Package com.webmethods.sc.directory
Interface IDirectorySession
- All Superinterfaces:
AutoCloseable
Main interface to interact with shared directory management component
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final String
Identifies currently logged in user to be used in thelookupPrincipalByID(String)
method.static final String
-
Method Summary
Modifier and TypeMethodDescriptionvoid
addPrincipalToGroup
(String principalID, String groupID) Adds a principal to a group.void
addPrincipalToRole
(String principalID, String roleID) Adds a principal to a role.authenticateUser
(String username, String password) Attempts to authenticate the user based on the credentials with any registered directory service in their configured search order.default IDirectoryUser
authenticateUser
(String username, String password, String oneTimePassword) Attempts to authenticate the user based on the credentials with any registered directory service in their configured search order.default void
Mark the current transient conversation long-running.void
close()
Release any resourcescreateDirectoryService
(String name, IDirectoryService.DIRECTORY_XTYPES type, Map<String, Object> properties) Creates an instance ofIDirectoryService
from the supplied parameters.createPagingCookie
(String directoryServiceID) Creates instance of directory paging cookie to be used forsearchDirectory(String, int, DirectorySearchQuery, IDirectoryPagingCookie)
method.createPrincipal
(String directoryServiceID, int principalType, String name, Map<String, ? extends Object> properties) Creates a new principal group or user associated with this specified directory service.createRole
(int roleType, String name, Map<String, ?> properties) Deprecated.createRole
(String roleType, String name, Map<String, ?> properties) Creates new role of the specified typevoid
deleteDirectoryService
(String directoryServiceID) Deletes aIDirectoryService
by its ID.void
deletePrincipal
(String principalID) Deletes a principal by its unique IDvoid
destroyPagingCookie
(IDirectoryPagingCookie directoryPagingCookie) Destroys directory paging cookie and frees up any associated resourcesdefault void
Mark the current long-running conversation transient.default Object
getAttribute
(String principalID, String papID, String attrName) getAttributeExtendedInfo
(String principalID, String principalAttributeProviderID, String attributeName) Returns extended information about attributes of the given provider (only if provider supports thisgetAttributeNames
(String principalID, String principalAttributeProviderID) List defined attribute names for the specified attribute providergetAttributeProvider
(String attributeProviderID) GetsIDirectoryPrincipalAttributeProvider
by its IDgetAttributeTitles
(String principalID, String principalAttributeProviderID, Locale locale) List defined user friendly attribute titles for the specified attribute providerReturns instance of certificate managergetDirectoryService
(String directoryServiceID) Returns instance ofIDirectoryService
by its ID.getDirectoryServiceByName
(String directoryServiceID) Returns instance ofIDirectoryService
by its ID.getDirectoryServiceDefaultValues
(IDirectoryService.DIRECTORY_XTYPES type, String dirSubType) Retruns a Map with the initial directory parameters.getGroupMembership
(String principalID) Retrieve the group membership for this principalgetMembers
(String principalID) Returns members of the group or role.getRoleMembership
(String principalID) Retrieve the role membership for this principaldefault ITOTPConfiguration
default Map<String,
TypedAttribute> getTypedAttributes
(String papID, String principalURI) int
getUsersCount
(IDirectoryService dirSvc) Lists all existing users for a particular dir service, or for all dir services if null provideddefault boolean
Returns if the conversation is marked transient or long-runningRetrieves the list of all registeredIDirectoryService
s ( regardless of state ) in the search order as defined in MWS directory services administrationlistAttributeProviders
(int principalType) Gets all registered principal attribute providersIDirectoryPrincipalAttributeProvider
Retrieves the list of all 'enabled and running' registeredIDirectoryService
s in the search order as defined in MWS directory services administrationLists all roles defined in the systemlookupPrincipalByAlias
(String principalAlias) Attempts to lookup a principal by well known aliaslookupPrincipalByDN
(String principalDN, int type) Attempts to lookup a principal by their dn.lookupPrincipalByDN
