com.ibm.itim.apps.identity
Class PersonManager

java.lang.Object
  |
  +--com.ibm.itim.apps.identity.PersonManager

public class PersonManager

extends java.lang.Object

Provides aggregate identity (person) management capabilities. These capabilities include the creation of identities (people) within the provisioning platform.

See Also:

PersonMO

Constructor Summary

PersonManager(PlatformContext platform, javax.security.auth.Subject subject)
Constructs the manager with a platform context and a subject.

Method Summary

Request	createPerson(OrganizationalContainerMO container, Person subject, java.util.Date scheduledTime) Creates a person in the provisioning platform with the specified attributes within the given container.
void	getPeople(OrganizationalContainerMO parent, java.lang.String attributeName, java.lang.Object attributeValue, boolean subTree, SearchResultsMO results) Returns the person(s) matching the given attribute within the given container.
void	getPeople(OrganizationalContainerMO parent, java.lang.String attributeName, java.lang.Object attributeValue, SearchResultsMO results) Returns the person(s) matching the given attribute within the given container.
java.util.Collection	getPeople(OrganizationalContainerMO container, java.lang.String profileName, java.lang.String name) Returns the person(s) with the the name within the given parent container.
java.util.Collection	getPeople(OrganizationalContainerMO container, java.lang.String profileName, java.lang.String name, boolean subTree) Returns the person(s) with the the name within the given parent container.
java.util.Collection	getPeople(java.lang.String attributeName, java.lang.Object attributeValue, OrganizationalContainerMO parent) Returns the person(s) matching the given attribute within the given parent container.
java.util.Collection	getPeople(java.lang.String attributeName, java.lang.Object attributeValue, OrganizationalContainerMO parent, boolean subTree) Returns the person(s) matching the given attribute within the given parent container.
Request	remove(java.util.Collection collection, java.util.Date scheduledTime) Removes the person objects and associated managed objects from the provisioning platform.
Request	restore(java.util.Collection collection, java.util.Date scheduledTime) Restores the persons ONLY.
Request	suspend(java.util.Collection collection, java.util.Date scheduledTime) Suspends the persons and associated managed objects from the provisioning platform
Request	unManage(java.util.Collection collection, java.util.Date scheduledTime) Removes the person object ONLY from the provisioning platform.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PersonManager

public PersonManager(PlatformContext platform,
                     javax.security.auth.Subject subject)

Constructs the manager with a platform context and a subject.

Parameters:

platform - PlatformContext holding platform connection information.

subject - Subject representing the authenticated caller.

Method Detail

createPerson

public Request createPerson(OrganizationalContainerMO container,
                            Person subject,
                            java.util.Date scheduledTime)
                     throws java.rmi.RemoteException,
                            AuthorizationException,
                            SchemaViolationException,
                            ApplicationException

Creates a person in the provisioning platform with the specified attributes within the given container.

Parameters:

container - OrganizationalContainerMO within which the the person will be placed.

subject - Person value object defining the attributes the person will have.

scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. In case this method is invoked remotely, passing this parameter as the current data/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the ITIM server machine.

Returns:

Request object representing the operation's status.

Throws:

java.rmi.RemoteException - Thrown if unable to communicate with platform.

AuthorizationException - Thrown if client is unauthorized to create the person in the given container.

SchemaViolationException - Thrown if any of the attributes in the value object violate the managed object's schema. This may be caused by an invalid attribute or if a required attribute is missing entirely.

ApplicationException - Thrown if unable to submit the request. This may possibly be caused by the container being removed by another client previous to this call.

getPeople

public java.util.Collection getPeople(OrganizationalContainerMO container,
                                      java.lang.String profileName,
                                      java.lang.String name)
                               throws java.rmi.RemoteException,
                                      ApplicationException

Returns the person(s) with the the name within the given parent container. Note, if the client is unauthorized to view (search) a person that matches this criteria, it will be filtered out of the return list and no AuthorizationException will be thrown.

Parameters:

container - OrganizationalContainerMO representing the parent container to scope the search. In a single-tenant deployment, null can be specified to indicate the entire tree should be searched. In a multi-tenant deployment, an OrganizationalContainerMO object must be provided that represents the root of the tenant.

profileName - Person profile name to search to return.

name - Name of the person(s) to return.

Returns:

Collection of PersonMO's representing the matching people.

Throws:

java.rmi.RemoteException - Thrown if unable to communicate with platform.

