oracle.ifs.server

Class IdmCredentialManager

java.lang.Object

oracle.ifs.server.IdmCredentialManager

All Implemented Interfaces:

CredentialManager

public class IdmCredentialManager
extends Object
implements CredentialManager

IdmCredentialManager authenticates users

IdmCredentialManager supports user creation, user deletion, setting users' passwords, and listing users. However, any of these capabilities may be selectively disabled through service configuration properties.

IdmCredentialManager supports TokenCredential, CleartextCredential authentication.

IdmCredentialManager identifies users in User Repository by their User ID. The User ID is retrieved by UserRole API UserProfile.getUserID(), and stored in the DirectoryUser Name attribute.

Author:

Diep Maser

Field Summary

Fields

Modifier and Type	Field and Description
static String	LDAP_CREDENTIAL
static String	LDAP_DIRECTORY_VENDOR_ACTIVE_DIRECTORY
static String	LDAP_DIRECTORY_VENDOR_EDIRECTORY
static String	LDAP_DIRECTORY_VENDOR_IPLANET
static String	LDAP_DIRECTORY_VENDOR_OPENLDAP
static String	LDAP_DIRECTORY_VENDOR_OTHER
static String	LDAP_PRINCIPAL
static String	LDAP_SSL_KEY_PASSWORD
static String	LDAP_SSL_KEY_STORE
static String	OPTION_LISTUSERS_FIRSTNAMEFILTER Option to get the users whose first name matches a specified pattern.
static String	OPTION_LISTUSERS_LASTNAMEFILTER Option to get the users whose last name matches a specified pattern.
static String	OPTION_LISTUSERS_MAILFILTER Option to get the users whose email address matches a specified pattern.
static String	OPTION_LISTUSERS_MAXIMUMCOUNT
static String	OPTION_LISTUSERS_MAXIMUMTIME
static String	OPTION_LISTUSERS_USERDISTINGUISHEDNAMEFILTER Option to get the users whose GUID matches a specified pattern.
static String	OPTION_LISTUSERS_USERIDFILTER Option to get the users whose user Id (name) matches a specified pattern.
static String	SECURITY_PROVIDER_TYPE_FILE_BASED
static String	SECURITY_PROVIDER_TYPE_OID
static String	SECURITY_PROVIDER_TYPE_THIRD_PARTY_LDAP

Fields inherited from interface oracle.ifs.server.CredentialManager

IFS_SERVICE_CREDENTIALMANAGER_CLASSNAME, IFS_SERVICE_CREDENTIALMANAGER_DEFAULTREALM, IFS_SERVICE_CREDENTIALMANAGER_REALM_LIST, OPTION_LISTUSERS_CREDENTIALMANAGERNAME, OPTION_LISTUSERS_RETURNCMUSERS, OPTION_LISTUSERS_RETURNDISTINGUISHEDNAMES, OPTION_LISTUSERS_RETURNUSERIDS, OPTION_LISTUSERS_SUBSCRIBERNAME

Constructor Summary

Constructors

Constructor and Description
IdmCredentialManager(String name, S_LibraryService service) Constructs an IdmCredentialManager.

Method Summary

Modifier and Type	Method and Description
void	authenticate(String distinguishedName, Credential credential, ConnectOptions options) Authenticates the specified user using the specified credential.
oracle.security.idm.IdentityStore	createIdentityStore() Create an IdentityStore instance
protected static oracle.security.idm.IdentityStore	createIdentityStore(Hashtable env) Create an IdentityStore instance
String	createUser(String name, String password, AttributeValue[] options) Creates a new user.
void	deleteUser(String distinguishedName, AttributeValue[] options) Deletes the specified user.
void	dispose() Disposes this IdmCredentialManager.
boolean	exists(String distinguishedName) Determines whether this IdmCredentialManager can authenticate the specified user.
IdmCredentialManagerUtilities	getIdmCredentialManagerUtilities() Returns IdmCredentialManagerUtilities instance
protected static Hashtable	getOptionsHashtable(AttributeValue[] avs) Converts an AttributeValue[] to a Hashtable of AttributeValues.
AttributeValue	getProperty(String name) Gets the value of the specified dynamic property for this IdmCredentialManager.
Vector	listUsers(AttributeValue[] options) Gets the users managed by this IdmCredentialManager.
void	setPassword(String distinguishedName, String password, AttributeValue[] options) Sets the password of the specified user.
boolean	supportsCreateUser() Determines whether this IdmCredentialManager supports the createUser method.
boolean	supportsDeleteUser() Determines whether this IdmCredentialManager supports the deleteUser method.
boolean	supportsListUsers() Determines whether this IdmCredentialManager supports the listUsers method.
boolean	supportsSetPassword() Determines whether this IdmCredentialManager supports the setPassword method.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