(String principalDN, int type, String dirServiceName) Attempts to lookup a principal by their dn.lookupPrincipalByID
(String principalID) Attempts to lookup a principal by their unique ID.lookupPrincipalByName
(String principalName, int type) Attempts to lookup a principal by their name.lookupUserByUUID
(String principalUUID, String dirServiceName) Attempts to lookup a user by their unique ID.void
modifyPrincipal
(String principalID, Map<String, ? extends Object> attributes) Sets attribute values for the principal.void
removePrincipalFromGroup
(String principalID, String groupID) Removes a principal from a group.void
removePrincipalFromRole
(String principalID, String roleID) Removes a principal from a role.searchDirectory
(String directoryServiceID, int principalType, DirectorySearchQuery query, IDirectoryPagingCookie directoryPagingCookie) Search principals in the given directory service.searchRoles
(IDirectoryPagingCookie pagingCookie, int maxResults) Searches for roles defined in the system based on the pagingCookie and maxResults valuesupdateDirectoryService
(String directoryServiceID, Map<String, Object> properties) Creates an instance ofIDirectoryService
from the supplied parameters.void
updateDirectoryServicesOrder
(List<String> orderedDirServices) Updates the search order of all registeredIDirectoryService
s as defined in MWS directory services administration.void
updateGdprConfig
(IGdprConfig config) default void
updateTotpConfig
(ITOTPConfiguration config)
-
Field Details
-
CURRENT_USER
Identifies currently logged in user to be used in thelookupPrincipalByID(String)
method. Currently logged it user is only valid inside IBM My webMethods Server- See Also:
-
ROLE_COOKIE_ID
- See Also:
-
-
Method Details
-
listDirectoryServices
Retrieves the list of all 'enabled and running' registeredIDirectoryService
s in the search order as defined in MWS directory services administration- Returns:
- Throws:
DirectoryException
-
listAllDirectoryServices
Retrieves the list of all registeredIDirectoryService
s ( regardless of state ) in the search order as defined in MWS directory services administration- Returns:
- Throws:
DirectoryException
-
updateDirectoryServicesOrder
Updates the search order of all registeredIDirectoryService
s as defined in MWS directory services administration. All directory services must be supplied for this service. Partial re-ordering is not supported.- Parameters:
directoryServiceID
- - the new order for directory services. Supply the URI of each service in the list.- Throws:
DirectoryException
-
getDirectoryService
Returns instance ofIDirectoryService
by its ID.- Parameters:
directoryServiceID
-- Returns:
- Throws:
DirectoryException
- if directory service ID is invalid
-
getDirectoryServiceByName
Returns instance ofIDirectoryService
by its ID.- Parameters:
directoryServiceID
-- Returns:
- Throws:
DirectoryException
- if directory service ID is invalid
-
deleteDirectoryService
Deletes aIDirectoryService
by its ID.- Parameters:
directoryServiceID
-- Throws:
DirectoryException
- if directory service ID is invalid
-
createDirectoryService
IDirectoryService createDirectoryService(String name, IDirectoryService.DIRECTORY_XTYPES type, Map<String, Object> properties) throws DirectoryExceptionCreates an instance ofIDirectoryService
from the supplied parameters.- Parameters:
name
- - name of the directory servicetype
- - type of the directory serviceproperties
- - all attributes of the directory service to be set.- Returns:
- - the newly created directory service.
- Throws:
DirectoryException
- if directory service ID is invalid
-
updateDirectoryService
IDirectoryService updateDirectoryService(String directoryServiceID, Map<String, Object> properties) throws DirectoryExceptionCreates an instance ofIDirectoryService
from the supplied parameters.- Parameters:
directoryServiceID
- - the id of the directory serviceproperties
- - all attributes of the directory service to be updated.- Returns:
- - the updated directory service.
- Throws:
DirectoryException
- if directory service ID is invalid
-
getDirectoryServiceDefaultValues
Map<String,Object> getDirectoryServiceDefaultValues(IDirectoryService.DIRECTORY_XTYPES type, String dirSubType) throws DirectoryException Retruns a Map with the initial directory parameters.- Parameters:
directoryServiceID
- - the id of the directory serviceproperties
- - all attributes of the directory service to be updated.- Returns:
- - the updated directory service.
