com.ibm.itim.apps.provisioning

Class AccountMO

  • java.lang.Object
    • com.ibm.itim.apps.provisioning.AccountMO
  • All Implemented Interfaces:
    java.io.Serializable

    public class AccountMO
extends java.lang.Object
implements java.io.Serializable
    Managed object representing an account.
    See Also:
    Serialized Form

    • Constructor Summary

      Constructors 
      Constructor and Description
      AccountMO(PlatformContext platform, javax.security.auth.Subject subject, DistinguishedName name)
      Constructs the the managed object with a platform context, a subject, and the distinguished name of the object to manage.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method and Description
      void adopt(PersonMO owner)
      Adopts the account, or changes the account owner to the given person (identity).
      void adopt(PersonMO owner, java.lang.String ownershipType)
      Adopts an account, or changes the account owner to the given person (identity) with the given ownership type.
      Request changePassword(java.lang.String password)
      Changes the password of the account.
      Request changePassword(java.lang.String password, boolean returnAllValidationFailures)
      Changes the password of the account.
      Account getData()
      Returns a current snapshot of the account.
      DistinguishedName getDistinguishedName()
      Returns the distinguished name of the managed object
      PersonMO getOwner()
      Returns the owner of the account (if any).
      ServiceMO getService()
      Returns the service that hosts this account.
      void orphan()
      Orphans the account, or changes the account owner to unknown.
      void recertifyOverride(java.lang.String justification)
      Audits the current account for recertification
      Request remove(java.util.Date scheduledTime)
      Removes the managed object from the provisioning platform.
      Request remove(java.util.Date scheduledTime, java.lang.String justification)
      Removes the managed object from the provisioning platform.
      Request restore(java.lang.String password, java.util.Date scheduledTime)
      Restores the account.
      Request restore(java.lang.String password, java.util.Date scheduledTime, java.lang.String justification)
      Restores the account.
      Request submitAdoptionRequest(PersonMO owner)
      Adopts the account, or changes the account owner to the given person (identity).
      Request suspend(java.util.Date scheduledTime)
      Suspends the account.
      Request suspend(java.util.Date scheduledTime, java.lang.String justification)
      Suspends the account.
      void transfer(PersonMO owner)
      Transfer the account to the given person (identity).
      void transfer(PersonMO owner, java.lang.String ownershipType)
      Transfer the account to the given person (identity).
      Request update(Account a, java.util.Date scheduledTime)
      Updates the managed object.
      Request update(Account a, java.util.Date scheduledTime, java.lang.String justification)
      Updates the managed object.
      void validatePassword(java.lang.String password, boolean returnAllValidationFailures)
      Validates the specified password for the account.

      • Methods inherited from class java.lang.Object

        equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • AccountMO

        public AccountMO(PlatformContext platform,
                 javax.security.auth.Subject subject,
                 DistinguishedName name)
        Constructs the the managed object with a platform context, a subject, and the distinguished name of the object to manage.
        Parameters:
        platform - PlatformContext holding platform connection information.
        subject - Subject representing the authenticated caller.
        name - DistinguishedName of the account.

    • Method Detail

      • getDistinguishedName

        public DistinguishedName getDistinguishedName()
        Returns the distinguished name of the managed object
        Returns:
        DistinguishedName of the managed object.

      • getData

        public Account getData()
                throws java.rmi.RemoteException,
                       ApplicationException
        Returns a current snapshot of the account.
        Returns:
        Account object holding attribute information.
        Throws:
        java.rmi.RemoteException - Thrown if unable to communicate with platform.
        ApplicationException - Thrown if unable to retrieve data.

      • getOwner

        public PersonMO getOwner()
                  throws java.rmi.RemoteException,
                         ApplicationException,
                         AuthorizationException
        Returns the owner of the account (if any).
        Returns:
        PersonMO representing the account owner if present, null if not.
        Throws:
        java.rmi.RemoteException - Thrown if unable to communicate with platform.
        AuthorizationException - Thrown if client is unauthorized to view the owner of the account.
        ApplicationException - Thrown if unable to retrieve the account's owner. This may possibly be caused by the account being removed by another client previous to this call.

