Overview  Package   Class  Use  Tree  Serialized  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.ibm.itim.apps.identity
Class SelfPasswordManager

java.lang.Object
  extended by com.ibm.itim.apps.identity.SelfPasswordManager

public class SelfPasswordManager
extends java.lang.Object

Provides self password management.

Field Summary
static int FAILED
          Constant identifying the failed status.
static int SUCCEEDED
          Constant identifying the success status.
 
Constructor Summary
SelfPasswordManager(PlatformContext platform)
          Constructs the manager with a platform context.
 
Method Summary
 SelfRequest changeExpiredPassword(java.lang.String userId, java.lang.String oldPassword, java.lang.String newPassword)
          Changes the user's password without requiring an authenticated subject.
 SelfRequest changeExpiredPassword(java.lang.String userId, java.lang.String oldPassword, java.lang.String newPassword, boolean returnAllValidationFailures)
          Changes the user's password without requiring an authenticated subject.
 SelfRequest changePassword(java.lang.String userId, java.lang.String oldPassword, java.lang.String newPassword)
          Deprecated. As of ITIM 5.0, replaced by changeExpiredPassword(String userId, String oldPassword, String newPassword) .
 SelfRequest changePassword(java.lang.String tenantId, java.lang.String userId, java.lang.String oldPassword, java.lang.String newPassword)
          Deprecated. As of ITIM 5.0
 PasswordRulesInfo getPasswordRules(java.lang.String userId)
          Returns the password rules for the given user's password.
 PasswordRulesInfo getPasswordRules(java.lang.String tenantId, java.lang.String userId)
          Returns the password rules for the given user's password.
 SelfRequest resetPassword(javax.security.auth.Subject subject)
          Deprecated. As of ISIM 6.0, replaced by ForgotPasswordManager.resetPassword(String, java.util.Map)
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

SUCCEEDED

public static final int SUCCEEDED
Constant identifying the success status.

See Also:
Constant Field Values

FAILED

public static final int FAILED
Constant identifying the failed status.

See Also:
Constant Field Values
Constructor Detail

SelfPasswordManager

public SelfPasswordManager(PlatformContext platform)
Constructs the manager with a platform context. There is no user context required as the user must provide their old password when attempting to change it.

Parameters:
platform - PlatformContext identifying identity platform.
Method Detail

changePassword

public SelfRequest changePassword(java.lang.String userId,
                                  java.lang.String oldPassword,
                                  java.lang.String newPassword)
                           throws java.rmi.RemoteException,
                                  javax.security.auth.login.FailedLoginException,
                                  InvalidPasswordException,
                                  ApplicationException
Deprecated. As of ITIM 5.0, replaced by changeExpiredPassword(String userId, String oldPassword, String newPassword) .

Changes the user's password without requiring an authenticated subject. This is most useful in situations where the user's password has expired. The user must provide their old password to authenticate that the requester can change the password. The new password must abide by the password rules that are in place. If the platform is configured to synchronize passwords, all of the user's accounts will have their passwords changed.

Parameters:
userId - ID representing user.
oldPassword - Old password of the user.
newPassword - New password of the user.
Returns:
SelfRequest object representing the operation's status.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
javax.security.auth.login.FailedLoginException - Thrown if old password is incorrect or if the user exceeds the invalid logon attempts or if the account is not active.
InvalidPasswordException - Thrown if password does not pass a password policy check.
ApplicationException - Thrown if unable to submit the request. This may possibly be caused by an an invalid user id.

changePassword

public SelfRequest changePassword(java.lang.String tenantId,
                                  java.lang.String userId,
                                  java.lang.String oldPassword,
                                  java.lang.String newPassword)
                           throws java.rmi.RemoteException,
                                  javax.security.auth.login.FailedLoginException,
                                  InvalidPasswordException,
                                  ApplicationException
Deprecated. As of ITIM 5.0

Changes the user's password without requiring an authenticated subject. This is most useful in situations where the user's password has expired. The user must provide their old password to authenticate that the requester can change the password. The new password must abide by the password rules that are in place. If the platform is configured to synchronize passwords, all of the user's accounts will have their passwords changed. This method is used in ITIM's multi-tenant deployment platform.

Parameters:
tenantId - ID representing user's tenant.
userId - ID representing user.
oldPassword - Old password of the user.
newPassword - New password of the user.
Returns:
SelfRequest object representing the operation's status.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
javax.security.auth.login.FailedLoginException - Thrown if old password is incorrect or if the user exceeds the invalid logon attempts or if the account is not active.
InvalidPasswordException - Thrown if password does not pass a password policy check.
ApplicationException - Thrown if unable to submit the request. This may possibly be caused by an an invalid user id.

changeExpiredPassword

public SelfRequest changeExpiredPassword(java.lang.String userId,
                                         java.lang.String oldPassword,
                                         java.lang.String newPassword)
                                  throws java.rmi.RemoteException,
                                         javax.security.auth.login.FailedLoginException,
                                         InvalidPasswordException,
                                         AuthorizationException,
                                         ApplicationException
Changes the user's password without requiring an authenticated subject. This is most useful in situations where the user's password has expired. The user must provide their old password to authenticate that the requester can change the password. The new password must abide by the password rules that are in place. If the platform is configured to synchronize passwords, all of the user's accounts will have their passwords changed.