- Throws:
DirectoryException
- if directory service ID is invalid
-
lookupPrincipalByName
Attempts to lookup a principal by their name. Delegates to all the directory services in their configured search order if type isIDirectoryPrincipal.TYPE_GROUP
orIDirectoryPrincipal.TYPE_USER
Lookup a role by its name if type isIDirectoryPrincipal.TYPE_ROLE
- Parameters:
principalName
-type
- principal type one of theIDirectoryPrincipal.TYPE_USER
,IDirectoryPrincipal.TYPE_GROUP
IDirectoryPrincipal.TYPE_ROLE
- Returns:
- the found IDirectoryPrincipal or null if not found
- Throws:
DirectoryException
-
lookupPrincipalByDN
Attempts to lookup a principal by their dn. Delegates to all the directory services in their configured search order if type isIDirectoryPrincipal.TYPE_GROUP
orIDirectoryPrincipal.TYPE_USER
Lookup a role by its DN if type isIDirectoryPrincipal.TYPE_ROLE
- Parameters:
principalDN
-type
- principal type one of theIDirectoryPrincipal.TYPE_USER
,IDirectoryPrincipal.TYPE_GROUP
IDirectoryPrincipal.TYPE_ROLE
- Returns:
- the found IDirectoryPrincipal or null if not found
- Throws:
DirectoryException
-
lookupPrincipalByDN
IDirectoryPrincipal lookupPrincipalByDN(String principalDN, int type, String dirServiceName) throws DirectoryException Attempts to lookup a principal by their dn. Delegates to all the directory services in their configured search order if type isIDirectoryPrincipal.TYPE_GROUP
orIDirectoryPrincipal.TYPE_USER
Lookup a role by its DN if type isIDirectoryPrincipal.TYPE_ROLE
- Parameters:
principalDN
-type
- principal type one of theIDirectoryPrincipal.TYPE_USER
,IDirectoryPrincipal.TYPE_GROUP
- Returns:
- the found IDirectoryPrincipal or null if not found
- Throws:
DirectoryException
-
lookupPrincipalByID
Attempts to lookup a principal by their unique ID.- Parameters:
principalID
- unique principal ID- Returns:
- the found IDirectoryPrincipal or null if not found
- Throws:
DirectoryException
-
lookupUserByUUID
IDirectoryPrincipal lookupUserByUUID(String principalUUID, String dirServiceName) throws DirectoryException Attempts to lookup a user by their unique ID.- Parameters:
principalUUID
- - unique principal UUIDdirServiceName
- - directory service within which to look for- Returns:
- the found IDirectoryPrincipal or null if not found
- Throws:
DirectoryException
-
lookupPrincipalByAlias
Attempts to lookup a principal by well known alias- Parameters:
principalAlias
- MWS defined principal alias- Returns:
- the found IDirectoryPrincipal or null if not found
- Throws:
DirectoryException
-
createPagingCookie
Creates instance of directory paging cookie to be used forsearchDirectory(String, int, DirectorySearchQuery, IDirectoryPagingCookie)
method. All cookies created by this method will be destroyed whenclose()
is invoked. IfROLE_COOKIE_ID
is provided as directoryServiceID, a role cookie will be created- Parameters:
directoryServiceID
- - directoryID(URI) orROLE_COOKIE_ID
- Returns:
- IDirectoryPagingCookie
- Throws:
DirectoryException
-
destroyPagingCookie
Destroys directory paging cookie and frees up any associated resources- Parameters:
directoryPagingCookie
-
-
searchDirectory
List<IDirectoryPrincipal> searchDirectory(String directoryServiceID, int principalType, DirectorySearchQuery query, IDirectoryPagingCookie directoryPagingCookie) throws DirectoryException Search principals in the given directory service. This API works only for users and groups, but not for roles. To list all roles uselistRoles()
API instead- Parameters:
directoryServiceID
- ID of the directory service to search.principalType
- principal type one of theIDirectoryPrincipal.TYPE_USER
,IDirectoryPrincipal.TYPE_GROUP
query
- directory query. If null all principals will be returneddirectoryPagingCookie
- directory paging cookie used for paging/sorting of directory search results.- Returns:
- list of found principals. May return empty list
- Throws:
DirectoryException
-
listRoles
Lists all roles defined in the system- Returns:
- list of roles. May return empty list.
