com.ibm.itim.apps.provisioning
Class AccountMO

java.lang.Object
  |
  +--com.ibm.itim.apps.provisioning.AccountMO
All Implemented Interfaces:
java.io.Serializable

public class AccountMO
extends java.lang.Object
implements java.io.Serializable

Managed object representing an account.

See Also:
Serialized Form

Constructor Summary
AccountMO(PlatformContext platform, javax.security.auth.Subject subject, DistinguishedName name)
          Constructs the the managed object with a platform context, a subject, and the distinguished name of the object to manage.
 
Method Summary
 void adopt(PersonMO owner)
          Adopts the account, or changes the account owner to the given person (identity).
 Request changePassword(java.lang.String password)
          Changes the password of the account.
 Account getData()
          Returns a current snapshot of the account.
 DistinguishedName getDistinguishedName()
          Returns the distinguished name of the managed object
 PersonMO getOwner()
          Returns the owner of the account (if any).
 ServiceMO getService()
          Returns the service that hosts this account.
 void orphan()
          Orphans the account, or changes the account owner to unknown.
 Request remove(java.util.Date scheduledTime)
          Removes the managed object from the provisioning platform.
 Request restore(java.lang.String password, java.util.Date scheduledTime)
          Restores the account.
 Request suspend(java.util.Date scheduledTime)
          Suspends the account.
 Request update(Account a, java.util.Date scheduledTime)
          Updates the managed object.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

AccountMO

public AccountMO(PlatformContext platform,
                 javax.security.auth.Subject subject,
                 DistinguishedName name)
Constructs the the managed object with a platform context, a subject, and the distinguished name of the object to manage.

Parameters:
platform - PlatformContext holding platform connection information.
subject - Subject representing the authenticated caller.
name - DistinguishedName of the account.
Method Detail

getDistinguishedName

public DistinguishedName getDistinguishedName()
Returns the distinguished name of the managed object

Returns:
DistinguishedName of the managed object.

getData

public Account getData()
                throws java.rmi.RemoteException,
                       ApplicationException
Returns a current snapshot of the account.

Returns:
Account object holding attribute information.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
ApplicationException - Thrown if unable to retrieve data.

getOwner

public PersonMO getOwner()
                  throws java.rmi.RemoteException,
                         ApplicationException,
                         AuthorizationException
Returns the owner of the account (if any).

Returns:
PersonMO representing the account owner if present, null if not.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if client is unauthorized to view the owner of the account.
ApplicationException - Thrown if unable to retrieve the account's owner. This may possibly be caused by the account being removed by another client previous to this call.

getService

public ServiceMO getService()
                     throws java.rmi.RemoteException,
                            ApplicationException,
                            AuthorizationException
Returns the service that hosts this account.

Returns:
ServiceMO representing the hosting service.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if client is unauthorized to view the service of the account.
ApplicationException - Thrown if unable to retrieve the account's service. This may possibly be caused by the account being removed by another client previous to this call.

orphan

public void orphan()
            throws java.rmi.RemoteException,
                   AuthorizationException,
                   ApplicationException
Orphans the account, or changes the account owner to unknown.

Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if client is unauthorized to orphan the account.
ApplicationException - Thrown if unable to orphan the account. This may possibly be caused by the account being removed by another client previous to this call. Also thrown if this account is an ITIM account since the ITIM account cannot be orphaned.

adopt

public void adopt(PersonMO owner)
           throws java.rmi.RemoteException,
                  AuthorizationException,
                  ApplicationException
Adopts the account, or changes the account owner to the given person (identity).

Parameters:
owner - PersonMO representing the new account owner.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if client is unauthorized to modify the account or owner attribute of the account.
ApplicationException - Thrown if unable to adopt the account. This may possibly be caused by the account or owner being removed by another client previous to this call. Also thrown if the account is disallowed and the hosting service's enforcement action is set to "Correct".

remove

public Request remove(java.util.Date scheduledTime)
               throws java.rmi.RemoteException,
                      ApplicationException,
                      AuthorizationException
Removes the managed object from the provisioning platform. If there is an automatic provisioning policy defined for a person and a service, then a person should have at least one account on that service. If all these accounts are requested to be deleted, then the ApplicationException will be thrown.

Parameters:
scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. In case this method is invoked remotely, passing this parameter as the current data/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the ITIM server machine.
Returns:
Request object representing the operation's status. If the schedule time is set for the future, then the Request's getStatus() will return the current status at that point of time.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if client is unauthorized to remove the account.
ApplicationException - Thrown if unable to submit the request. This may caused by (1) the account being removed by another client previous to this call, or (2) if the account is required by automatic provisioning policy.

update

public Request update(Account a,
                      java.util.Date scheduledTime)
               throws java.rmi.RemoteException,
                      AuthorizationException,
                      SchemaViolationException,
                      ApplicationException
Updates the managed object. An account value object is provided with the changes to make.

Parameters:
a - Account value object with changes to make.
scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. In case this method is invoked remotely, passing this parameter as the current data/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the ITIM server machine.
Returns:
Request object representing the operation's status. If the schedule time is set for the future, then the Request's getStatus() will return the current status at that point of time.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if client is unauthorized to change the account. Note, even if only one of the attributes being changed is not writeable for the client, the entire request will fail and this exception will be thrown.
SchemaViolationException - Thrown if any of the attributes in the value object violates the managed object's schema.
ApplicationException - Thrown if unable to submit the request. The request cannot be submitted (1) if the account is already removed by another client previous to this call, (2) if the account is orphaned account (disallowed account), (3) if the account is non-compliant (or disallowed) and the enforcement action is set to "Suspend" or "Correct", (4) if the account has the new password set and it does not conform to the password policy, then InvalidPasswordException will be thrown in the form of ApplicationException since InvalidPasswordException is extended from ApplicationException.

suspend

public Request suspend(java.util.Date scheduledTime)
                throws java.rmi.RemoteException,
                       AuthorizationException,
                       ApplicationException
Suspends the account.

Parameters:
scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. In case this method is invoked remotely, passing this parameter as the current data/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the ITIM server machine.
Returns:
Request object representing the operation's status. If the schedule time is set for the future, then the Request's getStatus() will return the current status at that point of time.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if client is unauthorized to suspend the account.
ApplicationException - Thrown if unable to submit the request. This may possibly be caused by the account being removed by another client previous to this call.

restore

public Request restore(java.lang.String password,
                       java.util.Date scheduledTime)
                throws java.rmi.RemoteException,
                       AuthorizationException,
                       ApplicationException,
                       InvalidPasswordException
Restores the account. If the account is disallowed or non-compliant and the enforcement action of hosting service is set to "Suspend" or "Correct", the account can not be restored. In this case, ApplicationException will be thrown.

Parameters:
password - New password of the account.
scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. In case this method is invoked remotely, passing this parameter as the current data/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the ITIM server machine.
Returns:
Request object representing the operation's status. If the schedule time is set for the future, then the Request's getStatus() will return the current status at that point of time.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if client is unauthorized to restore the account.
InvalidPasswordException - Thrown if password does not conform to the password policy defined for the hosting service.
ApplicationException - Thrown if unable to submit the request. This may be possibly caused by the account being removed by another client previous to this call. Also thrown if the account is disallowed or non-compliant and the enforcement action of hosting service is set to "Suspend" or "Correct".

changePassword

public Request changePassword(java.lang.String password)
                       throws java.rmi.RemoteException,
                              AuthorizationException,
                              InvalidPasswordException,
                              ApplicationException
Changes the password of the account. Note, some accounts do not require password changes. This can be determined by checking the service the account is hosted on for password requirements.

Parameters:
password - New password of the account.
Returns:
Request object representing the operation's status. If the schedule time is set for the future, then the Request's getStatus() will return the current status at that point of time.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if client is unauthorized to change the account's password. To change the password, the user should be granted to modify the account and also be granted to write the password attribute.
InvalidPasswordException - Thrown if password does not conform to the password policy defined for the hosting service.
ApplicationException - Thrown if unable to submit the request. This may possibly be caused by the account being removed by another client previous to this call.
See Also:
ServiceMO.isPasswordRequired()


IBM Tivoli Identity Manager 4.6
© Copyright International Business Machines Corporation 2005. All rights reserved. US Government Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.