com.sap.security.api

Interface IUserAccount

All Superinterfaces:

IPrincipal, IPrincipalMaint, Serializable

public interface IUserAccount
extends IPrincipalMaint

Interface to get and set user account data. Copyright (c) 2001 Company: SAPMarkets, Inc

NOTE: get methods returning an object may return null if a valid value is not available unless specified otherwise in the respective method description. As this interface�can be extended, this interface can be freely used, but must not be implemented.

Field Summary

static int	LOCKED_AUTO
static int	LOCKED_BY_ADMIN
static int	LOCKED_NO
static String	SECURITY_POLICY
static String	SECURITY_POLICY_TYPE_DEFAULT
static String	SECURITY_POLICY_TYPE_TECHNICAL
static String	SECURITY_POLICY_TYPE_UNKNOWN

Fields inherited from interface com.sap.security.api.IPrincipal

BYTE_TYPE, CREATED_BY, DATASOURCE, DEFAULT_NAMESPACE, DEFAULT_RELATION_NAMESPACE, DESCRIPTION, DISPLAYNAME, LAST_MODIFIED_BY, PRINCIPAL_CREATION_DATE, PRINCIPAL_MODIFY_DATE, PRINCIPAL_RELATION_MEMBER_ATTRIBUTE, PRINCIPAL_RELATION_PARENT_ATTRIBUTE, STRING_TYPE, TRANSIENT_NAMESPACE, UNIQUE_NAME, VERSIONSTRING

Method Summary

void	addToGroup(String uniqueIdOfGroup) Deprecated. use IUserMaint.addToGroup(String) instead
void	addToRole(String uniqueIdOfRole) Deprecated. use IUserMaint.addToRole(String) instead
boolean	checkPassword(String pass) compares the stored password with the input password Note: Use IUserAccount.isPasswordDisabled() before calling this.
int	checkPasswordExtended(String pass) compares the stored password with the input password Possible return values are: ILoginConstants.CHECKPWD_OK ILoginConstants.CHECKPWD_WRONGPWD ILoginConstants.CHECKPWD_NOPWD ILoginConstants.CHECKPWD_PWDLOCKED ILoginConstants.CHECKPWD_PWDEXPIRED
Date	created() returns the creation date of this user account
void	deleteCertificates(X509Certificate[] certificate) Deletes the user's certificate
IUser	getAssignedUser() get the user that belongs to this account
String	getAssignedUserID() Gets the unique id of the user which is assigned to this account.
X509Certificate[]	getCertificates() Returns the user's certificates
int	getFailedLogonAttempts() get number of failed logon attempts.
String	getHashedPassword()
Date	getLastFailedLogonDate() get last failed logon time
Date	getLastPasswordChangedDate() Gets the LastPasswordChangedDate attribute of the IUserAccount object
Date	getLastSuccessfulLogonDate() Deprecated.
int	getLockReason() Deprecated. use isPasswordLocked() and isUserAccountLocked() instead
String	getLogonUid() get logon uid (long uid)
Iterator	getParentGroups(boolean recursive) Gets the list of all parent principals including parents, grandparents, ...
Date	getPreviousSuccessfulLogonDate() Deprecated.
Iterator	getRoles(boolean recursive) Gets the list of all assigned roles of this principal including parent groups, grandparent groups,...
String	getSecurityPolicy() Gets the security policy which is assigned to this account.
int	getSuccessfulLogonCounts() Deprecated.
Date	getValidFromDate() get valid from date
Date	getValidToDate() get valid to date
void	incrementFailedLogonAttempts() set the number of failed logon attemps by a parameter
void	incrementSuccessfulLogonCounts() Deprecated.
boolean	isLocked() Deprecated. use isPasswordLocked() and isUserAccountLocked() instead
boolean	isMemberOfGroup(String uniqueIdOfGroup, boolean recursive) Checks if the principal belongs to the passed groupId
boolean	isMemberOfRole(String roleId, boolean recursive) Checks if the principal belongs to the passed roleId This method does a recursive search, so if this principal belongs to a collection which is a member of this collection, true is returned.
boolean	isPasswordChangeRequired() indicator the need of force change password on next logon default: false if true, user need to change logon password on next logon
boolean	isPasswordDisabled() Checks whether the password is disabled.
boolean	isPasswordLocked() Gets the password locked attribute of the IUserAccount object
boolean	isUserAccountLocked() Gets the locked attribute of the IUserAccount object
Date	lastModified() returns the last modification date of this user account
Date	lockDate() returns lock date
void	removeFromGroup(String uniqueIdOfGroup) Deprecated. use IUserMaint.removeFromGroup(String) instead
void	removeFromRole(String uniqueIdOfRole) Deprecated. use IUserMaint.removeFromRole(String) instead
void	resetFailedLogonAttempts() Description of the Method
void	setCertificates(X509Certificate[] certificate) Stores the user's certificate and creates a mapping
void	setFailedLogonAttempts(int i) increase the number of failed logon attempts by 1
void	setLastFailedLogonDate(Date timeStamp) set last logon time
void	setLastLogoutDate(Date timeStamp) set last logout date
void	setLastSuccessfulLogonDate(Date timeStamp) Deprecated.
void	setLocked(boolean lock, int reason) Sets the locked attribute of the IUserAccount object
void	setPassword(String pass) Changes user password to newpass.
void	setPassword(String oldpass, String newpass) Changes user password from oldpass to newpass.
void	setPasswordChangeRequired(boolean chng) Sets the PasswordChangeRequired attribute of the IUserAccount object.
void	setPasswordDisabled() Disables the password.
void	setSecurityPolicy(String uniqueName) assign new security policy to this account
void	setSuccessfulLogonCounts(int i) Deprecated.
void	setValidFromDate(Date date) Sets the ValidFromDate attribute of the IUserAccount object
void	setValidToDate(Date date) Sets the ValidToDate attribute of the IUserAccount object

