psdi.app.signature

Class MaxUser

  • All Implemented Interfaces:
    java.rmi.Remote, MaxUserRemote, UpgConstants, MboConstants, MboRemote, StatefulMboRemote, MaxRemoteProxy

    public class MaxUser
extends StatefulMbo
implements MaxUserRemote, UpgConstants
    Mbo object to represent MaxUser, a person who is allowed to establish client connections to MXServer (depending on status). A user is associated with one or more security groups via the GroupUser table.

    This mbo contains non-persistent attributes.

    See Signature Package description.

    This is a system level object.

    The key attribute for this object is UserID.

    The attributes in this object are as follows:

    Attribute NameDescription
    DatabaseUserIDThe username for connecting to the native database. This will usually be null, and is not required for Maximo.
    DbPasswordNon-persistent attribute. The user's native database password (if databaseuserid is not null).
    DbPasswordCheckNon-persistent attribute. The user's new native database password, which is entered twice when changing password. It must be entered twice to try to ensure there was not a data entry error.
    DefSiteThe user's default site. Foreign key to Site. (There is no relation between DefSite and StoreroomSite.)
    DefStoreroomThe user's default storeroom. DefStoreroom + StoreroomSite are foreign key to Locations table.
    EmailPswdNon-persistent attribute. When user is added or password is changed, indicates whether the user should be force to change password at the next login.
    FailedLoginsThe number of times in succession that the user tried unsuccessfully to log in. This is tracked only if maxvar LOGINTRACKING is True. It is reset to null when the user successfully logs in or the user status is changed.
    ForceExpirationTrue to force the user to change password on the next login. False to use the normal expiration date logic.
    GeneratedPswdNon-persistent attribute. Populated via the "Generate Now" button, this is the new password that is randomly generated and displayed on the screen.
    InactiveSitesTrue to allow the user to access inactive sites and organizations in Maximo applications.
    LoginIDThis is the username used to log in to Maximo. This defaults to the value of UserID, but they do not have to be equal.
    PasswordThe user's Maximo password (stored as encrypted on database).
    PasswordCheckNon-persistent attribute. The user's new Maximo password, which is entered twice when changing password. It must be entered twice to try to ensure there was not a data entry error.
    PasswordInputNon-persistent attribute. The user's new Maximo password.
    PasswordOldNon-persistent attribute. The user's original Maximo password, used when changing password.
    PersonIDThis users's person identifier. Foreign key to Person.
    ExpirationThe expiration date of this user's password. Will be non-null only if the group's PASSWORDDURATION is non-null.
    PwHintAnswerThe correct answer to the PwHintQuestion, used to verify the identity of a user who is requesting a new password.
    PwHintQuestionThe user's password hint question, defined in valuelist PWHINTQUESTION.
    QueryWithSiteIf True, then the Site or Organization field on any application's Search page will be defaulted based on DefSite. For site-level applications, Site will default to DefSite. For organization-level applications, Organization will default to the organization of DefSite. If this attribute is False, there is no default.
    StatusThe user's current status, defined in valuelist MAXUSERSTATUS. Status history is in the MaxUserStatus table.
    StoreroomSiteNeeded to define the default storeroom (DefStoreroom). DefStoreroom + StoreroomSite are foreign key to Locations table. (There is no relation between DefSite and StoreroomSite.)
    SynchPasswordsNon-persistent attribute; indicates whether Maximo and native database passwords should be set to the same value (when passwords are being added or changed). Defaults to False.
    TypeThe user's type, defined in valuelist USERTYPE. This attribute will assist the client in managing their license. Clients can define the license type for each user. A report will describe the types and numbers of users a client has for comparison to their license agreement.
    UserIDUnique identifier for the user. This is cached in UserInfo and is also used as the value in the "createdby" and "changedby" fields on many tables.
    WFActiveIdentifies whether Workflow is active for this user.
    WFIDIf Workflow is active, this identifies the Workflow ID. See Workflow Package description.
    See Also:
    MaxGroup, GroupUser

    • Constructor Detail

      • MaxUser

        public MaxUser(MboSet ms)
        throws java.rmi.RemoteException
        Construct the MaxUser object.
        Throws:
        java.rmi.RemoteException

    • Method Detail

      • getProcess

        public java.lang.String getProcess()
        Return the name of the work flow process (USERSTATUS).