ApplicationException - Thrown if unable to obtain the people. This may possibly be caused by the container being removed by another client previous to this call.

getPeople

public java.util.Collection getPeople(OrganizationalContainerMO container,
                                      java.lang.String profileName,
                                      java.lang.String name,
                                      boolean subTree)
                               throws java.rmi.RemoteException,
                                      ApplicationException

Returns the person(s) with the the name within the given parent container. Note, if the client is unauthorized to view (search) a person that matches this criteria, it will be filtered out of the return list and no AuthorizationException will be thrown.

Parameters:

container - OrganizationalContainerMO representing the parent container to scope the search. If the container is NULL, a not-support error message is thrown in ApplicationException.

profileName - Person profile name to search to return.

name - Name of the person(s) to return.

subTree - boolean of search scope. A TRUE value specifies subtree search scope starting from container. A FALSE value specifies single-level search in the container only.

Returns:

Collection of PersonMO's representing the matching people.

Throws:

java.rmi.RemoteException - Thrown if unable to communicate with platform.

ApplicationException - Thrown if unable to obtain the people. This may possibly be caused by the container being removed by another client previous to this call.

getPeople

public java.util.Collection getPeople(java.lang.String attributeName,
                                      java.lang.Object attributeValue,
                                      OrganizationalContainerMO parent)
                               throws java.rmi.RemoteException,
                                      ApplicationException

Returns the person(s) matching the given attribute within the given parent container. Note, if the client is unauthorized to view (search) a person that matches this criteria, it will be filtered out of the return list and no AuthorizationException will be thrown.

Parameters:

attributeName - Name of attribute to match with.

attributeValue - Value of the attribute to match with. A * can be used as the first and/or last character of a String value if a "contains" expression is wished.

parent - OrganizationalContainerMO representing the parent container to scope the search. In a single-tenant deployment, null can be specified to indicate the entire tree should be searched. In a multi-tenant deployment, an OrganizationalContainerMO object must be provided that represents the root of the tenant.

Returns:

Collection of PersonMO's representing the matching person(s).

Throws:

java.rmi.RemoteException - Thrown if unable to communicate with platform.

ApplicationException - Thrown if unable to obtain the people. This may possibly be caused by the parent container being removed by another client previous to this call.

getPeople

public java.util.Collection getPeople(java.lang.String attributeName,
                                      java.lang.Object attributeValue,
                                      OrganizationalContainerMO parent,
                                      boolean subTree)
                               throws java.rmi.RemoteException,
                                      ApplicationException

Returns the person(s) matching the given attribute within the given parent container. Note, if the client is unauthorized to view (search) a person that matches this criteria, it will be filtered out of the return list and no AuthorizationException will be thrown.

Parameters:

attributeName - Name of attribute to match with.

attributeValue - Value of the attribute to match with. A * can be used as the first and/or last character of a String value if a "contains" expression is wished.

parent - OrganizationalContainerMO representing the parent container to scope the search. If the container is NULL, a not- support error message is thrown in ApplicationException.

subTree - boolean of search scope. A TRUE value specifies subtree search scope starting from container. A FALSE value specifies single-level search in the container only.

Returns:

Collection of PersonMO's representing the matching person(s).

Throws:

java.rmi.RemoteException - Thrown if unable to communicate with platform.

ApplicationException - Thrown if unable to obtain the people. This may possibly be caused by the parent container being removed by another client previous to this call.

getPeople

public void getPeople(OrganizationalContainerMO parent,
                      java.lang.String attributeName,
                      java.lang.Object attributeValue,
                      SearchResultsMO results)
               throws java.rmi.RemoteException,
                      ApplicationException

Returns the person(s) matching the given attribute within the given container. Note, if the client is unauthorized to view (search) a person that matches this criteria, it will be filtered out of the return list and no AuthorizationException will be thrown.

Parameters:

parent - OrganizationalContainerMO representing the parent container to scope the search. In a single-tenant deployment, null can be specified to indicate the entire tree should be searched. In a multi-tenant deployment, an OrganizationalContainerMO object must be provided that represents the root of the tenant.

attributeName - Name of attribute to match with.

attributeValue - Value of the attribute to match with. A * can be used as the first and/or last character of a String value if a "contains" expression is wished.

results - SearchResultsMO to hold the results of the search. The objet will be filled with Person value objects that match the given criteria. Note, if the SearchResultsMO object was constructed using a different user context, that context will be changed to match the context of this object.

