Using the search API

Crowd currently supports searching for principals, groups and roles based on search criteria using the SecurityServerClient API. The search criteria is formed as a conjunction of SearchRestrictions, which are essentially name-value String pairs. The name String constants are defined on the SearchContext object.

Searching Principals

It is possible to search for principals using the method:

1
SecurityServerClient.searchPrincipals(SearchRestriction[] searchRestrictions)

This will perform a search on all the directories assigned to your application and return an array of {{SOAPPrincipal}}s matching the search restrictions. The following search restrictions are applicable to principal search:

  • PRINCIPAL_NAME
  • PRINCIPAL_EMAIL
  • PRINCIPAL_ACTIVE (this is currently only supported by internal directories)
  • PRINCIPAL_FULLNAME (this is currently only supported by internal directories)
  • SEARCH_MAX_RESULTS
  • SEARCH_INDEX_START
Example

Suppose we would like to obtain a list of 20 active users from Crowd. This could be achieved by performing the following:

1
2
3
4
5
6
7
8
9
10
11
12
// obtain an instance of the security server client
SecurityServerClient securityServerClient = SecurityServerClientFactory.getSecurityServerClient();

// build search criteria
SearchRestriction[] criteria = new SearchRestriction[2];
criteria[0].setName(SearchContext.PRINCIPAL_ACTIVE);
criteria[0].setValue("true");
criteria[1].setName(SearchContext.SEARCH_MAX_RESULTS);
criteria[1].setValue("20");

// execute search
SOAPPrincipal[] principals = securityServerClient.searchPrincipals(criteria);

Searching Groups and Roles

You can search for groups and roles in a similar manner to searching for principals, by using the following methods:

1
2
SecurityServerClient.searchGroups(SearchRestriction[] searchRestrictions)
SecurityServerClient.searchRoles(SearchRestriction[] searchRestrictions)

The following search restrictions are applicable to Group searches:

  • GROUP_NAME
  • GROUP_ACTIVE (this is currently only supported by internal directories)
  • GROUP_POPULATE_MEMBERSHIPS
  • SEARCH_MAX_RESULTS
  • SEARCH_INDEX_START

The following search restrictions are applicable to Role searches:

  • ROLE_NAME
  • ROLE_ACTIVE (this is currently only supported by internal directories)
  • ROLE_POPULATE_MEMBERSHIPS
  • SEARCH_MAX_RESULTS
  • SEARCH_INDEX_START

Direct Searches

It is possible to perform direct searches to determine if a principal is a member of a group, to list the members of a group, to list the group memberships of a principal, find a principal by their name and much more using methods on the SecurityServerClient interface.