Interface RepositoryService
-
- All Known Implementing Classes:
RepositoryCache
public interface RepositoryService
Identity Repository Interface.
- Status: public
- Stability: stable
This service provides repository for objects that are commonly found in identity management deployments. It is used for storage and retrieval of objects. It also supports modifications (relative changes), searching and basic coordination.
Supported object types:
- All object types from Common Schema
- All object types from Identity Schema
- All object types from IDM Model Schema
Identity repository may add some kind of basic logic in addition to a pure storage of data. E.g. it may check referential consistency, validate schema, etc.
The implementation may store the objects and properties in any suitable way and it is not required to check any schema beyond the basic common schema structures. However, the implementation MAY be able to check additional schema definitions, e.g. to check for mandatory and allowed properties and property types. This may be either explicit (e.g. implementation checking against provided XML schema) or implicit, conforming to the constraints of the underlying storage (e.g. LDAP schema enforced by underlying directory server). One way or another, the implementation may fail to store the objects that violate the schema. The method how the schemas are "loaded" to the implementation is not defined by this interface. This interface even cannot "reveal" the schema to its users (at least not now). Therefore clients of this interface must be prepared to handle schema violation errors.
The implementation is not required to index the data or provide any other optimizations. This depends on the specific implementation, its configuration and the underlying storage system. Qualitative constraints (such as performance) are NOT defined by this interface definition.
Naming Conventions
operations should be named as <operation><objectType> e.g. addUser, modifyAccount, searchObjects. The operations that returns single object instance or works on single object should be named in singular (e.g. addUser). The operation that return multiple instances should be named in plural (e.g. listObjects). Operations names should be unified as well:
- add, modify, delete - writing to repository, single object, need OID
- get - retrieving single object by OID
- list - returning all objects, no or fixed search criteria
- search - returning subset of objects with flexible search criteria
Notes
The definition of this interface is somehow "fuzzy" at places. E.g. allowing schema-aware implementation but not mandating it, recommending to remove duplicates, but tolerating them, etc. The reason for this is to have better fit to the underlying storage mechanisms and therefore more efficient and simpler implementation. It may complicate the clients if the code needs to be generic and fit each and every implementation of this interface. However, such code will be quite rare. Most of the custom code will be developed to work on a specific storage (e.g. Oracle DB or LDAP) and therefore can be made slightly implementation-specific. Changing the storage in a running IDM system is extremely unlikely.
TODO
- TODO: Atomicity, consistency
- TODO: security constraints
- TODO: inherently thread-safe
- TODO: note about distributed storage systems and weak/eventual consistency
- TODO: task coordination
- Version:
- 3.1.1
- Author:
- Radovan Semancik
-
-
Nested Class Summary
Nested Classes Modifier and Type Interface Description static interface
RepositoryService.ModificationsSupplier<T extends ObjectType>
-
Field Summary
-
Method Summary
All Methods Instance Methods Abstract Methods Default Methods Deprecated Methods Modifier and Type Method Description <T extends ObjectType>
voidaddDiagnosticInformation(Class<T> type, String oid, DiagnosticInformationType information, OperationResult parentResult)
Adds a diagnostic information, honoring cleanup rules (deleting obsolete records).<T extends ObjectType>
@NotNull StringaddObject(@NotNull PrismObject<T> object, RepoAddOptions options, @NotNull OperationResult parentResult)
Add new object.long
advanceSequence(String oid, OperationResult parentResult)
This operation is guaranteed to be atomic.void
applyFullTextSearchConfiguration(FullTextSearchConfigurationType fullTextSearch)
<T extends Containerable>
intcountContainers(Class<T> type, ObjectQuery query, Collection<SelectorOptions<GetOperationOptions>> options, OperationResult parentResult)
<T extends ObjectType>
intcountObjects(Class<T> type, ObjectQuery query, Collection<SelectorOptions<GetOperationOptions>> options, OperationResult parentResult)
Returns the number of objects that match specified criteria.int
countReferences(@Nullable ObjectQuery query, @Nullable Collection<SelectorOptions<GetOperationOptions>> options, @NotNull OperationResult parentResult)
Reference count - currently supporting roleMembershipRef and linkRef search.ConflictWatcher
createAndRegisterConflictWatcher(@NotNull String oid)
<T extends ObjectType>
@NotNull DeleteObjectResultdeleteObject(Class<T> type, String oid, OperationResult parentResult)
Deletes object with specified OID.default ModifyObjectResult<SimulationResultType>
deleteSimulatedProcessedObjects(String oid, @Nullable String transactionId, OperationResult parentResult)
RepositoryQueryDiagResponse
executeQueryDiagnostics(RepositoryQueryDiagRequest request, OperationResult result)
A bit of hack - execute arbitrary query, e.g.FullTextSearchConfigurationType
getFullTextSearchConfiguration()
<O extends ObjectType>
@NotNull PrismObject<O>getObject(Class<O> type, String oid, Collection<SelectorOptions<GetOperationOptions>> options, OperationResult parentResult)
Returns object for provided OID.PerformanceMonitor
getPerformanceMonitor()
RepositoryDiag
getRepositoryDiag()
Provide repository run-time configuration and diagnostic information.@NotNull String
getRepositoryType()
Returns short type identifier of the repository implementation.<T extends ObjectType>
StringgetVersion(Class<T> type, String oid, OperationResult parentResult)
Returns object version for provided OID.boolean
hasConflict(ConflictWatcher watcher, OperationResult result)
<O extends ObjectType>
booleanisAncestor(PrismObject<O> object, String descendantOrgOid)
Returns `true` if the `object` is above organization identified with `descendantOrgOid`.<O extends ObjectType>
booleanisDescendant(PrismObject<O> object, String ancestorOrgOid)
Returns `true` if the `object` is under the organization identified with `ancestorOrgOid`.default boolean
isNative()
<T extends ObjectType>
@NotNull ModifyObjectResult<T>modifyObject(@NotNull Class<T> type, @NotNull String oid, @NotNull Collection<? extends ItemDelta<?,?>> modifications, @NotNull OperationResult parentResult)
Modifies object using relative change description.<T extends ObjectType>
@NotNull ModifyObjectResult<T>modifyObject(@NotNull Class<T> type, @NotNull String oid, @NotNull Collection<? extends ItemDelta<?,?>> modifications, @Nullable ModificationPrecondition<T> precondition, @Nullable RepoModifyOptions options, @NotNull OperationResult parentResult)
<T extends ObjectType>
@NotNull ModifyObjectResult<T>modifyObject(@NotNull Class<T> type, @NotNull String oid, @NotNull Collection<? extends ItemDelta<?,?>> modifications, @Nullable RepoModifyOptions options, @NotNull OperationResult parentResult)
default <T extends ObjectType>
@NotNull ModifyObjectResult<T>modifyObjectDynamically(@NotNull Class<T> type, @NotNull String oid, @Nullable Collection<SelectorOptions<GetOperationOptions>> getOptions, @NotNull RepositoryService.ModificationsSupplier<T> modificationsSupplier, @Nullable RepoModifyOptions modifyOptions, @NotNull OperationResult parentResult)
Modifies an object dynamically.void
postInit(OperationResult result)
void
repositorySelfTest(OperationResult parentResult)
Runs a short, non-destructive repository self test.void
returnUnusedValuesToSequence(String oid, Collection<Long> unusedValues, OperationResult parentResult)
The sequence may ignore the values, e.g.<T extends Containerable>
SearchResultList<T>searchContainers(Class<T> type, ObjectQuery query, Collection<SelectorOptions<GetOperationOptions>> options, OperationResult parentResult)
Search for "sub-object" structures, i.e.<T extends ObjectType>
@NotNull SearchResultList<PrismObject<T>>searchObjects(@NotNull Class<T> type, @Nullable ObjectQuery query, @Nullable Collection<SelectorOptions<GetOperationOptions>> options, @NotNull OperationResult parentResult)