Throws:

java.rmi.RemoteException - Thrown if unable to communicate with platform.

ApplicationException - Thrown if unable to obtain the people. This may possibly be caused by the parent container being removed by another client previous to this call.

getPeople

public void getPeople(OrganizationalContainerMO parent,
                      java.lang.String attributeName,
                      java.lang.Object attributeValue,
                      boolean subTree,
                      SearchResultsMO results)
               throws java.rmi.RemoteException,
                      ApplicationException

Returns the person(s) matching the given attribute within the given container. Note, if the client is unauthorized to view (search) a person that matches this criteria, it will be filtered out of the return list and no AuthorizationException will be thrown.

Parameters:

parent - OrganizationalContainerMO representing the parent container to scope the search. If the container is NULL, a not- support error message is thrown in ApplicationException.

attributeName - Name of attribute to match with.

attributeValue - Value of the attribute to match with. A * can be used as the first and/or last character of a String value if a "contains" expression is wished.

subTree - boolean of search scope. A TRUE value specifies subtree search scope starting from container. A FALSE value specifies single-level search in the container only.

results - SearchResultsMO to hold the results of the search. The objet will be filled with Person value objects that match the given criteria. Note, if the SearchResultsMO object was constructed using a different user context, that context will be changed to match the context of this object.

Throws:

java.rmi.RemoteException - Thrown if unable to communicate with platform.

ApplicationException - Thrown if unable to obtain the people. This may possibly be caused by the parent container being removed by another client previous to this call.

unManage

public Request unManage(java.util.Collection collection,
                        java.util.Date scheduledTime)
                 throws java.rmi.RemoteException,
                        ApplicationException,
                        AuthorizationException

Removes the person object ONLY from the provisioning platform.

Parameters:

collection - Collection holding the PersonMO objects to be unmanaged.

scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. In case this method is invoked remotely, passing this parameter as the current data/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the ITIM server machine.

Returns:

Request object representing the operation's status.

Throws:

java.rmi.RemoteException - Thrown if unable to communicate with platform.

AuthorizationException - Thrown if client is unauthorized to remove the person.

ApplicationException - Thrown if unable to submit the request.

remove

public Request remove(java.util.Collection collection,
                      java.util.Date scheduledTime)
               throws java.rmi.RemoteException,
                      ApplicationException,
                      BulkException,
                      AuthorizationException

Removes the person objects and associated managed objects from the provisioning platform.

Parameters:

collection - Collection holding the PersonMO objects to be removed

scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. In case this method is invoked remotely, passing this parameter as the current data/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the ITIM server machine.

Returns:

Request object representing the operation's status.

Throws:

java.rmi.RemoteException - Thrown if unable to communicate with platform.

AuthorizationException - Thrown if client is unauthorized to remove the person.

ApplicationException - Thrown if unable to submit the request.

BulkException - Thrown if partial request list is submit.

suspend

public Request suspend(java.util.Collection collection,
                       java.util.Date scheduledTime)
                throws java.rmi.RemoteException,
                       ApplicationException,
                       AuthorizationException

Suspends the persons and associated managed objects from the provisioning platform

Parameters:

collection - Collection holding the PersonMO objects to be suspended

scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. In case this method is invoked remotely, passing this parameter as the current data/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the ITIM server machine.

Returns:

Request object representing the operation's status.

Throws:

java.rmi.RemoteException - Thrown if unable to communicate with platform.

AuthorizationException - Thrown if client is unauthorized to suspend the person or their accounts (if requested).

ApplicationException - Thrown if unable to submit the request. This may possibly be caused by the person being removed by another client previous to this call.

restore

public Request restore(java.util.Collection collection,
                       java.util.Date scheduledTime)
                throws java.rmi.RemoteException,
                       ApplicationException

Restores the persons ONLY.

Parameters:

collection - Collection holding the PersonMO objects to be restored.

scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. In case this method is invoked remotely, passing this parameter as the current data/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the ITIM server machine.

Returns:

Request object representing the operation's status.

Throws:

java.rmi.RemoteException - Thrown if unable to communicate with platform.

AuthorizationException - Thrown if client is unauthorized to restore the person or their accounts (if requested).

ApplicationException - Thrown if unable to submit the request. This may possibly be caused by the person being removed by another client previous to this call.