Package io.continual.iam.impl.common
Class CommonJsonDb<I extends CommonJsonIdentity,G extends CommonJsonGroup>
java.lang.Object
io.continual.iam.impl.common.CommonJsonDb<I,G>
- Type Parameters:
I- an identity classG- a group class
- All Implemented Interfaces:
AccessDb<G>,AccessManager<G>,AclUpdateListener,IamDb<I,,G> IdentityDb<I>,IdentityManager<I>,TagManager,MetricsSupplier,Closeable,AutoCloseable
- Direct Known Subclasses:
JsonDocDb
public abstract class CommonJsonDb<I extends CommonJsonIdentity,G extends CommonJsonGroup>
extends Object
implements IamDb<I,G>
CommonJsonDb manages identity related objects that are serialized in JSON
-
Nested Class Summary
Nested Classes -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final StringFields inherited from interface io.continual.iam.access.AccessDb
kCreateOperation, kDeleteOperation, kReadOperation, kWriteOperation -
Constructor Summary
ConstructorsModifierConstructorDescriptionprotectedprotectedCommonJsonDb(CommonJsonDb.AclFactory aclMaker, JwtProducer jwtProd) -
Method Summary
Modifier and TypeMethodDescriptionvoidAdd a username/alias for this user.voidAdd a JWT validator to the identity manager.voidaddUserToGroup(String groupId, String userId) Add a user to a given groupprotected booleanaliasExists(String userId) Authenticate with an API key and signatureAuthenticate with a JWT tokenAuthenticate with a username and passwordbooleanCan the given user perform the requested access?booleancompletePasswordReset(String tagId, String newPassword) Complete a password reset by providing a tag and a new password.Create a new anonymous user in the identity manager.createApiKey(String userId) protected abstract org.json.JSONObjectcreateApiKeyObject(String userId, String apiKey, String apiSecret) createGroup(String groupDesc) Create a groupcreateGroup(String groupId, String groupDesc) Create a group with a given group IDCreate a JWT token for the given identity.protected abstract org.json.JSONObjectcreateNewGroup(String id, String groupDesc) protected abstract org.json.JSONObjectcreateNewUser(String id) Create a tag for a given user id with a particular type and duration.createUser(String userId) Create a new user in the identity manager.protected abstract voidprotected abstract voidprotected abstract voidprotected abstract voidprotected abstract voiddeleteTagObject(String id, String userId, String appTagType) voiddeleteUser(String userId) Delete a user from the identity manager.protected abstract voidstatic StringgenerateKey(int length, String nonce) load an ACL for a resourcegetAliasesFor(String userId) Get the aliases for a userId.return a nonce value for used in seeding things like password saltsgetUserIdForTag(String tagId) Retrieves the userId associated with a tag.getUsersGroups(String userId) Find out which groups a user is a member of.getUsersInGroup(String groupId) Get the set of user IDs in a particular group.protected abstract ApiKeyinstantiateApiKey(String id, org.json.JSONObject data) protected abstract GinstantiateGroup(String id, org.json.JSONObject data) protected abstract IinstantiateIdentity(String id, org.json.JSONObject data) voidinvalidateJwtToken(String token) Invalidate the given JWT tokenprotected abstract booleanisInvalidJwtToken(String token) protected abstract org.json.JSONObjectloadAclObject(String id) protected abstract Collection<String>loadAliasesForUser(String userId) protected abstract org.json.JSONObjectprotected abstract org.json.JSONObjectloadApiKeyRecord(String apiKey) Load an API key record based on the API key ID.protected abstract Collection<String>loadApiKeysForUser(String userId) Get a group by its identifier.protected abstract org.json.JSONObjectprotected abstract org.json.JSONObjectloadTagObject(String id, boolean expiredOk) protected abstract org.json.JSONObjectloadTagObject(String userId, String appTagType, boolean expiredOk) Load a user from the identity manager.protected abstract org.json.JSONObjectloadUserObject(String id) loadUserOrAlias(String userIdOrAlias) Load a user from the identity manager.voidvoidpopulateMetrics(MetricsCatalog metrics) voidremoveAlias(String alias) Remove a username/alias from the database.voidremoveMatchingTag(String userId, String appTagType) Remove any matching tag for the given user and type.voidremoveUserFromGroup(String groupId, String userId) Remove a user from a given groupvoidrestoreApiKey(ApiKey key) Restore an API key into the API key storeprotected abstract voidstoreAclObject(String id, org.json.JSONObject data) protected abstract voidstoreAliasObject(String id, org.json.JSONObject data) protected abstract voidstoreApiKeyObject(String id, org.json.JSONObject data) protected abstract voidstoreGroupObject(String id, org.json.JSONObject data) protected abstract voidstoreInvalidJwtToken(String token) protected abstract voidstoreTagObject(String id, String userId, String appTagType, org.json.JSONObject data) protected abstract voidstoreUserObject(String id, org.json.JSONObject data) booleanuserExists(String userId) Find out if a given user exists.booleanuserOrAliasExists(String userIdOrAlias) Find out if a given user or alias exists.Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface io.continual.iam.access.AccessManager
getAllGroupsMethods inherited from interface io.continual.iam.identity.IdentityManager
findUsers, getAllUsers, loadAllUsersMethods inherited from interface io.continual.iam.tags.TagManager
sweepExpiredTags
-
Field Details
-
kTagId
- See Also:
-
kUserId
- See Also:
-
kTagType
- See Also:
-
kExpireEpoch
- See Also:
-
kSecret
- See Also:
-
kAlias
- See Also:
-
kCreateTsMs
- See Also:
-
kEnabled
- See Also:
-
kPasswordBlock
- See Also:
-
kPasswordSalt
- See Also:
-
kPasswordHash
- See Also:
-
kTagType_PasswordReset
- See Also:
-
-
Constructor Details
-
CommonJsonDb
protected CommonJsonDb() -
CommonJsonDb
-
-
Method Details
-
populateMetrics
- Specified by:
populateMetricsin interfaceMetricsSupplier
-
userExists
Description copied from interface:IdentityDbFind out if a given user exists.- Specified by:
userExistsin interfaceIdentityDb<I extends CommonJsonIdentity>- Parameters:
userId- a user ID- Returns:
- true if the user exists in the identity manager.
- Throws:
IamSvcException- when the call cannot be completed due to a service error
-
userOrAliasExists
Description copied from interface:IdentityDbFind out if a given user or alias exists.- Specified by:
userOrAliasExistsin interfaceIdentityDb<I extends CommonJsonIdentity>- Parameters:
userIdOrAlias- the user ID or an alias- Returns:
- true if the user exists by userId or alias in the identity manager.
- Throws:
IamSvcException- when the call cannot be completed due to a service error
-
aliasExists
- Throws:
IamSvcException
-
loadUser
Description copied from interface:IdentityDbLoad a user from the identity manager.- Specified by:
loadUserin interfaceIdentityDb<I extends CommonJsonIdentity>- Parameters:
userId- a user ID- Returns:
- a user or null if the user doesn't exist
- Throws:
IamSvcException- when the call cannot be completed due to a service error
-
loadUserOrAlias
Description copied from interface:IdentityDbLoad a user from the identity manager.- Specified by:
loadUserOrAliasin interfaceIdentityDb<I extends CommonJsonIdentity>- Parameters:
userIdOrAlias- the actual userId or an alias- Returns:
- a user or null if the user doesn't exist
- Throws:
IamSvcException- when the call cannot be completed due to a service error
-
createUser
Description copied from interface:IdentityManagerCreate a new user in the identity manager. The username for this user defaults to the userId value provided here.- Specified by:
createUserin interfaceIdentityManager<I extends CommonJsonIdentity>- Parameters:
userId- a user ID- Returns:
- the new user
- Throws:
IamSvcException- when the call cannot be completed due to a service errorIamIdentityExists- if the user exists
-
createAnonymousUser
Description copied from interface:IdentityManagerCreate a new anonymous user in the identity manager.- Specified by:
createAnonymousUserin interfaceIdentityManager<I extends CommonJsonIdentity>- Returns:
- a new anonymous user
- Throws:
IamSvcException- when the call cannot be completed due to a service error
-
deleteUser
Description copied from interface:IdentityManagerDelete a user from the identity manager.- Specified by:
deleteUserin interfaceIdentityManager<I extends CommonJsonIdentity>- Parameters:
userId- a user ID- Throws:
IamSvcException- when the call cannot be completed due to a service error
-
completePasswordReset
Description copied from interface:IdentityManagerComplete a password reset by providing a tag and a new password. The update will fail if the tag is unknown or has expired. SeerequestPasswordResetfor details on creating a password reset tag.- Specified by:
completePasswordResetin interfaceIdentityManager<I extends CommonJsonIdentity>- Parameters:
tagId- a tagnewPassword- a new password- Returns:
- true if the password was updated successfully.
