Store account information for a remote systemvoid
setUserInfo
(String userId, String key, String value) Generic extensibility key-value pairs associated with a uservoid
setUserPicture
(String userId, Picture picture) Sets the picture for a given user.void
unlockUser
(String userId) Methods inherited from class org.camunda.bpm.engine.impl.ServiceImpl
getCommandExecutor, setCommandExecutor
-
Constructor Details
-
IdentityServiceImpl
public IdentityServiceImpl()
-
-
Method Details
-
isReadOnly
public boolean isReadOnly()Description copied from interface:IdentityService
Allows to inquire whether this identity service implementation provides read-only access to the user repository, false otherwise.
Read only identity service implementations do not support the following methods:-
IdentityService.newUser(String)
-
IdentityService.saveUser(User)
-
IdentityService.deleteUser(String)
-
IdentityService.newGroup(String)
-
IdentityService.saveGroup(Group)
-
IdentityService.deleteGroup(String)
-
IdentityService.newTenant(String)
-
IdentityService.saveTenant(Tenant)
-
IdentityService.deleteTenant(String)
-
IdentityService.createMembership(String, String)
-
IdentityService.deleteMembership(String, String)
-
IdentityService.createTenantUserMembership(String, String)
-
IdentityService.createTenantGroupMembership(String, String)
-
IdentityService.deleteTenantUserMembership(String, String)
-
IdentityService.deleteTenantGroupMembership(String, String)
If these methods are invoked on a read-only identity service implementation, the invocation will throw an
UnsupportedOperationException
.- Specified by:
isReadOnly
in interfaceIdentityService
- Returns:
- true if this identity service implementation provides read-only access to the user repository, false otherwise.
-
-
newGroup
Description copied from interface:IdentityService
Creates a new group. The group is transient and must be saved usingIdentityService.saveGroup(Group)
.- Specified by:
newGroup
in interfaceIdentityService
- Parameters:
groupId
- id for the new group, cannot be null.
-
newUser
Description copied from interface:IdentityService
Creates a new user. The user is transient and must be saved usingIdentityService.saveUser(User)
.- Specified by:
newUser
in interfaceIdentityService
- Parameters:
userId
- id for the new user, cannot be null.
-
newTenant
Description copied from interface:IdentityService
Creates a new tenant. The tenant is transient and must be saved usingIdentityService.saveTenant(Tenant)
.- Specified by:
newTenant
in interfaceIdentityService
- Parameters:
tenantId
- id for the new tenant, cannot benull
.
-
saveGroup
Description copied from interface:IdentityService
Saves the group. If the group already existed, the group is updated.- Specified by:
saveGroup
in interfaceIdentityService
- Parameters:
group
- group to save. Cannot be null.
-
saveUser
Description copied from interface:IdentityService
Saves the user. If the user already existed, the user is updated.- Specified by:
saveUser
in interfaceIdentityService
- Parameters:
user
- user to save, cannot be null.
-
saveUser
-
saveTenant
Description copied from interface:IdentityService
Saves the tenant. If the tenant already existed, it is updated.- Specified by:
saveTenant
in interfaceIdentityService
- Parameters:
tenant
- the tenant to save. Cannot benull
.
-
createUserQuery
Description copied from interface:IdentityService
Creates aUserQuery
that allows to programmatically query the users.- Specified by:
createUserQuery
in interfaceIdentityService
-
createNativeUserQuery
Description copied from interface:IdentityService
Creates aNativeUserQuery
that allows to select users with native queries.- Specified by:
createNativeUserQuery
in interfaceIdentityService
- Returns:
- NativeUserQuery
-
createGroupQuery
Description copied from interface:IdentityService
Creates aGroupQuery
thats allows to programmatically query the groups.- Specified by:
createGroupQuery
in interfaceIdentityService
-
createTenantQuery
Description copied from interface:IdentityService
Creates aTenantQuery
thats allows to programmatically query the tenants.- Specified by:
createTenantQuery
in interfaceIdentityService
-
createMembership
- Specified by:
createMembership
in interfaceIdentityService
- Parameters:
userId
- the userId, cannot be null.groupId
- the groupId, cannot be null.
-
deleteGroup
Description copied from interface:IdentityService
Deletes the group. When no group exists with the given id, this operation is ignored.- Specified by:
deleteGroup
in interfaceIdentityService
- Parameters:
groupId
- id of the group that should be deleted, cannot be null.
-
deleteMembership
Description copied from interface:IdentityService
Delete the membership of the user in the group. When the group or user don't exist or when the user is not a member of the group, this operation is ignored.- Specified by:
deleteMembership
in interfaceIdentityService
- Parameters:
userId
- the user's id, cannot be null.groupId
- the group's id, cannot be null.
-
checkPassword
Description copied from interface:IdentityService
Checks if the password is valid for the given user. Arguments userId and password are nullsafe.- Specified by:
checkPassword
in interfaceIdentityService
-
checkPasswordAgainstPolicy
Description copied from interface:IdentityService
Check a given password against the configuredPasswordPolicy
. The result is returned asPasswordPolicyResult
which contains all passed and violated rules as well as a flag indicating if the password is valid.- Specified by:
checkPasswordAgainstPolicy
in interfaceIdentityService
- Parameters:
candidatePassword
- which is checked against a password policyuser
- to be taken into account when checking the candidate password- Returns:
- a
PasswordPolicyResult
containing passed and failed rules
-
checkPasswordAgainstPolicy
Description copied from interface:IdentityService
Check a given password against the configuredPasswordPolicy
. The result is returned asPasswordPolicyResult
which contains all passed and violated rules as well as a flag indicating if the password is valid.- Specified by:
checkPasswordAgainstPolicy
in interfaceIdentityService
- Parameters:
password
- the password that should be tested- Returns:
- a
PasswordPolicyResult
containing passed and failed rules
-
checkPasswordAgainstPolicy
public PasswordPolicyResult checkPasswordAgainstPolicy(PasswordPolicy policy, String candidatePassword, User user) Description copied from interface:IdentityService
Check a given password against a givenPasswordPolicy
. The result is returned asPasswordPolicyResult
which contains all passed and violated rules as well as a flag indicating if the password is valid.- Specified by:
checkPasswordAgainstPolicy
in interfaceIdentityService
- Parameters:
policy
- thePasswordPolicy
against which the password is testedcandidatePassword
- which is checked against a password policyuser
- to be taken into account when checking the candidate password- Returns:
- a
PasswordPolicyResult
containing passed and failed rules
-
checkPasswordAgainstPolicy
Description copied from interface:IdentityService
Check a given password against a givenPasswordPolicy
. The result is returned asPasswordPolicyResult
which contains all passed and violated rules as well as a flag indicating if the password is valid.- Specified by:
checkPasswordAgainstPolicy
in interfaceIdentityService
- Parameters:
policy
- thePasswordPolicy
against which the password is testedpassword
- the password that should be tested- Returns:
- a
PasswordPolicyResult
containing passed and failed rules
-
getPasswordPolicy
Description copied from interface:IdentityService
Returns thePasswordPolicy
that is currently configured in the engine.- Specified by:
getPasswordPolicy
in interfaceIdentityService
- Returns:
- the current
PasswordPolicy
ornull
if no policy is set or the configured policy is disabled.
-
unlockUser
- Specified by:
unlockUser
in interfaceIdentityService
-
deleteUser
- Specified by:
deleteUser
in interfaceIdentityService
- Parameters:
userId
- id of user to delete, cannot be null. When an id is passed for an unexisting user, this operation is ignored.
-
deleteTenant
Description copied from interface:IdentityService
Deletes the tenant. When no tenant exists with the given id, this operation is ignored.- Specified by:
deleteTenant
in interfaceIdentityService
- Parameters:
tenantId
- id of the tenant that should be deleted, cannot benull
.
-
setUserPicture
Description copied from interface:IdentityService
Sets the picture for a given user.- Specified by:
setUserPicture
in interfaceIdentityService
picture
- can be null to delete the picture.
-
getUserPicture
Description copied from interface:IdentityService
Retrieves the picture for a given user.- Specified by:
getUserPicture
in interfaceIdentityService
-
deleteUserPicture
Description copied from interface:IdentityService
Deletes the picture for a given user. If the user does not have a picture or if the user doesn't exists the call is ignored.- Specified by:
deleteUserPicture
in interfaceIdentityService
-
setAuthenticatedUserId
Description copied from interface:IdentityService
Passes the authenticated user id for this thread. All service method (from any service) invocations done by the same thread will have access to this authenticatedUserId. Should be followed by a call toIdentityService.clearAuthentication()
once the interaction is terminated.- Specified by:
setAuthenticatedUserId
in interfaceIdentityService
- Parameters:
authenticatedUserId
- the id of the current user.
