|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.ibm.itim.apps.provisioning.AccountManager
Provides aggregate account management capabilities. These capabilities include the creation of accounts, the validation of accounts, and the resolution of what services are available for an individual within the provisioning platform.
AccountMO
Constructor Summary | |
AccountManager(PlatformContext platform,
javax.security.auth.Subject subject)
Constructs the manager with a platform context and a subject. |
Method Summary | |
void |
adopt(DistinguishedName ownerDN,
java.util.Collection accounts)
Adopts multiple accounts, or assigns the same owner (given) to all the accounts submitted. |
Request |
createAccount(PersonMO owner,
ServiceMO service,
Account subject,
java.util.Date scheduledTime)
Creates an account in the provisioning platform with the specified attributes for the given person. |
AttributeValues |
getAccountParameters(PersonMO owner,
ServiceMO service)
Returns the auto-generated parameters used to define the potential owner's account on the given service. |
java.util.Collection |
getAccounts(PersonMO person,
java.util.Locale locale)
Returns the account(s) for the given person. |
java.util.Collection |
getAccounts(ServiceMO service,
java.lang.String uid)
Returns the account(s) with the uid hosted on the given service. |
java.util.Collection |
getAccounts(ServiceMO service,
java.lang.String attributeName,
java.lang.Object attributeValue)
Returns the account(s) matching the given attribute hosted on the given service. |
void |
getAccounts(ServiceMO service,
java.lang.String attributeName,
java.lang.Object attributeValue,
SearchResultsMO results)
Returns the account(s) matching the given attribute hosted on the given service. |
java.util.Collection |
getAuthorizedServices(PersonMO subject,
java.util.Locale locale)
Returns the services the given person is authorized to have access to. |
void |
getNonCompliantAccounts(SearchResultsMO results)
Returns all accounts that are currently tracked as non-compliant by the provisioning system. |
void |
getNonCompliantAccounts(ServiceMO service,
SearchResultsMO results)
Returns all accounts on the given service that are currently tracked as non-compliant by the provisioning system. |
boolean |
isAccountCompliant(AccountMO subject,
java.util.Collection errors)
Returns whether the given account is compliant with all policies. |
boolean |
isAccountCompliant(PersonMO owner,
ServiceMO service,
AttributeValues params,
java.util.Collection errors)
Returns whether the an (potential) account on the given service with the given parameters for the given owner is compliant with all policies. |
void |
orphan(DistinguishedName userDN,
java.util.Collection accounts)
Orphans multiple accounts, or changes the account owner to unknown. |
Request |
remove(java.util.Collection accounts,
java.util.Date scheduledTime)
Removes multiple accounts from the provisioning platform. |
Request |
restore(java.util.Collection accounts,
java.util.Date scheduledTime)
Restores multiple accounts. |
Request |
suspend(java.util.Collection accounts,
java.util.Date scheduledTime)
Suspends multiple accounts. |
Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
public AccountManager(PlatformContext platform, javax.security.auth.Subject subject)
platform
- PlatformContext holding platform connection information.subject
- Subject representing the authenticated caller.Method Detail |
public Request createAccount(PersonMO owner, ServiceMO service, Account subject, java.util.Date scheduledTime) throws java.rmi.RemoteException, AuthorizationException, SchemaViolationException, ApplicationException
owner
- PersonMO who will own the account.service
- ServiceMO the account will be provisioned on.subject
- Account value object defining the attributes the account
will have.scheduledTime
- Date holding the time the operation is to be
executed.java.rmi.RemoteException
- Thrown if unable to communicate with platform.AuthorizationException
- Thrown if client is unauthorized to
create the account for the given
person.SchemaViolationException
- Thrown if any of the attributes
in the value object are violate the
managed object's schema. This
may be caused by an invalid attribute
or if a required attribute is missing
entirely.ApplicationException
- Thrown if unable to submit the request.
This may possibly be caused by
the owner being removed by another
client previous to this call.public java.util.Collection getAuthorizedServices(PersonMO subject, java.util.Locale locale) throws java.rmi.RemoteException, AuthorizationException, ApplicationException
subject
- PersonMO representing the person in question.locale
- optional Locale used to sort the results by
Service name. If null, Locale.getDefault() (server JVM)
is used.java.rmi.RemoteException
- Thrown if unable to communicate with platform.AuthorizationException
- Thrown if client is unauthorized to
view (search) the subject person.ApplicationException
- Thrown if unable to obtain the
authorized services. This may possibly
be caused by the subject being removed
by another client previous to this call.
This may be also caused by a fault in
processing policies in order to
obtain the authorized services.public AttributeValues getAccountParameters(PersonMO owner, ServiceMO service) throws java.rmi.RemoteException, AuthorizationException, ApplicationException
owner
- PersonMO representing the person in question.service
- ServiceMO representing the service in question.java.rmi.RemoteException
- Thrown if unable to communicate with platform.AuthorizationException
- Thrown if client is unauthorized to
view (search) the subject person,
accounts of this type, and/or service.ApplicationException
- Thrown if unable to generate the
parameters. This may possibly be caused
by the owner or service being removed
by another client previous to this call.
This may be also caused by a fault in
processing policies in order to
generate the parameters.public void getNonCompliantAccounts(SearchResultsMO results) throws java.rmi.RemoteException, ApplicationException
results
- SearchResultsMO to hold the results of the search. The
object will be filled with Account value objects that
represent non-compliant accounts. Note, if the
SearchResultsMO object was constructed using a different
user context, that context will be changed to match the
context of this object.java.rmi.RemoteException
- Thrown if unable to communicate with platform.ApplicationException
- Thrown if unable to retrieve the accounts.public void getNonCompliantAccounts(ServiceMO service, SearchResultsMO results) throws java.rmi.RemoteException, ApplicationException
service
- ServiceMO constraining the search.results
- SearchResultsMO to hold the results of the search. The
object will be filled with Account value objects that
represent non-compliant accounts. Note, if the
SearchResultsMO object was constructed using a different
user context, that context will be changed to match the
context of this object.java.rmi.RemoteException
- Thrown if unable to communicate with platform.ApplicationException
- Thrown if unable to retrieve the accounts.public boolean isAccountCompliant(AccountMO subject, java.util.Collection errors) throws java.rmi.RemoteException, AuthorizationException, ApplicationException
subject
- AccountMO representing the account in question.errors
- If non-null, will be filled with detected errors. The
errors are represented as Strings.java.rmi.RemoteException
- Thrown if unable to communicate with platform.AuthorizationException
- Thrown if client is unauthorized to
view (search) the subject account.ApplicationException
- Thrown if unable to generate the
parameters. This may possibly be caused
by the account being removed
by another client previous to this call.
This may be also caused by a fault in
processing policies in order to
evaluate compliance.public boolean isAccountCompliant(PersonMO owner, ServiceMO service, AttributeValues params, java.util.Collection errors) throws java.rmi.RemoteException, AuthorizationException, ApplicationException
owner
- PersonMO representing the person in question.service
- ServiceMO representing the service in question.params
- AttributeValues holding the parameters of the (potential)
account.errors
- If non-null, will be filled with detected errors. The
errors are represented as Strings.java.rmi.RemoteException
- Thrown if unable to communicate with platform.AuthorizationException
- Thrown if client is unauthorized to
view (search) the subject person
and/or service.ApplicationException
- Thrown if unable to generate the
parameters. This may possibly be caused
by the owner and/or service being removed
by another client previous to this call.