      • getService

        public ServiceMO getService()
                     throws java.rmi.RemoteException,
                            ApplicationException,
                            AuthorizationException
        Returns the service that hosts this account.
        Returns:
        ServiceMO representing the hosting service.
        Throws:
        java.rmi.RemoteException - Thrown if unable to communicate with platform.
        AuthorizationException - Thrown if client is unauthorized to view the service of the account.
        ApplicationException - Thrown if unable to retrieve the account's service. This may possibly be caused by the account being removed by another client previous to this call.

      • orphan

        public void orphan()
            throws java.rmi.RemoteException,
                   AuthorizationException,
                   ApplicationException
        Orphans the account, or changes the account owner to unknown.
        Throws:
        java.rmi.RemoteException - Thrown if unable to communicate with platform.
        AuthorizationException - Thrown if client is unauthorized to orphan the account.
        ApplicationException - Thrown if unable to orphan the account. This may possibly be caused by the account being removed by another client previous to this call. Also thrown if this account is an ITIM account since the ITIM account cannot be orphaned.

      • adopt

        public void adopt(PersonMO owner)
           throws java.rmi.RemoteException,
                  AuthorizationException,
                  ApplicationException
        Adopts the account, or changes the account owner to the given person (identity).
        Parameters:
        owner - PersonMO representing the new account owner.
        Throws:
        java.rmi.RemoteException - Thrown if unable to communicate with platform.
        AuthorizationException - Thrown if client is unauthorized to modify the account or owner attribute of the account.
        ApplicationException - Thrown if unable to adopt the account. This may possibly be caused by the account or owner being removed by another client previous to this call. Also thrown if the account is disallowed and the hosting service's enforcement action is set to "Correct".

      • adopt

        public void adopt(PersonMO owner,
                  java.lang.String ownershipType)
           throws java.rmi.RemoteException,
                  AuthorizationException,
                  ApplicationException
        Adopts an account, or changes the account owner to the given person (identity) with the given ownership type.
        Parameters:
        owner - PersonMO representing the new account owner.
        ownershipType - The new ownership type for the adopted account. These following values are already defined:
        Throws:
        java.rmi.RemoteException - if call to a remote method cannot be executed.
        AuthorizationException - Thrown if the client is unauthorized to modify the account or the owner attribute of the account.
        ApplicationException - if the account cannot be adopted. This error might be caused if another client removes the account or owner before this call.

        This exception is also thrown if the account is disallowed and the hosting enforcement action of the service is set to "Correct".

        See Also:
        RemoteException

      • transfer

        public void transfer(PersonMO owner)
              throws ApplicationException,
                     java.rmi.RemoteException,
                     ApplicationException
        Transfer the account to the given person (identity).
        Parameters:
        owner - PersonMO representing the new account owner.
        Throws:
        java.rmi.RemoteException - Thrown if unable to communicate with platform.
        AuthorizationException - Thrown if client is unauthorized to modify the account or owner attribute of the account.
        ApplicationException - Thrown if unable to transfer the account. This may possibly be caused by the account or owner being removed by another client previous to this call. Also thrown if the account is disallowed and the hosting service's enforcement action is set to "Correct".

      • transfer

        public void transfer(PersonMO owner,
                     java.lang.String ownershipType)
              throws ApplicationException,
                     java.rmi.RemoteException,
                     ApplicationException
        Transfer the account to the given person (identity).
        Parameters:
        owner - PersonMO representing the new account owner.
        Throws:
        java.rmi.RemoteException - Thrown if unable to communicate with platform.
        AuthorizationException - Thrown if client is unauthorized to modify the account or owner attribute of the account.
        ApplicationException - Thrown if unable to transfer the account. This may possibly be caused by the account or owner being removed by another client previous to this call. Also thrown if the account is disallowed and the hosting service's enforcement action is set to "Correct".

      • remove

        public Request remove(java.util.Date scheduledTime)
               throws java.rmi.RemoteException,
                      ApplicationException,
                      AuthorizationException
        Removes the managed object from the provisioning platform. If there is an automatic provisioning policy defined for a person and a service, then a person should have at least one account on that service. If all these accounts are requested to be deleted, then the ApplicationException will be thrown.
        Parameters:
        scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. In case this method is invoked remotely, passing this parameter as the current date/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the ITIM server machine.
        Returns:
        Request object representing the operation's status. If the schedule time is set for the future, then the Request's getStatus() will return the current status at that point of time.
        Throws:
        java.rmi.RemoteException - Thrown if unable to communicate with platform.
        AuthorizationException - Thrown if client is unauthorized to remove the account.
        ApplicationException - Thrown if unable to submit the request. This may caused by (1) the account being removed by another client previous to this call, or (2) if the account is required by automatic provisioning policy.