-
setAuthentication
- Specified by:
setAuthentication
in interfaceIdentityService
-
setAuthentication
Description copied from interface:IdentityService
Passes the authenticated user id and groupIds for this thread. All service method (from any service) invocations done by the same thread will have access to this authentication. Should be followed by a call toIdentityService.clearAuthentication()
once the interaction is terminated.- Specified by:
setAuthentication
in interfaceIdentityService
groups
- the groups of the current user.
-
setAuthentication
Description copied from interface:IdentityService
Passes the authenticated user id, group ids and tenant ids for this thread. All service method (from any service) invocations done by the same thread will have access to this authentication. Should be followed by a call toIdentityService.clearAuthentication()
once the interaction is terminated.- Specified by:
setAuthentication
in interfaceIdentityService
- Parameters:
userId
- the id of the current user.groups
- the groups of the current user.tenantIds
- the tenants of the current user.
-
clearAuthentication
public void clearAuthentication()Description copied from interface:IdentityService
Allows clearing the current authentication. Does not throw exception if no authentication exists.- Specified by:
clearAuthentication
in interfaceIdentityService
-
getCurrentAuthentication
- Specified by:
getCurrentAuthentication
in interfaceIdentityService
- Returns:
- the current authentication for this process engine.
-
getUserInfo
Description copied from interface:IdentityService
Generic extensibility key-value pairs associated with a user- Specified by:
getUserInfo
in interfaceIdentityService
-
getUserInfoKeys
Description copied from interface:IdentityService
Generic extensibility keys associated with a user- Specified by:
getUserInfoKeys
in interfaceIdentityService
-
getUserAccountNames
Description copied from interface:IdentityService
Get account names associated with the given user- Specified by:
getUserAccountNames
in interfaceIdentityService
-
setUserInfo
Description copied from interface:IdentityService
Generic extensibility key-value pairs associated with a user- Specified by:
setUserInfo
in interfaceIdentityService
-
deleteUserInfo
Description copied from interface:IdentityService
Delete an entry of the generic extensibility key-value pairs associated with a user- Specified by:
deleteUserInfo
in interfaceIdentityService
-
deleteUserAccount
Description copied from interface:IdentityService
Delete an entry of the generic extensibility key-value pairs associated with a user- Specified by:
deleteUserAccount
in interfaceIdentityService
-
getUserAccount
Description copied from interface:IdentityService
Get account information associated with a user- Specified by:
getUserAccount
in interfaceIdentityService
-
setUserAccount
public void setUserAccount(String userId, String userPassword, String accountName, String accountUsername, String accountPassword, Map<String, String> accountDetails) Description copied from interface:IdentityService
Store account information for a remote system- Specified by:
setUserAccount
in interfaceIdentityService
-
createTenantUserMembership
Description copied from interface:IdentityService
Creates a new membership between the given user and tenant.- Specified by:
createTenantUserMembership
in interfaceIdentityService
- Parameters:
tenantId
- the id of the tenant, cannot be null.userId
- the id of the user, cannot be null.
-
createTenantGroupMembership
Description copied from interface:IdentityService
Creates a new membership between the given group and tenant.- Specified by:
createTenantGroupMembership
in interfaceIdentityService
- Parameters:
tenantId
- the id of the tenant, cannot be null.groupId
- the id of the group, cannot be null.
-
deleteTenantUserMembership
Description copied from interface:IdentityService
Deletes the membership between the given user and tenant. The operation is ignored when the given user, tenant or membership don't exist.- Specified by:
deleteTenantUserMembership
in interfaceIdentityService
- Parameters:
tenantId
- the id of the tenant, cannot be null.userId
- the id of the user, cannot be null.
-
deleteTenantGroupMembership
Description copied from interface:IdentityService
Deletes the membership between the given group and tenant. The operation is ignored when the given group, tenant or membership don't exist.- Specified by:
deleteTenantGroupMembership
in interfaceIdentityService
- Parameters:
tenantId
- the id of the tenant, cannot be null.groupId
- the id of the group, cannot be null.
-