Managed objects in the supported OpenIDM repositories can be
accessed using a parameterized query mechanism. Parameterized
queries on repositories are defined in the repository
configuration (repo.*.json) and are called
by their _queryId.
Parameterized queries provide security and portability for the query call signature, regardless of the back-end implementation. Queries that are exposed over the REST interface must be parameterized queries to guard against injection attacks and other misuse. Queries on the officially supported repositories have been reviewed and hardened against injection attacks.
For system objects, support for parameterized queries is
restricted to _queryId=query-all-ids. There is
currently no support for user-defined parameterized queries on
system objects. Typically, parameterized queries on system objects
are not called directly over the REST interface, but are issued
from internal calls, such as correlation queries.
A typical query definition is as follows:
"query-all-ids" : "select _openidm_id from ${unquoted:_resource}"To call this query, you would reference its ID, as follows:
?_queryId=query-all-ids
The following example calls query-all-ids over
the REST interface:
$ curl
--header "X-OpenIDM-Username: openidm-admin"
--header "X-OpenIDM-Password: openidm-admin"
"http://localhost:8080/openidm/managed/user/?_queryId=query-all-ids"
