[security-dev] IDM API - Final review

Shane Bryzak sbryzak at redhat.com
Tue Nov 20 17:41:47 EST 2012

I've updated the IdentityManager API based on the latest design, could 
everyone please take a couple of minutes to review and let me know if 
you spot any issues.  We'll probably do a time-boxed release (Anil, 
could you please confirm?) shortly so that projects consuming PLIDM can 
start building against the API.


public interface IdentityManager {
     void bootstrap(IdentityConfiguration configuration, 
IdentityStoreInvocationContextFactory contextFactory);

     void setIdentityStoreFactory(IdentityStoreFactory factory);

     // User

     void createUser(User user);

     void removeUser(User user);

     void updateUser(User user);

     User getUser(String name);

     // Group

     void createGroup(Group group);

     void removeGroup(Group group);

     Group getGroup(String groupId);

     Group getGroup(String groupName, Group parent);

     boolean isMember(IdentityType identityType, Group group);

     void addToGroup(IdentityType identityType, Group group);

     void removeFromGroup(IdentityType identityType, Group group);

     // Roles

     void createRole(Role role);

     void removeRole(Role role);

     Role getRole(String name);

     boolean hasRole(IdentityType identityType, Role role, Group group);

     void grantRole(IdentityType identityType, Role role, Group group);

     void revokeRole(IdentityType identityType, Role role, Group group);

     boolean hasApplicationRole(IdentityType identityType, Role role);

     void grantApplicationRole(IdentityType identityType, Role role);

     void revokeApplicationRole(IdentityType identityType, Role role);

     // Query API

     <T extends IdentityType> IdentityQuery<T> createQuery();

     // Credential management

     boolean validateCredential(User user, Credential credential);

     void updateCredential(User user, Credential credential);

     // User / Role / Group enablement / expiry

     void setEnabled(IdentityType identityType, boolean enabled);

     void setExpirationDate(IdentityType identityType, Date expirationDate);

     IdentityType lookupIdentityByKey(String key);

     // Attributes

     void setAttribute(IdentityType identityType, Attribute<? extends 
Serializable> attribute);

     <T extends Serializable> Attribute<T> getAttribute(IdentityType 
identityType, String attributeName);

     void removeAttribute(IdentityType identityType, String attributeName);

     // Realm

     void createRealm(Realm realm);

     void removeRealm(Realm realm);

     Realm getRealm(String name);

     // Tier

     void createTier(Tier tier);

     void removeTier(Tier tier);

     Tier getTier(String id);

     // Context

     IdentityManager forRealm(Realm realm);

     IdentityManager forTier(Tier tier);

More information about the security-dev mailing list