Package org.opends.server.api
Class AuthenticationPolicy
- java.lang.Object
-
- org.opends.server.api.AuthenticationPolicy
-
- Direct Known Subclasses:
PasswordPolicy
public abstract class AuthenticationPolicy extends Object
An abstract authentication policy.
-
-
Constructor Summary
Constructors Modifier Constructor Description protected
AuthenticationPolicy()
Creates a new abstract authentication policy.
-
Method Summary
All Methods Static Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description abstract AuthenticationPolicyState
createAuthenticationPolicyState(Entry userEntry, long time, ServerContext serverContext)
Returns an authentication policy state object for the provided user using the specified time as the basis for all time-based state logic (such as expiring passwords).AuthenticationPolicyState
createAuthenticationPolicyState(Entry userEntry, ServerContext serverContext)
Returns the authentication policy state object for the provided user using the current time as the basis for all time-based state logic (such as expiring passwords).void
finalizeAuthenticationPolicy()
Performs any necessary work to finalize this authentication policy.static AuthenticationPolicy
forUser(Entry userEntry, boolean useDefaultOnError, Consumer<LocalizableMessage> onMultiplePasswordPolicies, ServerContext serverContext)
Returns the authentication policy for the user provided user.static AuthenticationPolicy
forUser(Entry userEntry, ServerContext serverContext)
Returns the authentication policy for the user provided user.abstract Dn
getDN()
Returns the name of the configuration entry associated with this authentication policy.boolean
isPasswordPolicy()
Returnstrue
if this authentication policy is a password policy and the methodscreateAuthenticationPolicyState(Entry, ServerContext)
andcreateAuthenticationPolicyState(Entry, long, ServerContext)
will return aPasswordPolicyState
.
-
-
-
Method Detail
-
forUser
public static AuthenticationPolicy forUser(Entry userEntry, ServerContext serverContext) throws LdapException
Returns the authentication policy for the user provided user. The following algorithm is used in order to obtain the appropriate authentication policy:- if the user entry contains the
ds-pwp-password-policy-dn
attribute (whether real or virtual), then the referenced authentication policy will be returned - otherwise, a search is performed in order to find the nearest applicable password policy sub-entry to the user entry,
- otherwise, the default password policy will be returned.
- Parameters:
userEntry
- The user entryserverContext
- The server context- Returns:
- The password policy for the user.
- Throws:
LdapException
- If a problem occurs while attempting to determine the password policy for the user.
- if the user entry contains the
-
forUser
public static AuthenticationPolicy forUser(Entry userEntry, boolean useDefaultOnError, Consumer<LocalizableMessage> onMultiplePasswordPolicies, ServerContext serverContext) throws LdapException
Returns the authentication policy for the user provided user. The following algorithm is used in order to obtain the appropriate authentication policy:- if the user entry contains the
ds-pwp-password-policy-dn
attribute (whether real or virtual), then the referenced authentication policy will be returned - otherwise, a search is performed in order to find the nearest applicable password policy sub-entry to the user entry,
- otherwise, the default password policy will be returned.
- Parameters:
userEntry
- The user entry.useDefaultOnError
- Indicates whether the server should fall back to using the default password policy if there is a problem with the configured policy for the user.onMultiplePasswordPolicies
- Invoked when multiple password policy subentries are detected to the entry.serverContext
- The server context- Returns:
- The password policy for the user.
- Throws:
LdapException
- If a problem occurs while attempting to determine the password policy for the user.
- if the user entry contains the
-
getDN
public abstract Dn getDN()
Returns the name of the configuration entry associated with this authentication policy.- Returns:
- The name of the configuration entry associated with this authentication policy.
-
isPasswordPolicy
public boolean isPasswordPolicy()
Returnstrue
if this authentication policy is a password policy and the methodscreateAuthenticationPolicyState(Entry, ServerContext)
andcreateAuthenticationPolicyState(Entry, long, ServerContext)
will return aPasswordPolicyState
.The default implementation is to return
false
.- Returns:
true
if this authentication policy is a password policy, otherwisefalse
.
-
createAuthenticationPolicyState
public AuthenticationPolicyState createAuthenticationPolicyState(Entry userEntry, ServerContext serverContext)
Returns the authentication policy state object for the provided user using the current time as the basis for all time-based state logic (such as expiring passwords).The default implementation is to call
createAuthenticationPolicyState(Entry, long, ServerContext)
with the current time.- Parameters:
userEntry
- The user's entry.serverContext
- The server context- Returns:
- The authentication policy state object for the provided user.
-
createAuthenticationPolicyState
public abstract AuthenticationPolicyState createAuthenticationPolicyState(Entry userEntry, long time, ServerContext serverContext)
Returns an authentication policy state object for the provided user using the specified time as the basis for all time-based state logic (such as expiring passwords).- Parameters:
userEntry
- The user's entry.time
- The time since the epoch to use for all time-based state logic (such as expiring passwords).serverContext
- The server context- Returns:
- The authentication policy state object for the provided user.
-
finalizeAuthenticationPolicy
public void finalizeAuthenticationPolicy()
Performs any necessary work to finalize this authentication policy.The default implementation is to do nothing.
-
-