com.tivoli.pd.jadmin
Class PDPolicy

java.lang.Object
  com.tivoli.pd.jutil.PDEnvironmentObject
      com.tivoli.pd.jadmin.PDPolicy

All Implemented Interfaces:

java.io.Serializable, java.lang.Cloneable

public class PDPolicy
extends com.tivoli.pd.jutil.PDEnvironmentObject
implements java.lang.Cloneable

This class represents the policy information associated with a Policy Director user account, or in the case of the global policy, with all user accounts. Policy information includes the following:

• account expiration date
• the amount of time the account is disabled after the maximum number of failed logins
• the maximum number of login failures before the account is disabled
• the maximum number of concurrent web sessions allowed
• the maximum password age
• the maximum number of repeated characters allowed in the password
• the minimum number of alphabetic characters required in the password
• the minimum number of non-alphabetic characters required in the password
• the minimum password length
• whether or not spaces are allowed in the password
• the time-of-day access restrictions placed on the account.

The PDPolicy class is used to set account policy information within the Policy Director Management Server on a global or per-user basis.

Modes: Local,Remote

See Also:

Serialized Form

Field Summary

static java.lang.String	PDPOLICY_GLOBAL_POLICY String constant representing the Policy Directory global policy.
static int	PDPOLICY_TIME_LOCAL Constant indicating local time.
static int	PDPOLICY_TIME_UTC Constant indicating UTC time.
static long	PDPOLICY_TOD_ALL Constant indicating all days.
static long	PDPOLICY_TOD_ANY Constant indicating any day of the week.
static long	PDPOLICY_TOD_FRI Constant indicating Friday.
static long	PDPOLICY_TOD_MON Constant indicating Monday.
static long	PDPOLICY_TOD_SAT Constant indicating Saturday.
static long	PDPOLICY_TOD_SUN Constant indicating Sunday.
static long	PDPOLICY_TOD_THU Constant indicating Thursday.
static long	PDPOLICY_TOD_TUE Constant indicating Tuesday.
static long	PDPOLICY_TOD_WED Constant indicating Wednesday.
static long	PDPOLICY_TOD_WEEKDAY Constant indicating any weekday, Monday - Friday.
static long	PDPOLICY_TOD_WEEKEND Constant indicating any weekend day, Saturday or Sunday.

Constructor Summary

PDPolicy(PDContext context, java.lang.String name, PDMessages messages)
Creates a representation of the policy that applies to the specified user.