Search for objects in the repository.<T extends ObjectType>
SearchResultMetadatasearchObjectsIterative(Class<T> type, ObjectQuery query, ResultHandler<T> handler, Collection<SelectorOptions<GetOperationOptions>> options, boolean strictlySequential, OperationResult parentResult)
Search for objects in the repository in an iterative fashion.@NotNull SearchResultList<ObjectReferenceType>
searchReferences(@NotNull ObjectQuery query, @Nullable Collection<SelectorOptions<GetOperationOptions>> options, @NotNull OperationResult parentResult)
Reference search - currently supporting roleMembershipRef and linkRef search.SearchResultMetadata
searchReferencesIterative(@Nullable ObjectQuery query, @NotNull ObjectHandler<ObjectReferenceType> handler, @Nullable Collection<SelectorOptions<GetOperationOptions>> options, @NotNull OperationResult parentResult)
Executes iterative reference search using the provided `handler` to process each references.default <F extends FocusType>
PrismObject<F>searchShadowOwner(String shadowOid, Collection<SelectorOptions<GetOperationOptions>> options, OperationResult parentResult)
Deprecated.TODO: we want to remove this in midScale<O extends ObjectType>
booleanselectorMatches(ObjectSelectorType objectSelector, PrismObject<O> object, ObjectFilterExpressionEvaluator filterEvaluator, Trace logger, String logMessagePrefix)
boolean
supports(@NotNull Class<? extends ObjectType> type)
Returns `true` if the given object type is supported.default boolean
supportsMarks()
void
testOrgClosureConsistency(boolean repairIfNecessary, OperationResult testResult)
Checks a closure for consistency, repairing any problems found.void
unregisterConflictWatcher(ConflictWatcher watcher)
-
-
-
Field Detail
-
CLASS_NAME_WITH_DOT
static final String CLASS_NAME_WITH_DOT
-
OP_ADD_OBJECT
static final String OP_ADD_OBJECT
- See Also:
- Constant Field Values
-
OP_ADD_OBJECT_OVERWRITE
static final String OP_ADD_OBJECT_OVERWRITE
- See Also:
- Constant Field Values
-
OP_DELETE_OBJECT
static final String OP_DELETE_OBJECT
- See Also:
- Constant Field Values
-
OP_COUNT_OBJECTS
static final String OP_COUNT_OBJECTS
- See Also:
- Constant Field Values
-
OP_MODIFY_OBJECT
static final String OP_MODIFY_OBJECT
- See Also:
- Constant Field Values
-
OP_MODIFY_OBJECT_DYNAMICALLY
static final String OP_MODIFY_OBJECT_DYNAMICALLY
- See Also:
- Constant Field Values
-
OP_GET_VERSION
static final String OP_GET_VERSION
- See Also:
- Constant Field Values
-
OP_IS_DESCENDANT
static final String OP_IS_DESCENDANT
- See Also:
- Constant Field Values
-
OP_IS_ANCESTOR
static final String OP_IS_ANCESTOR
- See Also:
- Constant Field Values
-
OP_ADVANCE_SEQUENCE
static final String OP_ADVANCE_SEQUENCE
- See Also:
- Constant Field Values
-
OP_RETURN_UNUSED_VALUES_TO_SEQUENCE
static final String OP_RETURN_UNUSED_VALUES_TO_SEQUENCE
- See Also:
- Constant Field Values
-
OP_EXECUTE_QUERY_DIAGNOSTICS
static final String OP_EXECUTE_QUERY_DIAGNOSTICS
- See Also:
- Constant Field Values
-
OP_GET_OBJECT
static final String OP_GET_OBJECT
- See Also:
- Constant Field Values
-
OP_SEARCH_OBJECTS
static final String OP_SEARCH_OBJECTS
- See Also:
- Constant Field Values
-
OP_SEARCH_OBJECTS_ITERATIVE
static final String OP_SEARCH_OBJECTS_ITERATIVE
- See Also:
- Constant Field Values
-
OP_SEARCH_OBJECTS_ITERATIVE_PAGE
static final String OP_SEARCH_OBJECTS_ITERATIVE_PAGE
- See Also:
- Constant Field Values
-
OP_SEARCH_CONTAINERS
static final String OP_SEARCH_CONTAINERS
- See Also:
- Constant Field Values
-
OP_COUNT_CONTAINERS
static final String OP_COUNT_CONTAINERS
- See Also:
- Constant Field Values
-
OP_SEARCH_REFERENCES
static final String OP_SEARCH_REFERENCES
- See Also:
- Constant Field Values
-
OP_SEARCH_REFERENCES_ITERATIVE
static final String OP_SEARCH_REFERENCES_ITERATIVE
- See Also:
- Constant Field Values
-
OP_SEARCH_REFERENCES_ITERATIVE_PAGE
static final String OP_SEARCH_REFERENCES_ITERATIVE_PAGE
- See Also:
- Constant Field Values
-
OP_COUNT_REFERENCES
static final String OP_COUNT_REFERENCES
- See Also:
- Constant Field Values
-
OP_FETCH_EXT_ITEMS
static final String OP_FETCH_EXT_ITEMS
- See Also:
- Constant Field Values
-
OP_ADD_DIAGNOSTIC_INFORMATION
static final String OP_ADD_DIAGNOSTIC_INFORMATION
- See Also:
- Constant Field Values
-
OP_HAS_CONFLICT
