RgyUser

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.tivoli.pd.rgy
Interface RgyUser

All Superinterfaces:: RgyEntity

public interface RgyUser
extends RgyEntity
extends RgyEntity

Provides methods specific to the SAM User entity in addition to what is provided in the base Interface, RgyEntity. For users this is password management and authentication, group membership lists, and importing of Native entries.

Multiple threads should not access the same instance of this interface at the same time.

Method Summary
`void`	`authenticate(char[] password)` The SAM User entry is authenticated using the password supplied.
`void`	`changePassword(char[] currentPassword, char[] newPassword)` The SAM User entries password is updated.
`void`	`importNativeUser(java.lang.String userId, RgyAttributes rgyAttributes, java.lang.String groupId)` Adds the SAM layer to the Native user, making this Native user entity a SAM user entity.
`java.util.Set<java.lang.String>`	`listGroups()` Returns a list of SAM groups the SAM user is a member of.
`java.util.Set<java.lang.String>`	`listNativeGroups()` Returns a list of Native groups the Native user is a member of.
`void`	`setPassword(char[] newPassword)` The password for the user is reset to the value provided.

Methods inherited from interface com.tivoli.pd.rgy.RgyEntity
`attributeAdd, attributeAdd, attributeDelete, attributeDelete, attributeDelete, attributeNameIterator, attributeReplace, attributeReplace, getAttributeValues, getDomain, getId, getNativeId, getOneAttributeValue, getRgyRegistry`

Method Detail

authenticate

void authenticate(char[] password)
                  throws RgyException

The SAM User entry is authenticated using the password supplied. Success is indicated by no Exceptions being thrown. There are some exceptions that are generated even if the password is correct, these indicate that the user must change their password before granting access. Only SAM User entries (attribute isSecEntity == "TRUE") are supported. Do not use for Native only entities.

Parameters:: password - The password to authenticate the user.
Throws:: ErrPolicyAcctDisabledRgyException - Too many invalid password authentications attempts have triggered the policy to disable the account.; ErrPolicyAcctLockedOutRgyException - Too many invalid password authentications attempts have triggered the policy to temporarily lock out the account.; ErrPolicyInvalidAcctDisabledRgyException - Too many invalid password authentications attempts have triggered the policy to disable the account. This is generated on the N'th failed login attempt if configuration property ldap.late-lockout-notification is false. On the N+1'th and subsequent failed login attempt ErrPolicyAcctDisabledRgyException is generated instead.; ErrPolicyInvalidAcctLockedOutRgyException - Too many invalid password authentications attempts have triggered the policy to temporarily lock out the account. This is generated on the N'th failed login attempt if configuration property ldap.late-lockout-notification is false. On the N+1'th and subsequent failed login attempt ErrPolicyAcctLockedOutRgyException is generated instead.; InvalidCredentialsRgyException - The password supplied is not correct.; AccountSetInvalidRgyException - The account valid flag has been set to false.; PasswordSetInvalidRgyException - The password valid flag has been set to false indicating that the password must be changed to clear it. The password supplied was valid.; ErrPolicyTodAccessDeniedRgyException - The Time-of-Day policy does not allow login at this time.; WarningPasswordExpiresSoonRgyException - when the password will soon expire. The exception contains the number of seconds until the password expires. This exception can be ignored as it is just a warning and the password supplied is valid.; RgyException

changePassword

void changePassword(char[] currentPassword,
                    char[] newPassword)
                    throws RgyException

The SAM User entries password is updated. This may also react to the underlying Registry's password policy enforced on the user. SAM's password policy will be enforced (both user and global). The password valid flag on the account will be set to true if the password change is successful.

