org.opends.server.api

Class AuthenticationPolicyState

java.lang.Object

org.opends.server.api.AuthenticationPolicyState

Direct Known Subclasses:

PasswordPolicyState

public abstract class AuthenticationPolicyState
extends Object

The authentication policy context associated with a user's entry, which is responsible for managing the user's account, their password, as well as authenticating the user.

Field Summary

Fields

Modifier and Type	Field and Description
protected ConditionResult	isDisabled A boolean indicating whether the account associated with this authentication state has been administratively disabled.
protected Entry	userEntry The user entry associated with this authentication policy state.

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	AuthenticationPolicyState(Entry userEntry) Creates a new abstract authentication policy context.

Method Summary

Modifier and Type	Method and Description
void	finalizeStateAfterBind() Performs any finalization required after a bind operation has completed.
static AuthenticationPolicyState	forUser(Entry userEntry, boolean useDefaultOnError) Returns the authentication policy state for the user provided user.
abstract AuthenticationPolicy	getAuthenticationPolicy() Returns the authentication policy associated with this state.
protected static ConditionResult	getBoolean(Entry entry, String attributeName) A utility method which may be used by implementations in order to obtain the value of the specified attribute from the provided entry as a boolean.
protected static long	getGeneralizedTime(Entry entry, AttributeDescription attrDesc) A utility method which may be used by implementations in order to obtain the value of the specified attribute from the provided entry as a time in generalized time format.
boolean	isDisabled() Returns true if this authentication policy state is associated with a user whose account has been administratively disabled.
boolean	isPasswordPolicy() Returns true if this authentication policy state is associated with a password policy and the method getAuthenticationPolicy() will return a PasswordPolicy.
abstract boolean	passwordMatches(ByteString password) Returns true if the provided password value matches any of the user's passwords.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

isDisabled

protected ConditionResult isDisabled

A boolean indicating whether the account associated with this authentication state has been administratively disabled.

userEntry

protected final Entry userEntry

The user entry associated with this authentication policy state.

Constructor Detail

AuthenticationPolicyState

protected AuthenticationPolicyState(Entry userEntry)

Creates a new abstract authentication policy context.

Parameters:

userEntry - The user's entry.

Method Detail

forUser

public static AuthenticationPolicyState forUser(Entry userEntry,
                                                boolean useDefaultOnError)
                                         throws LdapException

Returns the authentication policy state for the user provided user. This method is equivalent to the following:

 AuthenticationPolicy policy = AuthenticationPolicy.forUser(userEntry, useDefaultOnError);
 AuthenticationPolicyState state = policy.createAuthenticationPolicyState(userEntry);
 

See the documentation of AuthenticationPolicy.forUser(org.forgerock.opendj.ldap.Entry, boolean) for a description of the algorithm used to find a user's authentication policy.

Parameters:

userEntry - The user entry.

useDefaultOnError - Indicates whether the server should fall back to using the default password policy if there is a problem with the configured policy for the user.

Returns:

The password policy for the user.

Throws:

LdapException - If a problem occurs while attempting to determine the password policy for the user.

See Also:

AuthenticationPolicy.forUser(Entry, boolean)

getBoolean

protected static ConditionResult getBoolean(Entry entry,
                                            String attributeName)
                                     throws LdapException

A utility method which may be used by implementations in order to obtain the value of the specified attribute from the provided entry as a boolean.

Parameters:

entry - The entry whose attribute is to be parsed as a boolean.

attributeName - The attribute name whose value should be parsed as a boolean.

Returns:

The attribute's value represented as a ConditionResult value, or ConditionResult.UNDEFINED if the specified attribute does not exist in the entry.

Throws:

LdapException - If the value cannot be decoded as a boolean.

getGeneralizedTime

protected static long getGeneralizedTime(Entry entry,
                                         AttributeDescription attrDesc)
                                  throws LdapException

A utility method which may be used by implementations in order to obtain the value of the specified attribute from the provided entry as a time in generalized time format.

Parameters:

entry - The entry whose attribute is to be parsed as a boolean.

attrDesc - The attribute description whose value should be parsed as a generalized time value.

Returns:

The requested time, or -1 if it could not be determined.

Throws:

LdapException - If a problem occurs while attempting to decode the value as a generalized time.

finalizeStateAfterBind

public void finalizeStateAfterBind()
                            throws LdapException

Performs any finalization required after a bind operation has completed. Implementations may perform internal operations in order to persist internal state to the user's entry if needed.

Throws:

LdapException - If a problem occurs during finalization.

getAuthenticationPolicy

public abstract AuthenticationPolicy getAuthenticationPolicy()

Returns the authentication policy associated with this state.

Returns:

The authentication policy associated with this state.

isDisabled

public boolean isDisabled()

Returns true if this authentication policy state is associated with a user whose account has been administratively disabled.

The default implementation is use the value of the "ds-pwp-account-disable" attribute in the user's entry.

Returns:

true if this authentication policy state is associated with a user whose account has been administratively disabled.

isPasswordPolicy

public boolean isPasswordPolicy()

Returns true if this authentication policy state is associated with a password policy and the method getAuthenticationPolicy() will return a PasswordPolicy.

Returns:

true if this authentication policy state is associated with a password policy, otherwise false.

passwordMatches

public abstract boolean passwordMatches(ByteString password)
                                 throws LdapException

Returns true if the provided password value matches any of the user's passwords.

Parameters:

password - The user-provided password to verify.

Returns:

true if the provided password value matches any of the user's passwords.

Throws:

LdapException - If verification unexpectedly failed.