Class AuthenticationPolicy

  • Direct Known Subclasses:
    PasswordPolicy

    public abstract class AuthenticationPolicy
    extends Object
    An abstract authentication policy.
    • Constructor Detail

      • AuthenticationPolicy

        protected AuthenticationPolicy()
        Creates a new abstract authentication policy.
    • Method Detail

      • forUser

        public static AuthenticationPolicy forUser​(Entry userEntry,
                                                   ServerContext serverContext)
                                            throws LdapException
        Returns the authentication policy for the user provided user. The following algorithm is used in order to obtain the appropriate authentication policy:
        • if the user entry contains the ds-pwp-password-policy-dn attribute (whether real or virtual), then the referenced authentication policy will be returned
        • otherwise, a search is performed in order to find the nearest applicable password policy sub-entry to the user entry,
        • otherwise, the default password policy will be returned.
        Parameters:
        userEntry - The user entry
        serverContext - The server context
        Returns:
        The password policy for the user.
        Throws:
        LdapException - If a problem occurs while attempting to determine the password policy for the user.
      • forUser

        public static AuthenticationPolicy forUser​(Entry userEntry,
                                                   boolean useDefaultOnError,
                                                   Consumer<LocalizableMessage> onMultiplePasswordPolicies,
                                                   ServerContext serverContext)
                                            throws LdapException
        Returns the authentication policy for the user provided user. The following algorithm is used in order to obtain the appropriate authentication policy:
        • if the user entry contains the ds-pwp-password-policy-dn attribute (whether real or virtual), then the referenced authentication policy will be returned
        • otherwise, a search is performed in order to find the nearest applicable password policy sub-entry to the user entry,
        • otherwise, the default password policy will be returned.
        Parameters:
        userEntry - The user entry.
        useDefaultOnError - Indicates whether the server should fall back to using the default password policy if there is a problem with the configured policy for the user.
        onMultiplePasswordPolicies - Invoked when multiple password policy subentries are detected to the entry.
        serverContext - The server context
        Returns:
        The password policy for the user.
        Throws:
        LdapException - If a problem occurs while attempting to determine the password policy for the user.
      • getDN

        public abstract Dn getDN()
        Returns the name of the configuration entry associated with this authentication policy.
        Returns:
        The name of the configuration entry associated with this authentication policy.
      • createAuthenticationPolicyState

        public AuthenticationPolicyState createAuthenticationPolicyState​(Entry userEntry,
                                                                         ServerContext serverContext)
        Returns the authentication policy state object for the provided user using the current time as the basis for all time-based state logic (such as expiring passwords).

        The default implementation is to call createAuthenticationPolicyState(Entry, long, ServerContext) with the current time.

        Parameters:
        userEntry - The user's entry.
        serverContext - The server context
        Returns:
        The authentication policy state object for the provided user.
      • createAuthenticationPolicyState

        public abstract AuthenticationPolicyState createAuthenticationPolicyState​(Entry userEntry,
                                                                                  long time,
                                                                                  ServerContext serverContext)
        Returns an authentication policy state object for the provided user using the specified time as the basis for all time-based state logic (such as expiring passwords).
        Parameters:
        userEntry - The user's entry.
        time - The time since the epoch to use for all time-based state logic (such as expiring passwords).
        serverContext - The server context
        Returns:
        The authentication policy state object for the provided user.
      • finalizeAuthenticationPolicy

        public void finalizeAuthenticationPolicy()
        Performs any necessary work to finalize this authentication policy.

        The default implementation is to do nothing.