org.apache.jetspeed.security.spi.impl
Class PasswordHistoryInterceptor

java.lang.Object
  extended by org.apache.jetspeed.security.spi.impl.AbstractInternalPasswordCredentialInterceptorImpl
      extended by org.apache.jetspeed.security.spi.impl.PasswordHistoryInterceptor
All Implemented Interfaces:
InternalPasswordCredentialInterceptor

public class PasswordHistoryInterceptor
extends AbstractInternalPasswordCredentialInterceptorImpl

Maintains a configurable FIFO stack of used password credentials for a principal. It also requires a unique password (with regards to the values currently in the stack) when a password is changed directly by the user itself.

The historical passwords are maintained as InternalCredential instances with as classname value HISTORICAL_PASSWORD_CREDENTIAL to distinguish them from the current password credential.

Implementation Note:
When a new password is about to be saved, a new copy of the current credential is saved as a historic password credential. This means that the current password credential instance, and thus also its key, remains the same.

Version:
$Id$
Author:
Ate Douma

Field Summary
static java.lang.String HISTORICAL_PASSWORD_CREDENTIAL
          Value used for InternalCredential.getClassname() to distinguish from current password credentials
 
Constructor Summary
PasswordHistoryInterceptor(int historySize)
           
 
Method Summary
 void beforeSetPassword(InternalUserPrincipal internalUser, java.util.Collection credentials, java.lang.String userName, InternalCredential credential, java.lang.String password, boolean authenticated)
           Invoked when a new password value is to be saved for a user.
 
Methods inherited from class org.apache.jetspeed.security.spi.impl.AbstractInternalPasswordCredentialInterceptorImpl
afterAuthenticated, afterLoad, beforeCreate
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

HISTORICAL_PASSWORD_CREDENTIAL

public static final java.lang.String HISTORICAL_PASSWORD_CREDENTIAL
Value used for InternalCredential.getClassname() to distinguish from current password credentials

See Also:
Constant Field Values
Constructor Detail

PasswordHistoryInterceptor

public PasswordHistoryInterceptor(int historySize)
Parameters:
historySize - stack size maintained for historical passwords
Method Detail

beforeSetPassword

public void beforeSetPassword(InternalUserPrincipal internalUser,
                              java.util.Collection credentials,
                              java.lang.String userName,
                              InternalCredential credential,
                              java.lang.String password,
                              boolean authenticated)
                       throws SecurityException
Description copied from interface: InternalPasswordCredentialInterceptor

Invoked when a new password value is to be saved for a user.

The new password value is not yet set on the provided credential when this callback is invoked. This allows custom history maintenance and/or auditing to be performed.

The provided authenticated flag can be used to differentiate between a new password value set directly by a user itself or through an administrative interface.

After this callback is invoked, the specified password value will be set, as well as a reset of the updateRequired flag, before the credential is saved.

A thrown SecurityException is passed on to the set password requestor.

Specified by:
beforeSetPassword in interface InternalPasswordCredentialInterceptor
Overrides:
beforeSetPassword in class AbstractInternalPasswordCredentialInterceptorImpl
Parameters:
internalUser - the user to which the credential belongs
credentials - the collection of credentials which will set on the user after (already contains the new credential)
userName - the name of the principal to which the credential belongs
credential - the credential of the user
password - the new password value (already set on the new credential)
authenticated - true if the new password value is provided by the user directly
Throws:
SecurityException
See Also:
InternalPasswordCredentialInterceptor.beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal, java.util.Collection, java.lang.String, org.apache.jetspeed.security.om.InternalCredential, java.lang.String, boolean)


Copyright © 1999-2010 Apache Software Foundation. All Rights Reserved.