com.sap.security.api
Interface IUserAccount

All Superinterfaces:

IPrincipal, IPrincipalMaint, java.io.Serializable

public interface IUserAccount

extends IPrincipalMaint

Interface to get and set user account data. Copyright (c) 2001 Company: SAPMarkets, Inc

NOTE: get methods returning an object may return null if a valid value is not available unless specified otherwise in the respective method description. As this interface can be extended, this interface can be freely used, but must not be implemented.

Version:

1.1

Field Summary

static int	LOCKED_AUTO
static int	LOCKED_BY_ADMIN
static int	LOCKED_NO
static java.lang.String	SECURITY_POLICY
static java.lang.String	SECURITY_POLICY_TYPE_DEFAULT
static java.lang.String	SECURITY_POLICY_TYPE_TECHNICAL
static java.lang.String	SECURITY_POLICY_TYPE_UNKNOWN

Fields inherited from interface com.sap.security.api.IPrincipal

BYTE_TYPE, CREATED_BY, DATASOURCE, DEFAULT_NAMESPACE, DEFAULT_RELATION_NAMESPACE, DESCRIPTION, DISPLAYNAME, LAST_MODIFIED_BY, PRINCIPAL_CREATION_DATE, PRINCIPAL_MODIFY_DATE, PRINCIPAL_RELATION_MEMBER_ATTRIBUTE, PRINCIPAL_RELATION_PARENT_ATTRIBUTE, STRING_TYPE, TRANSIENT_NAMESPACE, UNIQUE_NAME, VERSIONSTRING

Method Summary

void	addToGroup(java.lang.String uniqueIdOfGroup) Deprecated. use IUserMaint.addToGroup(String) instead
void	addToRole(java.lang.String uniqueIdOfRole) Deprecated. use IUserMaint.addToRole(String) instead
boolean	checkPassword(java.lang.String pass) compares the stored password with the input password Note: Use IUserAccount.isPasswordDisabled() before calling this.
int	checkPasswordExtended(java.lang.String pass) compares the stored password with the input password Possible return values are: ILoginConstants.CHECKPWD_OK ILoginConstants.CHECKPWD_WRONGPWD ILoginConstants.CHECKPWD_NOPWD ILoginConstants.CHECKPWD_PWDLOCKED ILoginConstants.CHECKPWD_PWDEXPIRED
java.util.Date	created() returns the creation date of this user account
void	deleteCertificates(java.security.cert.X509Certificate[] certificate) Deletes the user's certificate
IUser	getAssignedUser() get the user that belongs to this account
java.lang.String	getAssignedUserID() Gets the unique id of the user which is assigned to this account.
java.security.cert.X509Certificate[]	getCertificates() Returns the user's certificates
int	getFailedLogonAttempts() get number of failed logon attempts.
java.lang.String	getHashedPassword()
java.util.Date	getLastFailedLogonDate() get last failed logon time
java.util.Date	getLastPasswordChangedDate() Gets the LastPasswordChangedDate attribute of the IUserAccount object
java.util.Date	getLastSuccessfulLogonDate() Deprecated.
int	getLockReason() Deprecated. use isPasswordLocked() and isUserAccountLocked() instead
java.lang.String	getLogonUid() get logon uid (long uid)
java.util.Iterator	getParentGroups(boolean recursive) Gets the list of all parent principals including parents, grandparents, ...
java.util.Date	getPreviousSuccessfulLogonDate() Deprecated.
java.util.Iterator	getRoles(boolean recursive) Gets the list of all assigned roles of this principal including parent groups, grandparent groups,...
java.lang.String	getSecurityPolicy() Gets the security policy which is assigned to this account.
int	getSuccessfulLogonCounts() Deprecated.
java.util.Date	getValidFromDate() get valid from date
java.util.Date	getValidToDate() get valid to date
void	incrementFailedLogonAttempts() set the number of failed logon attemps by a parameter
void	incrementSuccessfulLogonCounts() Deprecated.
boolean	isLocked() Deprecated. use isPasswordLocked() and isUserAccountLocked() instead
boolean	isMemberOfGroup(java.lang.String uniqueIdOfGroup, boolean recursive) Checks if the principal belongs to the passed groupId
boolean	isMemberOfRole(java.lang.String roleId, boolean recursive) Checks if the principal belongs to the passed roleId This method does a recursive search, so if this principal belongs to a collection which is a member of this collection, true is returned.
boolean	isPasswordChangeRequired() indicator the need of force change password on next logon default: false if true, user need to change logon password on next logon
boolean	isPasswordDisabled() Checks whether the password is disabled.
boolean	isPasswordLocked() Gets the password locked attribute of the IUserAccount object
boolean	isUserAccountLocked() Gets the locked attribute of the IUserAccount object
java.util.Date	lastModified() returns the last modification date of this user account
java.util.Date	lockDate() returns lock date
void	removeFromGroup(java.lang.String uniqueIdOfGroup) Deprecated. use IUserMaint.removeFromGroup(String) instead
void	removeFromRole(java.lang.String uniqueIdOfRole) Deprecated. use IUserMaint.removeFromRole(String) instead
void	resetFailedLogonAttempts() Description of the Method
void	setCertificates(java.security.cert.X509Certificate[] certificate) Stores the user's certificate and creates a mapping
void	setFailedLogonAttempts(int i) increase the number of failed logon attempts by 1
void	setLastFailedLogonDate(java.util.Date timeStamp) set last logon time
void	setLastLogoutDate(java.util.Date timeStamp) set last logout date
void	setLastSuccessfulLogonDate(java.util.Date timeStamp) Deprecated.
void	setLocked(boolean lock, int reason) Sets the locked attribute of the IUserAccount object
void	setPassword(java.lang.String pass) Changes user password to newpass.
void	setPassword(java.lang.String oldpass, java.lang.String newpass) Changes user password from oldpass to newpass.
void	setPasswordChangeRequired(boolean chng) Sets the PasswordChangeRequired attribute of the IUserAccount object.
void	setPasswordDisabled() Disables the password.
void	setSecurityPolicy(java.lang.String uniqueName) assign new security policy to this account
void	setSuccessfulLogonCounts(int i) Deprecated.
void	setValidFromDate(java.util.Date date) Sets the ValidFromDate attribute of the IUserAccount object
void	setValidToDate(java.util.Date date) Sets the ValidToDate attribute of the IUserAccount object

Methods inherited from interface com.sap.security.api.IPrincipalMaint

addAttributeValue, commit, isModified, removeAttributeValue, rollback, save, setAttribute, setBinaryAttribute, setDisplayName

Methods inherited from interface com.sap.security.api.IPrincipal

equals, getAttribute, getAttributeNames, getAttributeNamespaces, getAttributeType, getBinaryAttribute, getDisplayName, getParents, getUniqueID, hashCode, isExistenceChecked, isMutable, refresh

Field Detail

LOCKED_NO

public static final int LOCKED_NO

LOCKED_AUTO

public static final int LOCKED_AUTO

LOCKED_BY_ADMIN

public static final int LOCKED_BY_ADMIN

SECURITY_POLICY

public static final java.lang.String SECURITY_POLICY

SECURITY_POLICY_TYPE_DEFAULT

public static final java.lang.String SECURITY_POLICY_TYPE_DEFAULT

SECURITY_POLICY_TYPE_TECHNICAL

public static final java.lang.String SECURITY_POLICY_TYPE_TECHNICAL

SECURITY_POLICY_TYPE_UNKNOWN

public static final java.lang.String SECURITY_POLICY_TYPE_UNKNOWN

Method Detail

getLogonUid

public java.lang.String getLogonUid()

get logon uid (long uid)

Returns:

The LogonUid value

getValidFromDate

public java.util.Date getValidFromDate()

get valid from date

Returns:

The ValidFromDate value

setValidFromDate

public void setValidFromDate(java.util.Date date)

Sets the ValidFromDate attribute of the IUserAccount object

Parameters:

date - The new ValidFromDate value

getValidToDate

public java.util.Date getValidToDate()

get valid to date

Returns:

The ValidToDate value

getAssignedUser

public IUser getAssignedUser()
                      throws UMException

get the user that belongs to this account

Returns:

The user

setValidToDate

public void setValidToDate(java.util.Date date)

Sets the ValidToDate attribute of the IUserAccount object

Parameters:

date - The new ValidToDate value

isLocked

public boolean isLocked()

Deprecated. use isPasswordLocked() and isUserAccountLocked() instead

Gets the Locked attribute of the IUserAccount object

Returns:

true if the user account is locked

setLocked

public void setLocked(boolean lock,
                      int reason)

Sets the locked attribute of the IUserAccount object

Parameters:

lock - the lock value

reason - specifies the lock reason

getLockReason

public int getLockReason()

Deprecated. use isPasswordLocked() and isUserAccountLocked() instead

Returns the reason code for account lock.

Returns:

IUserAccount.LOCKED_NO - not locked, IUserAccount.LOCKED_BY_ADMIN - locked by admin, IUserAccount.LOCKED_AUTO - locked due to number of failed attempts.

getLastFailedLogonDate

public java.util.Date getLastFailedLogonDate()

get last failed logon time

Returns:

The LastFailedLogonDate value

setLastFailedLogonDate

public void setLastFailedLogonDate(java.util.Date timeStamp)

set last logon time

Parameters:

timeStamp - The new LastFailedLogonDate value

getFailedLogonAttempts

public int getFailedLogonAttempts()

get number of failed logon attempts.

Returns:

The FailedLogonAttempts value

setFailedLogonAttempts

public void setFailedLogonAttempts(int i)

increase the number of failed logon attempts by 1

Parameters:

i - The new FailedLogonAttempts value

incrementFailedLogonAttempts

public void incrementFailedLogonAttempts()

set the number of failed logon attemps by a parameter

resetFailedLogonAttempts

public void resetFailedLogonAttempts()

Description of the Method

getLastSuccessfulLogonDate

public java.util.Date getLastSuccessfulLogonDate()

Deprecated.

get last sucessful logon date NOTE: This attribute is not automatically updated during login.

Returns:

The LastSuccessfulLogonDate value

setLastSuccessfulLogonDate

public void setLastSuccessfulLogonDate(java.util.Date timeStamp)

Deprecated.

set last successful logon date without incrementing the number of logon counts

Parameters:

timeStamp - The new LastSuccessfulLogonDate value

getSuccessfulLogonCounts

public int getSuccessfulLogonCounts()

Deprecated.

get number of successful logon attempts NOTE: This attribute is not automatically updated during login.

Returns:

The SuccessfulLogonCounts value

incrementSuccessfulLogonCounts

public void incrementSuccessfulLogonCounts()

Deprecated.

increase the number of logon counts by 1 and changes the last successful logon date implicitly

setSuccessfulLogonCounts

public void setSuccessfulLogonCounts(int i)

Deprecated.

Sets the SuccessfulLogonCounts attribute of the IUserAccount object

Parameters:

i - The new SuccessfulLogonCounts value

isPasswordChangeRequired

public boolean isPasswordChangeRequired()

indicator the need of force change password on next logon default: false if true, user need to change logon password on next logon

Returns:

The PasswordChangeRequired value

getLastPasswordChangedDate

public java.util.Date getLastPasswordChangedDate()

Gets the LastPasswordChangedDate attribute of the IUserAccount object

Returns:

The LastPasswordChangedDate value

setPasswordChangeRequired

public void setPasswordChangeRequired(boolean chng)

Sets the PasswordChangeRequired attribute of the IUserAccount object.

Note: IUserAccount.commit() may raise UMException for SAP System user with following exception text:

Attribute com.sap.security.core.usermanagement|->passwordchangerequired can only be modified by changing or resetting the password if any datasource of class com.sap.security.core.persistence.datasource.imp.R3Persistence is responsible for writing it.

The exception may be raised in following cases

1. if it is used without using setPassword(String, String) or setPassword(String) in the same IPrincipalMaint.commit() transaction.
2. if following combination of setPasswordChangeRequired and setPassword(...) is used:
   • setPassword(String) and setPasswordChangeRequired(false)
   • setPassword(String, String) and setPasswordChangeRequired(true)

Parameters:

chng - The new PasswordChangeRequired value

isPasswordDisabled

public boolean isPasswordDisabled()

Checks whether the password is disabled.

Returns:

The result of the check

setPasswordDisabled

public void setPasswordDisabled()

Disables the password.

setPassword

public void setPassword(java.lang.String pass)
                 throws InvalidPasswordException

Changes user password to newpass. There is no need to know the old password. This change of password will force the user to change the password on a subsequent logon. This is used mainly by the administrator during resetting a password or adding an user, as opposed to the user changing the password him/herself. Note: If the password was disabled, it is enabled after this call.

Parameters:

pass - The new Password value

setPassword

public void setPassword(java.lang.String oldpass,
                        java.lang.String newpass)
                 throws InvalidPasswordException

Changes user password from oldpass to newpass. The oldpass is validated first, then the newpass is set for the user account. This change of password will not force user to change the password again on a subsequent logon. This is used mainly when the user changes the password him/herself, as opposed to the administrator changing or resetting the password for the user. Other situation when this is used is when the password expired and the user is forced to change the password. Note: Use IUserAccount.isPasswordDisabled() before calling this. If the password is disabled, this method will result in a UMRuntimeException.

Parameters:

oldpass - The new Password value

newpass - The new Password value

getCertificates

public java.security.cert.X509Certificate[] getCertificates()
                                                     throws java.security.cert.CertificateException,
                                                            UMException

Returns the user's certificates

Returns:

certificate array of allowed certificates or null if the user doesn't have certificates

Throws:

java.security.cert.CertificateException - Description of Exception

UMException - UMException is thrown is getCertificates operation is failed for some reason

setCertificates

public void setCertificates(java.security.cert.X509Certificate[] certificate)
                     throws java.security.cert.CertificateException,
                            UMException

Stores the user's certificate and creates a mapping

Parameters:

certificate - array of allowed certifiates, pass null to remove existing mapping

Throws:

java.security.cert.CertificateException - Description of Exception

UMException - UMException is thrown is setCertificates operation is failed for some reason

deleteCertificates

public void deleteCertificates(java.security.cert.X509Certificate[] certificate)
                        throws java.security.cert.CertificateException,
                               UMException

Deletes the user's certificate

Parameters:

certificate - array of allowed certifiates, pass null to remove existing mapping

Throws:

java.security.cert.CertificateException - Description of Exception

UMException - UMException is thrown is setCertificates operation is failed for some reason

checkPassword

public boolean checkPassword(java.lang.String pass)

compares the stored password with the input password Note: Use IUserAccount.isPasswordDisabled() before calling this. If the password is disabled, this method will result in a UMRuntimeException.

Parameters:

pass - Password string

Returns:

true if match , false otherwise

checkPasswordExtended

public int checkPasswordExtended(java.lang.String pass)
                          throws UMException

compares the stored password with the input password Possible return values are: ILoginConstants.CHECKPWD_OK ILoginConstants.CHECKPWD_WRONGPWD ILoginConstants.CHECKPWD_NOPWD ILoginConstants.CHECKPWD_PWDLOCKED ILoginConstants.CHECKPWD_PWDEXPIRED

Parameters:

pass - Password string

Returns:

The corresponding return code

created

public java.util.Date created()

returns the creation date of this user account

Specified by:

created in interface IPrincipal

Following copied from interface: com.sap.security.api.IPrincipal

Returns:

a Date object or null if creation date is not available

lastModified

public java.util.Date lastModified()

returns the last modification date of this user account

Specified by:

lastModified in interface IPrincipal

Following copied from interface: com.sap.security.api.IPrincipal

Returns:

a Date object or null if last modification date is not available

lockDate

public java.util.Date lockDate()

returns lock date

getHashedPassword

public java.lang.String getHashedPassword()
                                   throws UMException

Returns:

hashedPassword as string or null

Throws:

FeatureNotAvailableException - if feature is not implemented

setLastLogoutDate

public void setLastLogoutDate(java.util.Date timeStamp)

set last logout date

Parameters:

timeStamp - The new LastSuccessfulLogonDate value if timeStamp is null a new Date object will be allocated and measured to the nearest millisecond.

getPreviousSuccessfulLogonDate

public java.util.Date getPreviousSuccessfulLogonDate()

Deprecated.

get previous sucessful logon date NOTE: This attribute is not automatically updated during login.

Returns:

The PreviousSuccessfulLogonDate value

getRoles

public java.util.Iterator getRoles(boolean recursive)

Gets the list of all assigned roles of this principal including parent groups, grandparent groups,...

Parameters:

recursive - if true returns all parent roles

Returns:

all roles for this principal

getParentGroups

public java.util.Iterator getParentGroups(boolean recursive)

Gets the list of all parent principals including parents, grandparents, ...

Returns:

all parent principals of this collection

isMemberOfRole

public boolean isMemberOfRole(java.lang.String roleId,
                              boolean recursive)

Checks if the principal belongs to the passed roleId This method does a recursive search, so if this principal belongs to a collection which is a member of this collection, true is returned. returns true if the principal is directly or indirectly (via role membership) assigned.

Parameters:

roleId - the ID of the role

isMemberOfGroup

public boolean isMemberOfGroup(java.lang.String uniqueIdOfGroup,
                               boolean recursive)

Checks if the principal belongs to the passed groupId

Parameters:

uniqueIdOfGroup - the ID of the group

recursive - This method does a recursive search, so if this principal belongs to a collection which is a member of this collection, true is returned. returns true if the principal is directly or indirectly (via role membership) assigned.

Returns:

true if this account is member of the specified group

addToGroup

public void addToGroup(java.lang.String uniqueIdOfGroup)
                throws UMException

Deprecated. use IUserMaint.addToGroup(String) instead

Assign this principal to the parent-group with id

Parameters:

uniqueIdOfGroup - id of the group

Throws:

UMException -

removeFromGroup

public void removeFromGroup(java.lang.String uniqueIdOfGroup)
                     throws UMException

Deprecated. use IUserMaint.removeFromGroup(String) instead

Unassign this principal from the parent-group with id

Parameters:

uniqueIdOfGroup - id of the parent group

Throws:

UMException -

addToRole

public void addToRole(java.lang.String uniqueIdOfRole)
               throws UMException

Deprecated. use IUserMaint.addToRole(String) instead

Assign this principal to the role with uniqueIdOfRole

Parameters:

uniqueIdOfRole - id of the role

Throws:

UMException -

removeFromRole

public void removeFromRole(java.lang.String uniqueIdOfRole)
                    throws UMException

Deprecated. use IUserMaint.removeFromRole(String) instead

Unassign this principal from role with id

Parameters:

uniqueIdOfRole - id of the role

Throws:

UMException -

isPasswordLocked

public boolean isPasswordLocked()

Gets the password locked attribute of the IUserAccount object

Returns:

true if the user account is locked

isUserAccountLocked

public boolean isUserAccountLocked()

Gets the locked attribute of the IUserAccount object

Returns:

true if the user account is locked

getAssignedUserID

public java.lang.String getAssignedUserID()

Gets the unique id of the user which is assigned to this account. If no user is assigned to this account, null is returned.

Returns:

The unique id of the user or null

getSecurityPolicy

public java.lang.String getSecurityPolicy()

Gets the security policy which is assigned to this account. If no specific security policy is assigned to this account, default is returned.

Returns:

String the uniqueName of the security policy assigned to this account

setSecurityPolicy

public void setSecurityPolicy(java.lang.String uniqueName)
                       throws UMException

assign new security policy to this account

Parameters:

uniqueName - the uniqueName of the security policy

Returns:

ISecurityPolicy the security policy assigned to this account

Throws:

NoSuchPrincipalException - if no SecurityPolicy with the given uniqueName exists

UMException - if given unique name is not unique