org.opends.server.api

Class AuthenticationPolicy

java.lang.Object

org.opends.server.api.AuthenticationPolicy

Direct Known Subclasses:

PasswordPolicy

public abstract class AuthenticationPolicy
extends Object

An abstract authentication policy.

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	AuthenticationPolicy() Creates a new abstract authentication policy.

Method Summary

Modifier and Type	Method and Description
AuthenticationPolicyState	createAuthenticationPolicyState(Entry userEntry) Returns the authentication policy state object for the provided user using the current time as the basis for all time-based state logic (such as expiring passwords).
abstract AuthenticationPolicyState	createAuthenticationPolicyState(Entry userEntry, long time) Returns an authentication policy state object for the provided user using the specified time as the basis for all time-based state logic (such as expiring passwords).
void	finalizeAuthenticationPolicy() Performs any necessary work to finalize this authentication policy.
static AuthenticationPolicy	forUser(Entry userEntry, boolean useDefaultOnError) Returns the authentication policy for the user provided user.
abstract Dn	getDN() Returns the name of the configuration entry associated with this authentication policy.
boolean	isPasswordPolicy() Returns true if this authentication policy is a password policy and the methods createAuthenticationPolicyState(Entry) and createAuthenticationPolicyState(Entry, long) will return a PasswordPolicyState.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthenticationPolicy

protected AuthenticationPolicy()

Creates a new abstract authentication policy.

Method Detail

forUser

public static AuthenticationPolicy forUser(Entry userEntry,
                                           boolean useDefaultOnError)
                                    throws LdapException

Returns the authentication policy for the user provided user. The following algorithm is used in order to obtain the appropriate authentication policy:

• if the user entry contains the ds-pwp-password-policy-dn attribute (whether real or virtual), then the referenced authentication policy will be returned
• otherwise, a search is performed in order to find the nearest applicable password policy sub-entry to the user entry,
• otherwise, the default password policy will be returned.

Parameters:

userEntry - The user entry.

useDefaultOnError - Indicates whether the server should fall back to using the default password policy if there is a problem with the configured policy for the user.

Returns:

The password policy for the user.

Throws:

LdapException - If a problem occurs while attempting to determine the password policy for the user.

getDN

public abstract Dn getDN()

Returns the name of the configuration entry associated with this authentication policy.

Returns:

The name of the configuration entry associated with this authentication policy.

isPasswordPolicy

public boolean isPasswordPolicy()

Returns true if this authentication policy is a password policy and the methods createAuthenticationPolicyState(Entry) and createAuthenticationPolicyState(Entry, long) will return a PasswordPolicyState.

The default implementation is to return false.

Returns:

true if this authentication policy is a password policy, otherwise false.

createAuthenticationPolicyState

public AuthenticationPolicyState createAuthenticationPolicyState(Entry userEntry)
                                                          throws LdapException

Returns the authentication policy state object for the provided user using the current time as the basis for all time-based state logic (such as expiring passwords).

The default implementation is to call createAuthenticationPolicyState(Entry, long) with the current time.

Parameters:

userEntry - The user's entry.

Returns:

The authentication policy state object for the provided user.

Throws:

LdapException - If a problem occurs while attempting to initialize the state object from the provided user entry.

createAuthenticationPolicyState

public abstract AuthenticationPolicyState createAuthenticationPolicyState(Entry userEntry,
                                                                          long time)
                                                                   throws LdapException

Returns an authentication policy state object for the provided user using the specified time as the basis for all time-based state logic (such as expiring passwords).

Parameters:

userEntry - The user's entry.

time - The time since the epoch to use for all time-based state logic (such as expiring passwords).

Returns:

The authentication policy state object for the provided user.

Throws:

LdapException - If a problem occurs while attempting to initialize the state object from the provided user entry.

finalizeAuthenticationPolicy

public void finalizeAuthenticationPolicy()

Performs any necessary work to finalize this authentication policy.

The default implementation is to do nothing.