OPTION_LISTUSERS_USERIDFILTER

public static final String OPTION_LISTUSERS_USERIDFILTER

Option to get the users whose user Id (name) matches a specified pattern.

This option applies to listUsers and must have a String value.

The value of this option specifies a filter to apply to user Id. Use "*" to indicate zero or more characters in that position. Special characters "(", ")", and "\" are handled internally and thus escaping is not required. If null or unspecified, no Id filter is applied to the users.

See Also:

Constant Field Values

OPTION_LISTUSERS_USERDISTINGUISHEDNAMEFILTER

public static final String OPTION_LISTUSERS_USERDISTINGUISHEDNAMEFILTER

Option to get the users whose GUID matches a specified pattern.

This option applies to listUsers and must have a String value.

The value of this option specifies a filter to apply to user Id. Use "*" to indicate zero or more characters in that position. Special characters "(", ")", and "\" are handled internally and thus escaping is not required. If null or unspecified, no Id filter is applied to the users.

See Also:

Constant Field Values

OPTION_LISTUSERS_MAILFILTER

public static final String OPTION_LISTUSERS_MAILFILTER

Option to get the users whose email address matches a specified pattern.

This option applies to listUsers and must have a String value.

The value of this option specifies a filter to apply to user Id. Use "*" to indicate zero or more characters in that position. Special characters "(", ")", and "\" are handled internally and thus escaping is not required. If null or unspecified, no Id filter is applied to the users.

See Also:

Constant Field Values

OPTION_LISTUSERS_LASTNAMEFILTER

public static final String OPTION_LISTUSERS_LASTNAMEFILTER

Option to get the users whose last name matches a specified pattern.

This option applies to listUsers and must have a String value.

The value of this option specifies a filter to apply to user Id. Use "*" to indicate zero or more characters in that position. Special characters "(", ")", and "\" are handled internally and thus escaping is not required. If null or unspecified, no Id filter is applied to the users.

See Also:

Constant Field Values

OPTION_LISTUSERS_FIRSTNAMEFILTER

public static final String OPTION_LISTUSERS_FIRSTNAMEFILTER

Option to get the users whose first name matches a specified pattern.

This option applies to listUsers and must have a String value.

The value of this option specifies a filter to apply to user Id. Use "*" to indicate zero or more characters in that position. Special characters "(", ")", and "\" are handled internally and thus escaping is not required. If null or unspecified, no Id filter is applied to the users.

See Also:

Constant Field Values

OPTION_LISTUSERS_MAXIMUMTIME

public static final String OPTION_LISTUSERS_MAXIMUMTIME

See Also:

Constant Field Values

OPTION_LISTUSERS_MAXIMUMCOUNT

public static final String OPTION_LISTUSERS_MAXIMUMCOUNT

See Also:

Constant Field Values

SECURITY_PROVIDER_TYPE_FILE_BASED

public static final String SECURITY_PROVIDER_TYPE_FILE_BASED

See Also:

Constant Field Values

SECURITY_PROVIDER_TYPE_OID

public static final String SECURITY_PROVIDER_TYPE_OID

See Also:

Constant Field Values

SECURITY_PROVIDER_TYPE_THIRD_PARTY_LDAP

public static final String SECURITY_PROVIDER_TYPE_THIRD_PARTY_LDAP

See Also:

Constant Field Values

LDAP_DIRECTORY_VENDOR_ACTIVE_DIRECTORY

public static final String LDAP_DIRECTORY_VENDOR_ACTIVE_DIRECTORY

See Also:

Constant Field Values

LDAP_DIRECTORY_VENDOR_IPLANET

public static final String LDAP_DIRECTORY_VENDOR_IPLANET

See Also:

Constant Field Values

LDAP_DIRECTORY_VENDOR_OPENLDAP

public static final String LDAP_DIRECTORY_VENDOR_OPENLDAP

See Also:

Constant Field Values

LDAP_DIRECTORY_VENDOR_EDIRECTORY

public static final String LDAP_DIRECTORY_VENDOR_EDIRECTORY

See Also:

Constant Field Values

LDAP_DIRECTORY_VENDOR_OTHER

public static final String LDAP_DIRECTORY_VENDOR_OTHER

See Also:

Constant Field Values

LDAP_SSL_KEY_STORE

public static final String LDAP_SSL_KEY_STORE

See Also:

Constant Field Values

LDAP_SSL_KEY_PASSWORD

public static final String LDAP_SSL_KEY_PASSWORD

See Also:

Constant Field Values

LDAP_PRINCIPAL

public static final String LDAP_PRINCIPAL

See Also:

Constant Field Values

LDAP_CREDENTIAL

public static final String LDAP_CREDENTIAL

See Also:

Constant Field Values

Constructor Detail

IdmCredentialManager

public IdmCredentialManager(String name,
                            S_LibraryService service)
                     throws IfsException

Constructs an IdmCredentialManager.

Parameters:

name - the name of this IdmCredentialManager

service - the S_LibraryService to which this IdmCredentialManager belongs

Throws:

IfsException - (IFS-10150) if the operation fails

Method Detail

getIdmCredentialManagerUtilities

public IdmCredentialManagerUtilities getIdmCredentialManagerUtilities()
                                                               throws IfsException

Returns IdmCredentialManagerUtilities instance

Throws:

IfsException - (IFS-10150) if the operation fails

authenticate

public void authenticate(String distinguishedName,
                         Credential credential,
                         ConnectOptions options)
                  throws IfsException

Authenticates the specified user using the specified credential.

Only TokenCredential and CleartextCredential are supported.

Specified by:

authenticate in interface CredentialManager

Parameters:

distinguishedName - the distinguished name of the user

credential - the credential

options - the ConnectOptions supplied by the user; can be null

Throws:

IfsException -
10170: if the credential is invalid
10151: if the operation otherwise fails

exists

public boolean exists(String distinguishedName)
               throws IfsException

Determines whether this IdmCredentialManager can authenticate the specified user.

Specified by:

exists in interface CredentialManager

Parameters:

distinguishedName - the distinguished name of the user

Returns:

whether this IdmCredentialManager manages the user

Throws:

IfsException - if the operation fails

supportsCreateUser

public boolean supportsCreateUser()
                           throws IfsException

Determines whether this IdmCredentialManager supports the createUser method.

Specified by:

supportsCreateUser in interface CredentialManager

Returns:

whether createUser is supported

Throws:

IfsException - if the operation fails

createUser

public String createUser(String name,
                         String password,
                         AttributeValue[] options)
                  throws IfsException

Creates a new user.

Specified by:

createUser in interface CredentialManager

Parameters:

name - the name of the user

password - the password of the user

options - unused; may be null

Returns:

the distinguished name of the created user

Throws:

IfsException - (IFS-10154) if the operation fails

supportsDeleteUser

public boolean supportsDeleteUser()
                           throws IfsException

Determines whether this IdmCredentialManager supports the deleteUser method.

Specified by:

supportsDeleteUser in interface CredentialManager

Returns:

whether deleteUser is supported

Throws:

IfsException - (IFS-10155) if the operation fails

deleteUser

public void deleteUser(String distinguishedName,
                       AttributeValue[] options)
                throws IfsException

Deletes the specified user.

Specified by:

deleteUser in interface CredentialManager

Parameters:

distinguishedName - the distinguished name of the user

options - unused; may be null

Throws:

IfsException - (IFS-10156) if the operation fails

supportsSetPassword

public boolean supportsSetPassword()
                            throws IfsException

Determines whether this IdmCredentialManager supports the setPassword method.

Specified by:

supportsSetPassword in interface CredentialManager

Returns:

whether setPassword is supported

Throws:

IfsException - (IFS-10157) if the operation fails

setPassword

public void setPassword(String distinguishedName,
                        String password,
                        AttributeValue[] options)
                 throws IfsException

Sets the password of the specified user.