Method Summary

boolean	acctDisableTimeEnforced() Returns an indicator from this object whether or not the account disable time interval policy is enforced.
boolean	acctDisableTimeUnlimited() Returns an indicator from this object whether or not the account disable time interval policy is unlimited.
boolean	acctExpDateEnforced() Returns an indicator from this object whether or not the account expiration date policy is enforced.
boolean	acctExpDateUnlimited() Returns an indicator from this object whether or not the account expiration date policy is unlimited.
java.lang.Object	clone() Returns a copy of this object.
boolean	equals(java.lang.Object obj) Determines whether this PDPolicy is equivalent to the input object.
long	getAccessEndTime() Returns the end time of the access period for the user account (or all user accounts in the case of the global policy) from this object.
long	getAccessibleDays() Returns a bit map of the accessible days for the user account (or all user accounts in the case of the global policy) from this object.
long	getAccessStartTime() Returns the start time of the access period for the user account (or all user accounts in the case of the global policy) from this object.
long	getAccessTimezone() Returns the access period timezone for the user account (or all user accounts in the case of the global policy) from this object.
long	getAcctDisableTimeInterval() Returns the account disable time interval for the user account (or all user accounts in the case of the global policy) from this object.
java.util.Date	getAcctExpDate() Returns the account expiration date for the user account (or all user accounts in the case of the global policy) from this object.
java.lang.String	getId() Returns the user name from this object.
int	getMaxConcurrentWebSessions() Returns the maximum concurrent web sessions allowed for the user account (or all user accounts in the case of the global policy) from this object.
int	getMaxFailedLogins() Returns the maximum login failures allowed for the user account (or all user accounts in the case of the global policy) from this object.
long	getMaxPwdAge() Returns the maximum password age, in seconds, for this account (or all user account passwords in the case of the global policy).
int	getMaxPwdRepChars() Returns the maximum number of repeated characters allowed for the user account password (or all user account passwords in the case of the global policy) from this object.
int	getMinPwdAlphas() Returns the minimum number of alphabetic characters required for the user account password (or all user account passwords in the case of the global policy) from this object.
int	getMinPwdLen() Returns the minimum length required for the user account password (or all user account passwords in the case of the global policy) from this object.
int	getMinPwdNonAlphas() Returns the minimum number of non-alphabetic characters required for the user account password (or all user account passwords in the case of the global policy) from this object.
boolean	maxConcurrentWebSessionsDisplaced() Returns an indicator from this object whether or not the maximum concurrent web sessions policy is set to "displace".
boolean	maxConcurrentWebSessionsEnforced() Returns an indicator from this object whether or not the maximum concurrent web sessions policy is enforced.
boolean	maxConcurrentWebSessionsUnlimited() Returns an indicator from this object whether or not the maximum concurrent web sessions policy is set to "unlimited".
boolean	maxFailedLoginsEnforced() Returns an indicator from this object whether or not the maximum failed login policy is enforced.
boolean	maxPwdAgeEnforced() Returns an indicator from this object whether or not the maximum password age policy is enforced.
boolean	maxPwdRepCharsEnforced() Returns an indicator from this object whether or not the password maximum repeated characters policy is enforced.
boolean	minPwdAlphasEnforced() Returns an indicator from this object whether or not the password minimum alphabetic characters required policy is enforced.
boolean	minPwdLenEnforced() Returns an indicator from this object whether or not the password minimum length required policy is enforced.
boolean	minPwdNonAlphasEnforced() Returns an indicator from this object whether or not the password minimum non-alphabetic characters required policy is enforced.
boolean	pwdSpacesAllowed() Returns an indicator whether or not spaces are allowed for the user account password (or all user account passwords in the case of global policy) from this object.
boolean	pwdSpacesAllowedEnforced() Returns an indicator from this object whether or not the password spaces allowed policy is enforced.
void	setAcctDisableTime(PDContext context, long disableTime, boolean unlimited, boolean enforce, PDMessages messages) Sets the time to disable the user account (or all user accounts in the case of the global policy) when the maximum number of login failures is exceeded.
static void	setAcctDisableTime(PDContext context, java.lang.String name, long disableTime, boolean unlimited, boolean enforce, PDMessages messages) Sets the time to disable the specified user account (or all user accounts in the case of the global policy) when the maximum number of login failures is exceeded.
void	setAcctExpDate(PDContext context, java.util.Date date, boolean unlimited, boolean enforce, PDMessages messages) Sets the account expiration date for the user account (or all user accounts in the case of the global policy).
static void	setAcctExpDate(PDContext context, java.lang.String name, java.util.Date date, boolean unlimited, boolean enforce, PDMessages messages) Sets the account expiration date for the specified user account (or all user accounts in the case of the global policy).
void	setMaxConcurrentWebSessions(PDContext context, int maxConcurrentWebSessions, boolean enforce, boolean displace, boolean unlimited, PDMessages messages) Sets the maximum concurrent web sessions allowed for the user account (or all user accounts in the case of the global policy).
static void	setMaxConcurrentWebSessions(PDContext context, java.lang.String name, int maxConcurrentWebSessions, boolean enforce, boolean displace, boolean unlimited, PDMessages messages) Sets the maximum concurrent web sessions allowed for the user account (or all user accounts in the case of the global policy).
void	setMaxFailedLogins(PDContext context, int maxFailedLogins, boolean enforce, PDMessages messages) Sets the maximum login failures allowed for the user account (or all user accounts in the case of the global policy).
static void	setMaxFailedLogins(PDContext context, java.lang.String name, int maxFailedLogins, boolean enforce, PDMessages messages) Sets the maximum login failures allowed for the user account (or all user accounts in the case of the global policy).
void	setMaxPwdAge(PDContext context, long age, boolean enforce, PDMessages messages) Sets the maximum password age for the user account password (or all user account passwords in the case of the global policy).
static void	setMaxPwdAge(PDContext context, java.lang.String name, long age, boolean enforce, PDMessages messages) Sets the maximum password age for the specified user account password (or all user account passwords in the case of the global policy).
void	setMaxPwdRepChars(PDContext context, int maxChars, boolean enforce, PDMessages messages) Sets the maximum number of repeated characters allowed in the user account password (or all user account passwords in the case of the global policy).
static void	setMaxPwdRepChars(PDContext context, java.lang.String name, int maxChars, boolean enforce, PDMessages messages) Sets the maximum number of repeated characters allowed in the specified user account password (or all user account passwords in the case of the global policy).
void	setMinPwdAlphas(PDContext context, int minAlphas, boolean enforce, PDMessages messages) Sets the minimum number of alphabetic characters required in the user account password (or all user account passwords in the case of the global policy).
static void	setMinPwdAlphas(PDContext context, java.lang.String name, int minAlphas, boolean enforce, PDMessages messages) Sets the minimum number of alphabetic characters required in the specified user account password (or all user account passwords in the case of the global policy).
void	setMinPwdLen(PDContext context, int minLen, boolean enforce, PDMessages messages) Sets the minimum length for the user account password (or all user account passwords in the case of the global policy).
static void	setMinPwdLen(PDContext context, java.lang.String name, int minLen, boolean enforce, PDMessages messages) Sets the minimum length for specified user account password (or all user account passwords in the case of the global policy).
void	setMinPwdNonAlphas(PDContext context, int minNonAlphas, boolean enforce, PDMessages messages) Sets the minimum number of non-alphabetic characters required in the user account password (or all user account passwords in the case of the global policy).
static void	setMinPwdNonAlphas(PDContext context, java.lang.String name, int minNonAlphas, boolean enforce, PDMessages messages) Sets the minimum number of non-alphabetic characters required in the specified user account password (or all user account passwords in the case of the global policy).
void	setPwdSpacesAllowed(PDContext context, boolean spacesAllowed, boolean enforce, PDMessages messages) Sets whether or not spaces are allowed in the user account password (or all user account passwords in the case of the global policy).
static void	setPwdSpacesAllowed(PDContext context, java.lang.String name, boolean spacesAllowed, boolean enforce, PDMessages messages) Sets whether or not spaces are allowed in the specified user account password (or all user account passwords in the case of the global policy).
void	setTodAccess(PDContext context, long days, long startTime, long endTime, int timezone, boolean enforce, PDMessages messages) Sets the time-of-day access policy for the user account (or all user accounts in the case of the global policy).
static void	setTodAccess(PDContext context, java.lang.String name, long days, long startTime, long endTime, int timezone, boolean enforce, PDMessages messages) Sets the time-of-day access policy for the specified user account (or all user accounts in the case of the global policy).
boolean	todAccessEnforced() Returns an indicator from this object whether or not the time-of-day access policy is enforced.
java.lang.String	toString() Returns a String representation of this object.