Parameters:: currentPassword - The existing password, this could be an expired password. This method will call authenticate() using this password to confirm it.; newPassword - The new password for the user Entity, it must pass SAM password policy, it may also have to pass the underlying Registry password policies, if enabled.
Throws:: ErrPolicyAcctDisabledRgyException - Too many invalid password authentications attempts have triggered the policy to disable the account.; ErrPolicyAcctLockedOutRgyException - Too many invalid password authentications attempts have triggered the policy to temporarily lock out the account.; ErrPolicyInvalidAcctDisabledRgyException - Too many invalid password authentications attempts have triggered the policy to disable the account. This is generated on the N'th failed login attempt if configuration property ldap.late-lockout-notification is false. On the N+1'th and subsequent failed login attempt ErrPolicyAcctDisabledRgyException is generated instead.; ErrPolicyInvalidAcctLockedOutRgyException - Too many invalid password authentications attempts have triggered the policy to temporarily lock out the account. This is generated on the N'th failed login attempt if configuration property ldap.late-lockout-notification is false. On the N+1'th and subsequent failed login attempt ErrPolicyAcctLockedOutRgyException is generated instead.; InvalidCredentialsRgyException - The current password supplied is not correct.; AccountSetInvalidRgyException - The account valid flag has been set to false.; ErrPolicyTodAccessDeniedRgyException - The Time-of-Day policy does not allow login at this time.; InvalidOldPasswordRgyException; ErrInvalidPasswordCharsRgyException - The password contains control characters or characters that are not accepted by the particular LDAP server type being used.; ErrPolicyPwdHasSpacesRgyException - The password has space characters in it, but the password policy does not allow this.; ErrPolicyPwdTooManyRepeatedRgyException - The password has a character repeated consecutively too many times to comply with password policy.; ErrPolicyPwdTooShortRgyException - The password is does not have enough characters in it to comply with password policy.; ErrPolicyPwdTooFewAlphaRgyException - There are not enough alphabetic characters in the password for it to comply with password policy.; ErrPolicyPwdTooFewNonalphaRgyException - There are not enough non-alphabetic characters in the password for it to comply with password policy.; RgyException

setPassword

void setPassword(char[] newPassword)
                 throws RgyException

The password for the user is reset to the value provided.

Parameters:: newPassword - new password for the user.
Throws:: ErrInvalidPasswordCharsRgyException - The password contains control characters or characters that are not accepted by the particular LDAP server type being used.; ErrPolicyPwdHasSpacesRgyException - The password has space characters in it, but the password policy does not allow this.; ErrPolicyPwdTooManyRepeatedRgyException - The password has a character repeated consecutively too many times to comply with password policy.; ErrPolicyPwdTooShortRgyException - The password is does not have enough characters in it to comply with password policy.; ErrPolicyPwdTooFewAlphaRgyException - There are not enough alphabetic characters in the password for it to comply with password policy.; ErrPolicyPwdTooFewNonalphaRgyException - There are not enough non-alphabetic characters in the password for it to comply with password policy.; RgyException

listGroups

java.util.Set<java.lang.String> listGroups()
                                           throws RgyException

Returns a list of SAM groups the SAM user is a member of. For some underlying registries this may include dynamic group membership.

Returns:: Set of group SAM Id Strings the user is a member of.
Throws:: RgyException

listNativeGroups

java.util.Set<java.lang.String> listNativeGroups()
                                                 throws RgyException

Returns a list of Native groups the Native user is a member of. For some underlying registries this may include dynamic group membership.

Returns:: Set of group NativeId Strings the Native user is a member of. This Set may contain groups that are not imported SAM groups.
Throws:: RgyException

importNativeUser

void importNativeUser(java.lang.String userId,
                      RgyAttributes rgyAttributes,
                      java.lang.String groupId)
                      throws RgyException

Adds the SAM layer to the Native user, making this Native user entity a SAM user entity.

Parameters:: userId - The SAM user id to give the imported entity, such as "testuser".; rgyAttributes - A list of SAM entity attributes to create the SAM user Entity with. Currently this does not support adding additional attributes to the Native user entity, and those will be ignored.; groupId - SAM Id of a group to also add the user to. Can be null.
Throws:: RgyException