static final String OP_HAS_CONFLICT
- See Also:
- Constant Field Values
-
OP_REPOSITORY_SELF_TEST
static final String OP_REPOSITORY_SELF_TEST
- See Also:
- Constant Field Values
-
OP_TEST_ORG_CLOSURE_CONSISTENCY
static final String OP_TEST_ORG_CLOSURE_CONSISTENCY
- See Also:
- Constant Field Values
-
GET_OBJECT
static final String GET_OBJECT
-
ADD_OBJECT
static final String ADD_OBJECT
-
DELETE_OBJECT
static final String DELETE_OBJECT
-
SEARCH_OBJECTS
static final String SEARCH_OBJECTS
-
SEARCH_CONTAINERS
static final String SEARCH_CONTAINERS
-
COUNT_CONTAINERS
static final String COUNT_CONTAINERS
-
MODIFY_OBJECT
static final String MODIFY_OBJECT
-
COUNT_OBJECTS
static final String COUNT_OBJECTS
-
MODIFY_OBJECT_DYNAMICALLY
static final String MODIFY_OBJECT_DYNAMICALLY
-
GET_VERSION
static final String GET_VERSION
-
SEARCH_OBJECTS_ITERATIVE
static final String SEARCH_OBJECTS_ITERATIVE
-
ADVANCE_SEQUENCE
static final String ADVANCE_SEQUENCE
-
RETURN_UNUSED_VALUES_TO_SEQUENCE
static final String RETURN_UNUSED_VALUES_TO_SEQUENCE
-
EXECUTE_QUERY_DIAGNOSTICS
static final String EXECUTE_QUERY_DIAGNOSTICS
-
ADD_DIAGNOSTIC_INFORMATION
static final String ADD_DIAGNOSTIC_INFORMATION
-
HAS_CONFLICT
static final String HAS_CONFLICT
-
KEY_DIAG_DATA
static final String KEY_DIAG_DATA
- See Also:
- Constant Field Values
-
KEY_ORIGINAL_OBJECT
static final String KEY_ORIGINAL_OBJECT
- See Also:
- Constant Field Values
-
LOGGER
static final Trace LOGGER
-
-
Method Detail
-
getObject
@NotNull <O extends ObjectType> @NotNull PrismObject<O> getObject(Class<O> type, String oid, Collection<SelectorOptions<GetOperationOptions>> options, OperationResult parentResult) throws ObjectNotFoundException, SchemaException
Returns object for provided OID. Must fail if object with the OID does not exist.- Parameters:
oid
- OID of the object to getparentResult
- parent OperationResult (in/out)- Returns:
- Object fetched from repository
- Throws:
ObjectNotFoundException
- requested object does not existSchemaException
- error dealing with storage schemaIllegalArgumentException
- wrong OID format, etc.
-
getVersion
<T extends ObjectType> String getVersion(Class<T> type, String oid, OperationResult parentResult) throws ObjectNotFoundException, SchemaException
Returns object version for provided OID.Must fail if object with the OID does not exist.
This is a supposed to be a very lightweight and cheap operation. It is used to support efficient caching of expensive objects.
- Parameters:
oid
- OID of the object to getparentResult
- parent OperationResult (in/out)- Returns:
- Object version
- Throws:
ObjectNotFoundException
- requested object does not existSchemaException
- error dealing with storage schemaIllegalArgumentException
- wrong OID format, etc.
-
addObject
@NotNull <T extends ObjectType> @NotNull String addObject(@NotNull @NotNull PrismObject<T> object, RepoAddOptions options, @NotNull @NotNull OperationResult parentResult) throws ObjectAlreadyExistsException, SchemaException
Add new object. The OID provided in the input message may be empty. In that case the OID will be assigned by the implementation of this method and it will be provided as return value. This operation should fail if such object already exists (if object with the provided OID already exists). Overwrite is possible ifRepoAddOptions.isOverwrite()
is true, but only for the object of the same type. The operation may fail if provided OID is in an unusable format for the storage. Generating own OIDs and providing them to this method is not recommended for normal operation. Should be atomic. Should not allow creation of two objects with the same OID (even if created in parallel). The operation may fail if the object to be created does not conform to the underlying schema of the storage system or the schema enforced by the implementation. Note: no need for explicit type parameter here. The object parameter contains the information.- Parameters:
object
- object to createparentResult
- parent OperationResult (in/out)- Returns:
- OID assigned to the created object
- Throws:
ObjectAlreadyExistsException
- object with specified identifiers already exists, cannot addSchemaException
- error dealing with storage schema, e.g. schema violationIllegalArgumentException
- wrong OID format, etc.