This may be also caused by a fault in
processing policies in order to
evaluate compliance.public java.util.Collection getAccounts(PersonMO person, java.util.Locale locale) throws java.rmi.RemoteException, ApplicationException
person
- PersonMO representing the person to scope the search.locale
- optional Locale used to do a locale-sensitive sort
of the results by user id. If null, Locale.getDefault()
is used (server JVM).java.rmi.RemoteException
- Thrown if unable to communicate with platform.ApplicationException
- Thrown if unable to obtain the
accounts. This may possibly
be caused by the service being removed
by another client previous to this call.public java.util.Collection getAccounts(ServiceMO service, java.lang.String uid) throws java.rmi.RemoteException, ApplicationException
service
- ServiceMO representing the service to scope the search.uid
- User id of the account to retrieve.java.rmi.RemoteException
- Thrown if unable to communicate with platform.ApplicationException
- Thrown if unable to obtain the
accounts. This may possibly
be caused by the service being removed
by another client previous to this call.public java.util.Collection getAccounts(ServiceMO service, java.lang.String attributeName, java.lang.Object attributeValue) throws java.rmi.RemoteException, ApplicationException
service
- ServiceMO representing the service to scope the search.attributeName
- Name of attribute to match with.attributeValue
- Value of the attribute to match with. A * can be
used as the first and/or last character of a
String value if a "contains" expression is wished.java.rmi.RemoteException
- Thrown if unable to communicate with platform.ApplicationException
- Thrown if unable to obtain the
accounts. This may possibly
be caused by the service being removed
by another client previous to this call.public void getAccounts(ServiceMO service, java.lang.String attributeName, java.lang.Object attributeValue, SearchResultsMO results) throws java.rmi.RemoteException, ApplicationException
service
- ServiceMO representing the service to scope the search.attributeName
- Name of attribute to match with.attributeValue
- Value of the attribute to match with. A * can be
used as the first and/or last character of a
String value if a "contains" expression is wished.results
- SearchResultsMO to hold the results of the search. The
object will be filled with Account value objects that
match the given criteria. Note, if the SearchResultsMO
object was constructed using a different user context,
that context will be changed to match the context of this
object.java.rmi.RemoteException
- Thrown if unable to communicate with platform.ApplicationException
- Thrown if unable to obtain the
accounts. This may possibly
be caused by the service being removed
by another client previous to this call.public void adopt(DistinguishedName ownerDN, java.util.Collection accounts) throws java.rmi.RemoteException, AuthorizationException, ApplicationException
ownerDN
- DistinguishedName of the new account owner.accounts
- Collection of Account DirectoryObject to assign
an owner to.java.rmi.RemoteException
- Thrown if unable to communicate with platform.AuthorizationException
- Thrown if client is unauthorized to
change any of the account owners.ApplicationException
- Thrown if unable to adopt any of the accounts.
This may possibly be caused by
the account or owner being removed by
another client previous to this call.public void orphan(DistinguishedName userDN, java.util.Collection accounts) throws java.rmi.RemoteException, AuthorizationException, ApplicationException
userDN
- DistinguishedName identifies an
authenticated SystemUser.accounts
- Collection of Account DirectoryObjects to orphan.java.rmi.RemoteException
- Thrown if unable to communicate with platform.AuthorizationException
- Thrown if client is unauthorized to
orphan any of the accounts.ApplicationException
- Thrown if unable to orphan the accounts.
This may possibly be caused by
the account being removed by another client
previous to this call.public Request suspend(java.util.Collection accounts, java.util.Date scheduledTime) throws java.rmi.RemoteException, ApplicationException, AuthorizationException
accounts
- Collection of Account DirectoryObjects to suspend.scheduledTime
- Date holding the time the operation is to be
executed.java.rmi.RemoteException
- Thrown if unable to communicate with platform.AuthorizationException
- Thrown if client is unauthorized to
suspend any of the accounts.ApplicationException
- Thrown if unable to submit the request.public Request restore(java.util.Collection accounts, java.util.Date scheduledTime) throws java.rmi.RemoteException, ApplicationException, AuthorizationException
accounts
- Collection of Account DirectoryObjects to restore.scheduledTime
- Date holding the time the operation is to be
executed.java.rmi.RemoteException
- Thrown if unable to communicate with platform.AuthorizationException
- Thrown if client is unauthorized to
restore any of the accounts.ApplicationException
- Thrown if unable to submit the request.public Request remove(java.util.Collection accounts, java.util.Date scheduledTime) throws java.rmi.RemoteException, ApplicationException, AuthorizationException
accounts
- Collection of Account DirectoryObjects to remove.scheduledTime
- Date holding the time the operation is to be
executed.java.rmi.RemoteException
- Thrown if unable to communicate with platform.AuthorizationException
- Thrown if client is unauthorized to
remove any of the accounts.ApplicationException
- Thrown if unable to submit the request.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |