oracle.ifs.server

Interface CredentialManager

All Known Implementing Classes:

IdmCredentialManager, IfsCredentialManager, UniversalCredentialManager, XeCredentialManager

public interface CredentialManager

A CredentialManager manages user authentication.

CredentialManagers have varying capabilities. At minimum, a CredentialManger must be able to authenticate users and determine the existence of a user. Some CredentialManagers may also be able to create, delete, or list users and set user passwords.

CredentialManagers do not use the iFS repository's transaction semantic. Operations on CredentialManagers are automically committed.

CredentialManagers must provide a constructor with the following signature: public CredentialManager(String name, S_LibraryService service) throws IfsException, where name is the name used to refer to this CredentialManager in API calls and service is the S_LibraryService to which this CredentialManager belongs.

Version:

1.0

Author:

David Pitfield

(Published)

Field Summary

Fields

Modifier and Type	Field and Description
static String	IFS_SERVICE_CREDENTIALMANAGER_CLASSNAME Property whose String value is the CredentialManager classname.
static String	IFS_SERVICE_CREDENTIALMANAGER_DEFAULTREALM Property whose String value is the name of the default realm for this CredentialManager.
static String	IFS_SERVICE_CREDENTIALMANAGER_REALM_LIST Property whose String[] value is the set of realms.
static String	OPTION_LISTUSERS_CREDENTIALMANAGERNAME Option to specifically set CredentialManagerName for ListUsers.
static String	OPTION_LISTUSERS_RETURNCMUSERS Option to return CredentialManagerUser objects.
static String	OPTION_LISTUSERS_RETURNDISTINGUISHEDNAMES Option to return Distinguished names (GUIDs).
static String	OPTION_LISTUSERS_RETURNUSERIDS Option to return userids.
static String	OPTION_LISTUSERS_SUBSCRIBERNAME Option to get the users for the specified subscriber.
static String	OPTION_LISTUSERS_USERDISTINGUISHEDNAMEFILTER Option to get the users whose user DistinguishedName (GUID) matches a specified pattern.

Method Summary

Modifier and Type	Method and Description
void	authenticate(String distinguishedName, Credential credential, ConnectOptions options) Authenticates the specified user using the specified credential.
String	createUser(String name, String password, AttributeValue[] options) Creates a new user.
void	deleteUser(String distinguishedName, AttributeValue[] options) Deletes the specified user.
void	dispose() Disposes this CredentialManager.
boolean	exists(String distinguishedName) Determines whether this CredentialManager can authenticate the specified user.
AttributeValue	getProperty(String name) Gets the value of the specified dynamic property for this CredentialManager.
Vector	listUsers(AttributeValue[] options) Gets the distinguished names of all users managed by this CredentialManager.
void	setPassword(String distinguishedName, String password, AttributeValue[] options) Sets the password of the specified user.
boolean	supportsCreateUser() Determines whether this CredentialManager supports the createUser method.
boolean	supportsDeleteUser() Determines whether this CredentialManager supports the deleteUser method.
boolean	supportsListUsers() Determines whether this CredentialManager supports the listUsers method.
boolean	supportsSetPassword() Determines whether this CredentialManager supports the setPassword method.

Field Detail

IFS_SERVICE_CREDENTIALMANAGER_CLASSNAME

static final String IFS_SERVICE_CREDENTIALMANAGER_CLASSNAME

Property whose String value is the CredentialManager classname.

All CredentialManager implementations should support this property.

See Also:

Constant Field Values

(Published)

IFS_SERVICE_CREDENTIALMANAGER_REALM_LIST

static final String IFS_SERVICE_CREDENTIALMANAGER_REALM_LIST

Property whose String[] value is the set of realms.

Many CredentialManager implementations support this property.

See Also:

Constant Field Values

(Published)

IFS_SERVICE_CREDENTIALMANAGER_DEFAULTREALM

static final String IFS_SERVICE_CREDENTIALMANAGER_DEFAULTREALM

Property whose String value is the name of the default realm for this CredentialManager.

Many CredentialManager implementations support this property.

See Also:

Constant Field Values

(Published)

OPTION_LISTUSERS_RETURNDISTINGUISHEDNAMES

static final String OPTION_LISTUSERS_RETURNDISTINGUISHEDNAMES

Option to return Distinguished names (GUIDs).

This option applies to listUsers and must have a boolean value.

If the value of this option is true, Distinguished names are returned. This is the default option.

See Also:

Constant Field Values

(Published)

OPTION_LISTUSERS_RETURNUSERIDS

static final String OPTION_LISTUSERS_RETURNUSERIDS

Option to return userids.

This option applies to listUsers and must have a boolean value.

If the value of this option is true, userids are returned.

See Also:

Constant Field Values

(Published)

OPTION_LISTUSERS_RETURNCMUSERS

static final String OPTION_LISTUSERS_RETURNCMUSERS

Option to return CredentialManagerUser objects.

This option applies to listUsers and must have a boolean value.

If the value of this option is true, CredentialManagerUser objects are returned.

