Package org.opends.server.api
Class AuthenticationPolicy
- java.lang.Object
-
- org.opends.server.api.AuthenticationPolicy
-
- Direct Known Subclasses:
PasswordPolicy
public abstract class AuthenticationPolicy extends Object
An abstract authentication policy.
-
-
Constructor Summary
Constructors Modifier Constructor Description protectedAuthenticationPolicy()Creates a new abstract authentication policy.
-
Method Summary
All Methods Static Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description AuthenticationPolicyStatecreateAuthenticationPolicyState(Entry userEntry)Returns the authentication policy state object for the provided user using the current time as the basis for all time-based state logic (such as expiring passwords).abstract AuthenticationPolicyStatecreateAuthenticationPolicyState(Entry userEntry, long time, ServerContext serverContext)Returns an authentication policy state object for the provided user using the specified time as the basis for all time-based state logic (such as expiring passwords).voidfinalizeAuthenticationPolicy()Performs any necessary work to finalize this authentication policy.static AuthenticationPolicyforUser(Entry userEntry, boolean useDefaultOnError)Returns the authentication policy for the user provided user.static AuthenticationPolicyforUser(Entry userEntry, boolean useDefaultOnError, Consumer<LocalizableMessage> onMultiplePasswordPolicies)Returns the authentication policy for the user provided user.abstract DngetDN()Returns the name of the configuration entry associated with this authentication policy.booleanisPasswordPolicy()Returnstrueif this authentication policy is a password policy and the methodscreateAuthenticationPolicyState(Entry)andcreateAuthenticationPolicyState(Entry, long, ServerContext)will return aPasswordPolicyState.
-
-
-
Method Detail
-
forUser
public static AuthenticationPolicy forUser(Entry userEntry, boolean useDefaultOnError) throws LdapException
Returns the authentication policy for the user provided user. The following algorithm is used in order to obtain the appropriate authentication policy:- if the user entry contains the
ds-pwp-password-policy-dnattribute (whether real or virtual), then the referenced authentication policy will be returned - otherwise, a search is performed in order to find the nearest applicable password policy sub-entry to the user entry,
- otherwise, the default password policy will be returned.
- Parameters:
userEntry- The user entry.useDefaultOnError- Indicates whether the server should fall back to using the default password policy if there is a problem with the configured policy for the user.- Returns:
- The password policy for the user.
- Throws:
LdapException- If a problem occurs while attempting to determine the password policy for the user.
- if the user entry contains the
-
forUser
public static AuthenticationPolicy forUser(Entry userEntry, boolean useDefaultOnError, Consumer<LocalizableMessage> onMultiplePasswordPolicies) throws LdapException
Returns the authentication policy for the user provided user. The following algorithm is used in order to obtain the appropriate authentication policy:- if the user entry contains the
ds-pwp-password-policy-dnattribute (whether real or virtual), then the referenced authentication policy will be returned - otherwise, a search is performed in order to find the nearest applicable password policy sub-entry to the user entry,
- otherwise, the default password policy will be returned.
- Parameters:
userEntry- The user entry.useDefaultOnError- Indicates whether the server should fall back to using the default password policy if there is a problem with the configured policy for the user.onMultiplePasswordPolicies- Invoked when multiple password policy subentries are detected to the entry.- Returns:
- The password policy for the user.
- Throws:
LdapException- If a problem occurs while attempting to determine the password policy for the user.
- if the user entry contains the
-
getDN
public abstract Dn getDN()
Returns the name of the configuration entry associated with this authentication policy.- Returns:
- The name of the configuration entry associated with this authentication policy.
-
isPasswordPolicy
public boolean isPasswordPolicy()
Returnstrueif this authentication policy is a password policy and the methodscreateAuthenticationPolicyState(Entry)andcreateAuthenticationPolicyState(Entry, long, ServerContext)will return aPasswordPolicyState.The default implementation is to return
false.- Returns:
trueif this authentication policy is a password policy, otherwisefalse.
-
createAuthenticationPolicyState
public AuthenticationPolicyState createAuthenticationPolicyState(Entry userEntry)
Returns the authentication policy state object for the provided user using the current time as the basis for all time-based state logic (such as expiring passwords).The default implementation is to call
createAuthenticationPolicyState(Entry, long, ServerContext)with the current time.- Parameters:
userEntry- The user's entry.- Returns:
- The authentication policy state object for the provided user.
-
createAuthenticationPolicyState
public abstract AuthenticationPolicyState createAuthenticationPolicyState(Entry userEntry, long time, ServerContext serverContext)
Returns an authentication policy state object for the provided user using the specified time as the basis for all time-based state logic (such as expiring passwords).- Parameters:
userEntry- The user's entry.time- The time since the epoch to use for all time-based state logic (such as expiring passwords).serverContext- The server context- Returns:
- The authentication policy state object for the provided user.
-
finalizeAuthenticationPolicy
public void finalizeAuthenticationPolicy()
Performs any necessary work to finalize this authentication policy.The default implementation is to do nothing.
-
-