- Throws:
DirectoryException
-
getUsersCount
Lists all existing users for a particular dir service, or for all dir services if null provided- Parameters:
dirSvc
- - the directory service for which to count existing(created in MWS) users, or ALL users if null provided.- Returns:
- user count for the specified dir service or all user count
- Throws:
DirectoryException
-
searchRoles
List<IDirectoryRole> searchRoles(IDirectoryPagingCookie pagingCookie, int maxResults) throws DirectoryException Searches for roles defined in the system based on the pagingCookie and maxResults values- Parameters:
pagingCookie
- directory paging cookie used for paging/sorting of directory search results. To create such a cookie, invokecreatePagingCookie(java.lang.String)
with parameterROLE_COOKIE_ID
,maxResults
- limits the result list to the maxResults value- Returns:
- list of roles. May return empty list.
- Throws:
DirectoryException
-
authenticateUser
Attempts to authenticate the user based on the credentials with any registered directory service in their configured search order.- Parameters:
username
-password
-- Returns:
- valid authenticated user
- Throws:
DirectoryException
- if there was a problem authenticating this user
-
authenticateUser
default IDirectoryUser authenticateUser(String username, String password, String oneTimePassword) throws DirectoryException Attempts to authenticate the user based on the credentials with any registered directory service in their configured search order.- Parameters:
username
-password
-time
- -based one-time password for two-factor identification- Returns:
- valid authenticated user
- Throws:
DirectoryException
- if there was a problem authenticating this user
-
listAttributeProviders
List<IDirectoryPrincipalAttributeProvider> listAttributeProviders(int principalType) throws DirectoryException Gets all registered principal attribute providersIDirectoryPrincipalAttributeProvider
- Parameters:
principalType
- one of theIDirectoryPrincipal.TYPE_USER
,IDirectoryPrincipal.TYPE_GROUP
IDirectoryPrincipal.TYPE_ROLE
- Returns:
- list of principal attribute providers for specified principal type
- Throws:
DirectoryException
-
getAttributeProvider
IDirectoryPrincipalAttributeProvider getAttributeProvider(String attributeProviderID) throws DirectoryException GetsIDirectoryPrincipalAttributeProvider
by its ID- Throws:
DirectoryException
-
getAttributeNames
List<String> getAttributeNames(String principalID, String principalAttributeProviderID) throws DirectoryException List defined attribute names for the specified attribute provider- Parameters:
principalID
- ID of the principalprincipalAttributeProviderID
- ID of the principal attribute provider- Returns:
- list of attribute names defined for specified attribute provider
- Throws:
DirectoryException
-
getAttributeTitles
List<String> getAttributeTitles(String principalID, String principalAttributeProviderID, Locale locale) throws DirectoryException List defined user friendly attribute titles for the specified attribute provider- Parameters:
principalID
- ID of the principalprincipalAttributeProviderID
- ID of the principal attribute providerlocale
- desired locale for attribute titles- Returns:
- list of attribute titles for the specified attribute provider
- Throws:
DirectoryException
-
getAttributeExtendedInfo
Map<String,Object> getAttributeExtendedInfo(String principalID, String principalAttributeProviderID, String attributeName) throws DirectoryException Returns extended information about attributes of the given provider (only if provider supports this- Parameters:
principalID
- ID of the principalprincipalAttributeProviderID
- ID of the principal attribute providerattributeName
- attribute name- Returns:
- Map containing extended information about this attribute
- Throws:
DirectoryException
-
createPrincipal
IDirectoryPrincipal createPrincipal(String directoryServiceID, int principalType, String name, Map<String, ? extends Object> properties) throws DirectoryExceptionCreates a new principal group or user associated with this specified directory service. It may throw exception if directory service does not support creation of principals. Not accounting for custom implementations only MWS System Directory supports creation of principals- Parameters:
directoryServiceID
- ID of the directory service to create principal ID.type
- of the principal to create one of theIDirectoryPrincipal.TYPE_USER
,IDirectoryPrincipal.TYPE_GROUP
name
- of the principal (UID)properties
- name-value pairs- Returns:
- a newly created IDirectoryPrincipal
- Throws:
DirectoryException
-
createRole
