001 /* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at 010 * trunk/opends/resource/legal-notices/OpenDS.LICENSE 011 * or https://OpenDS.dev.java.net/OpenDS.LICENSE. 012 * See the License for the specific language governing permissions 013 * and limitations under the License. 014 * 015 * When distributing Covered Code, include this CDDL HEADER in each 016 * file and include the License file at 017 * trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable, 018 * add the following below this CDDL HEADER, with the fields enclosed 019 * by brackets "[]" replaced with your own identifying information: 020 * Portions Copyright [yyyy] [name of copyright owner] 021 * 022 * CDDL HEADER END 023 * 024 * 025 * Copyright 2006-2008 Sun Microsystems, Inc. 026 */ 027 package org.opends.server.api; 028 import org.opends.messages.Message; 029 030 031 032 import java.util.List; 033 import java.util.Set; 034 035 import org.opends.server.admin.std.server.PasswordValidatorCfg; 036 import org.opends.server.config.ConfigException; 037 import org.opends.server.types.ByteString; 038 import org.opends.server.types.Entry; 039 import org.opends.server.types.InitializationException; 040 import org.opends.server.types.Operation; 041 042 import org.opends.messages.MessageBuilder; 043 044 045 /** 046 * This class defines the set of methods and structures that must be 047 * implemented by a Directory Server module that may be used to 048 * determine whether a proposed password is acceptable for a user. 049 * 050 * @param <T> The type of configuration handled by this password 051 * validator. 052 */ 053 @org.opends.server.types.PublicAPI( 054 stability=org.opends.server.types.StabilityLevel.UNCOMMITTED, 055 mayInstantiate=false, 056 mayExtend=true, 057 mayInvoke=false) 058 public abstract class PasswordValidator 059 <T extends PasswordValidatorCfg> 060 { 061 /** 062 * Initializes this password validator based on the information in 063 * the provided configuration entry. 064 * 065 * @param configuration The configuration to use to initialize 066 * this password validator. 067 * 068 * @throws ConfigException If an unrecoverable problem arises in 069 * the process of performing the 070 * initialization. 071 * 072 * @throws InitializationException If a problem occurs during 073 * initialization that is not 074 * related to the server 075 * configuration. 076 */ 077 public abstract void initializePasswordValidator(T configuration) 078 throws ConfigException, InitializationException; 079 080 081 082 /** 083 * Indicates whether the provided configuration is acceptable for 084 * this password validator. It should be possible to call this 085 * method on an uninitialized password validator instance in order 086 * to determine whether the password validator would be able to use 087 * the provided configuration. 088 * <BR><BR> 089 * Note that implementations which use a subclass of the provided 090 * configuration class will likely need to cast the configuration 091 * to the appropriate subclass type. 092 * 093 * @param configuration The password validator configuration 094 * for which to make the determination. 095 * @param unacceptableReasons A list that may be used to hold the 096 * reasons that the provided 097 * configuration is not acceptable. 098 * 099 * @return {@code true} if the provided configuration is acceptable 100 * for this password validator, or {@code false} if not. 101 */ 102 public boolean isConfigurationAcceptable( 103 PasswordValidatorCfg configuration, 104 List<Message> unacceptableReasons) 105 { 106 // This default implementation does not perform any special 107 // validation. It should be overridden by password validator 108 // implementations that wish to perform more detailed validation. 109 return true; 110 } 111 112 113 114 /** 115 * Performs any finalization that might be required when this 116 * password validator is unloaded. No action is taken in the 117 * default implementation. 118 */ 119 public void finalizePasswordValidator() 120 { 121 // No action is required by default. 122 } 123 124 125 126 /** 127 * Indicates whether the provided password is acceptable for use by 128 * the specified user. If the password is determined to be 129 * unacceptable, then a human-readable explanation should be 130 * appended to the provided buffer. 131 * 132 * @param newPassword The proposed clear-text password that 133 * should be validated. 134 * @param currentPasswords The set of clear-text current passwords 135 * for the user (if available). Note that 136 * the current passwords may not always be 137 * available, and this may not comprise 138 * entire set of passwords currently 139 * for the user. 140 * @param operation The operation that is being used to set 141 * the password. It may be an add, a 142 * modify, or a password modify operation. 143 * @param userEntry The entry for the user whose password 144 * is being changed. 145 * @param invalidReason The buffer to which the human-readable 146 * explanation should be appended if it is 147 * determined that the password is not 148 * acceptable. 149 * 150 * @return {@code true} if the password is acceptable, or 151 * {@code false} if not. 152 */ 153 public abstract boolean passwordIsAcceptable(ByteString newPassword, 154 Set<ByteString> currentPasswords, 155 Operation operation, 156 Entry userEntry, 157 MessageBuilder invalidReason); 158 } 159