Parameters:
userId - ID representing user.
oldPassword - Old password of the user.
newPassword - New password of the user.
Returns:
SelfRequest object representing the operation's status.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
javax.security.auth.login.FailedLoginException - Thrown if old password is incorrect or if the user exceeds the invalid logon attempts or if the account is not active.
InvalidPasswordException - Thrown if password does not pass a password policy check.
AuthorizationException - Thrown if client is unauthorized to change the password.
ApplicationException - Thrown if unable to submit the request. This may possibly be caused by an an invalid user id.

changeExpiredPassword

public SelfRequest changeExpiredPassword(java.lang.String userId,
                                         java.lang.String oldPassword,
                                         java.lang.String newPassword,
                                         boolean returnAllValidationFailures)
                                  throws java.rmi.RemoteException,
                                         javax.security.auth.login.FailedLoginException,
                                         InvalidPasswordException,
                                         AuthorizationException,
                                         ApplicationException,
                                         PasswordValidationFailuresException
Changes the user's password without requiring an authenticated subject. This is most useful in situations where the user's password has expired. The user must provide their old password to authenticate that the requester can change the password. The new password must abide by the password rules that are in place. If the platform is configured to synchronize passwords, all of the user's accounts will have their passwords changed.

Parameters:
userId - ID representing user.
oldPassword - Old password of the user.
newPassword - New password of the user.
returnAllValidationFailures - Whether to return all validation failures
Returns:
SelfRequest object representing the operation's status.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
javax.security.auth.login.FailedLoginException - Thrown if old password is incorrect or if the user exceeds the invalid logon attempts or if the account is not active.
InvalidPasswordException - Thrown if password does not pass a password policy check.
PasswordValidationFailuresException - Thrown if returnAllValidationFailures is true
AuthorizationException - Thrown if client is unauthorized to change the password.
ApplicationException - Thrown if unable to submit the request. This may possibly be caused by an an invalid user id.

getPasswordRules

public PasswordRulesInfo getPasswordRules(java.lang.String userId)
                                   throws java.rmi.RemoteException,
                                          ApplicationException
Returns the password rules for the given user's password. If the platform is configured to synchronize passwords, the combined password rules for all accounts will be returned. Note, password rules from different password policies can be mutually exclusive causing this call to fail with an exception.

Parameters:
userId - ID representing user.
Returns:
a PasswordRulesInfo object
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
ApplicationException - Thrown if rules cannot be obtained. This may possibly due to the password rules being mutually exclusive if password synchronization is taking place.

getPasswordRules

public PasswordRulesInfo getPasswordRules(java.lang.String tenantId,
                                          java.lang.String userId)
                                   throws java.rmi.RemoteException,
                                          ApplicationException
Returns the password rules for the given user's password. If the platform is configured to synchronize passwords, the combined password rules for all accounts will be returned. Note, password rules from different password policies can be mutually exclusive causing this call to fail with an exception. This method is used in ITIM's multi-tenant deployment platform.

Parameters:
tenantId - ID representing user's tenant.
userId - ID representing user.
Returns:
a PasswordRulesInfo object
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
ApplicationException - Thrown if rules cannot be obtained. This may possibly due to the password rules being mutually exclusive if password synchronization is taking place.

resetPassword

public SelfRequest resetPassword(javax.security.auth.Subject subject)
                          throws java.rmi.RemoteException,
                                 AuthorizationException,
                                 ApplicationException
Deprecated. As of ISIM 6.0, replaced by ForgotPasswordManager.resetPassword(String, java.util.Map)

Resets the user's password. This allows the user to reset their password, obtain the new password through an out-of-band mechanism and then re-authenticate with that new password. The new password is generated by the platform. If the platform is configured to synchronize passwords, all of the user's accounts will have their passwords reset. Use the ForgotPasswordManager.resetPassword(String, java.util.Map) method to reset a password using challenge/response.

Parameters:
subject - Subject representing the authenticated caller.
Returns:
SelfRequest object representing the operation's status.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if client is unauthorized to reset the password.
ApplicationException - Thrown if unable to submit the request. Possibly caused by mutually exclusive password rules if passwords are being synch'd.
See Also:
ForgotPasswordManager.resetPassword(String, java.util.Map)
Overview  Package   Class  Use  Tree  Serialized  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
IBM Security Identity Manager 6.0.0
© Copyright International Business Machines Corporation 2007, 2012. All rights reserved. US Government Users Restricited Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.