      • init

        public void init()
          throws MXException
        Since the business objects are not supposed to check privilege, it is incumbent upon the UI to check privilege for the following:
        1. ADDUSERS -- If toBeAdded and no privilege for ADDUSERS, then group name should be readonly. This should force the use of the default value for group name when adding a user. If toBeAdded and there IS privilege for ADDUSERS, then group name can be changed.
        2. REASSIGN -- If not adding, and no privilege for REASSIGN, then group name should be readonly.
        Overrides:
        init in class Mbo
        Throws:
        MXException
        See Also:
        MXServer.getDatabaseProductName()

      • getDbIn

        public int getDbIn()
        Return native database platform (dbIn)

      • add

        public void add()
         throws MXException,
                java.rmi.RemoteException
        Add a mbo, defaulting the attributes shown below.
        Attribute NameAttribute Value
        ForceExpirationTrue
        Statusfrom valuelistMAXUSERSTATUS, maxvalue ACTIVE
        SynchPasswordsFalse
        SysUserFalse
        Typefrom valuelistUSERTYPE, maxvalue TYPE 1
        Specified by:
        add in interface MboRemote
        Overrides:
        add in class Mbo
        Throws:
        MXException
        java.rmi.RemoteException

      • delete

        public void delete(long accessModifier)
            throws MXException,
                   java.rmi.RemoteException
        Delete this mbo. Calls deleteChildren.

        The preferred way to initiate deleting a user is by calling deleteThisUser.

        Specified by:
        delete in interface MboRemote
        Overrides:
        delete in class Mbo
        Parameters:
        accessModifier - The bitwise flag specified to determine if certain normal security checks are to be bypassed for this delete request. For example: if the accessModifer is NOACCESSCHECK, then the check for the object's NODELETE flag and the call to the object's canDelete() method will not be performed. If the accessModifer is NONE, then all the access checks are performed before this object is marked delete.
        Throws:
        MXException
        java.rmi.RemoteException
        See Also:
        Mbo.delete(long)

      • undelete

        public void undelete()
              throws MXException,
                     java.rmi.RemoteException
        Description copied from class: Mbo
        Unmark the Mbo for deletion. Can only be called after a delete() and before the save() has been performed. This method will also unmark associated Long Description and Translation Mbos.
        Specified by:
        undelete in interface MboRemote
        Overrides:
        undelete in class Mbo
        Throws:
        MXException
        java.rmi.RemoteException

      • deleteThisUser

        public boolean deleteThisUser(long accessModifier)
                       throws MXException,
                              java.rmi.RemoteException
        Convenience method to delete a user instead of calling the regular delete.

        If LoginTracking maxvar is False, this method calls delete.
        If LoginTracking maxvar is True, this method calls deleteChildren and sets this user status to Inactive.
        This method also sets the variable deleteThisUser to True.

        Returns:
        True if user was deleted, False if cancelled from the yes/no/cancel dialog
        Throws:
        MXException
        java.rmi.RemoteException

      • toBeSaved

        public boolean toBeSaved()
                  throws java.rmi.RemoteException
        Does the object need to be saved to persistent storage ? This will also check for change of Maximo and native password.
        Specified by:
        toBeSaved in interface MboRemote
        Overrides:
        toBeSaved in class Mbo
        Throws:
        java.rmi.RemoteException

      • userWasDuplicated

        public boolean userWasDuplicated()
        Identifies whether we're in the process of duplicating a user, there this is the new user.
        Specified by:
        userWasDuplicated in interface MaxUserRemote
        Returns:
        True if in the process of duplication
        See Also:
        MaxUser.dupMbo

      • resetNativeEsigKey

        public void resetNativeEsigKey()
                        throws java.rmi.RemoteException,
                               MXException
        Throws:
        java.rmi.RemoteException
        MXException

      • skipCopyField

        protected boolean skipCopyField(MboValueInfo mvi)
                         throws java.rmi.RemoteException,
                                MXException
        Fields to skip when copying mbo.
        Overrides:
        skipCopyField in class Mbo
        Parameters:
        mvi - The MboValueInfo describing this attribute
        Returns:
        True to skip this attribute
        Throws:
        java.rmi.RemoteException
        MXException

      • sendEsigResetNotf

        protected void sendEsigResetNotf()
                          throws MXException,
                                 java.rmi.RemoteException
        Throws:
        MXException
        java.rmi.RemoteException

      • recheckPasswordAuthority

        public void recheckPasswordAuthority()
                              throws MXException,
                                     java.rmi.RemoteException
        Recheck password change authority.
        Throws:
        MXException
        java.rmi.RemoteException

      • encryptEsigPassword

        public java.lang.String encryptEsigPassword(java.lang.String esigPass)

      • save

        public void save()
          throws MXException,
                 java.rmi.RemoteException
        Perform any processing re: changing native dbpassword; then save the mbo. Fredrik 8/10, Added MT functionality. Check to see if we are changing password for any of the users in the Maximo.property and if so, update it.
        Overrides:
        save in class StatefulMbo
        Throws:
        MXException
        java.rmi.RemoteException
        See Also:
        MaxUser.changeDBPassword()

      • commit

        protected void commit()
        Overrides:
        commit in class Mbo

      • setBlocked

        public void setBlocked(java.lang.String memo)
                throws MXException,
                       java.rmi.RemoteException
        Set this user's status to BLOCKED.
        Parameters:
        memo - Freeform comment; can be null.
        Throws:
        MXException
        java.rmi.RemoteException

      • addLoginTracking

        @Deprecated
public void addLoginTracking(boolean attemptResult,
                                         java.lang.String app,
                                         java.lang.String reason,
                                         java.lang.String transid,
                                         java.lang.String[] keyvalue)
                                  throws MXException,
                                         java.rmi.RemoteException
        Deprecated. See Harrier Esig spec
        Add mbo to LoginTracking reflecting the successful or unsuccessful login. May also update MaxUser.failedlogins and MaxUser.status.

        Do NOT update anything if Maxvar LOGINTRACKING is False.

        Called from MaxUserSet addLoginTracking.

        Specified by:
        addLoginTracking in interface MaxUserRemote
        Parameters:
        attemptResult - True for successful login, else False
        app - The application name (optional). Used for ESIG.
        reason - The reason code (optional). Used for ESIG.
        transid - The transaction ID (optional). Used for ESIG.
        keyvalue - Array of up to seven key values (optional). Used for ESIG to identify a mbo in the main set for the app.
        Throws:
        MXException
        java.rmi.RemoteException
        See Also:
        MaxUser.addLoginTracking(boolean, String, String, String, String[])

      • addLoginTracking

        @Deprecated
public void addLoginTracking(boolean attemptResult,
                                         java.lang.String app,
                                         java.lang.String reason,
                                         java.lang.String transid,
                                         java.lang.String[] keyvalue,
                                         java.lang.String ownerTable,
                                         java.lang.String ownerId)
                                  throws MXException,
                                         java.rmi.RemoteException
        Deprecated. See Harrier Esig spec
        Add mbo to LoginTracking reflecting the successful or unsuccessful login. May also update MaxUser.failedlogins and MaxUser.status.

        Do NOT update anything if Maxvar LOGINTRACKING is False.

        Called from MaxUserSet addLoginTracking.

        Specified by:
        addLoginTracking in interface MaxUserRemote
        Parameters:
        attemptResult - True for successful login, else False
        app - The application name (optional). Used for ESIG.
        reason - The reason code (optional). Used for ESIG.
        transid - The transaction ID (optional). Used for ESIG.
        keyvalue - Array of up to seven key values (optional). Used for ESIG to identify a mbo in the main set for the app.
        ownerTable - Owner table for esig
        ownerId - unique id for the esig record
        Throws:
        MXException
        java.rmi.RemoteException
        See Also:
        MaxUser.addLoginTracking(boolean, String, String, String, String[],String, String)

      • addLoginTracking

        public MboRemote addLoginTracking(java.lang.String attemptResult,
                                  boolean updateStatus)
                           throws MXException,
                                  java.rmi.RemoteException
        Add mbo to LoginTracking reflecting the successful or unsuccessful login. May also update MaxUser.failedlogins and MaxUser.status.

        Do NOT update anything if Maxvar LOGINTRACKING is False.

        Specified by:
        addLoginTracking in interface MaxUserRemote
        Parameters:
        attemptResult - From domain ATTEMPTRESULT.
        updateStatus - True if user status should be updated when called for by the business rules (for example, block the user if excessive number of bad logins). This param should normally be true except for certain situations in SecurityService.
        Returns:
        The new LoginTracking mbo.
        Throws:
        MXException
        java.rmi.RemoteException
        See Also:
        MaxUser.addLoginTracking(String, boolean)

      • canChangePassword

        public boolean canChangePassword()
                          throws MXException,
                                 java.rmi.RemoteException
        Can this session user change the password of this MaxUser mbo? Starting with Merlin, this always returns True (unless using LDAP).
        Specified by:
        canChangePassword in interface MaxUserRemote
        Returns:
        True = can change password; False = cannot change password
        Throws:
        MXException
        java.rmi.RemoteException
        See Also:
        MXServerInfo.useAppServerSecurity

      • userExistsOnDB

        public final boolean userExistsOnDB(java.sql.Connection con,
                                    java.lang.String checkID)
                             throws MXException,
                                    java.rmi.RemoteException
        Determine whether this user already exists on the native DB (databaseuserid). This check should be performed prior to attempting to save a new MaxUser!

        For Oracle, this method selects from all_users.
        For SQLServer, this method selects from syslogins.

