|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.apache.jetspeed.security.spi.impl.AbstractInternalPasswordCredentialInterceptorImpl
org.apache.jetspeed.security.spi.impl.MaxPasswordAuthenticationFailuresInterceptor
public class MaxPasswordAuthenticationFailuresInterceptor
Enforces a maximum number of times
a user may provide an invalid password.
Once the maximum number of invalid authentications is reached, the credential is disabled.
Note: the current count is not reset on valid authentication by this interceptor.
This is done by the DefaultCredentialHandler
which invokes the interceptor(s) after authentication
and no interceptor afterAuthenicated
method returns true.
But, this interceptor does (re)sets the count on creation and on change of the password.
Constructor Summary | |
---|---|
MaxPasswordAuthenticationFailuresInterceptor(int maxNumberOfAuthenticationFailures)
Configure the maximum number of invalid authentications allowed in a row. |
Method Summary | |
---|---|
boolean |
afterAuthenticated(InternalUserPrincipal internalUser,
java.lang.String userName,
InternalCredential credential,
boolean authenticated)
Checks the current count of authentication failures when the credential is not expired and authentication failed. |
void |
beforeCreate(InternalUserPrincipal internalUser,
java.util.Collection credentials,
java.lang.String userName,
InternalCredential credential,
java.lang.String password)
Sets the count of invalid authentications to zero (0). |
void |
beforeSetPassword(InternalUserPrincipal internalUser,
java.util.Collection credentials,
java.lang.String userName,
InternalCredential credential,
java.lang.String password,
boolean authenticated)
Resets the count of invalid authentications to zero (0). |
Methods inherited from class org.apache.jetspeed.security.spi.impl.AbstractInternalPasswordCredentialInterceptorImpl |
---|
afterLoad |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public MaxPasswordAuthenticationFailuresInterceptor(int maxNumberOfAuthenticationFailures)
Configure the maximum number of invalid authentications allowed in a row.
A value of zero (0) disables the check
Method Detail |
---|
public boolean afterAuthenticated(InternalUserPrincipal internalUser, java.lang.String userName, InternalCredential credential, boolean authenticated) throws SecurityException
afterAuthenticated
in interface InternalPasswordCredentialInterceptor
afterAuthenticated
in class AbstractInternalPasswordCredentialInterceptorImpl
internalUser
- the user to which the credential belongsuserName
- the name of the principal to which the credential belongscredential
- the credential of the userauthenticated
- true if the provided password matches the value of the credential
SecurityException
InternalPasswordCredentialInterceptor.afterAuthenticated(org.apache.jetspeed.security.om.InternalUserPrincipal, java.lang.String, org.apache.jetspeed.security.om.InternalCredential, boolean)
public void beforeCreate(InternalUserPrincipal internalUser, java.util.Collection credentials, java.lang.String userName, InternalCredential credential, java.lang.String password) throws SecurityException
beforeCreate
in interface InternalPasswordCredentialInterceptor
beforeCreate
in class AbstractInternalPasswordCredentialInterceptorImpl
internalUser
- the user to which the credential belongscredentials
- the collection of credentials which will set on the user after (already contains the new credential)userName
- the name of the principal to which the credential belongscredential
- the credential of the userpassword
- the new password value (already set on the new credential)
SecurityException
InternalPasswordCredentialInterceptor.beforeCreate(org.apache.jetspeed.security.om.InternalUserPrincipal, java.util.Collection, java.lang.String, InternalCredential, java.lang.String)
public void beforeSetPassword(InternalUserPrincipal internalUser, java.util.Collection credentials, java.lang.String userName, InternalCredential credential, java.lang.String password, boolean authenticated) throws SecurityException
beforeSetPassword
in interface InternalPasswordCredentialInterceptor
beforeSetPassword
in class AbstractInternalPasswordCredentialInterceptorImpl
internalUser
- the user to which the credential belongscredentials
- the collection of credentials which will set on the user after (already contains the new credential)userName
- the name of the principal to which the credential belongscredential
- the credential of the userpassword
- the new password value (already set on the new credential)authenticated
- true if the new password value is provided by the user directly
SecurityException
InternalPasswordCredentialInterceptor.beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal, java.util.Collection, java.lang.String, org.apache.jetspeed.security.om.InternalCredential, java.lang.String, boolean)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |