@Override public IdentityStoreInvocationContext createContext() { return new IdentityStoreInvocationContext(this.identityCache, eventBridge, credentialHandlerFactory); }
@Override public void updateCredential(Agent agent, Object credential, Date effectiveDate, Date expiryDate) { CredentialHandler handler = getContext().getCredentialUpdater(credential.getClass(), this); if (handler == null) { throw new SecurityConfigurationException( "No suitable CredentialHandler available for updating Credentials of type [" + credential.getClass() + "] for IdentityStore [" + this.getClass() + "]"); } handler.update(agent, credential, this, effectiveDate, expiryDate); }
@Override public void validateCredentials(Credentials credentials) { CredentialHandler handler = getContext().getCredentialValidator(credentials.getClass(), this); if (handler == null) { throw new SecurityConfigurationException( "No suitable CredentialHandler available for validating Credentials of type [" + credentials.getClass() + "] for IdentityStore [" + this.getClass() + "]"); } handler.validate(credentials, this); }
@Override public void initContextForStore(IdentityStoreInvocationContext ctx, IdentityStore store) { if (store instanceof JPAIdentityStore) { if (!ctx.isParameterSet(JPAIdentityStore.INVOCATION_CTX_ENTITY_MANAGER)) { ctx.setParameter(JPAIdentityStore.INVOCATION_CTX_ENTITY_MANAGER, getEntityManager()); } } }
protected EntityManager getEntityManager() { if (!getContext().isParameterSet(INVOCATION_CTX_ENTITY_MANAGER)) { throw new IllegalStateException("Error while trying to determine EntityManager - context parameter not set."); } return (EntityManager) getContext().getParameter(INVOCATION_CTX_ENTITY_MANAGER); }
@Override public Group getGroup(String groupName, Group parent) { IdentityStoreInvocationContext ctx = createContext(); if (ctx.getRealm() != null && ctx.getTier() != null) { throw new IllegalStateException("Ambiguous context state - Group may only be managed in either the " + "scope of a Realm or a Tier, however both have been set."); } return getContextualStoreForFeature(ctx, Feature.readGroup).getGroup(groupName, parent); }
@Override public User getUser(String id) { if (id == null) { return null; } // Check the cache first User user = getContext().getCache().lookupUser(context.getRealm(), id); // If the cache doesn't have a reference to the User, we have to look up it's identity object // and create a User instance based on it if (user == null) { DefaultIdentityQuery<User> defaultIdentityQuery = new DefaultIdentityQuery(User.class, this); defaultIdentityQuery.setParameter(User.ID, id); List<User> resultList = defaultIdentityQuery.getResultList(); if (!resultList.isEmpty()) { user = resultList.get(0); } getContext().getCache().putUser(context.getRealm(), user); } return user; }
@Override public void update(IdentityType identityType) { checkInvalidIdentityType(identityType); IdentityTypeHandler<IdentityType> identityTypeManager = getConfig().getIdentityTypeManager(identityType.getClass()); Object identity = getIdentityObject(identityType); identityTypeManager.populateIdentityInstance(getContext().getRealm(), identity, identityType, this); updateAttributes(identityType, identity); EntityManager em = getEntityManager(); em.merge(identity); em.flush(); AbstractBaseEvent event = identityTypeManager.raiseUpdatedEvent(identityType, this); event.getContext().setValue(EVENT_CONTEXT_USER_ENTITY, identity); getContext().getEventBridge().raiseEvent(event); }
@Override public void add(IdentityType identityType) { Class<? extends IdentityType> identityTypeClass = identityType.getClass(); if (IDMUtil.isUserType(identityTypeClass)) { User storedUser = addUser((User) identityType); UserCreatedEvent event = new UserCreatedEvent(storedUser); // event.getContext().setValue(EVENT_CONTEXT_USER_ENTITY, storedUser); getContext().getEventBridge().raiseEvent(event); } else if (IDMUtil.isGroupType(identityTypeClass)) { Group storedGroup = addGroup((Group) identityType); GroupCreatedEvent event = new GroupCreatedEvent(storedGroup); //event.getContext().setValue(EVENT_CONTEXT_USER_ENTITY, storedGroup); getContext().getEventBridge().raiseEvent(event); } else if (IDMUtil.isRoleType(identityTypeClass)) { Role storedRole = addRole((Role) identityType); RoleCreatedEvent event = new RoleCreatedEvent(storedRole); // event.getContext().setValue(EVENT_CONTEXT_USER_ENTITY, storedRole); getContext().getEventBridge().raiseEvent(event); } }
private IdentityStore<?> getContextualStoreForFeature(IdentityStoreInvocationContext ctx, Feature feature) { String realm = (ctx.getRealm() != null) ? ctx.getRealm().getName() : Realm.DEFAULT_REALM; if (!realmStores.containsKey(realm)) { throw new SecurityException("The specified realm '" + realm + "' has not been configured."); } IdentityStoreConfiguration config = null; Map<Feature,IdentityStoreConfiguration> featureToStoreMap = realmStores.get(realm); if (featureToStoreMap.containsKey(feature)) { config = featureToStoreMap.get(feature); } else if (featureToStoreMap.containsKey(Feature.all)) { config = featureToStoreMap.get(Feature.all); } else { throw new UnsupportedOperationException("The requested identity management feature [" + feature.toString() + "] has not been configured."); } IdentityStore<?> store = storeFactory.createIdentityStore(config, ctx); getContextFactory().initContextForStore(ctx, store); return store; }
@Override public Group getGroup(String groupId) { IdentityStoreInvocationContext ctx = createContext(); if (ctx.getRealm() != null && ctx.getTier() != null) { throw new IllegalStateException("Ambiguous context state - Group may only be managed in either the " + "scope of a Realm or a Tier, however both have been set."); } return getContextualStoreForFeature(ctx, Feature.readGroup).getGroup(groupId); }
@Override public Group getGroup(String groupId) { if (groupId == null) { return null; } // Check the cache first Realm partition = context.getRealm(); Group group = getContext().getCache().lookupGroup(partition, groupId); if (group == null) { DefaultIdentityQuery<Group> defaultIdentityQuery = new DefaultIdentityQuery(Group.class, this); defaultIdentityQuery.setParameter(Group.NAME, groupId); List<Group> resultList = defaultIdentityQuery.getResultList(); if (!resultList.isEmpty()) { group = resultList.get(0); } getContext().getCache().putGroup(partition, group); } return group; }
@Override public void add(IdentityType identityType) { checkInvalidIdentityType(identityType); if (lookupIdentityObjectById(identityType) != null) { throw new IdentityManagementException("IdentityType already exists."); } try { IdentityTypeHandler<IdentityType> identityTypeManager = getConfig().getIdentityTypeManager(identityType.getClass()); Object identity = identityTypeManager.createIdentityInstance(getContext().getRealm(), identityType, this); EntityManager em = getEntityManager(); em.persist(identity); em.flush(); updateAttributes(identityType, identity); AbstractBaseEvent event = identityTypeManager.raiseCreatedEvent(identityType, this); event.getContext().setValue(EVENT_CONTEXT_USER_ENTITY, identity); getContext().getEventBridge().raiseEvent(event); } catch (Exception ex) { throw new IdentityManagementException("Exception while creating IdentityType [" + identityType + "].", ex); } }
@Override public void add(IdentityType identityType) { Class<? extends IdentityType> identityTypeClass = identityType.getClass(); if (IDMUtil.isUserType(identityTypeClass)) { User storedUser = addUser((User) identityType); UserCreatedEvent event = new UserCreatedEvent(storedUser); // event.getContext().setValue(EVENT_CONTEXT_USER_ENTITY, storedUser); getContext().getEventBridge().raiseEvent(event); } else if (IDMUtil.isAgentType(identityTypeClass)) { Agent storedAgent = addAgent((Agent) identityType); AgentCreatedEvent event = new AgentCreatedEvent(storedAgent); // event.getContext().setValue(EVENT_CONTEXT_USER_ENTITY, storedUser); getContext().getEventBridge().raiseEvent(event); } else if (IDMUtil.isGroupType(identityTypeClass)) { Group storedGroup = addGroup((Group) identityType); GroupCreatedEvent event = new GroupCreatedEvent(storedGroup); // event.getContext().setValue(EVENT_CONTEXT_USER_ENTITY, storedGroup); getContext().getEventBridge().raiseEvent(event); } else if (IDMUtil.isRoleType(identityTypeClass)) { Role storedRole = addRole((Role) identityType); RoleCreatedEvent event = new RoleCreatedEvent(storedRole); // event.getContext().setValue(EVENT_CONTEXT_USER_ENTITY, storedRole); getContext().getEventBridge().raiseEvent(event); } else { throw new IdentityManagementException("Unsupported IdentityType [" + identityTypeClass.getName() + "]."); } }