      • remove

        public Request remove(java.util.Date scheduledTime,
                      java.lang.String justification)
               throws java.rmi.RemoteException,
                      ApplicationException,
                      AuthorizationException
        Removes the managed object from the provisioning platform. If there is an automatic provisioning policy defined for a person and a service, then a person should have at least one account on that service. If all these accounts are requested to be deleted, then the ApplicationException will be thrown.
        Parameters:
        scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. In case this method is invoked remotely, passing this parameter as the current date/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the ITIM server machine.
        justification - The justification provided by the requester while removing an account.
        Returns:
        Request object representing the operation's status. If the schedule time is set for the future, then the Request's getStatus() will return the current status at that point of time.
        Throws:
        java.rmi.RemoteException - Thrown if unable to communicate with platform.
        AuthorizationException - Thrown if client is unauthorized to remove the account.
        ApplicationException - Thrown if unable to submit the request. This may caused by (1) the account being removed by another client previous to this call, or (2) if the account is required by automatic provisioning policy.

      • update

        public Request update(Account a,
                      java.util.Date scheduledTime)
               throws java.rmi.RemoteException,
                      AuthorizationException,
                      SchemaViolationException,
                      ApplicationException
        Updates the managed object. An account value object is provided with the changes to make.
        Parameters:
        a - Account value object with changes to make.
        scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. In case this method is invoked remotely, passing this parameter as the current date/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the ITIM server machine.
        Returns:
        Request object representing the operation's status. If the schedule time is set for the future, then the Request's getStatus() will return the current status at that point of time.
        Throws:
        java.rmi.RemoteException - Thrown if unable to communicate with platform.
        AuthorizationException - Thrown if client is unauthorized to change the account. Note, even if only one of the attributes being changed is not writeable for the client, the entire request will fail and this exception will be thrown.
        SchemaViolationException - Thrown if any of the attributes in the value object violates the managed object's schema.
        ApplicationException - Thrown if unable to submit the request. The request cannot be submitted (1) if the account is already removed by another client previous to this call, (2) if the account is orphaned account (disallowed account), (3) if the account is non-compliant (or disallowed) and the enforcement action is set to "Suspend" or "Correct", (4) if the account has the new password set and it does not conform to the password policy, then InvalidPasswordException will be thrown in the form of ApplicationException since InvalidPasswordException is extended from ApplicationException.

      • update

        public Request update(Account a,
                      java.util.Date scheduledTime,
                      java.lang.String justification)
               throws java.rmi.RemoteException,
                      AuthorizationException,
                      SchemaViolationException,
                      ApplicationException
        Updates the managed object. An account value object is provided with the changes to make.
        Parameters:
        a - Account value object with changes to make.
        scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. In case this method is invoked remotely, passing this parameter as the current date/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the ITIM server machine.
        justification - The justification provided by the requester while updating an account.
        Returns:
        Request object representing the operation's status. If the schedule time is set for the future, then the Request's getStatus() will return the current status at that point of time.
        Throws:
        java.rmi.RemoteException - Thrown if unable to communicate with platform.
        AuthorizationException - Thrown if client is unauthorized to change the account. Note, even if only one of the attributes being changed is not writeable for the client, the entire request will fail and this exception will be thrown.
        SchemaViolationException - Thrown if any of the attributes in the value object violates the managed object's schema.
        ApplicationException - Thrown if unable to submit the request. The request cannot be submitted (1) if the account is already removed by another client previous to this call, (2) if the account is orphaned account (disallowed account), (3) if the account is non-compliant (or disallowed) and the enforcement action is set to "Suspend" or "Correct", (4) if the account has the new password set and it does not conform to the password policy, then InvalidPasswordException will be thrown in the form of ApplicationException since InvalidPasswordException is extended from ApplicationException.

      • suspend

        public Request suspend(java.util.Date scheduledTime)
                throws java.rmi.RemoteException,
                       AuthorizationException,
                       ApplicationException
        Suspends the account.
        Parameters:
        scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. In case this method is invoked remotely, passing this parameter as the current date/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the ITIM server machine.
        Returns:
        Request object representing the operation's status. If the schedule time is set for the future, then the Request's getStatus() will return the current status at that point of time.
        Throws:
        java.rmi.RemoteException - Thrown if unable to communicate with platform.
        AuthorizationException - Thrown if client is unauthorized to suspend the account.
        ApplicationException - Thrown if unable to submit the request. This may possibly be caused by the account being removed by another client previous to this call.

