com.ibm.itim.apps.pim
Class CredentialLeaseManager

java.lang.Object
  com.ibm.itim.apps.pim.CredentialLeaseManager

public class CredentialLeaseManager
extends java.lang.Object

This class provides credential lease administration capabilities. These capabilities include checking out credentials from vault, searching for credential leases, and checking in credentials.

Since:

ISIM 6.0

Constructor Summary

CredentialLeaseManager(PlatformContext platform, javax.security.auth.Subject subject)
This constructor creates the manager with a platform context and a subject.

Method Summary

java.util.List<Request>	checkin(java.util.List<DistinguishedName> leases) This API provides the checkin function for multiple credentials.
java.util.List<Request>	checkinAll() This API checks in all credentials that are checked out by the authenticated user.
com.ibm.itim.pim.CheckoutResult	checkout(CredentialComponent sharedAccess, CredentialLease lease) This API checks out a credential from the credential vault for shared access.
com.ibm.itim.pim.CheckoutResult	checkoutWithoutWorkflow(CredentialComponent sharedAccess, CredentialLease lease) This API synchronously checks out a credential from the credential vault for shared access.
java.util.Collection<CredentialLeaseMO>	getCredentialLeases(SearchResultsStatus resultStatus) This API returns the credential leases held by the authenticated user.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CredentialLeaseManager

public CredentialLeaseManager(PlatformContext platform,
                              javax.security.auth.Subject subject)

This constructor creates the manager with a platform context and a subject.

Parameters:

platform - This parameter specifies PlatformContext that holds the platform connection information.

subject - This parameter specifies Subject that represents the authenticated caller.

Throws:

java.lang.IllegalArgumentException - This exception is thrown if the platform or the subject parameter is null.

Method Detail

checkout

public com.ibm.itim.pim.CheckoutResult checkout(CredentialComponent sharedAccess,
                                                CredentialLease lease)
                                         throws java.rmi.RemoteException,
                                                AuthorizationException,
                                                SchemaViolationException,
                                                ApplicationException

This API checks out a credential from the credential vault for shared access. The required attributes on the lease will be set as the system default value if the user who checks out a shared access account has no permission. The checkout API will run asynchronously when a global workflow checkout operation is defined and the operation name is set in the global credential settings. When running asynchronously, CheckoutResult returned will contain the process ID of the workflow request.

Parameters:

sharedAccess - CredentialComponent This parameter defines a credential or a credential pool that is checked out for a shared access. If this parameter is null, then IllegalArgumentException will be thrown.

lease - CredentialLease This value object defines the attributes that the credential lease will have, such as "Justification" and "Credential Checkout Expiration Time".

Returns:

CheckoutResult The API returns an object that represents the checkout's status.

Throws:

java.rmi.RemoteException - This exception is thrown if the API is unable to communicate with the platform.

AuthorizationException - This exception is thrown if the user client is not authorized to check out the specified credential or credential pool.

SchemaViolationException - This exception is thrown if any of the attributes in the CredentialLease value object violates the schema. The problem can be caused by an invalid attribute or a required attribute that is missing entirely.

ApplicationException - This exception is thrown if the user is unable to check out a credential or credential pool for the shared access. This problem can occur when the credential or credential pool is already checked out by another user.

checkoutWithoutWorkflow

public com.ibm.itim.pim.CheckoutResult checkoutWithoutWorkflow(CredentialComponent sharedAccess,
                                                               CredentialLease lease)
                                                        throws java.rmi.RemoteException,
                                                               AuthorizationException,
                                                               SchemaViolationException,
                                                               ApplicationException

This API synchronously checks out a credential from the credential vault for shared access. The required attributes on the lease are set to the system default value if the user who checks out a shared access account has no permission. When this method is used, the defined workflow is bypassed.

Parameters:

sharedAccess - CredentialComponent This parameter defines a credential or a credential pool to be checked out for a shared access. If this parameter is null, then IllegalArgumentException is thrown.

lease - CredentialLease This value object defines the attributes that the credential lease will have, such as "Justification" and "Credential Checkout Expiration Time".

Returns:

CheckoutResult The API returns an object that represents the status of the checkout. When this API is used, the uid and password of the account checked out is returned directly.

Throws:

java.rmi.RemoteException - This exception is thrown if the API is unable to communicate with the platform.

AuthorizationException - This exception is thrown if the user client is not authorized to check out the specified credential or credential pool.

SchemaViolationException - This exception is thrown if any of the attributes in the CredentialLease value object violates the schema. The problem can be caused by an invalid attribute or a required attribute that is missing entirely.

ApplicationException - This exception is thrown if the user is unable to check out a credential or credential pool for the shared access. This problem can occur when the credential or credential pool is already checked out by another user.

getCredentialLeases

public java.util.Collection<CredentialLeaseMO> getCredentialLeases(SearchResultsStatus resultStatus)
                                                            throws ApplicationException,
                                                                   java.rmi.RemoteException

This API returns the credential leases held by the authenticated user.

Parameters:

resultStatus - This parameter specifies SearchResultsStatus that indicates if the search has exceeded the size limit.

Returns:

Collection of CredentialLeaseMO's which represents the credential leases held by the authenticated user.

Throws:

java.rmi.RemoteException - This exception is thrown if the API cannot communicate with the platform.

ApplicationException - This exception is thrown if the API cannot obtain the credential leases.

checkin

public java.util.List<Request> checkin(java.util.List<DistinguishedName> leases)
                                throws java.rmi.RemoteException,
                                       ApplicationException

This API provides the checkin function for multiple credentials. Each credential checkin is treated as a separate workflow request. If password reset is required for a credential, the password of that credential will be reset. The returned list of the Request objects is ordered to correspond to the lease list. If any credential fails to be checked in, the corresponding Request object is set to null. If all credentials fail to be checked in, ApplicationException is thrown.

Parameters:

leases - This parameter specifies the list of DistinguishedName objects to be checked in.

Returns:

The API returns a list of Request that represents the checkin operation status. The Request objects are ordered to correspond to the lease list. If any credential fails to be checked in, the corresponding Request object is set to null.

Throws:

java.rmi.RemoteException - This Exception is thrown if the API is unable to communicate with the platform.

ApplicationException - This Exception is thrown if the system is unable to submit the requests for all the credentials. The problem can be caused by the fact that the authenticated user is not the person who checked out the credentials, or the credentials being checked in are removed by another client before this call.

checkinAll

public java.util.List<Request> checkinAll()
                                   throws java.rmi.RemoteException,
                                          ApplicationException

This API checks in all credentials that are checked out by the authenticated user. Each credential checkin is treated as a separate workflow request. If password reset is required for a credential, the password of that credential will be reset. The returned list of the Request objects is ordered to correspond to the lease list. If any credential fails to be checked in, the corresponding Request object is set to null. If all credentials fail to be checked in, ApplicationException is thrown.

Returns:

The API returns a list of Requests that represents the checkin operation status. The Request objects are ordered to correspond to the lease list. If any credential fails to be checked in, the corresponding Request object is set to null.

Throws:

java.rmi.RemoteException - This Exception is thrown if the API is unable to communicate with the platform.

ApplicationException - This Exception is thrown if the system is unable to submit the requests for all the credentials. The problem can be caused by the fact when the authenticated user is not the person who checked out the credentials, or the credentials being checked in are removed by another client before this call.