Custom password rule implementation errors
The cumulate() method, a Password Rules API enhancement to ISIM, might cause errors when you implement the existing custom rules. To resolve the problem, add the cumulate() method to the custom rule, recompile, and replace the updated custom rule in ISIM class path. This topic also explains how to use the cumulate() method.
The Rule API provides a customized logic for the password rules. For more information about customization of rules, see Customized password rules..
Custom rules that implement the Rule API are expected to provide logic in the cumulate() method. The cumulate() method logic combines parameters of two rules of the same type defined for two or more accounts of different service types with different password policies. The cumulate() method returns true if the parameters of the same rule in different password policies are combined successfully and false otherwise. If the rule cannot be logically combined, then each instance of the rule is considered separately, and it does not affect the rule evaluation..
The difference between the existing join() method and the new cumulate() method is that the join() method considers incompatibility of rules in the same password policy as well as different password policies. The cumulate() method considers only parameters of the same rule in different password policies. If for a specific type of rule, when there is no scope for an interaction with other types of rules, then the return response of the join() method can suffice.
Errors
One of the following errors might occur when you implement the custom password rules.
- An existing custom rules implementation generates a Java Unimplemented method exception.
- The following error might be logged in the Websphere Application Server log file. java.lang.AbstractMethodError: com/ibm/passwordrules/Rule.cumulate(Lcom/ibm/passwordrules/Rule;)
- Identity Service Center user interface might display the following error when we use the change password function: CTGIMZ002E An error occurred while connecting to the remote server.
How to implement the cumulate() method
The following two password rules explain this scenario and how to implement the cumulate() method.
- NotUserID
- The rule cannot have conflicts with any of the other standard password rules in the IBM Security Identity Manager.
public boolean join(Rule rule) throws IncompatibleRulesException { if (rule instanceof NotUserID) { ...... }return false; }- Implementation of cumulate() method:
public boolean cumulate(Rule rule) throws IncompatibleRulesException { return join(rule); }- MayNotContain
- The join() method considers conflicts with other password rules in the same password policy.
public boolean join(Rule rule) throws IncompatibleRulesException { if (rule instanceof MayNotContain) { ... }else if(rule instanceof MustContain) { .... }else if(rule instanceof RestrictedTo) { ..... }else if(rule instanceof StartsWithChar) { ..... }return false; }- Implementation of cumulate() method:
public boolean cumulate(Rule rule) throws IncompatibleRulesException { if (rule instanceof MayNotContain) { ........... }return false; }Parent topic: Troubleshooting ISIM Server problems