Methods inherited from class com.tivoli.pd.jutil.PDEnvironmentObject

getContext, setContext

Methods inherited from class java.lang.Object

getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

PDPOLICY_GLOBAL_POLICY

public static final java.lang.String PDPOLICY_GLOBAL_POLICY

String constant representing the Policy Directory global policy.

See Also:

Constant Field Values

PDPOLICY_TIME_LOCAL

public static final int PDPOLICY_TIME_LOCAL

Constant indicating local time.

See Also:

Constant Field Values

PDPOLICY_TIME_UTC

public static final int PDPOLICY_TIME_UTC

Constant indicating UTC time.

See Also:

Constant Field Values

PDPOLICY_TOD_ANY

public static final long PDPOLICY_TOD_ANY

Constant indicating any day of the week.

See Also:

Constant Field Values

PDPOLICY_TOD_SUN

public static final long PDPOLICY_TOD_SUN

Constant indicating Sunday.

See Also:

Constant Field Values

PDPOLICY_TOD_MON

public static final long PDPOLICY_TOD_MON

Constant indicating Monday.

See Also:

Constant Field Values

PDPOLICY_TOD_TUE

public static final long PDPOLICY_TOD_TUE

Constant indicating Tuesday.

See Also:

Constant Field Values

PDPOLICY_TOD_WED

public static final long PDPOLICY_TOD_WED

Constant indicating Wednesday.

See Also:

Constant Field Values

PDPOLICY_TOD_THU

public static final long PDPOLICY_TOD_THU

Constant indicating Thursday.

See Also:

Constant Field Values

PDPOLICY_TOD_FRI

public static final long PDPOLICY_TOD_FRI

Constant indicating Friday.

See Also:

Constant Field Values

PDPOLICY_TOD_SAT

public static final long PDPOLICY_TOD_SAT

Constant indicating Saturday.

See Also:

Constant Field Values

PDPOLICY_TOD_ALL

public static final long PDPOLICY_TOD_ALL

Constant indicating all days.

See Also:

Constant Field Values

PDPOLICY_TOD_WEEKDAY

public static final long PDPOLICY_TOD_WEEKDAY

Constant indicating any weekday, Monday - Friday.

See Also:

Constant Field Values

PDPOLICY_TOD_WEEKEND

public static final long PDPOLICY_TOD_WEEKEND

Constant indicating any weekend day, Saturday or Sunday.

See Also:

Constant Field Values

Constructor Detail

PDPolicy

public PDPolicy(PDContext context,
                java.lang.String name,
                PDMessages messages)
         throws PDException

Creates a representation of the policy that applies to the specified user. To return the Policy Director global policy, the input name must be PDPolicy.PDPOLICY_GLOBAL_POLICY.

Parameters:

context - the context for communicating with the Policy Director Management Server.

name - the name of the Policy Director user whose policy is to be returned. This name may not be null and must have a non-zero length. An input name of PDPolicy.PDPOLICY_GLOBAL_POLICY returns the Policy Director global policy.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

Method Detail

getId

public java.lang.String getId()
                       throws PDException

Returns the user name from this object.

Throws:

PDException

getMaxFailedLogins

public int getMaxFailedLogins()
                       throws PDException

Returns the maximum login failures allowed for the user account (or all user accounts in the case of the global policy) from this object. A return value of zero may mean that the maximum login failures policy for this account is not enforced.

This method corresponds to the ivadmin_context_getmaxlgnfails() and ivadmin_user_getmaxlgnfails() C APIs.

Throws:

PDException

setMaxFailedLogins

public void setMaxFailedLogins(PDContext context,
                               int maxFailedLogins,
                               boolean enforce,
                               PDMessages messages)
                        throws PDException

Sets the maximum login failures allowed for the user account (or all user accounts in the case of the global policy). This change affects both the current object and the data in the Policy Director Management Server.

This method corresponds to the ivadmin_context_setmaxlgnfails() and ivadmin_user_setmaxlgnfails() C APIs.

Parameters:

context - the context for communicating with the Policy Director Management Server.

maxFailedLogins - the maximum number of login failures allowed. This must be a non-negative number. This argument is ignored if the enforce argument is false.

enforce - if true, the policy is enforced; if false, the policy is not enforced.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

maxFailedLoginsEnforced

public boolean maxFailedLoginsEnforced()
                                throws PDException

Returns an indicator from this object whether or not the maximum failed login policy is enforced.

Throws:

PDException

getMaxConcurrentWebSessions

public int getMaxConcurrentWebSessions()
                                throws PDException

Returns the maximum concurrent web sessions allowed for the user account (or all user accounts in the case of the global policy) from this object. Note that for max concurrent web sessions a return value of 0 means no sessions are allowed for the user -- it means that the policy was specifically set to 0 previously. (This differs from policy for max login failures where 0 may mean that the policy is not enforced).

This method corresponds to the ivadmin_context_getmaxconcurrentwebsess() and ivadmin_user_getmaxconcurrentwebsess() C APIs.

Throws:

PDException

maxConcurrentWebSessionsEnforced

public boolean maxConcurrentWebSessionsEnforced()
                                         throws PDException

Returns an indicator from this object whether or not the maximum concurrent web sessions policy is enforced.

Throws:

PDException

maxConcurrentWebSessionsDisplaced

public boolean maxConcurrentWebSessionsDisplaced()
                                          throws PDException

Returns an indicator from this object whether or not the maximum concurrent web sessions policy is set to "displace".

Throws:

PDException

maxConcurrentWebSessionsUnlimited

public boolean maxConcurrentWebSessionsUnlimited()
                                          throws PDException

Returns an indicator from this object whether or not the maximum concurrent web sessions policy is set to "unlimited".

Throws:

PDException

setMaxConcurrentWebSessions

public void setMaxConcurrentWebSessions(PDContext context,
                                        int maxConcurrentWebSessions,
                                        boolean enforce,
                                        boolean displace,
                                        boolean unlimited,
                                        PDMessages messages)
                                 throws PDException

Sets the maximum concurrent web sessions allowed for the user account (or all user accounts in the case of the global policy). This change affects both the current object and the data in the Policy Director Management Server.

This method corresponds to the ivadmin_context_setmaxconcurrentwebsess() and ivadmin_user_setmaxconcurrentwebsess() C APIs.

Parameters:

context - the context for communicating with the Policy Director Management Server.

maxConcurrentWebSessions - the maximum number of concurrent web sessions allowed. This must be a non-negative number greater than 0. This argument is ignored if the enforce argument is false. Where n: =1 means only one session allowed, no displacement >=2 means n concurrent sessions and no displacement

enforce - if true, the policy is enforced; if false, the policy is not enforced.

displace - if true, any concurrent web sessions is displaced

unlimited - if true, any number of concurrent web sessions are allowed

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

getAcctExpDate

public java.util.Date getAcctExpDate()
                              throws PDException

Returns the account expiration date for the user account (or all user accounts in the case of the global policy) from this object. A null return value may mean that the account expiration date policy is not enforced for this account or that the account expiration date is unlimited.

This method corresponds to the ivadmin_context_getaccexpdate() and ivadmin_user_getaccexpdate() C APIs.

Throws:

PDException

acctExpDateEnforced

public boolean acctExpDateEnforced()
                            throws PDException

Returns an indicator from this object whether or not the account expiration date policy is enforced.

Throws:

PDException

acctExpDateUnlimited

public boolean acctExpDateUnlimited()
                             throws PDException

Returns an indicator from this object whether or not the account expiration date policy is unlimited. A return value of false may mean that the account expiration date policy is not enforced for this account or that the account has a specific expiration date set.

Throws:

PDException

setAcctExpDate

public void setAcctExpDate(PDContext context,
                           java.util.Date date,
                           boolean unlimited,
                           boolean enforce,
                           PDMessages messages)
                    throws PDException

Sets the account expiration date for the user account (or all user accounts in the case of the global policy). This change affects both the current object and the data in the Policy Director Management Server.

This method corresponds to the ivadmin_context_setaccexpdate() and ivadmin_user_setaccexpdate() C APIs.

Parameters:

context - the context for communicating with the Policy Director Management Server.

date - the date and time the account will expire. This date must be between the current date and time and 2035-12-31-23:59:59. Note that a Date object can be defined in terms of milliseconds since epoch (January 1, 1970, 00:00:00 GMT); the argument is rounded up or down to the nearest second, so the actual account expiration date set may differ slightly from the input value. This argument is ignored if the unlimited argument is true or the enforce argument is false.

unlimited - if true, do not expire the user account; if false, expire the account on the date specified by the date argument. This argument is ignored if the enforce argument is false.

enforce - if true, the policy is enforced; if false, the policy is not enforced.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

getAcctDisableTimeInterval

public long getAcctDisableTimeInterval()
                                throws PDException

Returns the account disable time interval for the user account (or all user accounts in the case of the global policy) from this object. This is the amount of time (in seconds) an account is disabled if the maximum number of login failures is exceeded. A return value of zero may mean that the account disable time interval policy is not enforced for the account or that the account disable time interval has been set to unlimited.

This method corresponds to the ivadmin_context_getdisabletimeint() and ivadmin_user_getdisabletimeint() C APIs.

Throws:

PDException

acctDisableTimeEnforced

public boolean acctDisableTimeEnforced()
                                throws PDException

Returns an indicator from this object whether or not the account disable time interval policy is enforced.

Throws:

PDException

acctDisableTimeUnlimited

public boolean acctDisableTimeUnlimited()
                                 throws PDException

Returns an indicator from this object whether or not the account disable time interval policy is unlimited. Disabled accounts with unlimited disable time intervals require an administrator to enable them. A return value of false may mean that the account disable time interval policy is not enforced for the account or that the account disable time interval has been set to a specific value.

Throws:

PDException

setAcctDisableTime

public void setAcctDisableTime(PDContext context,
                               long disableTime,
                               boolean unlimited,
                               boolean enforce,
                               PDMessages messages)
                        throws PDException

Sets the time to disable the user account (or all user accounts in the case of the global policy) when the maximum number of login failures is exceeded. This change affects both the current object and the data in the Policy Director Management Server.

This method corresponds to the ivadmin_context_setdisabletimeint() and ivadmin_user_setdisabletimeint() C APIs.

Parameters:

context - the context for communicating with the Policy Director Management Server.

disableTime - the number of seconds to disable the user account when the maximum number of failed logins is exceeded. This value must be non-negative. A disableTime value of zero is equivalent to an unlimited value of true. This argument is ignored if the unlimited argument is true or the enforce argument is false.

unlimited - if true, disable the user account when the maximum number of failed logins is exceeded; if false, disable the user account for the time interval specified by the disableTime argument. This argument is ignored if the enforce argument is false.

enforce - if true, the policy is enforced; if false, the policy is not enforced.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

pwdSpacesAllowed

public boolean pwdSpacesAllowed()
                         throws PDException

Returns an indicator whether or not spaces are allowed for the user account password (or all user account passwords in the case of global policy) from this object. A return value of false may mean that the password spaces allowed policy for this account is not enforced.