-
modifyObject
@NotNull <T extends ObjectType> @NotNull ModifyObjectResult<T> modifyObject(@NotNull @NotNull Class<T> type, @NotNull @NotNull String oid, @NotNull @NotNull Collection<? extends ItemDelta<?,?>> modifications, @NotNull @NotNull OperationResult parentResult) throws ObjectNotFoundException, SchemaException, ObjectAlreadyExistsException
Modifies object using relative change description.
Must fail if user with provided OID does not exist. Must fail if any of the described changes cannot be applied. Should be atomic.If two or more modify operations are executed in parallel, the operations should be merged. In case that the operations are in conflict (e.g. one operation adding a value and the other removing the same value), the result is not deterministic.
The operation may fail if the modified object does not conform to the underlying schema of the storage system or the schema enforced by the implementation.
TODO: optimistic locking
Note: the precondition is checked only if actual modification is going to take place (not e.g. if the list of modifications is empty).
- Parameters:
parentResult
- parent OperationResult (in/out)- Throws:
ObjectNotFoundException
- specified object does not existSchemaException
- resulting object would violate the schemaObjectAlreadyExistsException
- if resulting object would have name which already exists in another object of the same typeIllegalArgumentException
- wrong OID format, described change is not applicable
-
modifyObject
@NotNull <T extends ObjectType> @NotNull ModifyObjectResult<T> modifyObject(@NotNull @NotNull Class<T> type, @NotNull @NotNull String oid, @NotNull @NotNull Collection<? extends ItemDelta<?,?>> modifications, @Nullable @Nullable RepoModifyOptions options, @NotNull @NotNull OperationResult parentResult) throws ObjectNotFoundException, SchemaException, ObjectAlreadyExistsException
-
modifyObject
@NotNull <T extends ObjectType> @NotNull ModifyObjectResult<T> modifyObject(@NotNull @NotNull Class<T> type, @NotNull @NotNull String oid, @NotNull @NotNull Collection<? extends ItemDelta<?,?>> modifications, @Nullable @Nullable ModificationPrecondition<T> precondition, @Nullable @Nullable RepoModifyOptions options, @NotNull @NotNull OperationResult parentResult) throws ObjectNotFoundException, SchemaException, ObjectAlreadyExistsException, PreconditionViolationException
-
modifyObjectDynamically
@Experimental @NotNull default <T extends ObjectType> @NotNull ModifyObjectResult<T> modifyObjectDynamically(@NotNull @NotNull Class<T> type, @NotNull @NotNull String oid, @Nullable @Nullable Collection<SelectorOptions<GetOperationOptions>> getOptions, @NotNull @NotNull RepositoryService.ModificationsSupplier<T> modificationsSupplier, @Nullable @Nullable RepoModifyOptions modifyOptions, @NotNull @NotNull OperationResult parentResult) throws ObjectNotFoundException, SchemaException, ObjectAlreadyExistsException
Modifies an object dynamically. This means that the deltas are not provided by the caller, but computed by specified supplier, based on the current object state. This is to allow more complex atomic modifications with low overhead: Instead of calling getObject + compute deltas + modifyObject (with precondition that the object has not changed in the meanwhile) + repeating if the precondition fails, we now simply use modifyObjectDynamically that does all of this within a single DB transaction. BEWARE: Do not use unless really needed. Use modifyObject method instead.- Parameters:
type
- Type of the object to modifyoid
- OID of the object to modifygetOptions
- Options to use when getting the original object statemodificationsSupplier
- Supplier of the modifications (item deltas) to be applied on the objectmodifyOptions
- Options to be used when modifying the objectparentResult
- Operation result into which we put our result- Throws:
ObjectNotFoundException
SchemaException
ObjectAlreadyExistsException
-
deleteObject
@NotNull <T extends ObjectType> @NotNull DeleteObjectResult deleteObject(Class<T> type, String oid, OperationResult parentResult) throws ObjectNotFoundException
Deletes object with specified OID.
Must fail if object with specified OID does not exist. Should be atomic.
