org.apache.jetspeed.security.spi.impl
Class AbstractInternalPasswordCredentialInterceptorImpl

java.lang.Object
  extended by org.apache.jetspeed.security.spi.impl.AbstractInternalPasswordCredentialInterceptorImpl
All Implemented Interfaces:
InternalPasswordCredentialInterceptor
Direct Known Subclasses:
EncodePasswordOnFirstLoadInterceptor, MaxPasswordAuthenticationFailuresInterceptor, PasswordExpirationInterceptor, PasswordHistoryInterceptor, ValidatePasswordOnLoadInterceptor

public abstract class AbstractInternalPasswordCredentialInterceptorImpl
extends java.lang.Object
implements InternalPasswordCredentialInterceptor

Base class providing default empty behavior for a InternalPasswordCredentialInterceptor implementation.

Version:
$Id$
Author:
Ate Douma

Constructor Summary
AbstractInternalPasswordCredentialInterceptorImpl()
           
 
Method Summary
 boolean afterAuthenticated(InternalUserPrincipal internalUser, java.lang.String userName, InternalCredential credential, boolean authenticated)
           Invoked during authentication after the provided password is compared against the one retrieved from the InternalCredential.
 boolean afterLoad(PasswordCredentialProvider pcProvider, java.lang.String userName, InternalCredential credential)
           Invoked after a password credential is loaded from the persistent store.
 void beforeCreate(InternalUserPrincipal internalUser, java.util.Collection credentials, java.lang.String userName, InternalCredential credential, java.lang.String password)
           Invoked when the first password credential is to be saved for a user.
 void beforeSetPassword(InternalUserPrincipal internalUser, java.util.Collection credentials, java.lang.String userName, InternalCredential credential, java.lang.String password, boolean authenticated)
           Invoked when a new password value is to be saved for a user.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

AbstractInternalPasswordCredentialInterceptorImpl

public AbstractInternalPasswordCredentialInterceptorImpl()
Method Detail

afterLoad

public boolean afterLoad(PasswordCredentialProvider pcProvider,
                         java.lang.String userName,
                         InternalCredential credential)
                  throws SecurityException
Description copied from interface: InternalPasswordCredentialInterceptor

Invoked after a password credential is loaded from the persistent store.

If true is returned the credential is expected to be updated and its changes will be stored again.

A thrown SecurityException will be logged as an error and result in the credential to be ignored as if not existing (like for authentication).

Specified by:
afterLoad in interface InternalPasswordCredentialInterceptor
Parameters:
pcProvider - provides callback access to for instance the configured CredentialPasswordEncoder and CredentialPasswordValidator
userName - the name of the principal to which the credential belongs
credential - the credential just loaded from the persistent store
Returns:
false
Throws:
SecurityException
See Also:
InternalPasswordCredentialInterceptor.afterLoad(org.apache.jetspeed.security.spi.PasswordCredentialProvider, java.lang.String, org.apache.jetspeed.security.om.InternalCredential)

afterAuthenticated

public boolean afterAuthenticated(InternalUserPrincipal internalUser,
                                  java.lang.String userName,
                                  InternalCredential credential,
                                  boolean authenticated)
                           throws SecurityException
Description copied from interface: InternalPasswordCredentialInterceptor

Invoked during authentication after the provided password is compared against the one retrieved from the InternalCredential.

If true is returned, the credential is expected to be updated and its enabled and expired flags will checked if the credential is (still) valid.

Note: the enabled and expired flags are only checked if this method returns true.

A thrown SecurityException will be passed on to the authentication requestor.

Specified by:
afterAuthenticated in interface InternalPasswordCredentialInterceptor
Parameters:
internalUser - the user to which the credential belongs
userName - the name of the principal to which the credential belongs
credential - the credential of the user
authenticated - true if the provided password matches the value of the credential
Returns:
false
Throws:
SecurityException
See Also:
InternalPasswordCredentialInterceptor.afterAuthenticated(org.apache.jetspeed.security.om.InternalUserPrincipal, java.lang.String, org.apache.jetspeed.security.om.InternalCredential, boolean)

beforeCreate

public void beforeCreate(InternalUserPrincipal internalUser,
                         java.util.Collection credentials,
                         java.lang.String userName,
                         InternalCredential credential,
                         java.lang.String password)
                  throws SecurityException
Description copied from interface: InternalPasswordCredentialInterceptor

Invoked when the first password credential is to be saved for a user.

This callback method can be used to set default values like the expiration date.

A thrown SecurityException is passed on to the new password requestor.

Specified by:
beforeCreate in interface InternalPasswordCredentialInterceptor
Parameters:
internalUser - the user to which the credential belongs
credentials - the collection of credentials which will set on the user after (already contains the new credential)
userName - the name of the principal to which the credential belongs
credential - the credential of the user
password - the new password value (already set on the new credential)
Throws:
SecurityException
See Also:
InternalPasswordCredentialInterceptor.beforeCreate(org.apache.jetspeed.security.om.InternalUserPrincipal, java.util.Collection, java.lang.String, InternalCredential, java.lang.String)

beforeSetPassword

public void beforeSetPassword(InternalUserPrincipal internalUser,
                              java.util.Collection credentials,
                              java.lang.String userName,
                              InternalCredential credential,
                              java.lang.String password,
                              boolean authenticated)
                       throws SecurityException
Description copied from interface: InternalPasswordCredentialInterceptor

Invoked when a new password value is to be saved for a user.

The new password value is not yet set on the provided credential when this callback is invoked. This allows custom history maintenance and/or auditing to be performed.

The provided authenticated flag can be used to differentiate between a new password value set directly by a user itself or through an administrative interface.

After this callback is invoked, the specified password value will be set, as well as a reset of the updateRequired flag, before the credential is saved.

A thrown SecurityException is passed on to the set password requestor.

Specified by:
beforeSetPassword in interface InternalPasswordCredentialInterceptor
Parameters:
internalUser - the user to which the credential belongs
credentials - the collection of credentials which will set on the user after (already contains the new credential)
userName - the name of the principal to which the credential belongs
credential - the credential of the user
password - the new password value (already set on the new credential)
authenticated - true if the new password value is provided by the user directly
Throws:
SecurityException
See Also:
InternalPasswordCredentialInterceptor.beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal, java.util.Collection, java.lang.String, org.apache.jetspeed.security.om.InternalCredential, java.lang.String, boolean)


Copyright © 1999-2010 Apache Software Foundation. All Rights Reserved.