      • suspend

        public Request suspend(java.util.Date scheduledTime,
                       java.lang.String justification)
                throws java.rmi.RemoteException,
                       AuthorizationException,
                       ApplicationException
        Suspends the account.
        Parameters:
        scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. In case this method is invoked remotely, passing this parameter as the current date/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the ITIM server machine.
        justification - The justification provided by the requester while suspending an account.
        Returns:
        Request object representing the operation's status. If the schedule time is set for the future, then the Request's getStatus() will return the current status at that point of time.
        Throws:
        java.rmi.RemoteException - Thrown if unable to communicate with platform.
        AuthorizationException - Thrown if client is unauthorized to suspend the account.
        ApplicationException - Thrown if unable to submit the request. This may possibly be caused by the account being removed by another client previous to this call.

      • restore

        public Request restore(java.lang.String password,
                       java.util.Date scheduledTime)
                throws java.rmi.RemoteException,
                       AuthorizationException,
                       ApplicationException,
                       InvalidPasswordException
        Restores the account. If the account is disallowed or non-compliant and the enforcement action of hosting service is set to "Suspend" or "Correct", the account can not be restored. In this case, ApplicationException will be thrown.
        Parameters:
        password - New password to be used to restore the account under the following conditions:
        • If password synchronization is disabled, the password applies to this account if it supports password change. The password requirement can be determined by checking the service that hosts the account. Refer to function 'isPasswordRequired' of ServiceMO for details.
        • If password synchronization is enabled, the password applies to this account if it is a sponsored account that supports password change, or if it is an individual account that supports password change, but its owner does not have a synchronized password. For individual account, if the account owner has a synchronized password, the account uses the owner's synchronized password instead; If the owner does not have a synchronized password, the new password is set as the synchronized password for the owner, and password synchronization is triggered for all the individual accounts of the owner.
        scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. In case this method is invoked remotely, passing this parameter as the current date/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the ITIM server machine.
        Returns:
        Request object representing the operation's status. If the schedule time is set for the future, then the Request's getStatus() will return the current status at that point of time.
        Throws:
        java.rmi.RemoteException - Thrown if unable to communicate with platform.
        AuthorizationException - Thrown if client is unauthorized to restore the account.
        InvalidPasswordException - Thrown if password does not conform to the password policy defined for the hosting service.
        ApplicationException - Thrown if unable to submit the request. This may be possibly caused by the account being removed by another client previous to this call. Also thrown if the account is disallowed or non-compliant and the enforcement action of hosting service is set to "Suspend" or "Correct".

      • restore

        public Request restore(java.lang.String password,
                       java.util.Date scheduledTime,
                       java.lang.String justification)
                throws java.rmi.RemoteException,
                       AuthorizationException,
                       ApplicationException,
                       InvalidPasswordException
        Restores the account. If the account is disallowed or non-compliant and the enforcement action of hosting service is set to "Suspend" or "Correct", the account can not be restored. In this case, ApplicationException will be thrown.
        Parameters:
        password - New password of the account.
        scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. In case this method is invoked remotely, passing this parameter as the current date/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the ITIM server machine.
        justification - The justification provided by the requester while restoring an account.
        Returns:
        Request object representing the operation's status. If the schedule time is set for the future, then the Request's getStatus() will return the current status at that point of time.
        Throws:
        java.rmi.RemoteException - Thrown if unable to communicate with platform.
        AuthorizationException - Thrown if client is unauthorized to restore the account.
        InvalidPasswordException - Thrown if password does not conform to the password policy defined for the hosting service.
        ApplicationException - Thrown if unable to submit the request. This may be possibly caused by the account being removed by another client previous to this call. Also thrown if the account is disallowed or non-compliant and the enforcement action of hosting service is set to "Suspend" or "Correct".

