Package org.camunda.bpm.engine
Interface IdentityService
- All Known Implementing Classes:
IdentityServiceImpl
public interface IdentityService
- Author:
- Tom Baeyens, Daniel Meyer
-
Method Summary
Modifier and TypeMethodDescriptionboolean
checkPassword
(String userId, String password) Checks if the password is valid for the given user.checkPasswordAgainstPolicy
(String password) Check a given password against the configuredPasswordPolicy
.checkPasswordAgainstPolicy
(String candidatePassword, User user) Check a given password against the configuredPasswordPolicy
.checkPasswordAgainstPolicy
(PasswordPolicy policy, String password) Check a given password against a givenPasswordPolicy
.checkPasswordAgainstPolicy
(PasswordPolicy policy, String candidatePassword, User user) Check a given password against a givenPasswordPolicy
.void
Allows clearing the current authentication.Creates aGroupQuery
thats allows to programmatically query the groups.void
createMembership
(String userId, String groupId) Creates aNativeUserQuery
that allows to select users with native queries.void
createTenantGroupMembership
(String tenantId, String groupId) Creates a new membership between the given group and tenant.Creates aTenantQuery
thats allows to programmatically query the tenants.void
createTenantUserMembership
(String tenantId, String userId) Creates a new membership between the given user and tenant.Creates aUserQuery
that allows to programmatically query the users.void
deleteGroup
(String groupId) Deletes the group.void
deleteMembership
(String userId, String groupId) Delete the membership of the user in the group.void
deleteTenant
(String tenantId) Deletes the tenant.void
deleteTenantGroupMembership
(String tenantId, String groupId) Deletes the membership between the given group and tenant.void
deleteTenantUserMembership
(String tenantId, String userId) Deletes the membership between the given user and tenant.void
deleteUser
(String userId) void
deleteUserAccount
(String userId, String accountName) Deprecated.void
deleteUserInfo
(String userId, String key) Delete an entry of the generic extensibility key-value pairs associated with a uservoid
deleteUserPicture
(String userId) Deletes the picture for a given user.Returns thePasswordPolicy
that is currently configured in the engine.getUserAccount
(String userId, String userPassword, String accountName) Deprecated.getUserAccountNames
(String userId) Deprecated.getUserInfo
(String userId, String key) Generic extensibility key-value pairs associated with a usergetUserInfoKeys
(String userId) Generic extensibility keys associated with a usergetUserPicture
(String userId) Retrieves the picture for a given user.boolean
Allows to inquire whether this identity service implementation provides read-only access to the user repository, false otherwise.Creates a new group.Creates a new tenant.Creates a new user.void
Saves the group.void
saveTenant
(Tenant tenant) Saves the tenant.void
Saves the user.void
setAuthenticatedUserId
(String authenticatedUserId) Passes the authenticated user id for this thread.void
setAuthentication
(String userId, List<String> groups) Passes the authenticated user id and groupIds for this thread.void
Passes the authenticated user id, group ids and tenant ids for this thread.void
setAuthentication
(Authentication currentAuthentication) void
setUserAccount
(String userId, String userPassword, String accountName, String accountUsername, String accountPassword, Map<String, String> accountDetails) Deprecated.void
setUserInfo
(String userId, String key, String value) Generic extensibility key-value pairs associated with a uservoid
setUserPicture
(String userId, Picture picture) Sets the picture for a given user.void
unlockUser
(String userId)
-
Method Details
-
isReadOnly
boolean isReadOnly()Allows to inquire whether this identity service implementation provides read-only access to the user repository, false otherwise.
Read only identity service implementations do not support the following methods:-
newUser(String)
-
saveUser(User)
-
deleteUser(String)
-
newGroup(String)
-
saveGroup(Group)
-
deleteGroup(String)
-
newTenant(String)
-
saveTenant(Tenant)
-
deleteTenant(String)
-
createMembership(String, String)
-
deleteMembership(String, String)
-
createTenantUserMembership(String, String)
-
createTenantGroupMembership(String, String)
-
deleteTenantUserMembership(String, String)
-
deleteTenantGroupMembership(String, String)
If these methods are invoked on a read-only identity service implementation, the invocation will throw an
UnsupportedOperationException
.- Returns:
- true if this identity service implementation provides read-only access to the user repository, false otherwise.