        Parameters:
        con - Connection. Can be null. If null, it is created and closed within this method.
        checkID - The database user ID to be checked for.
        Returns:
        True = user already exists on this native DB.
        Throws:
        MXException
        java.rmi.RemoteException
        See Also:
        MaxUserSet.getSystemUserInfo(), UserInfo.getConnectionKey()

      • createPersonMbo

        public MboRemote createPersonMbo(java.lang.String personID,
                                 MboSetRemote personSet,
                                 boolean doAutokey)
                          throws MXException,
                                 java.rmi.RemoteException
        Called only when adding a user, to create a Person mbo. Since the PersonID can be changed multiple times before saving, this method has to clean out any previously-added and now obsolete Person mbos.
        Specified by:
        createPersonMbo in interface MaxUserRemote
        Parameters:
        personID - The personID to use on the Person mbo (unless autokeying).
        personSet - This MaxUser mbo owns set of Person, MaxUserSetRemote.PERSON.
        doAutokey - If true and if the PersonID attribute allows autokeying, then use the autokey value rather than the value of personID param.
        Returns:
        The Person mbo just created for the specified personID.
        Throws:
        MXException
        java.rmi.RemoteException
        See Also:
        MaxUser.createPersonMbo(String, MboSetRemote, boolean)

      • showProfileWarning

        public boolean showProfileWarning()
                           throws MXException,
                                  java.rmi.RemoteException
        If any info was changed via My Profile app that did not update the cached user profile, and there is more than one active session for this UserID, then return True. This info includes language, locale and timezone. Most of the other info in My Profile does update the cached Profile. This is called from MyProfileBean.
        Specified by:
        showProfileWarning in interface MaxUserRemote
        Returns:
        True is info was changed but cached Profile was not updated, and there is more than one session for this user.
        Throws:
        MXException
        java.rmi.RemoteException
        See Also:
        MaxUser.showProfileWarning()

      • setValue

        public void setValue(java.lang.String attributeName,
                     java.lang.String val,
                     long accessModifier)
              throws MXException,
                     java.rmi.RemoteException
        Set value for the specified attribute.
        Specified by:
        setValue in interface MboRemote
        Overrides:
        setValue in class Mbo
        Parameters:
        attributeName - The attribute name within the current object.
        val - The string value to set to the attribute.
        accessModifier - The bitwise flags such as NOACCESSCHECK, NOVALIDATION_AND_NOACTION, and DELAYVALIDATION.
        Throws:
        MXException - "Attribute {0} does not exist" exception will be thrown if the attribute does not exist in the object. "Field is read only" exception will be thrown if the attribute is READONLY and the accessModifier does not specify NOACCESSCHECK. "Invalid Data Type" exception will be thrown for datatype mismatch. For example, setting a string value of characters to an attribute which has datatype of YORN.
        java.rmi.RemoteException
        See Also:
        Mbo.setValue(String, String, long), HiddenValueSet.setValue(java.lang.String, java.lang.String, long)

      • authorizeGroups

        public void authorizeGroups(MboSetRemote groupSet,
                            java.lang.String relationship)
                     throws MXException,
                            java.rmi.RemoteException
        For multiselect of groups for GrpReassignAuth or GroupUser.
        Specified by:
        authorizeGroups in interface MaxUserRemote
        Parameters:
        groupSet - Set of MaxGroup
        relationship - Relationship name: GRPREASSIGNAUTH or GROUPUSER.
        Throws:
        MXException
        java.rmi.RemoteException
        See Also:
        SelectGroupsBean

      • addGrpReassignAuthForUserInsert

        public void addGrpReassignAuthForUserInsert()
                                     throws MXException,
                                            java.rmi.RemoteException
        When user is added to a group that has USER-INSERT privilege, or that privilege is added to a group, then all users in that group need privilege to add people to the default group and the "everyone" group.
        Throws:
        MXException
        java.rmi.RemoteException

      • initFieldFlagsOnMbo

        public void initFieldFlagsOnMbo(java.lang.String attrName)
                         throws MXException
        Description copied from class: Mbo
        The logic of setting the readonly and required field flags to the mbo. Any setting of the field flags that require expensive operation, such as database query should be moved from init() to this method. However, those which don't require steps such as fetching Mbos can be left in init(). You can group the logic for a few attributes together if logic of deciding their flag is the same, or in other words, can be handled at once.
        Overrides:
        initFieldFlagsOnMbo in class Mbo
        Throws:
        MXException

      • getOldLoginID

        public java.lang.String getOldLoginID()

      • setOldLoginID

        public void setOldLoginID(java.lang.String oldLoginID)
Skip navigation links