This method supports the following options:

• OPTION_SETPASSWORD_IFSPASSWORD: if true, the CM SDK-specific password is set; if false, null, or unspecified, the SSO password is set

Specified by:

setPassword in interface CredentialManager

Parameters:

distinguishedName - the distinguished name of the user

password - the new password

options - see method description; may be null

Throws:

IfsException - (IFS-10158) if the operation fails

supportsListUsers

public boolean supportsListUsers()
                          throws IfsException

Determines whether this IdmCredentialManager supports the listUsers method.

Specified by:

supportsListUsers in interface CredentialManager

Returns:

whether listUsers is supported

Throws:

IfsException - (IFS-10159) if the operation fails

listUsers

public Vector listUsers(AttributeValue[] options)
                 throws IfsException

Gets the users managed by this IdmCredentialManager.

This method supports the following options:

• OPTION_LISTUSERS_USERIDFILTER: a filter to apply to userids; use "*" to indicate any zero or more characters in that position; special characters "*", "(", ")", and "\" must be escaped in accordance with RFC 2254; if null or unspecified, no userid filter is applied to the subscriber's users
• OPTION_LISTUSERS_USERDISTINGUISHEDNAMEFILTER: a filter to apply to user GUIDs; use "*" to indicate any zero or more characters in that position; special characters "*", "(", ")", and "\" must be escaped in accordance with RFC 2254; if null or unspecified, no user GUID filter is applied to the subscriber's users
• OPTION_LISTUSERS_MAILFILTER: a filter to apply to the user's eMail address; use "*" to indicate any zero or more characters in that position; special characters "*", "(", ")", and "\" must be escaped in accordance with RFC 2254; if null or unspecified, no email address filter is applied to the subscriber's users
• OPTION_LISTUSERS_LASTNAMEFILTER: a filter to apply to the user's lastname; use "*" to indicate any zero or more characters in that position; special characters "*", "(", ")", and "\" must be escaped in accordance with RFC 2254; if null or unspecified, no lastname filter is applied to the subscriber's users
• OPTION_LISTUSERS_FIRSTNAMEFILTER: a filter to apply to the user's firstname; use "*" to indicate any zero or more characters in that position; special characters "*", "(", ")", and "\" must be escaped in accordance with RFC 2254; if null or unspecified, no firstname filter is applied to the subscriber's users
• OPTION_LISTUSERS_MAXIMUMTIME: the maximum time to wait, in milliseconds; if 0, null, or unspecified, the operation waits indefinitely
• OPTION_LISTUSERS_MAXIMUMCOUNT: the maximum number of users to return; if 0, null, or unspecified, no limit is applied
• OPTION_LISTUSERS_RETURNUSERIDS: if true, userids are returned.

OPTION_LISTUSERS_RETURNGUIDS: if true, GUIDs are returned; this is the default otpion for returned values.

OPTION_LISTUSERS_RETURNCMUSERS: if true, the CredentialManagerUser objects are returned.

Specified by:

listUsers in interface CredentialManager

Parameters:

options - see method description; may be null

Returns:

a Vector of users or userIds or GUIDs, depends on the specified options.

Throws:

IfsException - if the operation fails

getProperty

public AttributeValue getProperty(String name)
                           throws IfsException

Gets the value of the specified dynamic property for this IdmCredentialManager.

Specified by:

getProperty in interface CredentialManager

Parameters:

name - the property name

Returns:

the property value, or null if there is no such property

Throws:

IfsException - (IFS-10163) if the operation fails

dispose

public void dispose()
             throws IfsException

Disposes this IdmCredentialManager.

Specified by:

dispose in interface CredentialManager

Throws:

IfsException - (IFS-10161) if the operation fails

getOptionsHashtable

protected static Hashtable getOptionsHashtable(AttributeValue[] avs)
                                        throws IfsException

Converts an AttributeValue[] to a Hashtable of AttributeValues.

Parameters:

avs - the array of AttributeValues

Returns:

the Hashtable of AttributeValues

Throws:

IfsException - if the operation fails

createIdentityStore

public oracle.security.idm.IdentityStore createIdentityStore()
                                                      throws IfsException

Create an IdentityStore instance

Returns:

the IdentityStore instance

Throws:

IfsException - if the operation fails

createIdentityStore

protected static oracle.security.idm.IdentityStore createIdentityStore(Hashtable env)
                                                                throws IfsException

Create an IdentityStore instance

Parameters:

env - the property environment

Returns:

the IdentityStore instance

Throws:

IfsException - if the operation fails