Package org.opends.server.api
Class AuthenticationPolicyState
- java.lang.Object
-
- org.opends.server.api.AuthenticationPolicyState
-
- Direct Known Subclasses:
PasswordPolicyState
public abstract class AuthenticationPolicyState extends Object
The authentication policy context associated with a user's entry, which is responsible for managing the user's account, their password, as well as authenticating the user.
-
-
Field Summary
Fields Modifier and Type Field Description protected ConditionResult
isDisabled
A boolean indicating whether the account associated with this authentication state has been administratively disabled.protected Entry
userEntry
The user entry associated with this authentication policy state.
-
Constructor Summary
Constructors Modifier Constructor Description protected
AuthenticationPolicyState(Entry userEntry)
Creates a new abstract authentication policy context.
-
Method Summary
All Methods Static Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description void
finalizeStateAfterBind()
Performs any finalization required after a bind operation has completed.static AuthenticationPolicyState
forUser(Entry userEntry, Consumer<LocalizableMessage> onMultiplePasswordPolicies, ServerContext serverContext)
Returns the authentication policy state for the user provided user.static AuthenticationPolicyState
forUser(Entry userEntry, ServerContext serverContext)
Returns the authentication policy state for the user provided user.abstract AuthenticationPolicy
getAuthenticationPolicy()
Returns the authentication policy associated with this state.protected static ConditionResult
getBoolean(Entry entry, String attributeName)
A utility method which may be used by implementations in order to obtain the value of the specified attribute from the provided entry as a boolean.protected static long
getGeneralizedTime(Entry entry, AttributeDescription attrDesc)
A utility method which may be used by implementations in order to obtain the value of the specified attribute from the provided entry as a time in generalized time format.boolean
isDisabled()
Returnstrue
if this authentication policy state is associated with a user whose account has been administratively disabled.boolean
passwordMatches(ByteString password)
Returnstrue
if the provided password value matches any of the user's passwords.abstract boolean
passwordMatches(ByteString password, AtomicReference<ByteString> matchedEncodedPassword)
Returnstrue
if the provided password value matches any of the user's passwords.
-
-
-
Field Detail
-
isDisabled
protected ConditionResult isDisabled
A boolean indicating whether the account associated with this authentication state has been administratively disabled.
-
userEntry
protected final Entry userEntry
The user entry associated with this authentication policy state.
-
-
Constructor Detail
-
AuthenticationPolicyState
protected AuthenticationPolicyState(Entry userEntry)
Creates a new abstract authentication policy context.- Parameters:
userEntry
- The user's entry.
-
-
Method Detail
-
forUser
public static AuthenticationPolicyState forUser(Entry userEntry, ServerContext serverContext) throws LdapException
Returns the authentication policy state for the user provided user. This method is equivalent to the following:AuthenticationPolicy policy = AuthenticationPolicy.forUser(userEntry, useDefaultOnError); AuthenticationPolicyState state = policy.createAuthenticationPolicyState(userEntry);
See the documentation ofAuthenticationPolicy.forUser(org.forgerock.opendj.ldap.Entry, org.opends.server.core.ServerContext)
for a description of the algorithm used to find a user's authentication policy.- Parameters:
userEntry
- The user entry.serverContext
- The server context- Returns:
- The password policy for the user.
- Throws:
LdapException
- If a problem occurs while attempting to determine the password policy for the user.- See Also:
forUser(Entry, ServerContext)
-
forUser
public static AuthenticationPolicyState forUser(Entry userEntry, Consumer<LocalizableMessage> onMultiplePasswordPolicies, ServerContext serverContext) throws LdapException
Returns the authentication policy state for the user provided user. This method is equivalent to the following:AuthenticationPolicy policy = AuthenticationPolicy.forUser(userEntry, useDefaultOnError, onMultiplePasswordPolicies); AuthenticationPolicyState state = policy.createAuthenticationPolicyState(userEntry);
See the documentation ofAuthenticationPolicy.forUser(org.forgerock.opendj.ldap.Entry, org.opends.server.core.ServerContext)
for a description of the algorithm used to find a user's authentication policy.- Parameters:
userEntry
- The user entry.onMultiplePasswordPolicies
- Invoked when multiple password policy subentries are detected to the entry.serverContext
- The server context- Returns:
- The password policy for the user.
- Throws:
LdapException
- If a problem occurs while attempting to determine the password policy for the user.- See Also:
AuthenticationPolicy.forUser(Entry, boolean, java.util.function.Consumer, ServerContext)
-
getBoolean
protected static ConditionResult getBoolean(Entry entry, String attributeName) throws LdapException
A utility method which may be used by implementations in order to obtain the value of the specified attribute from the provided entry as a boolean.- Parameters:
entry
- The entry whose attribute is to be parsed as a boolean.attributeName
- The attribute name whose value should be parsed as a boolean.- Returns:
- The attribute's value represented as a ConditionResult value, or ConditionResult.UNDEFINED if the specified attribute does not exist in the entry.
- Throws:
LdapException
- If the value cannot be decoded as a boolean.
-
getGeneralizedTime
protected static long getGeneralizedTime(Entry entry, AttributeDescription attrDesc) throws LdapException
A utility method which may be used by implementations in order to obtain the value of the specified attribute from the provided entry as a time in generalized time format.- Parameters:
entry
- The entry whose attribute is to be parsed as a boolean.attrDesc
- The attribute description whose value should be parsed as a generalized time value.- Returns:
- The requested time, or -1 if it could not be determined.
- Throws:
LdapException
- If a problem occurs while attempting to decode the value as a generalized time.
-
finalizeStateAfterBind
public void finalizeStateAfterBind() throws LdapException
Performs any finalization required after a bind operation has completed. Implementations may perform internal operations in order to persist internal state to the user's entry if needed.- Throws:
LdapException
- If a problem occurs during finalization.
-
getAuthenticationPolicy
public abstract AuthenticationPolicy getAuthenticationPolicy()
Returns the authentication policy associated with this state.- Returns:
- The authentication policy associated with this state.
-
isDisabled
public boolean isDisabled()
Returnstrue
if this authentication policy state is associated with a user whose account has been administratively disabled.The default implementation is use the value of the "ds-pwp-account-disable" attribute in the user's entry.
- Returns:
true
if this authentication policy state is associated with a user whose account has been administratively disabled.
-
passwordMatches
public abstract boolean passwordMatches(ByteString password, AtomicReference<ByteString> matchedEncodedPassword) throws LdapException
Returnstrue
if the provided password value matches any of the user's passwords.- Parameters:
password
- The user-provided password to verify.matchedEncodedPassword
- Iftrue
is returned, the matching stored password may be returned.- Returns:
true
if the provided password value matches any of the user's passwords.- Throws:
LdapException
- If verification unexpectedly failed.
-
passwordMatches
public boolean passwordMatches(ByteString password) throws LdapException
Returnstrue
if the provided password value matches any of the user's passwords.- Parameters:
password
- The user-provided password to verify.- Returns:
true
if the provided password value matches any of the user's passwords.- Throws:
LdapException
- If verification unexpectedly failed.
-
-