- Throws:
IamSvcException- when the call cannot be completed due to a service error
-
loadApiKeyRecord
Description copied from interface:IdentityManagerLoad an API key record based on the API key ID.- Specified by:
loadApiKeyRecordin interfaceIdentityManager<I extends CommonJsonIdentity>- Parameters:
apiKey- an API key- Returns:
- an API key or null if it doesn't exist
- Throws:
IamSvcException- when the call cannot be completed due to a service error
-
restoreApiKey
public void restoreApiKey(ApiKey key) throws IamIdentityDoesNotExist, IamBadRequestException, IamSvcException Restore an API key into the API key store- Specified by:
restoreApiKeyin interfaceIdentityManager<I extends CommonJsonIdentity>- Parameters:
key-- Throws:
IamSvcExceptionIamBadRequestExceptionIamIdentityDoesNotExist
-
createJwtToken
Description copied from interface:IdentityDbCreate a JWT token for the given identity.- Specified by:
createJwtTokenin interfaceIdentityDb<I extends CommonJsonIdentity>- Parameters:
ii- an identity- Returns:
- a JWT token
- Throws:
IamSvcException- when the call cannot be completed due to a service error
-
authenticate
Description copied from interface:IdentityDbAuthenticate with an API key and signature- Specified by:
authenticatein interfaceIdentityDb<I extends CommonJsonIdentity>- Parameters:
akc- the API key credential- Returns:
- an authenticated identity or null
- Throws:
IamSvcException- when the call cannot be completed due to a service error
-
authenticate
Description copied from interface:IdentityDbAuthenticate with a JWT token- Specified by:
authenticatein interfaceIdentityDb<I extends CommonJsonIdentity>- Parameters:
jwt- the JWT credential- Returns:
- an authenticated identity or null
- Throws:
IamSvcException- when the call cannot be completed due to a service error
-
invalidateJwtToken
Description copied from interface:IdentityDbInvalidate the given JWT token- Specified by:
invalidateJwtTokenin interfaceIdentityDb<I extends CommonJsonIdentity>- Parameters:
token- a JWT token- Throws:
IamSvcException- when the call cannot be completed due to a service error
-
authenticate
Description copied from interface:IdentityDbAuthenticate with a username and password- Specified by:
authenticatein interfaceIdentityDb<I extends CommonJsonIdentity>- Parameters:
upc- the username/password credential- Returns:
- an authenticated identity or null
- Throws:
IamSvcException- when the call cannot be completed due to a service error
-
createGroup
Description copied from interface:AccessManagerCreate a group- Specified by:
createGroupin interfaceAccessManager<I extends CommonJsonIdentity>- Parameters:
groupDesc- the group description- Returns:
- a new group with the given description
- Throws:
IamSvcException- when the call cannot be completed due to a service error
-
createGroup
Description copied from interface:AccessManagerCreate a group with a given group ID- Specified by:
createGroupin interfaceAccessManager<I extends CommonJsonIdentity>- Parameters:
groupId- a group IDgroupDesc- a group description- Returns:
- a new group with the given id and description
- Throws:
IamGroupExists- if the group already existsIamSvcException- when the call cannot be completed due to a service error
-
addUserToGroup
public void addUserToGroup(String groupId, String userId) throws IamIdentityDoesNotExist, IamSvcException, IamGroupDoesNotExist Description copied from interface:AccessManagerAdd a user to a given group- Specified by:
addUserToGroupin interfaceAccessManager<I extends CommonJsonIdentity>- Parameters:
groupId- a group IDuserId- a user ID- Throws:
IamIdentityDoesNotExist- when the identity doesn't existIamSvcException- when the call cannot be completed due to a service errorIamGroupDoesNotExist- if the group does not exist
-
removeUserFromGroup
public void removeUserFromGroup(String groupId, String userId) throws IamSvcException, IamIdentityDoesNotExist, IamGroupDoesNotExist Description copied from interface:AccessManagerRemove a user from a given group- Specified by:
removeUserFromGroupin interfaceAccessManager<I extends CommonJsonIdentity>- Parameters:
groupId- a group IDuserId- a user ID- Throws:
IamSvcException- when the call cannot be completed due to a service errorIamIdentityDoesNotExist- when the identity doesn't existIamGroupDoesNotExist- if the group does not exist
-
getUsersGroups
Description copied from interface:AccessManagerFind out which groups a user is a member of.- Specified by:
getUsersGroupsin interfaceAccessManager<I extends CommonJsonIdentity>- Parameters:
userId- a user ID- Returns:
- a set of 0 or more group IDs
- Throws:
IamSvcException- when the call cannot be completed due to a service errorIamIdentityDoesNotExist- when the identity doesn't exist
-
getUsersInGroup
Description copied from interface:AccessManagerGet the set of user IDs in a particular group.- Specified by:
getUsersInGroupin interfaceAccessManager<I extends CommonJsonIdentity>- Parameters:
groupId- a group ID- Returns:
- a set of 0 or more user IDs
- Throws:
IamGroupDoesNotExist- when the identity doesn't existIamSvcException- when the call cannot be completed due to a service error
-
loadGroup
Description copied from interface:AccessDbGet a group by its identifier.- Specified by:
loadGroupin interfaceAccessDb<I extends CommonJsonIdentity>- Parameters:
groupId- the group's ID- Returns:
- a group, or null if it does not exist
- Throws:
IamSvcException- if there's a problem in the IAM service
-
getAclFor
Description copied from interface:AccessDbload an ACL for a resource- Specified by:
getAclForin interfaceAccessDb<I extends CommonJsonIdentity>- Parameters:
resource- the resource for which you want the ACL- Returns:
- an ACL, or null if there is none
- Throws:
IamSvcException- if there's a problem in the IAM service
-
onAclUpdate
- Specified by:
onAclUpdatein interfaceAclUpdateListener
-
canUser
Description copied from interface:AccessDbCan the given user perform the requested access?- Specified by:
canUserin interfaceAccessDb<I extends CommonJsonIdentity>- Parameters:
id- the identity/subject making the requestresource- the resource on which access is requestedoperation- the operation- Returns:
- true if the user is allowed to perform the operation, false otherwise
- Throws:
IamSvcException- if there's a problem in the IAM service
-
createTag
public String createTag(String userId, String appTagType, long duration, TimeUnit durationTimeUnit, String nonce) throws IamSvcException Description copied from interface:TagManagerCreate a tag for a given user id with a particular type and duration. If a tag for the same user with the same type exists, it's replaced with the new tag.- Specified by:
createTagin interfaceTagManager- Parameters:
userId- a user IDappTagType- a tag typeduration- the length of time the tag should existdurationTimeUnit- the time unit for the durationnonce- used to seed random number generator- Returns:
- a tag
- Throws:
IamSvcException- if there's a problem in the IAM service
-
getUserIdForTag
Description copied from interface:TagManagerRetrieves the userId associated with a tag. If the tag has expired, null is returned.- Specified by:
getUserIdForTagin interfaceTagManager- Parameters:
tagId- a tag generated by createTag- Returns:
- a user ID or null if no entry exists (or an entry existed but expired)
- Throws:
IamSvcException- if there's a problem in the IAM service
-
removeMatchingTag
Description copied from interface:TagManagerRemove any matching tag for the given user and type.- Specified by:
removeMatchingTagin interfaceTagManager- Parameters:
userId- a user IDappTagType- a tag type- Throws:
IamSvcException- if there's a problem in the IAM service
-
addAlias
Description copied from interface:IdentityManagerAdd a username/alias for this user. Identity DBs should normally support multiple aliases (username, email, mobile phone, etc.). Tracking them beyond being references to an identity record is done at the application level.- Specified by:
addAliasin interfaceIdentityManager<I extends CommonJsonIdentity>- Parameters:
userId- a user IDalias- an alias- Throws:
IamSvcException- when the call cannot be completed due to a service errorIamBadRequestException- if the request is illegal
-
removeAlias
Description copied from interface:IdentityManagerRemove a username/alias from the database. A userId may not be removed (disable the user instead).- Specified by:
removeAliasin interfaceIdentityManager<I extends CommonJsonIdentity>- Parameters:
alias- an alias- Throws:
IamBadRequestException- If a userId is provided.IamSvcException- when the call cannot be completed due to a service error
-
getAliasesFor
public Collection<String> getAliasesFor(String userId) throws IamSvcException, IamIdentityDoesNotExist Description copied from interface:IdentityManagerGet the aliases for a userId. The result must be non-null but may be empty. The userId is not included in the list.- Specified by:
getAliasesForin interfaceIdentityManager<I extends CommonJsonIdentity>- Parameters:
userId- a user ID- Returns:
- a collection of 0 or more aliases for a userId
- Throws:
IamSvcException- when the call cannot be completed due to a service errorIamIdentityDoesNotExist- if the identity does not exist
-
addJwtValidator
Description copied from interface:IdentityManagerAdd a JWT validator to the identity manager.- Specified by:
addJwtValidatorin interfaceIdentityManager<I extends CommonJsonIdentity>- Parameters:
v- a validator
-
getAppNonce
return a nonce value for used in seeding things like password salts- Returns:
- a string
-
createApiKey
public ApiKey createApiKey(String userId) throws IamIdentityDoesNotExist, IamSvcException, IamBadRequestException -
createNewUser
-
loadUserObject
- Throws:
IamSvcException
-
storeUserObject
- Throws:
IamSvcException
-
deleteUserObject
- Throws:
IamSvcException
-
instantiateIdentity
-
createNewGroup
-
loadGroupObject
- Throws:
IamSvcException
-
storeGroupObject
protected abstract void storeGroupObject(String id, org.json.JSONObject data) throws IamSvcException - Throws:
IamSvcException
-
deleteGroupObject
- Throws:
IamSvcException
-
instantiateGroup
-
createApiKeyObject
-
loadApiKeyObject
- Throws:
IamSvcException
-
storeApiKeyObject
protected abstract void storeApiKeyObject(String id, org.json.JSONObject data) throws IamSvcException, IamIdentityDoesNotExist, IamBadRequestException -
deleteApiKeyObject
- Throws:
IamSvcException
-
instantiateApiKey
-
loadApiKeysForUser
protected abstract Collection<String> loadApiKeysForUser(String userId) throws IamSvcException, IamIdentityDoesNotExist -
loadAclObject
- Throws:
IamSvcException
-
storeAclObject
- Throws:
IamSvcException
-
deleteAclObject
- Throws:
IamSvcException
-
loadTagObject
protected abstract org.json.JSONObject loadTagObject(String id, boolean expiredOk) throws IamSvcException - Throws:
IamSvcException
-
loadTagObject
protected abstract org.json.JSONObject loadTagObject(String userId, String appTagType, boolean expiredOk) throws IamSvcException - Throws:
IamSvcException
-
storeTagObject
protected abstract void storeTagObject(String id, String userId, String appTagType, org.json.JSONObject data) throws IamSvcException - Throws:
IamSvcException
-
deleteTagObject
protected abstract void deleteTagObject(String id, String userId, String appTagType) throws IamSvcException - Throws:
IamSvcException
-
loadAliasObject
- Throws:
IamSvcException
-
storeAliasObject
protected abstract void storeAliasObject(String id, org.json.JSONObject data) throws IamSvcException, IamBadRequestException -
deleteAliasObject
- Throws:
IamSvcException
-
loadAliasesForUser
protected abstract Collection<String> loadAliasesForUser(String userId) throws IamSvcException, IamIdentityDoesNotExist -
storeInvalidJwtToken
- Throws:
IamSvcException
-
isInvalidJwtToken
- Throws:
IamSvcException
-
generateKey
-