Methods inherited from interface com.sap.security.api.IPrincipalMaint

addAttributeValue, commit, isModified, removeAttributeValue, rollback, save, setAttribute, setBinaryAttribute, setDisplayName

Methods inherited from interface com.sap.security.api.IPrincipal

equals, getAttribute, getAttributeNames, getAttributeNamespaces, getAttributeType, getBinaryAttribute, getDisplayName, getMessages, getParents, getUniqueID, hashCode, isExistenceChecked, isMutable, refresh

Field Detail

LOCKED_NO

static final int LOCKED_NO

See Also:

Constant Field Values

LOCKED_AUTO

static final int LOCKED_AUTO

See Also:

Constant Field Values

LOCKED_BY_ADMIN

static final int LOCKED_BY_ADMIN

See Also:

Constant Field Values

SECURITY_POLICY

static final String SECURITY_POLICY

See Also:

Constant Field Values

SECURITY_POLICY_TYPE_DEFAULT

static final String SECURITY_POLICY_TYPE_DEFAULT

See Also:

Constant Field Values

SECURITY_POLICY_TYPE_TECHNICAL

static final String SECURITY_POLICY_TYPE_TECHNICAL

See Also:

Constant Field Values

SECURITY_POLICY_TYPE_UNKNOWN

static final String SECURITY_POLICY_TYPE_UNKNOWN

See Also:

Constant Field Values

Method Detail

getLogonUid

String getLogonUid()

get logon uid (long uid)

Returns:

The LogonUid value

getValidFromDate

Date getValidFromDate()

get valid from date

Returns:

The ValidFromDate value

setValidFromDate

void setValidFromDate(Date date)

Sets the ValidFromDate attribute of the IUserAccount object

Parameters:

date - The new ValidFromDate value

getValidToDate

Date getValidToDate()

get valid to date

Returns:

The ValidToDate value

getAssignedUser

IUser getAssignedUser()
                      throws UMException

get the user that belongs to this account

Returns:

The user

Throws:

UMException

setValidToDate

void setValidToDate(Date date)

Sets the ValidToDate attribute of the IUserAccount object

Parameters:

date - The new ValidToDate value

isLocked

boolean isLocked()

Deprecated. use isPasswordLocked() and isUserAccountLocked() instead

Gets the Locked attribute of the IUserAccount object

Returns:

true if the user account is locked

setLocked

void setLocked(boolean lock,
               int reason)

Sets the locked attribute of the IUserAccount object

Parameters:

lock - the lock value

reason - specifies the lock reason

getLockReason

int getLockReason()

Deprecated. use isPasswordLocked() and isUserAccountLocked() instead

Returns the reason code for account lock.

Returns:

IUserAccount.LOCKED_NO - not locked, IUserAccount.LOCKED_BY_ADMIN - locked by admin, IUserAccount.LOCKED_AUTO - locked due to number of failed attempts.

getLastFailedLogonDate

Date getLastFailedLogonDate()

get last failed logon time

Returns:

The LastFailedLogonDate value

setLastFailedLogonDate

void setLastFailedLogonDate(Date timeStamp)

set last logon time

Parameters:

timeStamp - The new LastFailedLogonDate value

getFailedLogonAttempts

int getFailedLogonAttempts()

get number of failed logon attempts.

Returns:

The FailedLogonAttempts value

setFailedLogonAttempts

void setFailedLogonAttempts(int i)

increase the number of failed logon attempts by 1

Parameters:

i - The new FailedLogonAttempts value

incrementFailedLogonAttempts

void incrementFailedLogonAttempts()

set the number of failed logon attemps by a parameter

resetFailedLogonAttempts

void resetFailedLogonAttempts()

Description of the Method

getLastSuccessfulLogonDate

Date getLastSuccessfulLogonDate()

Deprecated.

get last sucessful logon date NOTE: This attribute is not automatically updated during login.

Returns:

The LastSuccessfulLogonDate value

setLastSuccessfulLogonDate

void setLastSuccessfulLogonDate(Date timeStamp)

Deprecated.

set last successful logon date without incrementing the number of logon counts

Parameters:

timeStamp - The new LastSuccessfulLogonDate value

getSuccessfulLogonCounts

int getSuccessfulLogonCounts()

Deprecated.

get number of successful logon attempts NOTE: This attribute is not automatically updated during login.

Returns:

The SuccessfulLogonCounts value

incrementSuccessfulLogonCounts

void incrementSuccessfulLogonCounts()

Deprecated.

increase the number of logon counts by 1 and changes the last successful logon date implicitly

setSuccessfulLogonCounts

void setSuccessfulLogonCounts(int i)

Deprecated.

Sets the SuccessfulLogonCounts attribute of the IUserAccount object

Parameters:

i - The new SuccessfulLogonCounts value

isPasswordChangeRequired

boolean isPasswordChangeRequired()

indicator the need of force change password on next logon default: false if true, user need to change logon password on next logon

Returns:

The PasswordChangeRequired value

getLastPasswordChangedDate

Date getLastPasswordChangedDate()

Gets the LastPasswordChangedDate attribute of the IUserAccount object

Returns:

The LastPasswordChangedDate value

setPasswordChangeRequired

void setPasswordChangeRequired(boolean chng)

Sets the PasswordChangeRequired attribute of the IUserAccount object.

Note: IUserAccount.commit() may raise UMException for SAP System user with following exception text:

Attribute com.sap.security.core.usermanagement|->passwordchangerequired can only be modified by changing or resetting the password if any datasource of class com.sap.security.core.persistence.datasource.imp.R3Persistence is responsible for writing it.

The exception may be raised in following cases

1. if it is used without using setPassword(String, String) or setPassword(String) in the same IPrincipalMaint.commit() transaction.
2. if following combination of setPasswordChangeRequired and setPassword(...) is used:
   • setPassword(String) and setPasswordChangeRequired(false)
   • setPassword(String, String) and setPasswordChangeRequired(true)

Parameters:

chng - The new PasswordChangeRequired value

isPasswordDisabled

boolean isPasswordDisabled()

Checks whether the password is disabled.

Returns:

The result of the check

setPasswordDisabled

void setPasswordDisabled()

Disables the password.

setPassword

void setPassword(String pass)
                 throws InvalidPasswordException

Changes user password to newpass. There is no need to know the old password. This change of password will force the user to change the password on a subsequent logon. This is used mainly by the administrator during resetting a password or adding an user, as opposed to the user changing the password him/herself. Note: If the password was disabled, it is enabled after this call.

Parameters:

pass - The new Password value

Throws:

InvalidPasswordException

setPassword

void setPassword(String oldpass,
                 String newpass)
                 throws InvalidPasswordException

Changes user password from oldpass to newpass. The oldpass is validated first, then the newpass is set for the user account. This change of password will not force user to change the password again on a subsequent logon. This is used mainly when the user changes the password him/herself, as opposed to the administrator changing or resetting the password for the user. Other situation when this is used is when the password expired and the user is forced to change the password. Note: Use IUserAccount.isPasswordDisabled() before calling this. If the password is disabled, this method will result in a UMRuntimeException.

Parameters:

oldpass - The new Password value

newpass - The new Password value

Throws:

InvalidPasswordException

getCertificates

X509Certificate[] getCertificates()
                                  throws CertificateException,
                                         UMException

Returns the user's certificates

Returns:

certificate array of allowed certificates or null if the user doesn't have certificates

Throws:

CertificateException - Description of Exception

UMException - UMException is thrown is getCertificates operation is failed for some reason

setCertificates

void setCertificates(X509Certificate[] certificate)
                     throws CertificateException,
                            UMException

Stores the user's certificate and creates a mapping

Parameters:

certificate - array of allowed certifiates, pass null to remove existing mapping

Throws:

CertificateException - Description of Exception

UMException - UMException is thrown is setCertificates operation is failed for some reason

deleteCertificates

void deleteCertificates(X509Certificate[] certificate)
                        throws CertificateException,
                               UMException

Deletes the user's certificate

Parameters:

certificate - array of allowed certifiates, pass null to remove existing mapping

Throws:

CertificateException - Description of Exception

UMException - UMException is thrown is setCertificates operation is failed for some reason

checkPassword

boolean checkPassword(String pass)

compares the stored password with the input password Note: Use IUserAccount.isPasswordDisabled() before calling this. If the password is disabled, this method will result in a UMRuntimeException.

Parameters:

pass - Password string

Returns:

true if match , false otherwise

checkPasswordExtended

int checkPasswordExtended(String pass)
                          throws UMException

compares the stored password with the input password Possible return values are: ILoginConstants.CHECKPWD_OK ILoginConstants.CHECKPWD_WRONGPWD ILoginConstants.CHECKPWD_NOPWD ILoginConstants.CHECKPWD_PWDLOCKED ILoginConstants.CHECKPWD_PWDEXPIRED

Parameters:

pass - Password string

Returns:

The corresponding return code

Throws:

UMException

created

Date created()

returns the creation date of this user account

Specified by:

created in interface IPrincipal

Returns:

a Date object or null if creation date is not available

lastModified

Date lastModified()

returns the last modification date of this user account

Specified by:

lastModified in interface IPrincipal

Returns:

a Date object or null if last modification date is not available

lockDate

Date lockDate()

returns lock date

getHashedPassword

String getHashedPassword()
                         throws UMException

Returns:

hashedPassword as string or null

Throws:

FeatureNotAvailableException - if feature is not implemented

UMException

setLastLogoutDate

void setLastLogoutDate(Date timeStamp)

set last logout date

Parameters:

timeStamp - The new LastSuccessfulLogonDate value if timeStamp is null a new Date object will be allocated and measured to the nearest millisecond.

getPreviousSuccessfulLogonDate

Date getPreviousSuccessfulLogonDate()

Deprecated.

get previous sucessful logon date NOTE: This attribute is not automatically updated during login.

Returns:

The PreviousSuccessfulLogonDate value

getRoles

Iterator getRoles(boolean recursive)

Gets the list of all assigned roles of this principal including parent groups, grandparent groups,...

Parameters:

recursive - if true returns all parent roles

Returns:

all roles for this principal

getParentGroups

Iterator getParentGroups(boolean recursive)

Gets the list of all parent principals including parents, grandparents, ...

Returns:

all parent principals of this collection

isMemberOfRole

boolean isMemberOfRole(String roleId,
                       boolean recursive)

Checks if the principal belongs to the passed roleId This method does a recursive search, so if this principal belongs to a collection which is a member of this collection, true is returned. returns true if the principal is directly or indirectly (via role membership) assigned.

Parameters:

roleId - the ID of the role

isMemberOfGroup

boolean isMemberOfGroup(String uniqueIdOfGroup,
                        boolean recursive)

Checks if the principal belongs to the passed groupId

Parameters:

uniqueIdOfGroup - the ID of the group

recursive - This method does a recursive search, so if this principal belongs to a collection which is a member of this collection, true is returned. returns true if the principal is directly or indirectly (via role membership) assigned.

Returns:

true if this account is member of the specified group

addToGroup

void addToGroup(String uniqueIdOfGroup)
                throws UMException

Deprecated. use IUserMaint.addToGroup(String) instead

Assign this principal to the parent-group with id

Parameters:

uniqueIdOfGroup - id of the group

Throws:

UMException

removeFromGroup

void removeFromGroup(String uniqueIdOfGroup)
                     throws UMException

Deprecated. use IUserMaint.removeFromGroup(String) instead

Unassign this principal from the parent-group with id

Parameters:

uniqueIdOfGroup - id of the parent group

Throws:

UMException

addToRole

void addToRole(String uniqueIdOfRole)
               throws UMException

Deprecated. use IUserMaint.addToRole(String) instead

Assign this principal to the role with uniqueIdOfRole

Parameters:

uniqueIdOfRole - id of the role

Throws:

UMException

removeFromRole

void removeFromRole(String uniqueIdOfRole)
                    throws UMException

Deprecated. use IUserMaint.removeFromRole(String) instead

Unassign this principal from role with id

Parameters:

uniqueIdOfRole - id of the role

Throws:

UMException

isPasswordLocked

boolean isPasswordLocked()

Gets the password locked attribute of the IUserAccount object

Returns:

true if the user account is locked

isUserAccountLocked

boolean isUserAccountLocked()

Gets the locked attribute of the IUserAccount object

Returns:

true if the user account is locked

getAssignedUserID

String getAssignedUserID()

Gets the unique id of the user which is assigned to this account. If no user is assigned to this account, null is returned.

Returns:

The unique id of the user or null

getSecurityPolicy

String getSecurityPolicy()

Gets the security policy which is assigned to this account. If no specific security policy is assigned to this account, default is returned.

Returns:

String the uniqueName of the security policy assigned to this account

setSecurityPolicy

void setSecurityPolicy(String uniqueName)
                       throws UMException

assign new security policy to this account

Parameters:

uniqueName - the uniqueName of the security policy

Throws:

NoSuchPrincipalException - if no SecurityPolicy with the given uniqueName exists

UMException - if given unique name is not unique

Access Rights

This class can be accessed from:

SC	DC
[sap.com] ENGINEAPI	[sap.com] com.sap.security.api.sda
[sap.com] ENGFACADE	[sap.com] tc/je/usermanagement/api
[sap.com] CORE-TOOLS	[sap.com] com.sap.engine.client.lib