Package org.opends.server.api

Class AuthenticationPolicy

  • Direct Known Subclasses:
    PasswordPolicy
    public abstract class AuthenticationPolicy
extends Object
    An abstract authentication policy.

    • Constructor Detail

      • AuthenticationPolicy

        protected AuthenticationPolicy()
        Creates a new abstract authentication policy.

    • Method Detail

      • forUser

        public static AuthenticationPolicy forUser​(Entry userEntry,
                                           ServerContext serverContext)
                                    throws LdapException
        Returns the authentication policy for the user provided user. The following algorithm is used in order to obtain the appropriate authentication policy:
        • if the user entry contains the ds-pwp-password-policy-dn attribute (whether real or virtual), then the referenced authentication policy will be returned
        • otherwise, a search is performed in order to find the nearest applicable password policy sub-entry to the user entry,
        • otherwise, the default password policy will be returned.
        Parameters:
        userEntry - The user entry
        serverContext - The server context
        Returns:
        The password policy for the user.
        Throws:
        LdapException - If a problem occurs while attempting to determine the password policy for the user.

      • forUser

        public static AuthenticationPolicy forUser​(Entry userEntry,
                                           boolean useDefaultOnError,
                                           Consumer<LocalizableMessage> onMultiplePasswordPolicies,
                                           ServerContext serverContext)
                                    throws LdapException
        Returns the authentication policy for the user provided user. The following algorithm is used in order to obtain the appropriate authentication policy:
        • if the user entry contains the ds-pwp-password-policy-dn attribute (whether real or virtual), then the referenced authentication policy will be returned
        • otherwise, a search is performed in order to find the nearest applicable password policy sub-entry to the user entry,
        • otherwise, the default password policy will be returned.
        Parameters:
        userEntry - The user entry.
        useDefaultOnError - Indicates whether the server should fall back to using the default password policy if there is a problem with the configured policy for the user.
        onMultiplePasswordPolicies - Invoked when multiple password policy subentries are detected to the entry.
        serverContext - The server context
        Returns:
        The password policy for the user.
        Throws:
        LdapException - If a problem occurs while attempting to determine the password policy for the user.

      • getDN

        public abstract Dn getDN()
        Returns the name of the configuration entry associated with this authentication policy.
        Returns:
        The name of the configuration entry associated with this authentication policy.

      • createAuthenticationPolicyState

        public AuthenticationPolicyState createAuthenticationPolicyState​(Entry userEntry,
                                                                 ServerContext serverContext)
        Returns the authentication policy state object for the provided user using the current time as the basis for all time-based state logic (such as expiring passwords).

        The default implementation is to call createAuthenticationPolicyState(Entry, long, ServerContext) with the current time.

        Parameters:
        userEntry - The user's entry.
        serverContext - The server context
        Returns:
        The authentication policy state object for the provided user.

      • createAuthenticationPolicyState

        public abstract AuthenticationPolicyState createAuthenticationPolicyState​(Entry userEntry,
                                                                          long time,
                                                                          ServerContext serverContext)
        Returns an authentication policy state object for the provided user using the specified time as the basis for all time-based state logic (such as expiring passwords).
        Parameters:
        userEntry - The user's entry.
        time - The time since the epoch to use for all time-based state logic (such as expiring passwords).
        serverContext - The server context
        Returns:
        The authentication policy state object for the provided user.

      • finalizeAuthenticationPolicy

        public void finalizeAuthenticationPolicy()
        Performs any necessary work to finalize this authentication policy.

        The default implementation is to do nothing.