@Override public <T extends IdentityType> List<T> fetchQueryResults(IdentityQuery<T> identityQuery) { List<T> result = new ArrayList<T>(); try { EntityManager em = getEntityManager(); JPACriteriaQueryBuilder criteriaBuilder = new JPACriteriaQueryBuilder(this, identityQuery); List<Predicate> predicates = criteriaBuilder.getPredicates(); CriteriaQuery<?> criteria = criteriaBuilder.getCriteria(); criteria.where(predicates.toArray(new Predicate[predicates.size()])); List<?> queryResult = em.createQuery(criteria).getResultList(); for (Object identity : queryResult) { String discriminator = getConfig().getModelProperty(PROPERTY_IDENTITY_DISCRIMINATOR).getValue(identity) .toString(); IdentityTypeHandler<? extends IdentityType> identityTypeManager = getConfig().getIdentityTypeStores().get( discriminator); T identityType = (T) identityTypeManager.createIdentityType(getContext().getRealm(), identity, this); configurePartition(getContext().getRealm(), identity, identityType); populateAttributes(identityType, identity); result.add(identityType); } } catch (Exception e) { throw new IdentityManagementException("Error executing query.", e); } return result; }
@Override public Role getRole(String name) { IdentityStoreInvocationContext ctx = createContext(); if (ctx.getRealm() != null && ctx.getTier() != null) { throw new IllegalStateException("Ambiguous context state - Role may only be managed in either the " + "scope of a Realm or a Tier, however both have been set."); } return getContextualStoreForFeature(ctx, Feature.readRole).getRole(name); }
@Override public Role getRole(String name) { if (name == null) { return null; } // Check the cache first Realm partition = context.getRealm(); Role role = getContext().getCache().lookupRole(partition, name); // If the cache doesn't have a reference to the Role, we have to look up it's identity object // and create a Role instance based on it if (role == null) { DefaultIdentityQuery<Role> defaultIdentityQuery = new DefaultIdentityQuery(Role.class, this); defaultIdentityQuery.setParameter(Role.NAME, name); List<Role> resultList = defaultIdentityQuery.getResultList(); if (!resultList.isEmpty()) { role = resultList.get(0); } getContext().getCache().putRole(partition, role); } return role; }
@Override public void remove(IdentityType identityType) { checkInvalidIdentityType(identityType); EntityManager em = getEntityManager(); IdentityTypeHandler<IdentityType> identityTypeManager = getConfig().getIdentityTypeManager(identityType.getClass()); Object identity = getIdentityObject(identityType); identityTypeManager.remove(identity, identityType, this); // Remove credentials removeCredentials(identity); // Remove attributes removeAttributes(identity); // Remove memberships - this takes a little more work because the identity may be // a member, a role or a group removeMemberships(identity); // Remove the identity object itself em.remove(identity); em.flush(); AbstractBaseEvent event = identityTypeManager.raiseDeletedEvent(identityType, this); event.getContext().setValue(EVENT_CONTEXT_USER_ENTITY, identity); getContext().getEventBridge().raiseEvent(event); }
@Override public void updateCredential(Agent agent, Object credential, Date effectiveDate, Date expiryDate) { CredentialHandler handler = getContext().getCredentialUpdater(credential.getClass(), this); if (handler == null) { throw new SecurityConfigurationException( "No suitable CredentialHandler available for updating Credentials of type [" + credential.getClass() + "] for IdentityStore [" + this.getClass() + "]"); } handler.update(agent, credential, this, effectiveDate, expiryDate); }
@Override public void validateCredentials(Credentials credentials) { CredentialHandler handler = getContext().getCredentialValidator(credentials.getClass(), this); if (handler == null) { throw new SecurityConfigurationException( "No suitable CredentialHandler available for validating Credentials of type [" + credentials.getClass() + "] for IdentityStore [" + this.getClass() + "]"); } handler.validate(credentials, this); }