This method corresponds to the ivadmin_context_getpwdspaces() and ivadmin_user_getpwdspaces() C APIs.

Throws:

PDException

pwdSpacesAllowedEnforced

public boolean pwdSpacesAllowedEnforced()
                                 throws PDException

Returns an indicator from this object whether or not the password spaces allowed policy is enforced.

Throws:

PDException

setPwdSpacesAllowed

public void setPwdSpacesAllowed(PDContext context,
                                boolean spacesAllowed,
                                boolean enforce,
                                PDMessages messages)
                         throws PDException

Sets whether or not spaces are allowed in the user account password (or all user account passwords in the case of the global policy). This change affects both the current object and the data in the Policy Director Management Server.

This method corresponds to the ivadmin_context_setpwdspaces() and ivadmin_user_setpwdspaces() C APIs.

Parameters:

context - the context for communicating with the Policy Director Management Server.

spacesAllowed - if true, allow spaces in the user password; if false, disallow spaces. This argument is ignored if the enforce argument is false.

enforce - if true, the policy is enforced; if false, the policy is not enforced.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

getMaxPwdAge

public long getMaxPwdAge()
                  throws PDException

Returns the maximum password age, in seconds, for this account (or all user account passwords in the case of the global policy). A return value of 0 means that the password expiration policy for this account is not enforced.

This method corresponds to the ivadmin_context_getmaxpwdage() and ivadmin_user_getmaxpwdage() C APIs.

Returns:

the time, in seconds, before password expiration. This time is relative to the last time the user's password was changed.

Throws:

PDException

maxPwdAgeEnforced

public boolean maxPwdAgeEnforced()
                          throws PDException

Returns an indicator from this object whether or not the maximum password age policy is enforced.

Throws:

PDException

setMaxPwdAge

public void setMaxPwdAge(PDContext context,
                         long age,
                         boolean enforce,
                         PDMessages messages)
                  throws PDException

Sets the maximum password age for the user account password (or all user account passwords in the case of the global policy). This change affects both the current object and the data in the Policy Director Management Server.

This method corresponds to the ivadmin_context_setmaxpwdage() and ivadmin_user_setmaxpwdage() C APIs.

Parameters:

context - the context for communicating with the Policy Director Management Server.

age - the maximum age for the password. This is the number of seconds that the password will remain unexpired from the last time it was changed. The maximum password age is typically set immediately after the password is changed. The value must be greater than or equal to 0. When set to 0 the password will not expire. This argument is ignored if the enforce argument is false.

enforce - if true, the policy is enforced; if false, the policy is not enforced.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

getMaxPwdRepChars

public int getMaxPwdRepChars()
                      throws PDException

Returns the maximum number of repeated characters allowed for the user account password (or all user account passwords in the case of the global policy) from this object. A return value of zero may mean that the maximum repeated characters policy for this account is not enforced.

This method corresponds to the ivadmin_context_getmaxpwdrepchars() and ivadmin_user_getmaxpwdrepchars() C APIs.

Throws:

PDException

maxPwdRepCharsEnforced

public boolean maxPwdRepCharsEnforced()
                               throws PDException

Returns an indicator from this object whether or not the password maximum repeated characters policy is enforced.

Throws:

PDException

setMaxPwdRepChars

public void setMaxPwdRepChars(PDContext context,
                              int maxChars,
                              boolean enforce,
                              PDMessages messages)
                       throws PDException

Sets the maximum number of repeated characters allowed in the user account password (or all user account passwords in the case of the global policy). This change affects both the current object and the data in the Policy Director Management Server.

This method corresponds to the ivadmin_context_setmaxpwdrepchars() and ivadmin_user_setmaxpwdrepchars() C APIs.

Parameters:

context - the context for communicating with the Policy Director Management Server.

maxChars - the maximum number of repeated characters allowed in the password. This value must be non-negative. This argument is ignored if the enforce argument is false.

enforce - if true, the policy is enforced; if false, the policy is not enforced.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

getMinPwdAlphas

public int getMinPwdAlphas()
                    throws PDException

Returns the minimum number of alphabetic characters required for the user account password (or all user account passwords in the case of the global policy) from this object. A return value of zero may mean that the minimum alphabetic characters policy for this account is not enforced.

This method corresponds to the ivadmin_context_getminpwdalphas() and ivadmin_user_getminpwdalphas() C APIs.

Throws:

PDException

minPwdAlphasEnforced

public boolean minPwdAlphasEnforced()
                             throws PDException

Returns an indicator from this object whether or not the password minimum alphabetic characters required policy is enforced.

Throws:

PDException

setMinPwdAlphas

public void setMinPwdAlphas(PDContext context,
                            int minAlphas,
                            boolean enforce,
                            PDMessages messages)
                     throws PDException

Sets the minimum number of alphabetic characters required in the user account password (or all user account passwords in the case of the global policy). This change affects both the current object and the data in the Policy Director Management Server.

This method corresponds to the ivadmin_context_setminpwdalphas() and ivadmin_user_setminpwdalphas() C APIs.

Parameters:

context - the context for communicating with the Policy Director Management Server.

minAlphas - the minimum number of alphabetic characters required in the password. This value must be non-negative. This argument is ignored if the enforce argument is false.

enforce - if true, the policy is enforced; if false, the policy is not enforced.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

getMinPwdNonAlphas

public int getMinPwdNonAlphas()
                       throws PDException

Returns the minimum number of non-alphabetic characters required for the user account password (or all user account passwords in the case of the global policy) from this object. A return value of zero may mean that the minimum non-alphabetic characters policy for this account is not enforced.