@Deprecated IDirectoryRole createRole(int roleType, String name, Map<String, ?> properties) throws DirectoryExceptionDeprecated.UsecreateRole(String, String, Map)
insteadCreates new role of the specified type- Parameters:
roleType
- type of the role to createIDirectoryRole
name
- of the role (UID)properties
- name-value pairs of properties assigned to the new role- Returns:
- a newly created IDirectoryRole
- Throws:
DirectoryException
-
createRole
IDirectoryRole createRole(String roleType, String name, Map<String, ?> properties) throws DirectoryExceptionCreates new role of the specified type- Parameters:
roleType
- type of the role to createIDirectoryRole
nameof
- the role (UID)properties
- name-value pairs of properties assigned to the new role- Returns:
- a newly created IDirectoryRole
- Throws:
DirectoryException
-
deletePrincipal
Deletes a principal by its unique ID- Parameters:
principalID
-- Throws:
DirectoryException
-
addPrincipalToGroup
Adds a principal to a group. Note, both the principal and the group must belong to the sameIDirectoryService
- Parameters:
principalID
- ID of the principal to be added to the groupgroupID
- ID of the group to add principal to- Throws:
DirectoryException
-
addPrincipalToRole
Adds a principal to a role. Not all role type support modification of membership. Not accounting for custom implementations only staticIDirectoryRole.ROLE_TYPE_STATIC
role supports this operation- Parameters:
principalID
- ID of the principal to be added to the roleroleID
- ID of the role to add principal to- Throws:
DirectoryException
-
removePrincipalFromGroup
Removes a principal from a group. Note, both the principal and the group must belong to the sameIDirectoryService
- Parameters:
principalID
- ID of the principal to be removed from the groupgroupID
- ID of the group to remove principal from- Throws:
DirectoryException
-
removePrincipalFromRole
Removes a principal from a role. Not all role type support modification of membership. Not accounting for custom implementations only staticIDirectoryRole.ROLE_TYPE_STATIC
role supports this operation- Parameters:
principalID
- ID of the principal to be removed from the roleroleID
- ID of the role to remove principal from- Throws:
DirectoryException
-
getGroupMembership
Retrieve the group membership for this principal- Parameters:
principalID
- ID of the principal to get group membership for- Returns:
- list of
IDirectoryGroup
principal is member of - Throws:
DirectoryException
-
getRoleMembership
Retrieve the role membership for this principal- Parameters:
principalID
- IF of the principal to get role membership for- Returns:
- list of
IDirectoryRole
principal is member of - Throws:
DirectoryException
-
getMembers
Returns members of the group or role. Not all roles types support querying for its members. Not accounting for custom implementations only staticIDirectoryRole.ROLE_TYPE_STATIC
role supports this operation- Parameters:
principalID
- role or group ID- Returns:
- a list of members of this role or group
- Throws:
DirectoryException
-
modifyPrincipal
void modifyPrincipal(String principalID, Map<String, ? extends Object> attributes) throws DirectoryExceptionSets attribute values for the principal. Attributes map passed in may contain attributes from different principal attribute providers.- Parameters:
principalID
- ID of the principal to be updatedattributes
- attribute values to be set- Throws:
DirectoryException
-
getCertificateManager
ICertificateManager getCertificateManager()Returns instance of certificate manager -
close
void close()Release any resources- Specified by:
close
in interfaceAutoCloseable
-
beginConversation
default void beginConversation()Mark the current transient conversation long-running. Starting with the next exchanged message, all further communication will be handled by the same cluster node until the#end()
is invoked. -
endConversation
default void endConversation()Mark the current long-running conversation transient. The next exchanged message will not be sent to a specific cluster node rather the next available one -
isConversation
default boolean isConversation()Returns if the conversation is marked transient or long-running- Returns:
- true if a converation is in progress, false otherwise
-
updateGdprConfig
-
getGdprConfig
IGdprConfig getGdprConfig() -
updateTotpConfig
-
getTotpConfig
-
getTypedAttributes
default Map<String,TypedAttribute> getTypedAttributes(String papID, String principalURI) throws DirectoryException - Throws:
DirectoryException
-
getAttribute
default Object getAttribute(String principalID, String papID, String attrName) throws DirectoryException - Throws:
DirectoryException
-
createRole(String, String, Map)
instead