Package org.opends.server.api

Class AuthenticationPolicy

java.lang.Object
org.opends.server.api.AuthenticationPolicy
Direct Known Subclasses:
PasswordPolicy
public abstract class AuthenticationPolicy extends Object
An abstract authentication policy.

  • Constructor Details

    • AuthenticationPolicy

      protected AuthenticationPolicy()
      Creates a new abstract authentication policy.

  • Method Details

    • forUser

      public static AuthenticationPolicy forUser(Entry userEntry, ServerContext serverContext) throws LdapException
      Returns the authentication policy for the user provided user. The following algorithm is used in order to obtain the appropriate authentication policy:
      • if the user entry contains the ds-pwp-password-policy-dn attribute (whether real or virtual), then the referenced authentication policy will be returned
      • otherwise, a search is performed in order to find the nearest applicable password policy sub-entry to the user entry,
      • otherwise, the default password policy will be returned.
      Parameters:
      userEntry - The user entry
      serverContext - The server context
      Returns:
      The password policy for the user.
      Throws:
      LdapException - If a problem occurs while attempting to determine the password policy for the user.

    • forUser

      public static AuthenticationPolicy forUser(Entry userEntry, boolean useDefaultOnError, Consumer<LocalizableMessage> onMultiplePasswordPolicies, ServerContext serverContext) throws LdapException
      Returns the authentication policy for the user provided user. The following algorithm is used in order to obtain the appropriate authentication policy:
      • if the user entry contains the ds-pwp-password-policy-dn attribute (whether real or virtual), then the referenced authentication policy will be returned
      • otherwise, a search is performed in order to find the nearest applicable password policy sub-entry to the user entry,
      • otherwise, the default password policy will be returned.
      Parameters:
      userEntry - The user entry.
      useDefaultOnError - Indicates whether the server should fall back to using the default password policy if there is a problem with the configured policy for the user.
      onMultiplePasswordPolicies - Invoked when multiple password policy subentries are detected to the entry.
      serverContext - The server context
      Returns:
      The password policy for the user.
      Throws:
      LdapException - If a problem occurs while attempting to determine the password policy for the user.

    • getDN

      public abstract Dn getDN()
      Returns the name of the configuration entry associated with this authentication policy.
      Returns:
      The name of the configuration entry associated with this authentication policy.

    • createAuthenticationPolicyState

      public AuthenticationPolicyState createAuthenticationPolicyState(Entry userEntry, ServerContext serverContext)
      Returns the authentication policy state object for the provided user using the current time as the basis for all time-based state logic (such as expiring passwords).

      The default implementation is to call createAuthenticationPolicyState(Entry, long, ServerContext) with the current time.

      Parameters:
      userEntry - The user's entry.
      serverContext - The server context
      Returns:
      The authentication policy state object for the provided user.

    • createAuthenticationPolicyState

      public abstract AuthenticationPolicyState createAuthenticationPolicyState(Entry userEntry, long time, ServerContext serverContext)
      Returns an authentication policy state object for the provided user using the specified time as the basis for all time-based state logic (such as expiring passwords).
      Parameters:
      userEntry - The user's entry.
      time - The time since the epoch to use for all time-based state logic (such as expiring passwords).
      serverContext - The server context
      Returns:
      The authentication policy state object for the provided user.

    • finalizeAuthenticationPolicy

      public void finalizeAuthenticationPolicy()
      Performs any necessary work to finalize this authentication policy.

      The default implementation is to do nothing.