This method corresponds to the ivadmin_context_getminpwdnonalphas() and ivadmin_user_getminpwdnonalphas() C APIs.

Throws:

PDException

minPwdNonAlphasEnforced

public boolean minPwdNonAlphasEnforced()
                                throws PDException

Returns an indicator from this object whether or not the password minimum non-alphabetic characters required policy is enforced.

Throws:

PDException

setMinPwdNonAlphas

public void setMinPwdNonAlphas(PDContext context,
                               int minNonAlphas,
                               boolean enforce,
                               PDMessages messages)
                        throws PDException

Sets the minimum number of non-alphabetic characters required in the user account password (or all user account passwords in the case of the global policy). This change affects both the current object and the data in the Policy Director Management Server.

This method corresponds to the ivadmin_context_setminpwdnonalphas() and ivadmin_user_setminpwdnonalphas() C APIs.

Parameters:

context - the context for communicating with the Policy Director Management Server.

minNonAlphas - the minimum number of non-alphabetic characters required in the password. This value must be non-negative. This argument is ignored if the enforce argument is false.

enforce - if true, the policy is enforced; if false, the policy is not enforced.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

getMinPwdLen

public int getMinPwdLen()
                 throws PDException

Returns the minimum length required for the user account password (or all user account passwords in the case of the global policy) from this object. A return value of zero may mean that the minimum password length policy for this account is not enforced.

This method corresponds to the ivadmin_context_getminpwdlen() and ivadmin_user_getminpwdlen() C APIs.

Throws:

PDException

minPwdLenEnforced

public boolean minPwdLenEnforced()
                          throws PDException

Returns an indicator from this object whether or not the password minimum length required policy is enforced.

Throws:

PDException

setMinPwdLen

public void setMinPwdLen(PDContext context,
                         int minLen,
                         boolean enforce,
                         PDMessages messages)
                  throws PDException

Sets the minimum length for the user account password (or all user account passwords in the case of the global policy). This change affects both the current object and the data in the Policy Director Management Server.

This method corresponds to the ivadmin_context_setminpwdlen() and ivadmin_user_setminpwdlen() C APIs.

Parameters:

context - the context for communicating with the Policy Director Management Server.

minLen - the minimum length required for the password. This value must be greater than 0. This argument is ignored if the enforce argument is false.

enforce - if true, the policy is enforced; if false, the policy is not enforced.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

getAccessibleDays

public long getAccessibleDays()
                       throws PDException

Returns a bit map of the accessible days for the user account (or all user accounts in the case of the global policy) from this object. This bitmap may be zero if the time-of-day access policy for this account is not enforced.

This method corresponds to the ivadmin_context_gettodaccess() and ivadmin_user_gettodaccess() C APIs.

Returns:

a bitmap of the days the account is accessible. This bitmap can be compared to the access days constants to determine exactly which days are accessible.

Throws:

PDException

getAccessStartTime

public long getAccessStartTime()
                        throws PDException

Returns the start time of the access period for the user account (or all user accounts in the case of the global policy) from this object. This is the number of minutes after midnight on accessible days that a user can access his account. The return value may be zero if the time-of-day access policy for this account is not enforced.

This method corresponds to the ivadmin_context_gettodaccess() and ivadmin_user_gettodaccess() C APIs.

Returns:

the number of minutes after midnight, on accessible days, at which the access period begins.

Throws:

PDException

getAccessEndTime

public long getAccessEndTime()
                      throws PDException

Returns the end time of the access period for the user account (or all user accounts in the case of the global policy) from this object. This is the number of minutes after midnight on accessible days that a user can no longer access his account. The return value may be zero if the time-of-day access policy for this account is not enforced.

This method corresponds to the ivadmin_context_gettodaccess() and ivadmin_user_gettodaccess() C APIs.

Returns:

the number of minutes after midnight, on accessible days, at which the access period ends.

Throws:

PDException

getAccessTimezone

public long getAccessTimezone()
                       throws PDException

Returns the access period timezone for the user account (or all user accounts in the case of the global policy) from this object. The returned constant will be one of PDPOLICY_TIME_LOCAL which means the access period is relative to the local time on the policy server, or PDPOLICY_TIME_UTC which means the access period is relative to UTC time.

This method corresponds to the ivadmin_context_gettodaccess() and ivadmin_user_gettodaccess() C APIs.

Returns:

the timezone in which the access period is defined.

Throws:

PDException

todAccessEnforced

public boolean todAccessEnforced()
                          throws PDException

Returns an indicator from this object whether or not the time-of-day access policy is enforced.

Throws:

PDException

setTodAccess

public void setTodAccess(PDContext context,
                         long days,
                         long startTime,
                         long endTime,
                         int timezone,
                         boolean enforce,
                         PDMessages messages)
                  throws PDException

Sets the time-of-day access policy for the user account (or all user accounts in the case of the global policy). This change affects both the current object and the data in the Policy Director Management Server.

This method corresponds to the ivadmin_context_settodaccess() and ivadmin_user_settodaccess() C APIs.

Parameters:

context - the context for communicating with the Policy Director Management Server.

days - a bitmap of the days for the time-of-day policy as specified by the access days constants. This argument is ignored if the enforce argument is false.

startTime - the minutes after midnight for the start of the access period. This must be a value between 0 and (endTime - 1), inclusive. This argument is ignored if the enforce argument is false.

endTime - the minutes after midnight for the end of the access period. This must be a value between 1 and 1439 (the number of minutes, less one, that are in 24 hours), inclusive. This argument is ignored if the enforce argument is false.

timezone - the timezone: UTC or local, as specified by the timezone constants. This argument is ignored if the enforce argument is false.

enforce - if true, the policy is enforced; if false, the policy is not enforced.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

toString

public java.lang.String toString()

Returns a String representation of this object.

Overrides:

toString in class java.lang.Object

clone

public java.lang.Object clone()

Returns a copy of this object.

Overrides:

clone in class java.lang.Object

equals

public boolean equals(java.lang.Object obj)

Determines whether this PDPolicy is equivalent to the input object. This method does not check the account that either policy applies to.

Overrides:

equals in class java.lang.Object

setMaxFailedLogins

public static void setMaxFailedLogins(PDContext context,
                                      java.lang.String name,
                                      int maxFailedLogins,
                                      boolean enforce,
                                      PDMessages messages)
                               throws PDException

Sets the maximum login failures allowed for the user account (or all user accounts in the case of the global policy). This change affects only data in the Policy Director Management Server.

This method corresponds to the ivadmin_context_setmaxlgnfails() and ivadmin_user_setmaxlgnfails() C APIs.

Parameters:

context - the context for communicating with the Policy Director Management Server.

name - the name of the Policy Director user. Use PDPOLICY_GLOBAL_POLICY if the global policy is to be changed.

maxFailedLogins - the maximum number of login failures allowed. This must be a non-negative number. This argument is ignored if the enforce argument is false.

enforce - if true, the policy is enforced; if false, the policy is not enforced.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

setMaxConcurrentWebSessions

public static void setMaxConcurrentWebSessions(PDContext context,
                                               java.lang.String name,
                                               int maxConcurrentWebSessions,
                                               boolean enforce,
                                               boolean displace,
                                               boolean unlimited,
                                               PDMessages messages)
                                        throws PDException

Sets the maximum concurrent web sessions allowed for the user account (or all user accounts in the case of the global policy). This method affects *ONLY* the Policy Director Management Server. Parameters same as above setMaxConcurrentWebSessions() method Except this method has following additional paramter

Parameters:

name - the name of the Policy Director user. Use PDPOLICY_GLOBAL_POLICY if the global policy is to be

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

setAcctExpDate

public static void setAcctExpDate(PDContext context,
                                  java.lang.String name,
                                  java.util.Date date,
                                  boolean unlimited,
                                  boolean enforce,
                                  PDMessages messages)
                           throws PDException

Sets the account expiration date for the specified user account (or all user accounts in the case of the global policy). This change affects only data in the Policy Director Management Server.

This method corresponds to the ivadmin_context_setaccexpdate() and ivadmin_user_setaccexpdate() C APIs.

Parameters:

context - the context for communicating with the Policy Director Management Server.

name - the name of the Policy Director user. Use PDPOLICY_GLOBAL_POLICY if the global policy is to be changed.

date - the date and time the account will expire. This date must be between the current date and time and 2035-12-31-23:59:59. Note that a Date object can be defined in terms of milliseconds since epoch (January 1, 1970, 00:00:00 GMT); the argument is rounded up or down to the nearest second, so the actual account expiration date set may differ slightly from the input value. This argument is ignored if the unlimited argument is true or the enforce argument is false.

unlimited - if true, do not expire the specified user account; if false, expire the account on the date specified by the date argument. This argument is ignored if the enforce argument is false.

enforce - if true, the policy is enforced; if false, the policy is not enforced.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

setAcctDisableTime

public static void setAcctDisableTime(PDContext context,
                                      java.lang.String name,
                                      long disableTime,
                                      boolean unlimited,
                                      boolean enforce,
                                      PDMessages messages)
                               throws PDException

Sets the time to disable the specified user account (or all user accounts in the case of the global policy) when the maximum number of login failures is exceeded. This change affects only data in the Policy Director Management Server.

This method corresponds to the ivadmin_context_setdisabletimeint() and ivadmin_user_setdisabletimeint() C APIs.

Parameters:

context - the context for communicating with the Policy Director Management Server.

name - the name of the Policy Director user. Use PDPOLICY_GLOBAL_POLICY if the global policy is to be changed.

disableTime - the number of seconds to disable the user account when the maximum number of failed logins is exceeded. This value must be non-negative. A disableTime value of zero is equivalent to an unlimited value of true. This argument is ignored if the unlimited argument is true or the enforce argument is false.

unlimited - if true, disable the user account when the maximum number of failed logins is exceeded; if false, disable the user account for the time interval specified by the disableTime argument. This argument is ignored if the enforce argument is false.

enforce - if true, the policy is enforced; if false, the policy is not enforced.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

setPwdSpacesAllowed

public static void setPwdSpacesAllowed(PDContext context,
                                       java.lang.String name,
                                       boolean spacesAllowed,
                                       boolean enforce,
                                       PDMessages messages)
                                throws PDException

Sets whether or not spaces are allowed in the specified user account password (or all user account passwords in the case of the global policy). This change affects only data in the Policy Director Management Server.

This method corresponds to the ivadmin_context_setpwdspaces() and ivadmin_user_setpwdspaces() C APIs.

Parameters:

context - the context for communicating with the Policy Director Management Server.

name - the name of the Policy Director user. Use PDPOLICY_GLOBAL_POLICY if the global policy is to be changed.

spacesAllowed - if true, allow spaces in the user password; if false, disallow spaces. This argument is ignored if the enforce argument is false.

enforce - if true, the policy is enforced; if false, the policy is not enforced.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

setMaxPwdAge

public static void setMaxPwdAge(PDContext context,
                                java.lang.String name,
                                long age,
                                boolean enforce,
                                PDMessages messages)
                         throws PDException

Sets the maximum password age for the specified user account password (or all user account passwords in the case of the global policy). This change affects only data in the Policy Director Management Server.