- Parameters:
oid
- OID of object to deleteparentResult
- parent OperationResult (in/out)- Throws:
ObjectNotFoundException
- specified object does not existIllegalArgumentException
- wrong OID format, described change is not applicable
-
deleteSimulatedProcessedObjects
@Experimental default ModifyObjectResult<SimulationResultType> deleteSimulatedProcessedObjects(String oid, @Nullable @Nullable String transactionId, OperationResult parentResult) throws SchemaException, ObjectNotFoundException
-
countContainers
<T extends Containerable> int countContainers(Class<T> type, ObjectQuery query, Collection<SelectorOptions<GetOperationOptions>> options, OperationResult parentResult)
-
searchContainers
<T extends Containerable> SearchResultList<T> searchContainers(Class<T> type, ObjectQuery query, Collection<SelectorOptions<GetOperationOptions>> options, OperationResult parentResult) throws SchemaException
Search for "sub-object" structures, i.e. containers.- Throws:
SchemaException
-
countReferences
int countReferences(@Nullable @Nullable ObjectQuery query, @Nullable @Nullable Collection<SelectorOptions<GetOperationOptions>> options, @NotNull @NotNull OperationResult parentResult)
Reference count - currently supporting roleMembershipRef and linkRef search. SeesearchReferences(ObjectQuery, Collection, OperationResult)
for more details.- Parameters:
query
- mandatory query
-
searchReferences
@NotNull @NotNull SearchResultList<ObjectReferenceType> searchReferences(@NotNull @NotNull ObjectQuery query, @Nullable @Nullable Collection<SelectorOptions<GetOperationOptions>> options, @NotNull @NotNull OperationResult parentResult) throws SchemaException
Reference search - currently supporting roleMembershipRef and linkRef search. This returns reference objects extracted from the actual object(s) that own them, but selection of which (and cardinality of the result list) is based on a repository search. Query must not be null and its filter must be: * either a OWNER-BY filter, * or AND filter containing exactly one OWNER-BY filter and optionally one or more REF filters with empty path (self).- Parameters:
query
- mandatory query with exactly one root OWNER-BY and additional REF filters- Throws:
SchemaException
-
searchObjects
@NotNull <T extends ObjectType> @NotNull SearchResultList<PrismObject<T>> searchObjects(@NotNull @NotNull Class<T> type, @Nullable @Nullable ObjectQuery query, @Nullable @Nullable Collection<SelectorOptions<GetOperationOptions>> options, @NotNull @NotNull OperationResult parentResult) throws SchemaException
Search for objects in the repository.
If no search criteria specified, list of all objects of specified type is returned.
Searches through all object types. Returns a list of objects that match search criteria.
Returns empty list if object type is correct but there are no objects of that type. The ordering of the results is not significant and may be arbitrary unless sorting in the paging is used.
Should fail if object type is wrong. Should fail if unknown property is specified in the query.
- Parameters:
query
- search queryparentResult
- parent OperationResult (in/out)- Returns:
- all objects of specified type that match search criteria (subject to paging)
- Throws:
IllegalArgumentException
- wrong object typeSchemaException
- unknown property used in search query
-
countObjects
<T extends ObjectType> int countObjects(Class<T> type, ObjectQuery query, Collection<SelectorOptions<GetOperationOptions>> options, OperationResult parentResult) throws SchemaException
Returns the number of objects that match specified criteria.
If no search criteria specified, count of all objects of specified type is returned.
Should fail if object type is wrong. Should fail if unknown property is specified in the query.
- Parameters:
query
- search queryparentResult
- parent OperationResult (in/out)- Returns:
- count of objects of specified type that match search criteria (subject to paging)
- Throws:
IllegalArgumentException
- wrong object typeSchemaException
- unknown property used in search query
-
searchObjectsIterative
<T extends ObjectType> SearchResultMetadata searchObjectsIterative(Class<T> type, ObjectQuery query, ResultHandler<T> handler, Collection<SelectorOptions<GetOperationOptions>> options, boolean strictlySequential, OperationResult parentResult) throws SchemaException
Search for objects in the repository in an iterative fashion. Searches through all object types. Calls a specified handler for each object found. If no search criteria specified, list of all objects of specified type is returned. Searches through all object types. Returns a list of objects that match search criteria. Returns empty list if object type is correct but there are no objects of that type. The ordering of the results is not significant and may be arbitrary unless sorting in the paging is used. Should fail if object type is wrong. Should fail if unknown property is specified in the query. [NOTE] ==== New repository uses single reliable iteration method similar to strictly sequential paging and supports custom ordering (currently only one). New repository ignores strictlySequential parameter and related get options completely. In old repository there are three iteration methods (see IterationMethodType): - SINGLE_TRANSACTION: Fetches objects in single DB transaction. Not supported for