Package org.glassfish.security.services.spi.authentication

Interface UserStoreProvider

  • public interface UserStoreProvider

    • Method Detail

      • getStoreId

        String getStoreId()
        Get the unique store ID for this user store. This value must be unique across all stores configured into the system or which might be propogated into the system via SSO, etc. If this USP aggregates multiple underlying stores, the user IDs returned by the provider must be sufficient to uniquely identify users across all of the underlying stores.
        Returns:
        The store ID for this USP.

      • isAuthenticationEnabled

        boolean isAuthenticationEnabled()
        Determine if authentication is supported and enabled by this USP.
        Returns:
        True or false.

      • isUserLookupEnabled

        boolean isUserLookupEnabled()
        Determine if user lookup is supported and enabled by this USP.
        Returns:
        True or false.

      • isUserUpdateEnabled

        boolean isUserUpdateEnabled()
        Determine if user update (CRUD operations) is supported and enabled by this USP.
        Returns:
        True or false.

      • authenticate

        UserStoreProvider.UserEntry authenticate​(CallbackHandler cbh,
                                         boolean isGetGroups,
                                         Set<String> attributeNames)
                                  throws LoginException
        Authenticate using credentials supplied in the given CallbackHandler. All USPs must support at least NameCallback and PasswordCallback. The only other callback type expected to be commonly used is X509Certificate, but it's possible to imagine, e.g., KerberosToken or PasswordDigest.
        Parameters:
        cbh -
        isGetGroups - Whether or not to return the user's groups.
        attributeNames - Names of attributes to return, or null for no attributes.
        Returns:
        If successful, a UserEntry representing the authenticated user, otherwise throws an exception.
        Throws:
        LoginException

      • lookupUsersByName

        UserStoreProvider.ResultSet<UserStoreProvider.UserEntry> lookupUsersByName​(String name,
                                                                           boolean isGetGroups,
                                                                           Set<String> attributeNames)
                                                                    throws UserStoreException
        Lookup users by name. Since name is not necessarily unique, more than one entry may be returned. Group membership and selected attributes can also be requested, but requesting these may be inefficient if more than one user is matched.
        Parameters:
        name - The user name to searech for.
        isGetGroups - Whether or not to return users' groups.
        attributeNames - Names of attributes to return, or null for no attributes.
        Returns:
        The Set of UserEntrys found.
        Throws:
        UserStoreException

      • lookupUserByUid

        UserStoreProvider.UserEntry lookupUserByUid​(String uid,
                                            boolean isGetGroups,
                                            Set<String> attributeNames)
                                     throws UserStoreException
        Lookup a user by unique ID. Returns the corresponding UserEntry if found. Group membership and selected attributes can also be requested.
        Parameters:
        uid -
        isGetGroups - Whether or not to return users' groups.
        attributeNames - Names of attributes to return, or null for no attributes.
        Returns:
        The UserEntry (if found).
        Throws:
        UserStoreException

      • createUser

        String createUser​(String name,
                  char[] pwd,
                  Attributes attributes)
           throws UserStoreException
        Create a new user and return the unique ID assigned.
        Parameters:
        name - Name of the new user entry.
        pwd - Password to set on the new entry.
        attributes - Attributes to set on the entry (or null if none).
        Returns:
        Returns the UID assigned to the new entry (can be used for subsequent operations)
        Throws:
        UserStoreException

      • changePassword

        void changePassword​(String uid,
                    char[] oldPwd,
                    char[] newPwd)
             throws UserStoreException
        Change the password for the specified user. If old password is provided, verify before changing.
        Parameters:
        uid - UID of user whose password should be changed.
        oldPwd - Old password, if verification desired, or null. If provided, must be valid.
        newPwd - New password to set.
        Throws:
        UserStoreException