This method corresponds to the ivadmin_context_setmaxpwdage() and ivadmin_user_setmaxpwdage() C APIs.

Parameters:

context - the context for communicating with the Policy Director Management Server.

name - the name of the Policy Director user. Use PDPOLICY_GLOBAL_POLICY if the global policy is to be changed.

age - the maximum age for the password. This is the number of seconds that the password will remain unexpired from the last time it was changed. The maximum password age is typically set immediately after the password is changed. The value must be greater than or equal to 0. When set to 0 the password will not expire. This argument is ignored if the enforce argument is false.

enforce - if true, the policy is enforced; if false, the policy is not enforced.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

setMaxPwdRepChars

public static void setMaxPwdRepChars(PDContext context,
                                     java.lang.String name,
                                     int maxChars,
                                     boolean enforce,
                                     PDMessages messages)
                              throws PDException

Sets the maximum number of repeated characters allowed in the specified user account password (or all user account passwords in the case of the global policy). This change affects only data in the Policy Director Management Server.

This method corresponds to the ivadmin_context_setmaxpwdrepchars() and ivadmin_user_setmaxpwdrepchars() C APIs.

Parameters:

context - the context for communicating with the Policy Director Management Server.

name - the name of the Policy Director user. Use PDPOLICY_GLOBAL_POLICY if the global policy is to be changed.

maxChars - the maximum number of repeated characters allowed in the password. This value must be non-negative. This argument is ignored if the enforce argument is false.

enforce - if true, the policy is enforced; if false, the policy is not enforced.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

setMinPwdAlphas

public static void setMinPwdAlphas(PDContext context,
                                   java.lang.String name,
                                   int minAlphas,
                                   boolean enforce,
                                   PDMessages messages)
                            throws PDException

Sets the minimum number of alphabetic characters required in the specified user account password (or all user account passwords in the case of the global policy). This change affects only data in the Policy Director Management Server.

This method corresponds to the ivadmin_context_setminpwdalphas() and ivadmin_user_setminpwdalphas() C APIs.

Parameters:

context - the context for communicating with the Policy Director Management Server.

name - the name of the Policy Director user. Use PDPOLICY_GLOBAL_POLICY if the global policy is to be changed.

minAlphas - the minimum number of alphabetic characters required in the password. This value must be non-negative. This argument is ignored if the enforce argument is false.

enforce - if true, the policy is enforced; if false, the policy is not enforced.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

setMinPwdNonAlphas

public static void setMinPwdNonAlphas(PDContext context,
                                      java.lang.String name,
                                      int minNonAlphas,
                                      boolean enforce,
                                      PDMessages messages)
                               throws PDException

Sets the minimum number of non-alphabetic characters required in the specified user account password (or all user account passwords in the case of the global policy). This change affects only data in the Policy Director Management Server.

This method corresponds to the ivadmin_context_setminpwdnonalphas() and ivadmin_user_setminpwdnonalphas() C APIs.

Parameters:

context - the context for communicating with the Policy Director Management Server.

name - the name of the Policy Director user. Use PDPOLICY_GLOBAL_POLICY if the global policy is to be changed.

minNonAlphas - the minimum number of non-alphabetic characters required in the password. This value must be non-negative. This argument is ignored if the enforce argument is false.

enforce - if true, the policy is enforced; if false, the policy is not enforced.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

setMinPwdLen

public static void setMinPwdLen(PDContext context,
                                java.lang.String name,
                                int minLen,
                                boolean enforce,
                                PDMessages messages)
                         throws PDException

Sets the minimum length for specified user account password (or all user account passwords in the case of the global policy). This change affects only data in the Policy Director Management Server.

This method corresponds to the ivadmin_context_setminpwdlen() and ivadmin_user_setminpwdlen() C APIs.

Parameters:

context - the context for communicating with the Policy Director Management Server.

name - the name of the Policy Director user. Use PDPOLICY_GLOBAL_POLICY if the global policy is to be changed.

minLen - the minimum length required for the password. This value must be greater than 0. This argument is ignored if the enforce argument is false.

enforce - if true, the policy is enforced; if false, the policy is not enforced.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

setTodAccess

public static void setTodAccess(PDContext context,
                                java.lang.String name,
                                long days,
                                long startTime,
                                long endTime,
                                int timezone,
                                boolean enforce,
                                PDMessages messages)
                         throws PDException

Sets the time-of-day access policy for the specified user account (or all user accounts in the case of the global policy). This change affects only data in the Policy Director Management Server.

This method corresponds to the ivadmin_context_settodaccess() and ivadmin_user_settodaccess() C APIs.

Parameters:

context - the context for communicating with the Policy Director Management Server.

name - the name of the Policy Director user. Use PDPOLICY_GLOBAL_POLICY if the global policy is to be changed.

days - a bitmap of the days for the time-of-day policy as specified by the access days constants. This argument is ignored if the enforce argument is false.

startTime - the minutes after midnight for the start of the access period. This must be a value between 0 and (endTime - 1), inclusive. This argument is ignored if the enforce argument is false.

endTime - the minutes after midnight for the end of the access period. This must be a value between 1 and 1439 (the number of minutes, less one, that are in 24 hours), inclusive. This argument is ignored if the enforce argument is false.

timezone - the timezone: UTC or local, as specified by the timezone constants. This argument is ignored if the enforce argument is false.

enforce - if true, the policy is enforced; if false, the policy is not enforced.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.