public abstract class AuthenticationPolicyState extends Object
Modifier and Type | Field and Description |
---|---|
protected ConditionResult |
isDisabled
A boolean indicating whether the account associated with this authentication state has been administratively
disabled.
|
protected Entry |
userEntry
The user entry associated with this authentication policy state.
|
Modifier | Constructor and Description |
---|---|
protected |
AuthenticationPolicyState(Entry userEntry)
Creates a new abstract authentication policy context.
|
Modifier and Type | Method and Description |
---|---|
void |
finalizeStateAfterBind()
Performs any finalization required after a bind operation has completed.
|
static AuthenticationPolicyState |
forUser(Entry userEntry,
boolean useDefaultOnError)
Returns the authentication policy state for the user provided user.
|
abstract AuthenticationPolicy |
getAuthenticationPolicy()
Returns the authentication policy associated with this state.
|
protected static ConditionResult |
getBoolean(Entry entry,
String attributeName)
A utility method which may be used by implementations in order to obtain the value of the specified attribute
from the provided entry as a boolean.
|
protected static long |
getGeneralizedTime(Entry entry,
AttributeDescription attrDesc)
A utility method which may be used by implementations in order to obtain the value of the specified attribute
from the provided entry as a time in generalized time format.
|
boolean |
isDisabled()
Returns
true if this authentication policy state is associated with a user whose account has been
administratively disabled. |
boolean |
isPasswordPolicy()
Returns
true if this authentication policy state is associated with a password policy and the method
getAuthenticationPolicy() will return a PasswordPolicy . |
abstract boolean |
passwordMatches(ByteString password)
Returns
true if the provided password value matches any of the user's passwords. |
protected ConditionResult isDisabled
protected final Entry userEntry
protected AuthenticationPolicyState(Entry userEntry)
userEntry
- The user's entry.public static AuthenticationPolicyState forUser(Entry userEntry, boolean useDefaultOnError) throws LdapException
AuthenticationPolicy policy = AuthenticationPolicy.forUser(userEntry, useDefaultOnError); AuthenticationPolicyState state = policy.createAuthenticationPolicyState(userEntry);See the documentation of
AuthenticationPolicy.forUser(org.forgerock.opendj.ldap.Entry, boolean)
for a description of the algorithm used to find a
user's authentication policy.userEntry
- The user entry.useDefaultOnError
- Indicates whether the server should fall back to using the default password policy if there is a
problem with the configured policy for the user.LdapException
- If a problem occurs while attempting to determine the password policy for the user.AuthenticationPolicy.forUser(Entry, boolean)
protected static ConditionResult getBoolean(Entry entry, String attributeName) throws LdapException
entry
- The entry whose attribute is to be parsed as a boolean.attributeName
- The attribute name whose value should be parsed as a boolean.LdapException
- If the value cannot be decoded as a boolean.protected static long getGeneralizedTime(Entry entry, AttributeDescription attrDesc) throws LdapException
entry
- The entry whose attribute is to be parsed as a boolean.attrDesc
- The attribute description whose value should be parsed as a generalized time value.LdapException
- If a problem occurs while attempting to decode the value as a generalized time.public void finalizeStateAfterBind() throws LdapException
LdapException
- If a problem occurs during finalization.public abstract AuthenticationPolicy getAuthenticationPolicy()
public boolean isDisabled()
true
if this authentication policy state is associated with a user whose account has been
administratively disabled.
The default implementation is use the value of the "ds-pwp-account-disable" attribute in the user's entry.
true
if this authentication policy state is associated with a user whose account has been
administratively disabled.public boolean isPasswordPolicy()
true
if this authentication policy state is associated with a password policy and the method
getAuthenticationPolicy()
will return a PasswordPolicy
.true
if this authentication policy state is associated with a password policy, otherwise
false
.public abstract boolean passwordMatches(ByteString password) throws LdapException
true
if the provided password value matches any of the user's passwords.password
- The user-provided password to verify.true
if the provided password value matches any of the user's passwords.LdapException
- If verification unexpectedly failed.Copyright 2010-2022 ForgeRock AS.