Package org.opends.server.api
Class AuthenticationPolicyState
- java.lang.Object
-
- org.opends.server.api.AuthenticationPolicyState
-
- Direct Known Subclasses:
PasswordPolicyState
public abstract class AuthenticationPolicyState extends Object
The authentication policy context associated with a user's entry, which is responsible for managing the user's account, their password, as well as authenticating the user.
-
-
Field Summary
Fields Modifier and Type Field Description protected ConditionResultisDisabledA boolean indicating whether the account associated with this authentication state has been administratively disabled.protected EntryuserEntryThe user entry associated with this authentication policy state.
-
Constructor Summary
Constructors Modifier Constructor Description protectedAuthenticationPolicyState(Entry userEntry)Creates a new abstract authentication policy context.
-
Method Summary
All Methods Static Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description voidfinalizeStateAfterBind()Performs any finalization required after a bind operation has completed.static AuthenticationPolicyStateforUser(Entry userEntry, Consumer<LocalizableMessage> onMultiplePasswordPolicies, ServerContext serverContext)Returns the authentication policy state for the user provided user.static AuthenticationPolicyStateforUser(Entry userEntry, ServerContext serverContext)Returns the authentication policy state for the user provided user.abstract AuthenticationPolicygetAuthenticationPolicy()Returns the authentication policy associated with this state.protected static ConditionResultgetBoolean(Entry entry, String attributeName)A utility method which may be used by implementations in order to obtain the value of the specified attribute from the provided entry as a boolean.protected static longgetGeneralizedTime(Entry entry, AttributeDescription attrDesc)A utility method which may be used by implementations in order to obtain the value of the specified attribute from the provided entry as a time in generalized time format.booleanisDisabled()Returnstrueif this authentication policy state is associated with a user whose account has been administratively disabled.booleanpasswordMatches(ByteString password)Returnstrueif the provided password value matches any of the user's passwords.abstract booleanpasswordMatches(ByteString password, AtomicReference<ByteString> matchedEncodedPassword)Returnstrueif the provided password value matches any of the user's passwords.
-
-
-
Field Detail
-
isDisabled
protected ConditionResult isDisabled
A boolean indicating whether the account associated with this authentication state has been administratively disabled.
-
userEntry
protected final Entry userEntry
The user entry associated with this authentication policy state.
-
-
Constructor Detail
-
AuthenticationPolicyState
protected AuthenticationPolicyState(Entry userEntry)
Creates a new abstract authentication policy context.- Parameters:
userEntry- The user's entry.
-
-
Method Detail
-
forUser
public static AuthenticationPolicyState forUser(Entry userEntry, ServerContext serverContext) throws LdapException
Returns the authentication policy state for the user provided user. This method is equivalent to the following:AuthenticationPolicy policy = AuthenticationPolicy.forUser(userEntry, useDefaultOnError); AuthenticationPolicyState state = policy.createAuthenticationPolicyState(userEntry);
See the documentation ofAuthenticationPolicy.forUser(org.forgerock.opendj.ldap.Entry, org.opends.server.core.ServerContext)for a description of the algorithm used to find a user's authentication policy.- Parameters:
userEntry- The user entry.serverContext- The server context- Returns:
- The password policy for the user.
- Throws:
LdapException- If a problem occurs while attempting to determine the password policy for the user.- See Also:
forUser(Entry, ServerContext)
-
forUser
public static AuthenticationPolicyState forUser(Entry userEntry, Consumer<LocalizableMessage> onMultiplePasswordPolicies, ServerContext serverContext) throws LdapException
Returns the authentication policy state for the user provided user. This method is equivalent to the following:AuthenticationPolicy policy = AuthenticationPolicy.forUser(userEntry, useDefaultOnError, onMultiplePasswordPolicies); AuthenticationPolicyState state = policy.createAuthenticationPolicyState(userEntry);See the documentation ofAuthenticationPolicy.forUser(org.forgerock.opendj.ldap.Entry, org.opends.server.core.ServerContext)for a description of the algorithm used to find a user's authentication policy.- Parameters:
userEntry- The user entry.onMultiplePasswordPolicies- Invoked when multiple password policy subentries are detected to the entry.serverContext- The server context- Returns:
- The password policy for the user.
- Throws:
LdapException- If a problem occurs while attempting to determine the password policy for the user.- See Also:
AuthenticationPolicy.forUser(Entry, boolean, java.util.function.Consumer, ServerContext)
-
getBoolean
protected static ConditionResult getBoolean(Entry entry, String attributeName) throws LdapException
A utility method which may be used by implementations in order to obtain the value of the specified attribute from the provided entry as a boolean.- Parameters:
entry- The entry whose attribute is to be parsed as a boolean.attributeName- The attribute name whose value should be parsed as a boolean.- Returns:
- The attribute's value represented as a ConditionResult value, or ConditionResult.UNDEFINED if the specified attribute does not exist in the entry.
- Throws:
LdapException- If the value cannot be decoded as a boolean.
-
getGeneralizedTime
protected static long getGeneralizedTime(Entry entry, AttributeDescription attrDesc) throws LdapException
A utility method which may be used by implementations in order to obtain the value of the specified attribute from the provided entry as a time in generalized time format.- Parameters:
entry- The entry whose attribute is to be parsed as a boolean.attrDesc- The attribute description whose value should be parsed as a generalized time value.- Returns:
- The requested time, or -1 if it could not be determined.
- Throws:
LdapException- If a problem occurs while attempting to decode the value as a generalized time.
-
finalizeStateAfterBind
public void finalizeStateAfterBind() throws LdapExceptionPerforms any finalization required after a bind operation has completed. Implementations may perform internal operations in order to persist internal state to the user's entry if needed.- Throws:
LdapException- If a problem occurs during finalization.
-
getAuthenticationPolicy
public abstract AuthenticationPolicy getAuthenticationPolicy()
Returns the authentication policy associated with this state.- Returns:
- The authentication policy associated with this state.
-
isDisabled
public boolean isDisabled()
Returnstrueif this authentication policy state is associated with a user whose account has been administratively disabled.The default implementation is use the value of the "ds-pwp-account-disable" attribute in the user's entry.
- Returns:
trueif this authentication policy state is associated with a user whose account has been administratively disabled.
-
passwordMatches
public abstract boolean passwordMatches(ByteString password, AtomicReference<ByteString> matchedEncodedPassword) throws LdapException
Returnstrueif the provided password value matches any of the user's passwords.- Parameters:
password- The user-provided password to verify.matchedEncodedPassword- Iftrueis returned, the matching stored password may be returned.- Returns:
trueif the provided password value matches any of the user's passwords.- Throws:
LdapException- If verification unexpectedly failed.
-
passwordMatches
public boolean passwordMatches(ByteString password) throws LdapException
Returnstrueif the provided password value matches any of the user's passwords.- Parameters:
password- The user-provided password to verify.- Returns:
trueif the provided password value matches any of the user's passwords.- Throws:
LdapException- If verification unexpectedly failed.
-
-