Package org.opends.server.api

Class AuthenticationPolicyState

java.lang.Object

org.opends.server.api.AuthenticationPolicyState

Direct Known Subclasses:

PasswordPolicyState

public abstract class AuthenticationPolicyState
extends Object

The authentication policy context associated with a user's entry, which is responsible for managing the user's account, their password, as well as authenticating the user.

Field Summary

Fields

Modifier and Type	Field	Description
protected ConditionResult	isDisabled	A boolean indicating whether the account associated with this authentication state has been administratively disabled.
protected Entry	userEntry	The user entry associated with this authentication policy state.

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	AuthenticationPolicyState(Entry userEntry)	Creates a new abstract authentication policy context.

Method Summary

Modifier and Type	Method	Description
void	finalizeStateAfterBind()	Performs any finalization required after a bind operation has completed.
static AuthenticationPolicyState	forUser(Entry userEntry, Consumer<LocalizableMessage> onMultiplePasswordPolicies, ServerContext serverContext)	Returns the authentication policy state for the user provided user.
static AuthenticationPolicyState	forUser(Entry userEntry, ServerContext serverContext)	Returns the authentication policy state for the user provided user.
abstract AuthenticationPolicy	getAuthenticationPolicy()	Returns the authentication policy associated with this state.
protected static ConditionResult	getBoolean(Entry entry, String attributeName)	A utility method which may be used by implementations in order to obtain the value of the specified attribute from the provided entry as a boolean.
protected static long	getGeneralizedTime(Entry entry, AttributeDescription attrDesc)	A utility method which may be used by implementations in order to obtain the value of the specified attribute from the provided entry as a time in generalized time format.
boolean	isDisabled()	Returns true if this authentication policy state is associated with a user whose account has been administratively disabled.
abstract boolean	passwordMatches(ByteString password)	Returns true if the provided password value matches any of the user's passwords.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

isDisabled

protected ConditionResult isDisabled

A boolean indicating whether the account associated with this authentication state has been administratively disabled.

userEntry

protected final Entry userEntry

The user entry associated with this authentication policy state.

Constructor Detail

AuthenticationPolicyState

protected AuthenticationPolicyState(Entry userEntry)

Creates a new abstract authentication policy context.

Parameters:

userEntry - The user's entry.

Method Detail

forUser

public static AuthenticationPolicyState forUser(Entry userEntry,
                                                ServerContext serverContext)
                                         throws LdapException

Returns the authentication policy state for the user provided user. This method is equivalent to the following:

 AuthenticationPolicy policy = AuthenticationPolicy.forUser(userEntry, useDefaultOnError);
 AuthenticationPolicyState state = policy.createAuthenticationPolicyState(userEntry);
 

See the documentation of AuthenticationPolicy.forUser(org.forgerock.opendj.ldap.Entry, org.opends.server.core.ServerContext) for a description of the algorithm used to find a user's authentication policy.

Parameters:

userEntry - The user entry.

serverContext - The server context

Returns:

The password policy for the user.

Throws:

LdapException - If a problem occurs while attempting to determine the password policy for the user.

See Also:

forUser(Entry, ServerContext)

forUser

public static AuthenticationPolicyState forUser(Entry userEntry,
                                                Consumer<LocalizableMessage> onMultiplePasswordPolicies,
                                                ServerContext serverContext)
                                         throws LdapException

Returns the authentication policy state for the user provided user. This method is equivalent to the following:

 AuthenticationPolicy policy = AuthenticationPolicy.forUser(userEntry, useDefaultOnError,
                                                            onMultiplePasswordPolicies);
 AuthenticationPolicyState state = policy.createAuthenticationPolicyState(userEntry);
 

See the documentation of AuthenticationPolicy.forUser(org.forgerock.opendj.ldap.Entry, org.opends.server.core.ServerContext) for a description of the algorithm used to find a user's authentication policy.

Parameters:

userEntry - The user entry.

onMultiplePasswordPolicies - Invoked when multiple password policy subentries are detected to the entry.

serverContext - The server context

Returns:

The password policy for the user.

Throws:

LdapException - If a problem occurs while attempting to determine the password policy for the user.

See Also:

AuthenticationPolicy.forUser(Entry, boolean, java.util.function.Consumer, ServerContext)

getBoolean

protected static ConditionResult getBoolean(Entry entry,
                                            String attributeName)
                                     throws LdapException

A utility method which may be used by implementations in order to obtain the value of the specified attribute from the provided entry as a boolean.

Parameters:

entry - The entry whose attribute is to be parsed as a boolean.

attributeName - The attribute name whose value should be parsed as a boolean.

Returns:

The attribute's value represented as a ConditionResult value, or ConditionResult.UNDEFINED if the specified attribute does not exist in the entry.

Throws:

LdapException - If the value cannot be decoded as a boolean.

getGeneralizedTime

protected static long getGeneralizedTime(Entry entry,
                                         AttributeDescription attrDesc)
                                  throws LdapException

A utility method which may be used by implementations in order to obtain the value of the specified attribute from the provided entry as a time in generalized time format.

Parameters:

entry - The entry whose attribute is to be parsed as a boolean.

attrDesc - The attribute description whose value should be parsed as a generalized time value.

Returns:

The requested time, or -1 if it could not be determined.

Throws:

LdapException - If a problem occurs while attempting to decode the value as a generalized time.

finalizeStateAfterBind

public void finalizeStateAfterBind()
                            throws LdapException

Performs any finalization required after a bind operation has completed. Implementations may perform internal operations in order to persist internal state to the user's entry if needed.

Throws:

LdapException - If a problem occurs during finalization.

getAuthenticationPolicy

public abstract AuthenticationPolicy getAuthenticationPolicy()

Returns the authentication policy associated with this state.

Returns:

The authentication policy associated with this state.

isDisabled

public boolean isDisabled()

Returns true if this authentication policy state is associated with a user whose account has been administratively disabled.

The default implementation is use the value of the "ds-pwp-account-disable" attribute in the user's entry.

Returns:

true if this authentication policy state is associated with a user whose account has been administratively disabled.

passwordMatches

public abstract boolean passwordMatches(ByteString password)
                                 throws LdapException

Returns true if the provided password value matches any of the user's passwords.

Parameters:

password - The user-provided password to verify.

Returns:

true if the provided password value matches any of the user's passwords.

Throws:

LdapException - If verification unexpectedly failed.