See Also:

Constant Field Values

(Published)

OPTION_LISTUSERS_SUBSCRIBERNAME

static final String OPTION_LISTUSERS_SUBSCRIBERNAME

Option to get the users for the specified subscriber.

This option applies to listUsers and must have a String value.

The value of this option specifies the subscriber name for which to return users. If null or unspecified, the users are returned for the default subscriber.

See Also:

Constant Field Values

(Published)

OPTION_LISTUSERS_USERDISTINGUISHEDNAMEFILTER

static final String OPTION_LISTUSERS_USERDISTINGUISHEDNAMEFILTER

Option to get the users whose user DistinguishedName (GUID) matches a specified pattern.

This option applies to listUsers and must have a String value.

The value of this option specifies a filter to apply to user GUIDs. Use "*" to indicate zero or more characters in that position. Special characters "*", "(", ")", and "\" must be escaped in accordance with RFC 2254. If null or unspecified, no user GUID filter is applied to the subscriber's users.

See Also:

Constant Field Values

(Published)

OPTION_LISTUSERS_CREDENTIALMANAGERNAME

static final String OPTION_LISTUSERS_CREDENTIALMANAGERNAME

Option to specifically set CredentialManagerName for ListUsers.

See Also:

Constant Field Values

(Published)

Method Detail

authenticate

void authenticate(String distinguishedName,
                  Credential credential,
                  ConnectOptions options)
           throws IfsException

Authenticates the specified user using the specified credential.

Parameters:

distinguishedName - the distinguished name of the user

credential - the credential

options - the ConnectOptions supplied by the user

Throws:

IfsException - (IFS-10170) if the credential is invalid

IfsException - (IFS-10151) if the operation otherwise fails

(Published)

exists

boolean exists(String distinguishedName)
        throws IfsException

Determines whether this CredentialManager can authenticate the specified user.

Parameters:

distinguishedName - the distinguished name of the user

Returns:

whether this CredentialManager manages the user

Throws:

IfsException - (IFS-10152) if the operation fails

(Published)

supportsCreateUser

boolean supportsCreateUser()
                    throws IfsException

Determines whether this CredentialManager supports the createUser method.

Returns:

whether createUser is supported

Throws:

IfsException - (IFS-10153) if the operation fails

(Published)

createUser

String createUser(String name,
                  String password,
                  AttributeValue[] options)
           throws IfsException

Creates a new user.

Parameters:

name - the name of the user; some CredentialManagers may convert this name into a distinguished name if required; other CredentialManagers may require this to be a distinguished name to begin with

password - the password of the user

options - CredentialManager-specific options; a null value requests default behavior

Returns:

the distinguished name of the created user

Throws:

IfsException - (IFS-10154) if the operation fails

(Published)

supportsDeleteUser

boolean supportsDeleteUser()
                    throws IfsException

Determines whether this CredentialManager supports the deleteUser method.

Returns:

whether deleteUser is supported

Throws:

IfsException - (IFS-10155) if the operation fails

(Published)

deleteUser

void deleteUser(String distinguishedName,
                AttributeValue[] options)
         throws IfsException

Deletes the specified user.

Parameters:

distinguishedName - the distinguished name of the user

options - CredentialManager-specific options; a null value requests default behavior

Throws:

IfsException - (IFS-10156) if the operation fails

(Published)

supportsSetPassword

boolean supportsSetPassword()
                     throws IfsException

Determines whether this CredentialManager supports the setPassword method.

Returns:

whether setPassword is supported

Throws:

IfsException - (IFS-10157) if the operation fails

(Published)

setPassword

void setPassword(String distinguishedName,
                 String password,
                 AttributeValue[] options)
          throws IfsException

Sets the password of the specified user.

Parameters:

distinguishedName - the distinguished name of the user

password - the new password

options - CredentialManager-specific options; a null value requests default behavior

Throws:

IfsException - (IFS-10158) if the operation fails

(Published)

supportsListUsers

boolean supportsListUsers()
                   throws IfsException

Determines whether this CredentialManager supports the listUsers method.

Returns:

whether listUsers is supported

Throws:

IfsException - (IFS-10159) if the operation fails

(Published)

listUsers

Vector listUsers(AttributeValue[] options)
          throws IfsException

Gets the distinguished names of all users managed by this CredentialManager.

Parameters:

options - CredentialManager-specific options; a null value requests default behavior

Returns:

a Vector of string distinguished names

Throws:

IfsException - (IFS-10160) if the operation fails

(Published)

getProperty

AttributeValue getProperty(String name)
                    throws IfsException

Gets the value of the specified dynamic property for this CredentialManager.

Parameters:

name - the property name

Returns:

the property value, or null if there is no such property

Throws:

IfsException - (IFS-10163) if the operation fails

(Published)

dispose

void dispose()
      throws IfsException

Disposes this CredentialManager.

This method is invoked by the DirectoryService to shutdown this CredentialManager. The CredentialManager should perform any clean up tasks and release any resources it holds.

Throws:

IfsException - (IFS-10161) if the operation fails

(Published)