all DBMSs. - SIMPLE_PAGING: Uses the "simple paging" method: takes objects (e.g.) numbered 0 to 49, then 50 to 99, then 100 to 149, and so on. The disadvantage is that if the order of objects is changed during operation (e.g. by inserting/deleting some of them) then some objects can be processed multiple times, where others can be skipped. - STRICTLY_SEQUENTIAL_PAGING: Uses the "strictly sequential paging" method: sorting returned objects by OID. This is (almost) reliable in such a way that no object would be skipped. However, custom paging cannot be used in this mode. If GetOperationOptions.iterationMethod is specified, it is used without any further considerations. Otherwise, the repository configuration determines whether to use SINGLE_TRANSACTION or a paging. In the latter case, strictlySequential flag determines between SIMPLE_PAGING (if false) and STRICTLY_SEQUENTIAL_PAGING (if true). If explicit GetOperationOptions.iterationMethod is not provided, and paging is prescribed, and strictlySequential flag is true and client-provided paging conflicts with the paging used by the iteration method, a warning is issued, and iteration method is switched to SIMPLE_PAGING. ==== Sources of conflicts: - ordering is specified - offset is specified (limit is not a problem)- Parameters:
query
- search queryhandler
- result handlerstrictlySequential
- takes care not to skip any object nor to process objects more than onceparentResult
- parent OperationResult (in/out)- Returns:
- summary information about the search result
- Throws:
IllegalArgumentException
- wrong object typeSchemaException
- unknown property used in search query
-
searchReferencesIterative
@Experimental SearchResultMetadata searchReferencesIterative(@Nullable @Nullable ObjectQuery query, @NotNull @NotNull ObjectHandler<ObjectReferenceType> handler, @Nullable @Nullable Collection<SelectorOptions<GetOperationOptions>> options, @NotNull @NotNull OperationResult parentResult) throws SchemaException
Executes iterative reference search using the provided `handler` to process each references.- Parameters:
query
- search queryhandler
- result handleroptions
- get options to use for the searchparentResult
- parent OperationResult (in/out)- Returns:
- summary information about the search result
- Throws:
SchemaException
-
isDescendant
<O extends ObjectType> boolean isDescendant(PrismObject<O> object, String ancestorOrgOid) throws SchemaException
Returns `true` if the `object` is under the organization identified with `ancestorOrgOid`. The `object` can either be an Org or any other object in which case all the targets of its `parentOrgRefs` are tested. Examples (from the perspective of the first parameter): * User belonging to Org with `ancestorOrgOid` returns true. * Organization under Org with `ancestorOrgOid` returns true (in any depth). * User belonging to Org under another Org with `ancestorOrgOid` returns true (any depth). * Organization with `ancestorOrgOid` returns `false`, as it is not considered to be its own descendant.- Parameters:
object
- object of any type tested to belong under Org with `ancestorOrgOid`ancestorOrgOid
- identifier of ancestor organization- Throws:
SchemaException
-
isAncestor
<O extends ObjectType> boolean isAncestor(PrismObject<O> object, String descendantOrgOid) throws SchemaException
Returns `true` if the `object` is above organization identified with `descendantOrgOid`. Despite type parameter, only `PrismObject` can return `true`. Examples (from the perspective of the first parameter): * Any other type than `Org` used for `object` returns `false`. * Organization being a parent of another organization with `descendantOrgOid` returns `true`. This means that Organization with `descendantOrgOid` has `parentOrgRef` to `object`. * Organization higher in the organization hierarchy than Org with `descendantOrgOid` returns `true`, for any number of levels between them as long as it's possible to traverse from Org identified by `descendantOrgOid` to `object` using any number of `parentOrgRefs`. * Organization with `descendantOrgOid` returns `false`, as it is not considered to be its own ancestor. - Parameters:
object
- potential ancestor organizationdescendantOrgOid
- identifier of potential descendant organization- Throws:
SchemaException
-
searchShadowOwner
@Deprecated default <F extends FocusType> PrismObject<F> searchShadowOwner(String shadowOid, Collection<SelectorOptions<GetOperationOptions>> options, OperationResult parentResult)
Deprecated.TODO: we want to remove this in midScaleReturns the object representing owner of specified shadow.
Implements the backward "owns" association between account shadow and user. Forward association is implemented by linkRef reference in subclasses of FocusType.
Returns null if there is no owner for the shadow.This is a "search" operation even though it may return at most one owner. However the operation implies searching the repository for an owner, which may be less efficient that following a direct association. Hence it is called "search" to indicate that there may be non-negligible overhead.
This method should not die even if the specified shadow does not exist. Even if the shadow is gone, it still may be used in some linkRefs. This method should be able to find objects with such linkRefs otherwise we will not be able to do proper cleanup.
