com.ibm.itim.apps.identity
Class SelfPasswordManager

java.lang.Object
  |
  +--com.ibm.itim.apps.identity.SelfPasswordManager

public class SelfPasswordManager
extends java.lang.Object

Provides self password management.


Field Summary
static int FAILED
          Constant identifying the failed status.
static int SUCCEEDED
          Constant identifying the success status.
 
Constructor Summary
SelfPasswordManager(PlatformContext platform)
          Constructs the manager with a platform context.
 
Method Summary
 SelfRequest changePassword(java.lang.String userId, java.lang.String oldPassword, java.lang.String newPassword)
          Changes the user's password without requiring an authenticated subject.
 SelfRequest changePassword(java.lang.String tenantId, java.lang.String userId, java.lang.String oldPassword, java.lang.String newPassword)
          Changes the user's password without requiring an authenticated subject.
 SelfRequest changePassword(java.lang.String tenantId, java.lang.String userId, java.lang.String oldPassword, java.lang.String newPassword, java.lang.Boolean sendMail)
          Changes the user's password without requiring an authenticated subject.
 PasswordRulesInfo getPasswordRules(java.lang.String userId)
          Returns the password rules for the given user's password.
 PasswordRulesInfo getPasswordRules(java.lang.String tenantId, java.lang.String userId)
          Returns the password rules for the given user's password.
 SelfRequest resetPassword(javax.security.auth.Subject subject)
          Resets the user's password.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

SUCCEEDED

public static final int SUCCEEDED
Constant identifying the success status.

See Also:
Constant Field Values

FAILED

public static final int FAILED
Constant identifying the failed status.

See Also:
Constant Field Values
Constructor Detail

SelfPasswordManager

public SelfPasswordManager(PlatformContext platform)
Constructs the manager with a platform context. There is no user context required as the user must provide their old password when attempting to change it.

Parameters:
platform - PlatformContext identifying identity platform.
Method Detail

changePassword

public SelfRequest changePassword(java.lang.String userId,
                                  java.lang.String oldPassword,
                                  java.lang.String newPassword)
                           throws java.rmi.RemoteException,
                                  javax.security.auth.login.FailedLoginException,
                                  InvalidPasswordException,
                                  ApplicationException
Changes the user's password without requiring an authenticated subject. This is most useful in situations where the user's password has expired. The user must provide their old password to authenticate that the requester can change the password. The new password must abide by the password rules that are in place. If the platform is configured to synchronize passwords, all of the user's accounts will have their passwords changed.

Parameters:
userId - ID representing user.
oldPassword - Old password of the user.
newPassword - New password of the user.
Returns:
SelfRequest object representing the operation's status.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
javax.security.auth.login.FailedLoginException - Thrown if old password is incorrect or if the user exceeds the invalid logon attempts or if the account is not active.
InvalidPasswordException - Thrown if password does not pass a password policy check.
ApplicationException - Thrown if unable to submit the request. This may possibly be caused by an an invalid user id.

changePassword

public SelfRequest changePassword(java.lang.String tenantId,
                                  java.lang.String userId,
                                  java.lang.String oldPassword,
                                  java.lang.String newPassword)
                           throws java.rmi.RemoteException,
                                  javax.security.auth.login.FailedLoginException,
                                  InvalidPasswordException,
                                  ApplicationException
Changes the user's password without requiring an authenticated subject. This is most useful in situations where the user's password has expired. The user must provide their old password to authenticate that the requester can change the password. The new password must abide by the password rules that are in place. If the platform is configured to synchronize passwords, all of the user's accounts will have their passwords changed. This method is used in ITIM's multi-tenant deployment platform.

Parameters:
tenantId - ID representing user's tenant.
userId - ID representing user.
oldPassword - Old password of the user.
newPassword - New password of the user.
Returns:
SelfRequest object representing the operation's status.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
javax.security.auth.login.FailedLoginException - Thrown if old password is incorrect or if the user exceeds the invalid logon attempts or if the account is not active.
InvalidPasswordException - Thrown if password does not pass a password policy check.
ApplicationException - Thrown if unable to submit the request. This may possibly be caused by an an invalid user id.

changePassword

public SelfRequest changePassword(java.lang.String tenantId,
                                  java.lang.String userId,
                                  java.lang.String oldPassword,
                                  java.lang.String newPassword,
                                  java.lang.Boolean sendMail)
                           throws java.rmi.RemoteException,
                                  javax.security.auth.login.FailedLoginException,
                                  InvalidPasswordException,
                                  ApplicationException
Changes the user's password without requiring an authenticated subject. This is most useful in situations where the user's password has expired. The user must provide their old password to authenticate that the requester can change the password. The new password must abide by the password rules that are in place. If the platform is configured to synchronize passwords, all of the user's accounts will have their passwords changed. This method is used in ITIM's multi-tenant deployment platform.

Parameters:
tenantId - ID representing user's tenant.
userId - ID representing user.
oldPassword - Old password of the user.
newPassword - New password of the user.
sendMail - Whether self-email-notification is required
Returns:
SelfRequest object representing the operation's status.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
javax.security.auth.login.FailedLoginException - Thrown if old password is incorrect or if the user exceeds the invalid logon attempts or if the account is not active.
InvalidPasswordException - Thrown if password does not pass a password policy check.
ApplicationException - Thrown if unable to submit the request. This may possibly be caused by an an invalid user id.

getPasswordRules

public PasswordRulesInfo getPasswordRules(java.lang.String userId)
                                   throws java.rmi.RemoteException,
                                          ApplicationException
Returns the password rules for the given user's password. If the platform is configured to synchronize passwords, the combined password rules for all accounts will be returned. Note, password rules from different password policies can be mutually exclusive causing this call to fail with an exception.

Parameters:
userId - ID representing user.
Returns:
a PasswordRulesInfo object
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
ApplicationException - Thrown if rules cannot be obtained. This may possibly due to the password rules being mutually exclusive if password synchronization is taking place.

getPasswordRules

public PasswordRulesInfo getPasswordRules(java.lang.String tenantId,
                                          java.lang.String userId)
                                   throws java.rmi.RemoteException,
                                          ApplicationException
Returns the password rules for the given user's password. If the platform is configured to synchronize passwords, the combined password rules for all accounts will be returned. Note, password rules from different password policies can be mutually exclusive causing this call to fail with an exception. This method is used in ITIM's multi-tenant deployment platform.

Parameters:
tenantId - ID representing user's tenant.
userId - ID representing user.
Returns:
a PasswordRulesInfo object
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
ApplicationException - Thrown if rules cannot be obtained. This may possibly due to the password rules being mutually exclusive if password synchronization is taking place.

resetPassword

public SelfRequest resetPassword(javax.security.auth.Subject subject)
                          throws java.rmi.RemoteException,
                                 AuthorizationException,
                                 ApplicationException
Resets the user's password. If the user cannot remember their old password, they can obtain a Subject using challenge/response and use it in this API call. If the platform is configured to not allow challenge/response authenticated users to call the platform's API, this will be the only call that can be used by a challenge/respones authenticated user. This allows the user to reset their password, obtain the new password through an out-of-band mechanism and then re-authenticate with that new password. The new password is generated by the platform. If the platform is configured to synchronize passwords, all of the user's accounts will have their passwords reset.

Parameters:
subject - Subject representing the authenticated caller.
Returns:
SelfRequest object representing the operation's status.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if client is unauthorized to reset the password.
ApplicationException - Thrown if unable to submit the request. Possibly caused by mutually exclusive password rules if passwords are being synch'd.


IBM Tivoli Identity Manager 4.6
© Copyright International Business Machines Corporation 2005. All rights reserved. US Government Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.