-
-
newUser
Creates a new user. The user is transient and must be saved usingsaveUser(User)
.- Parameters:
userId
- id for the new user, cannot be null.- Throws:
UnsupportedOperationException
- if identity service implementation is read only. SeeisReadOnly()
AuthorizationException
- if the user has noPermissions.CREATE
permissions onResources.USER
.
-
saveUser
Saves the user. If the user already existed, the user is updated.- Parameters:
user
- user to save, cannot be null.- Throws:
ProcessEngineException
- whenProcessEngineConfiguration.enablePasswordPolicy
istrue
and password violates password policyProcessEngineException
- when user id violates:RuntimeException
- when a user with the same name already exists.UnsupportedOperationException
- if identity service implementation is read only. SeeisReadOnly()
AuthorizationException
- if the user has noPermissions.UPDATE
permissions onResources.USER
(update existing user) or if user has noPermissions.CREATE
permissions onResources.USER
(save new user).
-
createUserQuery
UserQuery createUserQuery()Creates aUserQuery
that allows to programmatically query the users. -
deleteUser
- Parameters:
userId
- id of user to delete, cannot be null. When an id is passed for an unexisting user, this operation is ignored.- Throws:
UnsupportedOperationException
- if identity service implementation is read only. SeeisReadOnly()
AuthorizationException
- if the user has noPermissions.DELETE
permissions onResources.USER
.
-
unlockUser
-
newGroup
Creates a new group. The group is transient and must be saved usingsaveGroup(Group)
.- Parameters:
groupId
- id for the new group, cannot be null.- Throws:
UnsupportedOperationException
- if identity service implementation is read only. SeeisReadOnly()
AuthorizationException
- if the user has noPermissions.CREATE
permissions onResources.GROUP
.
-
createNativeUserQuery
NativeUserQuery createNativeUserQuery()Creates aNativeUserQuery
that allows to select users with native queries.- Returns:
- NativeUserQuery
-
createGroupQuery
GroupQuery createGroupQuery()Creates aGroupQuery
thats allows to programmatically query the groups. -
saveGroup
Saves the group. If the group already existed, the group is updated.- Parameters:
group
- group to save. Cannot be null.- Throws:
ProcessEngineException
- when group id violates:RuntimeException
- when a group with the same name already exists.UnsupportedOperationException
- if identity service implementation is read only. SeeisReadOnly()
AuthorizationException
- if the user has noPermissions.UPDATE
permissions onResources.GROUP
(update existing group) or if user has noPermissions.CREATE
permissions onResources.GROUP
(save new group).
-
deleteGroup
Deletes the group. When no group exists with the given id, this operation is ignored.- Parameters:
groupId
- id of the group that should be deleted, cannot be null.- Throws:
UnsupportedOperationException
- if identity service implementation is read only. SeeisReadOnly()
AuthorizationException
- if the user has noPermissions.DELETE
permissions onResources.GROUP
.
-
createMembership
- Parameters:
userId
- the userId, cannot be null.groupId
- the groupId, cannot be null.- Throws:
RuntimeException
- when the given user or group doesn't exist or when the user is already member of the group.UnsupportedOperationException
- if identity service implementation is read only. SeeisReadOnly()
AuthorizationException
- if the user has noPermissions.CREATE
permissions onResources.GROUP_MEMBERSHIP
.
-
deleteMembership
Delete the membership of the user in the group. When the group or user don't exist or when the user is not a member of the group, this operation is ignored.- Parameters:
userId
- the user's id, cannot be null.groupId
- the group's id, cannot be null.- Throws:
UnsupportedOperationException
- if identity service implementation is read only. SeeisReadOnly()
AuthorizationException
- if the user has noPermissions.DELETE
permissions onResources.GROUP_MEMBERSHIP
.
-
newTenant
Creates a new tenant. The tenant is transient and must be saved usingsaveTenant(Tenant)
.- Parameters:
tenantId
- id for the new tenant, cannot benull
.- Throws:
UnsupportedOperationException
- if identity service implementation is read only. SeeisReadOnly()
AuthorizationException
- if the user has noPermissions.CREATE
permissions onResources.TENANT
.
-
createTenantQuery
TenantQuery createTenantQuery()Creates aTenantQuery
thats allows to programmatically query the tenants. -
saveTenant
Saves the tenant. If the tenant already existed, it is updated.- Parameters:
tenant
- the tenant to save. Cannot benull
.- Throws:
ProcessEngineException
- when tenant id violates:RuntimeException
- when a tenant with the same name already exists.UnsupportedOperationException
- if identity service implementation is read only. SeeisReadOnly()
AuthorizationException
- if the user has noPermissions.UPDATE
permissions onResources.TENANT
(update existing tenant) or if user has noPermissions.CREATE
permissions onResources.TENANT
(save new tenant).
-
deleteTenant
Deletes the tenant. When no tenant exists with the given id, this operation is ignored.- Parameters:
tenantId
- id of the tenant that should be deleted, cannot benull
.- Throws:
UnsupportedOperationException
- if identity service implementation is read only. SeeisReadOnly()
AuthorizationException
- if the user has noPermissions.DELETE
permissions onResources.TENANT
.
-
createTenantUserMembership
Creates a new membership between the given user and tenant.- Parameters:
tenantId
- the id of the tenant, cannot be null.userId
- the id of the user, cannot be null.- Throws:
RuntimeException
- when the given tenant or user doesn't exist or the user is already a member of this tenant.UnsupportedOperationException
- if identity service implementation is read only. SeeisReadOnly()
AuthorizationException
- if the user has noPermissions.CREATE
permissions onResources.TENANT_MEMBERSHIP
.
-
createTenantGroupMembership
Creates a new membership between the given group and tenant.- Parameters:
tenantId
- the id of the tenant, cannot be null.groupId
- the id of the group, cannot be null.- Throws:
RuntimeException
- when the given tenant or group doesn't exist or when the group is already a member of this tenant.UnsupportedOperationException
- if identity service implementation is read only. SeeisReadOnly()
AuthorizationException
- if the user has noPermissions.CREATE
permissions onResources.TENANT_MEMBERSHIP
.
-
deleteTenantUserMembership
Deletes the membership between the given user and tenant. The operation is ignored when the given user, tenant or membership don't exist.- Parameters:
tenantId
- the id of the tenant, cannot be null.userId
- the id of the user, cannot be null.- Throws:
UnsupportedOperationException
- if identity service implementation is read only. SeeisReadOnly()
AuthorizationException
- if the user has noPermissions.DELETE
permissions onResources.TENANT_MEMBERSHIP
.
-
deleteTenantGroupMembership
Deletes the membership between the given group and tenant. The operation is ignored when the given group, tenant or membership don't exist.- Parameters:
tenantId
- the id of the tenant, cannot be null.groupId
- the id of the group, cannot be null.- Throws:
UnsupportedOperationException
- if identity service implementation is read only. SeeisReadOnly()
AuthorizationException
- if the user has noPermissions.DELETE
permissions onResources.TENANT_MEMBERSHIP
.