- Parameters:
shadowOid
- OID of shadowparentResult
- parentResult parent OperationResult (in/out)- Returns:
- Object representing owner of specified account (subclass of FocusType)
- Throws:
IllegalArgumentException
- wrong OID format
-
advanceSequence
long advanceSequence(String oid, OperationResult parentResult) throws ObjectNotFoundException, SchemaException
This operation is guaranteed to be atomic. If two threads or even two nodes request a value from the same sequence at the same time then different values will be returned.- Parameters:
oid
- sequence OIDparentResult
- Operation result- Returns:
- next unallocated counter value
- Throws:
ObjectNotFoundException
- the sequence does not existSchemaException
- the sequence cannot produce a value (e.g. maximum counter reached)
-
returnUnusedValuesToSequence
void returnUnusedValuesToSequence(String oid, Collection<Long> unusedValues, OperationResult parentResult) throws ObjectNotFoundException, SchemaException
The sequence may ignore the values, e.g. if value re-use is disabled or when the list of unused values is full. In such a case the values will be ignored silently and no error is indicated.- Parameters:
oid
- sequence OIDunusedValues
- values to returnparentResult
- Operation result- Throws:
ObjectNotFoundException
SchemaException
-
getRepositoryDiag
RepositoryDiag getRepositoryDiag()
Provide repository run-time configuration and diagnostic information. May execute diagnostic query on the database.
-
getRepositoryType
@NotNull @NotNull String getRepositoryType()
Returns short type identifier of the repository implementation. This should be the same asRepositoryDiag.getImplementationShortName()
.
-
isNative
default boolean isNative()
-
supports
boolean supports(@NotNull @NotNull Class<? extends ObjectType> type)
Returns `true` if the given object type is supported.
-
supportsMarks
default boolean supportsMarks()
-
repositorySelfTest
void repositorySelfTest(OperationResult parentResult)
Runs a short, non-destructive repository self test. This methods should never throw a (checked) exception. All the results should be recorded under the provided result structure (including fatal errors).This should implement ONLY self-tests that are IMPLEMENTATION-SPECIFIC. It must not implement self-tests that are generic and applies to all repository implementations. Such self-tests must be implemented in higher layers.
If the repository has no self-tests then the method should return immediately without changing the result structure. It must not throw an exception in this case.
-
testOrgClosureConsistency
void testOrgClosureConsistency(boolean repairIfNecessary, OperationResult testResult)
Checks a closure for consistency, repairing any problems found. This methods should never throw a (checked) exception. All the results should be in the returned result structure (including fatal errors).The current implementation expects closure to be of reasonable size - so it could be fetched into main memory as well as recomputed online (perhaps up to ~250K entries). In future, this method will be reimplemented.
BEWARE, this method locks out the M_ORG_CLOSURE table, so org-related operations would wait until it completes.
TODO this method is SQL service specific; it should be generalized/fixed somehow.
-
executeQueryDiagnostics
RepositoryQueryDiagResponse executeQueryDiagnostics(RepositoryQueryDiagRequest request, OperationResult result)
A bit of hack - execute arbitrary query, e.g. hibernate query in case of SQL repository. Use with all the care!- Parameters:
request
- Diagnostics requestresult
- Operation result- Returns:
- diagnostics response
-
selectorMatches
<O extends ObjectType> boolean selectorMatches(ObjectSelectorType objectSelector, PrismObject<O> object, ObjectFilterExpressionEvaluator filterEvaluator, Trace logger, String logMessagePrefix) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException
-
applyFullTextSearchConfiguration
void applyFullTextSearchConfiguration(FullTextSearchConfigurationType fullTextSearch)
-
getFullTextSearchConfiguration
FullTextSearchConfigurationType getFullTextSearchConfiguration()
-
postInit
void postInit(OperationResult result) throws SchemaException
- Throws:
SchemaException
-
createAndRegisterConflictWatcher
ConflictWatcher createAndRegisterConflictWatcher(@NotNull @NotNull String oid)
-
unregisterConflictWatcher
void unregisterConflictWatcher(ConflictWatcher watcher)
-
hasConflict
boolean hasConflict(ConflictWatcher watcher, OperationResult result)
-
addDiagnosticInformation
<T extends ObjectType> void addDiagnosticInformation(Class<T> type, String oid, DiagnosticInformationType information, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, ObjectAlreadyExistsException
Adds a diagnostic information, honoring cleanup rules (deleting obsolete records).
-
getPerformanceMonitor
PerformanceMonitor getPerformanceMonitor()
-
-