      • changePassword

        public Request changePassword(java.lang.String password)
                       throws java.rmi.RemoteException,
                              AuthorizationException,
                              InvalidPasswordException,
                              ApplicationException
        Changes the password of the account. Note, some accounts do not require password changes. This can be determined by checking the service the account is hosted on for password requirements.
        Parameters:
        password - New password of the account.
        Returns:
        Request object representing the operation's status. If the schedule time is set for the future, then the Request's getStatus() will return the current status at that point of time.
        Throws:
        java.rmi.RemoteException - Thrown if unable to communicate with platform.
        AuthorizationException - Thrown if client is unauthorized to change the account's password. To change the password, the user should be granted to modify the account and also be granted to write the password attribute.
        InvalidPasswordException - Thrown if password does not conform to the password policy defined for the hosting service.
        ApplicationException - Thrown if unable to submit the request. This may possibly be caused by the account being removed by another client previous to this call.
        See Also:
        ServiceMO.isPasswordRequired()

      • changePassword

        public Request changePassword(java.lang.String password,
                              boolean returnAllValidationFailures)
                       throws java.rmi.RemoteException,
                              AuthorizationException,
                              InvalidPasswordException,
                              PasswordValidationFailuresException,
                              ApplicationException
        Changes the password of the account. Note, some accounts do not require password changes. This can be determined by checking the service the account is hosted on for password requirements.
        Parameters:
        password - New password of the account.
        returnAllValidationFailures - Indicates whether all password validation failures should be returned.
        Returns:
        Request object representing the operation's status. If the schedule time is set for the future, then the Request's getStatus() will return the current status at that point of time.
        Throws:
        java.rmi.RemoteException - Thrown if unable to communicate with platform.
        AuthorizationException - Thrown if client is unauthorized to change the account's password. To change the password, the user should be granted to modify the account and also be granted to write the password attribute.
        InvalidPasswordException - Thrown if password does not conform to the password policy defined for the hosting service, and returnAllValidationFailures is false.
        PasswordValidationFailuresException - Thrown if password does not conform to the password policy defined for the hosting service, and returnAllValidationFailures is true.
        ApplicationException - Thrown if unable to submit the request. This may possibly be caused by the account being removed by another client previous to this call.
        See Also:
        ServiceMO.isPasswordRequired()

      • validatePassword

        public void validatePassword(java.lang.String password,
                             boolean returnAllValidationFailures)
                      throws java.rmi.RemoteException,
                             AuthorizationException,
                             InvalidPasswordException,
                             PasswordValidationFailuresException,
                             ApplicationException
        Validates the specified password for the account. Note, some accounts do not support passwords. This can be determined by checking the service the account is hosted on for password requirements.
        Parameters:
        password - New password of the account.
        returnAllValidationFailures - Indicates whether all password validation failures should be returned.
        Throws:
        java.rmi.RemoteException - Thrown if unable to communicate with platform.
        AuthorizationException - Thrown if client is unauthorized to change the account's password. To change the password, the user should be granted to modify the account and also be granted to write the password attribute.
        InvalidPasswordException - Thrown if password does not conform to the password policy defined for the hosting service, and returnAllValidationFailures is false.
        PasswordValidationFailuresException - Thrown if password does not conform to the password policy defined for the hosting service, and returnAllValidationFailures is true.
        ApplicationException - Thrown if unable to submit the request. This may possibly be caused by the account being removed by another client previous to this call.
        See Also:
        ServiceMO.isPasswordRequired()

      • recertifyOverride

        public void recertifyOverride(java.lang.String justification)
                       throws ApplicationException,
                              java.rmi.RemoteException
        Audits the current account for recertification
        Parameters:
        justification - The comments provided by the requester while recertifying the accounts.
        Throws:
        ApplicationException, - RemoteException An exception will be thrown on any failure.
        ApplicationException
        java.rmi.RemoteException

      • submitAdoptionRequest

        public Request submitAdoptionRequest(PersonMO owner)
                              throws java.rmi.RemoteException,
                                     AuthorizationException,
                                     ApplicationException
        Adopts the account, or changes the account owner to the given person (identity).
        Parameters:
        owner - PersonMO representing the new account owner.
        Returns:
        Request object representing the operation's status.
        Throws:
        java.rmi.RemoteException - Thrown if unable to communicate with platform.
        AuthorizationException - Thrown if client is unauthorized to modify the account or owner attribute of the account.
        ApplicationException - Thrown if unable to adopt the account. This may possibly be caused by the account or owner being removed by another client previous to this call. Also thrown if the account is disallowed and the hosting service's enforcement action is set to "Correct".
Skip navigation links