-
checkPassword
Checks if the password is valid for the given user. Arguments userId and password are nullsafe. -
checkPasswordAgainstPolicy
Check a given password against the configuredPasswordPolicy
. The result is returned asPasswordPolicyResult
which contains all passed and violated rules as well as a flag indicating if the password is valid.- Parameters:
password
- the password that should be tested- Returns:
- a
PasswordPolicyResult
containing passed and failed rules
-
checkPasswordAgainstPolicy
Check a given password against the configuredPasswordPolicy
. The result is returned asPasswordPolicyResult
which contains all passed and violated rules as well as a flag indicating if the password is valid.- Parameters:
candidatePassword
- which is checked against a password policyuser
- to be taken into account when checking the candidate password- Returns:
- a
PasswordPolicyResult
containing passed and failed rules
-
checkPasswordAgainstPolicy
Check a given password against a givenPasswordPolicy
. The result is returned asPasswordPolicyResult
which contains all passed and violated rules as well as a flag indicating if the password is valid.- Parameters:
policy
- thePasswordPolicy
against which the password is testedpassword
- the password that should be tested- Returns:
- a
PasswordPolicyResult
containing passed and failed rules
-
checkPasswordAgainstPolicy
PasswordPolicyResult checkPasswordAgainstPolicy(PasswordPolicy policy, String candidatePassword, User user) Check a given password against a givenPasswordPolicy
. The result is returned asPasswordPolicyResult
which contains all passed and violated rules as well as a flag indicating if the password is valid.- Parameters:
policy
- thePasswordPolicy
against which the password is testedcandidatePassword
- which is checked against a password policyuser
- to be taken into account when checking the candidate password- Returns:
- a
PasswordPolicyResult
containing passed and failed rules
-
getPasswordPolicy
PasswordPolicy getPasswordPolicy()Returns thePasswordPolicy
that is currently configured in the engine.- Returns:
- the current
PasswordPolicy
ornull
if no policy is set or the configured policy is disabled.
-
setAuthenticatedUserId
Passes the authenticated user id for this thread. All service method (from any service) invocations done by the same thread will have access to this authenticatedUserId. Should be followed by a call toclearAuthentication()
once the interaction is terminated.- Parameters:
authenticatedUserId
- the id of the current user.
-
setAuthentication
Passes the authenticated user id and groupIds for this thread. All service method (from any service) invocations done by the same thread will have access to this authentication. Should be followed by a call toclearAuthentication()
once the interaction is terminated.- Parameters:
authenticatedUserId
- the id of the current user.groups
- the groups of the current user.
-
setAuthentication
Passes the authenticated user id, group ids and tenant ids for this thread. All service method (from any service) invocations done by the same thread will have access to this authentication. Should be followed by a call toclearAuthentication()
once the interaction is terminated.- Parameters:
userId
- the id of the current user.groups
- the groups of the current user.tenantIds
- the tenants of the current user.
-
setAuthentication
- Parameters:
currentAuthentication
-
-
getCurrentAuthentication
Authentication getCurrentAuthentication()- Returns:
- the current authentication for this process engine.
-
clearAuthentication
void clearAuthentication()Allows clearing the current authentication. Does not throw exception if no authentication exists. -
setUserPicture
Sets the picture for a given user.- Parameters:
picture
- can be null to delete the picture.- Throws:
ProcessEngineException
- if the user doesn't exist.
-
getUserPicture
Retrieves the picture for a given user.- Returns:
- null if the user doesn't have a picture.
- Throws:
ProcessEngineException
- if the user doesn't exist.
-
deleteUserPicture
Deletes the picture for a given user. If the user does not have a picture or if the user doesn't exists the call is ignored.- Throws:
ProcessEngineException
- if the user doesn't exist.
-
setUserInfo
Generic extensibility key-value pairs associated with a user -
getUserInfo
Generic extensibility key-value pairs associated with a user -
getUserInfoKeys
Generic extensibility keys associated with a user -
deleteUserInfo
Delete an entry of the generic extensibility key-value pairs associated with a user -
setUserAccount
@Deprecated void setUserAccount(String userId, String userPassword, String accountName, String accountUsername, String accountPassword, Map<String, String> accountDetails) Deprecated.Store account information for a remote system -
getUserAccountNames
Deprecated.Get account names associated with the given user -
getUserAccount
Deprecated.Get account information associated with a user -
deleteUserAccount
Deprecated.Delete an entry of the generic extensibility key-value pairs associated with a user
-