Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD

com.sap.security.api
Interface IUserAccountFactory

All Superinterfaces:
IConfigurable
public interface IUserAccountFactory
extends IConfigurable

User account factory will handle authentication and retrieval of user account information from persistence storage.

Method Summary
 void deleteUserAccount(java.lang.String uniqueId)
          Delete this user account from persistence storage
 IUserAccount getAuthenticatedUserAccount(java.util.Map credentials)
          Authenticate the supplied credentials and returns user account object.
 IUserAccount getMutableUserAccount(java.lang.String uniqueId)
          Gets an IUserAccount objects for a uniqueId of a user account.
 IUserAccount getUserAccount(java.util.Map credentials)
          Return UserAccount object based on the credentials supplied.
 IUserAccount getUserAccount(java.lang.String uniqueId)
          Gets UserAccount object from the database for a given uid
 IUserAccount getUserAccount(java.lang.String uniqueId, AttributeList populateAttributes)
          Gets the UserAccount object with the given unique ID and populates the attributes in populateAttributes
 IUserAccount getUserAccount(java.security.cert.X509Certificate cert)
          Returns UserAccount to whom this certificate belongs.
 IUserAccount getUserAccountByLogonId(java.lang.String logonid)
          Gets UserAccount object from the database for a given uid
 IUserAccount getUserAccountByLogonId(java.lang.String logonid, AttributeList populateAttributes)
          Gets UserAccount object from the database for a given uid
 IUserAccount[] getUserAccounts(java.lang.String uniqueIdOfUser)
          Returns all user accounts of the given user
 IUserAccount[] getUserAccounts(java.lang.String uniqueIdOfUser, AttributeList attributeList)
          Returns all user accounts of the given user
 IUserAccountSearchFilter getUserAccountSearchFilter()
          Returns an IUserAccountSearchFilter object to be used to specify query attributes
 void invalidateCacheEntry(java.lang.String uniqueid)
          removes the user account object which has the specified uniqueid from the factory's cache Note: Use this method carefully, because calling it too often may cause performance problems
 void invalidateCacheEntryByLogonId(java.lang.String logonid)
          removes the user account object which has the specified logonid from the factory's cache Note: Use this method carefully, because calling it too often may cause performance problems
 IUserAccount newUserAccount(java.lang.String logonid)
          Creates a new IUserAccount type object.
 IUserAccount newUserAccount(java.lang.String logonid, java.lang.String uniqueIdOfUser)
          Creates a new IUserAccount type object.
 void registerListener(UserAccountListener userAccountListener, int modifier)
          registerListener allows to subscribe to a predefined eventName UserAccountListener The caller has to provide a receiver object which implements UserAccountListener
 ISearchResult search(IUserAccountSearchFilter filter)
          Search for user accounts in the persistence storage which match the criteria specified in the given search filter.
 void unregisterListener(UserAccountListener userAccountListener)
          unregisterListener unsubscribes a receiver from a previously subscribed event.
 
Methods inherited from interface com.sap.security.api.IConfigurable
initialize
 

Method Detail

newUserAccount

public IUserAccount newUserAccount(java.lang.String logonid,
                                   java.lang.String uniqueIdOfUser)
                            throws UMException
Creates a new IUserAccount type object. After setting the appropriate data via set-methods, the user account object must be commited to the persistence storage via IPrincipalMaint.commit().
Parameters:
logonid - logon user id

Note: The logonid has to be unique for ALL data stores

uniqueIdOfUser - - uniqueID of the user that should be assigned to this account
Returns:
Object of type IUserAccount
Throws:
UserAccountAlreadyExistsException - if an account with this logonid already exists

newUserAccount

public IUserAccount newUserAccount(java.lang.String logonid)
                            throws UMException
Creates a new IUserAccount type object. After setting the appropriate data via set-methods, the user account object must be commited to the persistence storage via IPrincipalMaint.commit().
Parameters:
logonid - logon user id

Note: The logonid has to be unique for ALL data stores

Returns:
Object of type IUserAccount
Throws:
UserAccountAlreadyExistsException - if an account with this logonid already exists

getUserAccountByLogonId

public IUserAccount getUserAccountByLogonId(java.lang.String logonid)
                                     throws UMException
Gets UserAccount object from the database for a given uid
Parameters:
logonid - Description of Parameter
Returns:
UserAccount object
Throws:
UMException - Exception will be thrown if there is an error.

getUserAccountByLogonId

public IUserAccount getUserAccountByLogonId(java.lang.String logonid,
                                            AttributeList populateAttributes)
                                     throws UMException
Gets UserAccount object from the database for a given uid
Parameters:
logonid - Description of Parameter
populateAttributes - The attributes that should be populated
Returns:
UserAccount object, or null if no user found for this logon uid
Throws:
UMException - Exception will be thrown if there is an error.

getUserAccount

public IUserAccount getUserAccount(java.lang.String uniqueId)
                            throws UMException
Gets UserAccount object from the database for a given uid
Parameters:
uniqueId - Description of Parameter
Returns:
UserAccount object, or null if no user found for this logon uid
Throws:
UMException - Exception will be thrown if there is an error.

getUserAccount

public IUserAccount getUserAccount(java.lang.String uniqueId,
                                   AttributeList populateAttributes)
                            throws UMException
Gets the UserAccount object with the given unique ID and populates the attributes in populateAttributes
Parameters:
populateAttributes - The attributes that should be populated

Note: in case only attribute ILoginConstants.LOGON_UID_ALIAS is specified the existence of the returned IUserAccount object may not be checked which may lead to following RuntimeException PrincipalNotAccessibleException if other attributes of this IUserAccount object are accessed.

Throws:
NoSuchUserAccountException - if no userAccount with the given unique ID exists

getUserAccount

public IUserAccount getUserAccount(java.security.cert.X509Certificate cert)
                            throws java.security.cert.CertificateException,
                                   UMException,
                                   TicketException
Returns UserAccount to whom this certificate belongs. returns null if this certificate is not mapped to any user.
Parameters:
cert - X509Certificate certificate
Returns:
UserAccount object
Throws:
java.security.cert.CertificateException - if there is a problem with the input certificate
UMException - Exception will be throws if there is an error.
NoSuchUserAccountException - if no userAccount is mapped to the certificate

getAuthenticatedUserAccount

public IUserAccount getAuthenticatedUserAccount(java.util.Map credentials)
                                         throws UMException,
                                                AuthenticationFailedException,
                                                UserLockedException,
                                                TicketException,
                                                java.security.cert.CertificateException
Authenticate the supplied credentials and returns user account object. The valid keys in the Map could be "j_user" for user id, "j_password" for password ,"javax.servlet.request.X509Certificate" for certificate. other values are allowed provided that there is an implementation to understand those.
Parameters:
credentials - Map containing user credential parameters
Returns:
UserAccount object, or null if no user is found for supplied credentials
Throws:
UMException - Exception will be throws if there is an error.
AuthenticationFailedException - Exception will be throws if credentials could not be verified. The message of the exception is the key for the error message.
Possible keys are
  • SecurityPolicy.USER_AUTH_FAILED: general logon failure. Logon id or password wrong, logon id not existent etc.
  • SecurityPolicy.CERT_AUTH_FAILED: the client certificate is not mapped to a user.
  • SecurityPolicy.PASSWORD_EXPIRED: the user's password has expired.
  • SecurityPolicy.SAPSTAR_ACTIVATED: the super user SAP* is activated and therefore no other user can logon.
UserLockedException - Exception will be throws if user is locked. The message of the exception is the key for the error message.
Possible keys are
  • SecurityPolicy.ACCOUNT_LOCKED_LOGON: the user account is locked due to logon failures.
  • SecurityPolicy.ACCOUNT_LOCKED_ADMIN: the user account is locked by administrator and can't logon.
java.security.cert.CertificateException - a problem with certificates.

getUserAccount

public IUserAccount getUserAccount(java.util.Map credentials)
                            throws UMException,
                                   java.security.cert.CertificateException
Return UserAccount object based on the credentials supplied. Credentials will not be authenticated.
Parameters:
credentials - user credentials
Returns:
UserAccount or null if the supplied user credentials do not match with any user.
Throws:
UMException - Description of Exception

deleteUserAccount

public void deleteUserAccount(java.lang.String uniqueId)
                       throws UMException
Delete this user account from persistence storage
Parameters:
account - user account
Throws:
UMException - UMException is thrown is delete operation is failed for some reason
NoSuchUserAccountException - if the user account does not exist

search

public ISearchResult search(IUserAccountSearchFilter filter)
                     throws UMException
Search for user accounts in the persistence storage which match the criteria specified in the given search filter. In order to get a user account search filter use getUserAccountSearchFilter(). You can define a search filter using methods of class IUserAccountSearchFilter.
Parameters:
filter - defined to search for user accounts
Returns:
ISearchResult result of the search operation ISearchResult

getUserAccounts

public IUserAccount[] getUserAccounts(java.lang.String uniqueIdOfUser)
                               throws UMException
Returns all user accounts of the given user
Parameters:
user - The user
Returns:
Array of user accounts
Throws:
UMException - Description of Exception

getUserAccounts

public IUserAccount[] getUserAccounts(java.lang.String uniqueIdOfUser,
                                      AttributeList attributeList)
                               throws UMException
Returns all user accounts of the given user
Parameters:
user - The user
attributeList - The attributes that should be populated
Returns:
Array of user accounts
Throws:
UMException - Description of Exception

getMutableUserAccount

public IUserAccount getMutableUserAccount(java.lang.String uniqueId)
                                   throws UMException
Gets an IUserAccount objects for a uniqueId of a user account.
Parameters:
uniqueId - - uniqueId of the user account
Throws:
NoSuchPrincipalException - if the unique ID does not exist

getUserAccountSearchFilter

public IUserAccountSearchFilter getUserAccountSearchFilter()
                                                    throws UMException
Returns an IUserAccountSearchFilter object to be used to specify query attributes

IUserAccountSearchFilter only contains attributes which will be queried

Returns:
IUserAccountSearchFilter
Throws:
UMException -  
FeatureNotAvailableException -  

registerListener

public void registerListener(UserAccountListener userAccountListener,
                             int modifier)
registerListener allows to subscribe to a predefined eventName UserAccountListener The caller has to provide a receiver object which implements UserAccountListener
Parameters:
userAccountListener - object which implements interface UserAccountListener
modifier - constant defined in UserAccountListener

unregisterListener

public void unregisterListener(UserAccountListener userAccountListener)
unregisterListener unsubscribes a receiver from a previously subscribed event.
Parameters:
userAccountListener - object which implements interface UserAccountListener

invalidateCacheEntryByLogonId

public void invalidateCacheEntryByLogonId(java.lang.String logonid)
                                   throws UMException
removes the user account object which has the specified logonid from the factory's cache Note: Use this method carefully, because calling it too often may cause performance problems
Parameters:
logonid - the logonid of the user account
Throws:
UMException - if a error occurs

invalidateCacheEntry

public void invalidateCacheEntry(java.lang.String uniqueid)
                          throws UMException
removes the user account object which has the specified uniqueid from the factory's cache Note: Use this method carefully, because calling it too often may cause performance problems
Parameters:
uniqueid - the uniqueid of the user account
Throws:
UMException - if a error occurs
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD
Copyright © 2002 SAP AG All Rights Reserved.