com.tivoli.pd.rgy.RgyRegistry
The primary interface RgyRegistry consists of the following methods:
- getUser(), getNativeUser(), getGroup(), and getNativeGroup()
- createUser() and createGroup()
- newRgyAttributes()
- deleteUser() and deleteGroup()
- listUsers(), listNativeUsers(), listGroups, and listNativeGroups()
- setRgyThreadLocale() and getRgyThreadLocale()
- toRegistryDate() and fromRegistryDate()
- condenseResourceCredential() and expandResourceCredential()
- close()
- getUser(), getNativeUser(), getGroup(), and getNativeGroup()
Fetch Security Verify Access and native user or group attributes. They create corresponding RgyUser or RgyGroup instances to hold these attributes and allow operations on the entity.
For getNativeUser() or getNativeGroup(), the native user or group uses the native ID (a DN for LDAP native registries), and the attributes of the user or group are fetched.
If the native user or group is also an ISAM entity, the corresponding Security Verify Access attributes are also fetched.
When you import the native entity, the API uses the ISAM domain passed through the getNativeUser() or getNativeGroup()
An RgyUser or RgyGroup instance does not need to be an ISAM entity and might contain only the native entity attributes. We can examine the virtual attribute isSecEntity to determine whether the entity exists. If the value of isSecEntity is true, the ISAM entity exists.
Prototype:
RgyUser getUser(String domain, String userId) throws RgyException; RgyUser getNativeUser(String domain, String userNativeId) throws RgyException; RgyGroup getGroup(String domain, String groupId) throws RgyException; RgyGroup getNativeGroup(String domain, String groupNativeId) throws RgyException;
- createUser() and createGroup()
Create an ISAM user or group along with the underlying native entity. If the underlying native entity exists, use getNativeUser() or getNativeGroup() with the RgyUser or RgyGroup import() method.
Supply the required attributes like cn and sn. Optionally, specify the following attributes during method creation:
- Native entity attributes such as description.
- Security Verify Access user attributes like secAcctValid.
- Security Verify Access user policy attributes such as passwordMinLength.
Prototype:
RgyUser createUser(String domain, String userId, String userNativeId, char[] password, boolean bypassPasswordPolicy, RgyAttributes rgyAttributes, Set <string> groupIds)throws RgyException; RgyGroup createGroup(String domain, String groupId, String groupNativeId, RgyAttributes rgyAttributes)throws RgyException;
- newRgyAttributes()
Creates an empty instance of RgyAttributes. This method populates and supplies the empty instance to createUser(), createGroup(), RgyUser.import(), and RgyGroup.import() methods. Prototype:
RgyAttributes newRgyAttributes();
- deleteUser() and deleteGroup()
Deletes Security Verify Access user and group, and optionally deletes the native entity.
This API does not update the GSO data of the user. We cannot delete GSO enabled users. We can use the virtual attribute isGSOUser to confirm if an RgyUser is GSO enabled.
The WarningNativeEntityInUseRgyException error is generated if other applications create entities under the native entity. Despite this error, the API deletes this Security Verify Accessentity. We can ignore the error if the method permits.
Prototype:
void deleteUser(String domain, String userId, boolean deleteNativeUser) throws RgyException;
void deleteGroup(String domain, String groupId, boolean deleteNativeGroup) throws RgyException;
- listUsers(), listNativeUsers(), listGroups, and listNativeGroups()
listUsers() lists Security Verify Access users
listNativeUsers() lists the native users
listgroups() lists the ISAM groups
listNativegroup() lists the native groups.
The native lists return native IDs. For LDAP, the native id is a DN. Each native entity, the ID contains an attribute matching the supplied attribute pattern. The non-native list methods returns Security Verify Access IDs that match the supplied pattern. All methods return an RgyIterator instance to iterate the result set.
The PageSize parameter is optional and it can be ignored by the API.
Prototype:
RgyIterator listUsers(String domain, String userIdPattern, int maxResults,int pageSize)throws RgyException; RgyIterator listNativeUsers(String searchAttributeName, String searchAttributePattern, int maxResults, int pageSize) throws RgyException; RgyIterator listGroups(String domain, String groupIdPattern, int maxResults,int pageSize)throws RgyException; RgyIterator listNativeGroups(String searchAttributeName, String searchAttributePattern,int maxResults, int pageSize) throws RgyException;
- setRgyThreadLocale() and getRgyThreadLocale()
Set and fetch the locale used when generating messages for RgyExceptions. We can set locale independently for each thread. If the set method is not invoked for a thread, the default locale for that thread is Java™ Runtime default locale. The log messages use the Java Runtime default locale and are not affected by setRgyThreadLocale() method.
Prototype:
void setRgyThreadLocale(Locale locale); Locale getRgyThreadLocale();
- toRegistryDate() and fromRegistryDate()
toRegistryDate() converts a Java date instance into a string format. You can supply this string format to the API for ISAM attributes that require an absolute date, such as secAcctExpires.
fromRegistryDate() to interpret the date provided in ISAM attributes such as secPwdLastChanged and secPwdLastUsed.
Prototype:
String toRegistryDate(Date javaDate) throws RgyException; Date fromRegistryDate(String registryDate) throws RgyException;
- condenseResourceCredential() and expandResourceCredential()
- The expandResourceCredential method extracts the four component values from condensed form into an array of strings. The components are indexed as follows:
public final int RESOURCE_CRED_NAME_INDEX = 0; public final int RESOURCE_CRED_TYPE_INDEX = 1; public final int RESOURCE_CRED_USER_INDEX = 2; public final int RESOURCE_CRED_PASSWORD_INDEX = 3; public final int RESOURCE_CRED_LENGTH = 4;CondenseResourceCredential() reverses the processes.Each value of the attribute resourceCredentials is returned from the registry for users in condensed form.
The component value that is indexed by RESOURCE_CRED_TYPE_INDEX is one of the following:
public static final String RESOURCE_TYPE_WEB_VALUE = "Web Resource"; public static final String RESOURCE_TYPE_GROUP_VALUE = "Resource Group";
- close()
Releases any used resources, such as open connections to LDAP. The RgyRegistry methods and any instances of RgyUser, RgyGroup, or RgyIterator generated by the RgyRegistry instance must not be used after the instance is closed.
Prototype:
void close();
Parent topic: Published API