Package org.opends.server.api

Class AuthenticationPolicyState

java.lang.Object
org.opends.server.api.AuthenticationPolicyState
Direct Known Subclasses:
PasswordPolicyState
public abstract class AuthenticationPolicyState extends Object
The authentication policy context associated with a user's entry, which is responsible for managing the user's account, their password, as well as authenticating the user.

  • Field Details

    • isDisabled

      protected ConditionResult isDisabled
      A boolean indicating whether the account associated with this authentication state has been administratively disabled.

    • userEntry

      protected final Entry userEntry
      The user entry associated with this authentication policy state.

  • Constructor Details

    • AuthenticationPolicyState

      protected AuthenticationPolicyState(Entry userEntry)
      Creates a new abstract authentication policy context.
      Parameters:
      userEntry - The user's entry.

  • Method Details

    • forUser

      public static AuthenticationPolicyState forUser(Entry userEntry, ServerContext serverContext) throws LdapException
      Returns the authentication policy state for the user provided user. This method is equivalent to the following: 
       AuthenticationPolicy policy = AuthenticationPolicy.forUser(userEntry, useDefaultOnError);
 AuthenticationPolicyState state = policy.createAuthenticationPolicyState(userEntry);
      See the documentation of AuthenticationPolicy.forUser(org.forgerock.opendj.ldap.Entry, org.opends.server.core.ServerContext) for a description of the algorithm used to find a user's authentication policy.
      Parameters:
      userEntry - The user entry.
      serverContext - The server context
      Returns:
      The password policy for the user.
      Throws:
      LdapException - If a problem occurs while attempting to determine the password policy for the user.
      See Also:

    • forUser

      public static AuthenticationPolicyState forUser(Entry userEntry, Consumer<LocalizableMessage> onMultiplePasswordPolicies, ServerContext serverContext) throws LdapException
      Returns the authentication policy state for the user provided user. This method is equivalent to the following: 
       AuthenticationPolicy policy = AuthenticationPolicy.forUser(userEntry, useDefaultOnError,
                                                            onMultiplePasswordPolicies);
 AuthenticationPolicyState state = policy.createAuthenticationPolicyState(userEntry);
      See the documentation of AuthenticationPolicy.forUser(org.forgerock.opendj.ldap.Entry, org.opends.server.core.ServerContext) for a description of the algorithm used to find a user's authentication policy.
      Parameters:
      userEntry - The user entry.
      onMultiplePasswordPolicies - Invoked when multiple password policy subentries are detected to the entry.
      serverContext - The server context
      Returns:
      The password policy for the user.
      Throws:
      LdapException - If a problem occurs while attempting to determine the password policy for the user.
      See Also:

    • getBoolean

      protected static ConditionResult getBoolean(Entry entry, String attributeName) throws LdapException
      A utility method which may be used by implementations in order to obtain the value of the specified attribute from the provided entry as a boolean.
      Parameters:
      entry - The entry whose attribute is to be parsed as a boolean.
      attributeName - The attribute name whose value should be parsed as a boolean.
      Returns:
      The attribute's value represented as a ConditionResult value, or ConditionResult.UNDEFINED if the specified attribute does not exist in the entry.
      Throws:
      LdapException - If the value cannot be decoded as a boolean.

    • getGeneralizedTime

      protected static long getGeneralizedTime(Entry entry, AttributeDescription attrDesc) throws LdapException
      A utility method which may be used by implementations in order to obtain the value of the specified attribute from the provided entry as a time in generalized time format.
      Parameters:
      entry - The entry whose attribute is to be parsed as a boolean.
      attrDesc - The attribute description whose value should be parsed as a generalized time value.
      Returns:
      The requested time, or -1 if it could not be determined.
      Throws:
      LdapException - If a problem occurs while attempting to decode the value as a generalized time.

    • finalizeStateAfterBind

      public void finalizeStateAfterBind() throws LdapException
      Performs any finalization required after a bind operation has completed. Implementations may perform internal operations in order to persist internal state to the user's entry if needed.
      Throws:
      LdapException - If a problem occurs during finalization.

    • getAuthenticationPolicy

      public abstract AuthenticationPolicy getAuthenticationPolicy()
      Returns the authentication policy associated with this state.
      Returns:
      The authentication policy associated with this state.

    • isDisabled

      public boolean isDisabled()
      Returns true if this authentication policy state is associated with a user whose account has been administratively disabled.

      The default implementation is use the value of the "ds-pwp-account-disable" attribute in the user's entry.

      Returns:
      true if this authentication policy state is associated with a user whose account has been administratively disabled.

    • passwordMatches

      public abstract boolean passwordMatches(ByteString password, AtomicReference<ByteString> matchedEncodedPassword) throws LdapException
      Returns true if the provided password value matches any of the user's passwords.
      Parameters:
      password - The user-provided password to verify.
      matchedEncodedPassword - If true is returned, the matching stored password may be returned.
      Returns:
      true if the provided password value matches any of the user's passwords.
      Throws:
      LdapException - If verification unexpectedly failed.

    • passwordMatches

      public boolean passwordMatches(ByteString password) throws LdapException
      Returns true if the provided password value matches any of the user's passwords.
      Parameters:
      password - The user-provided password to verify.
      Returns:
      true if the provided password value matches any of the user's passwords.
      Throws:
      LdapException - If verification unexpectedly failed.