com.ibm.itim.apps.identity

Class SelfPasswordManager

  • java.lang.Object
    • com.ibm.itim.apps.identity.SelfPasswordManager

  • public class SelfPasswordManager
extends java.lang.Object
    Provides self password management.

    • Field Detail

      • SUCCEEDED

        public static final int SUCCEEDED
        Constant identifying the success status.
        See Also:
        Constant Field Values

      • FAILED

        public static final int FAILED
        Constant identifying the failed status.
        See Also:
        Constant Field Values

    • Constructor Detail

      • SelfPasswordManager

        public SelfPasswordManager(PlatformContext platform)
        Constructs the manager with a platform context. There is no user context required as the user must provide their old password when attempting to change it.
        Parameters:
        platform - PlatformContext identifying identity platform.

    • Method Detail

      • changePassword

        public SelfRequest changePassword(java.lang.String userId,
                                  java.lang.String oldPassword,
                                  java.lang.String newPassword)
                           throws java.rmi.RemoteException,
                                  javax.security.auth.login.FailedLoginException,
                                  InvalidPasswordException,
                                  ApplicationException
        Deprecated. As of ITIM 5.0, replaced by changeExpiredPassword(String userId, String oldPassword, String newPassword) .
        Changes the user's password without requiring an authenticated subject. This is most useful in situations where the user's password has expired. The user must provide their old password to authenticate that the requester can change the password. The new password must abide by the password rules that are in place. If the platform is configured to synchronize passwords, all of the user's accounts will have their passwords changed.
        Parameters:
        userId - ID representing user.
        oldPassword - Old password of the user.
        newPassword - New password of the user.
        Returns:
        SelfRequest object representing the operation's status.
        Throws:
        java.rmi.RemoteException - Thrown if unable to communicate with platform.
        javax.security.auth.login.FailedLoginException - Thrown if old password is incorrect or if the user exceeds the invalid logon attempts or if the account is not active.
        InvalidPasswordException - Thrown if password does not pass a password policy check.
        ApplicationException - Thrown if unable to submit the request. This may possibly be caused by an an invalid user id.

      • changePassword

        public SelfRequest changePassword(java.lang.String tenantId,
                                  java.lang.String userId,
                                  java.lang.String oldPassword,
                                  java.lang.String newPassword)
                           throws java.rmi.RemoteException,
                                  javax.security.auth.login.FailedLoginException,
                                  InvalidPasswordException,
                                  ApplicationException
        Deprecated. As of ITIM 5.0
        Changes the user's password without requiring an authenticated subject. This is most useful in situations where the user's password has expired. The user must provide their old password to authenticate that the requester can change the password. The new password must abide by the password rules that are in place. If the platform is configured to synchronize passwords, all of the user's accounts will have their passwords changed. This method is used in ITIM's multi-tenant deployment platform.
        Parameters:
        tenantId - ID representing user's tenant.
        userId - ID representing user.
        oldPassword - Old password of the user.
        newPassword - New password of the user.
        Returns:
        SelfRequest object representing the operation's status.
        Throws:
        java.rmi.RemoteException - Thrown if unable to communicate with platform.
        javax.security.auth.login.FailedLoginException - Thrown if old password is incorrect or if the user exceeds the invalid logon attempts or if the account is not active.
        InvalidPasswordException - Thrown if password does not pass a password policy check.
        ApplicationException - Thrown if unable to submit the request. This may possibly be caused by an an invalid user id.

      • changeExpiredPassword

        public SelfRequest changeExpiredPassword(java.lang.String userId,
                                         java.lang.String oldPassword,
                                         java.lang.String newPassword)
                                  throws javax.security.auth.login.FailedLoginException,
                                         InvalidPasswordException,
                                         AuthorizationException,
                                         ApplicationException
        Changes the user's password without requiring an authenticated subject. This is most useful in situations where the user's password has expired. The user must provide their old password to authenticate that the requester can change the password. The new password must abide by the password rules that are in place. If the platform is configured to synchronize passwords, all of the user's accounts will have their passwords changed.
        Parameters:
        userId - ID representing user.
        oldPassword - Old password of the user.
        newPassword - New password of the user.
        Returns:
        SelfRequest object representing the operation's status.
        Throws:
        java.rmi.RemoteException - Thrown if unable to communicate with platform.
        javax.security.auth.login.FailedLoginException - Thrown if old password is incorrect or if the user exceeds the invalid logon attempts or if the account is not active.
        InvalidPasswordException - Thrown if password does not pass a password policy check.
        AuthorizationException - Thrown if client is unauthorized to change the password.
        ApplicationException - Thrown if unable to submit the request. This may possibly be caused by an an invalid user id.

      • changeExpiredPassword

        public SelfRequest changeExpiredPassword(java.lang.String userId,
                                         java.lang.String oldPassword,
                                         java.lang.String newPassword,
                                         boolean returnAllValidationFailures)
                                  throws javax.security.auth.login.FailedLoginException,
                                         InvalidPasswordException,
                                         AuthorizationException,
                                         ApplicationException,
                                         PasswordValidationFailuresException
        Changes the user's password without requiring an authenticated subject. This is most useful in situations where the user's password has expired. The user must provide their old password to authenticate that the requester can change the password. The new password must abide by the password rules that are in place. If the platform is configured to synchronize passwords, all of the user's accounts will have their passwords changed.
        Parameters:
        userId - ID representing user.
        oldPassword - Old password of the user.
        newPassword - New password of the user.
        returnAllValidationFailures - Whether to return all validation failures
        Returns:
        SelfRequest object representing the operation's status.
        Throws:
        java.rmi.RemoteException - Thrown if unable to communicate with platform.
        javax.security.auth.login.FailedLoginException - Thrown if old password is incorrect or if the user exceeds the invalid logon attempts or if the account is not active.
        InvalidPasswordException - Thrown if password does not pass a password policy check.
        PasswordValidationFailuresException - Thrown if returnAllValidationFailures is true
        AuthorizationException - Thrown if client is unauthorized to change the password.
        ApplicationException - Thrown if unable to submit the request. This may possibly be caused by an an invalid user id.

      • getPasswordRules

        public PasswordRulesInfo getPasswordRules(java.lang.String userId)
                                   throws ApplicationException
        Returns the password rules for the given user's password. If the platform is configured to synchronize passwords, the combined password rules for all accounts will be returned. Note, password rules from different password policies can be mutually exclusive causing this call to fail with an exception.
        Parameters:
        userId - ID representing user.
        Returns:
        a PasswordRulesInfo object
        Throws:
        java.rmi.RemoteException - Thrown if unable to communicate with platform.
        ApplicationException - Thrown if rules cannot be obtained. This may possibly due to the password rules being mutually exclusive if password synchronization is taking place.

      • getPasswordRules

        public PasswordRulesInfo getPasswordRules(java.lang.String tenantId,
                                          java.lang.String userId)
                                   throws ApplicationException
        Returns the password rules for the given user's password. If the platform is configured to synchronize passwords, the combined password rules for all accounts will be returned. Note, password rules from different password policies can be mutually exclusive causing this call to fail with an exception. This method is used in ITIM's multi-tenant deployment platform.
        Parameters:
        tenantId - ID representing user's tenant.
        userId - ID representing user.
        Returns:
        a PasswordRulesInfo object
        Throws:
        java.rmi.RemoteException - Thrown if unable to communicate with platform.
        ApplicationException - Thrown if rules cannot be obtained. This may possibly due to the password rules being mutually exclusive if password synchronization is taking place.
Skip navigation links