|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.opends.server.core.PasswordPolicy
public class PasswordPolicy
This class defines a data structure that holds information about a Directory Server password policy.
Constructor Summary | |
---|---|
PasswordPolicy(PasswordPolicyCfg configuration)
Creates a new password policy based on the configuration contained in the provided configuration entry. |
Method Summary | |
---|---|
boolean |
allowExpiredPasswordChanges()
Indicates whether a user will be allowed to change their password after it expires and they have no remaining grace logins (and will not be allowed to perform any other operation until the password is changed). |
boolean |
allowMultiplePasswordValues()
Indicates whether user entries will be allowed to have multiple distinct values in the password attribute. |
boolean |
allowPreEncodedPasswords()
Indicates whether clients will be allowed to set pre-encoded passwords that are already hashed and therefore cannot be validated for correctness. |
boolean |
allowUserPasswordChanges()
Indicates whether end users will be allowed to change their own passwords (subject to access control restrictions). |
boolean |
expirePasswordsWithoutWarning()
Indicates whether user passwords will be allowed to expire without the user receiving at least one notification during the warning period. |
boolean |
forceChangeOnAdd()
Indicates whether users will be required to change their passwords as soon as they authenticate after their accounts have been created. |
boolean |
forceChangeOnReset()
Indicates whether a user will be required to change their password after it has been reset by an administrator. |
java.util.concurrent.ConcurrentHashMap<DN,AccountStatusNotificationHandler> |
getAccountStatusNotificationHandlers()
Retrieves the set of account status notification handlers that should be used with this password policy. |
DN |
getConfigEntryDN()
Retrieves the DN of the configuration entry to which this password policy corresponds. |
java.util.concurrent.CopyOnWriteArrayList<PasswordStorageScheme> |
getDefaultStorageSchemes()
Retrieves the default set of password storage schemes that will be used for this password policy. |
java.util.concurrent.CopyOnWriteArraySet<java.lang.String> |
getDeprecatedStorageSchemes()
Retrieves the names of the password storage schemes that have been deprecated. |
int |
getGraceLoginCount()
Retrieves the maximum number of grace logins that a user will be allowed after their password has expired before they are completely locked out. |
int |
getIdleLockoutInterval()
Retrieves the maximum length of time in seconds that an account will be allowed to remain idle (no authentications performed as the user) before it will be locked out. |
AttributeType |
getLastLoginTimeAttribute()
Retrieves the attribute type used to store the last login time. |
java.lang.String |
getLastLoginTimeFormat()
Retrieves the format string that should be used for the last login time. |
int |
getLockoutDuration()
Retrieves the maximum length of time in seconds that an account will be locked out due to too many failed authentication attempts. |
int |
getLockoutFailureCount()
Retrieves the maximum number of authentication failures that will be allowed before an account is locked out. |
int |
getLockoutFailureExpirationInterval()
Retrieves the maximum length of time in seconds that an authentication failure will be held against a user before it is removed from the failed login count. |
int |
getMaximumPasswordAge()
Retrieves the maximum length of time in seconds that will be allowed to pass between password changes before the password is expired. |
int |
getMaximumPasswordResetAge()
Retrieves the maximum length of time in seconds that will be allowed to pass after an administrative password reset before that password is expired. |
int |
getMinimumPasswordAge()
Retrieves the minimum password age, which is the minimum length of time in seconds that must elapse between user password changes. |
AttributeType |
getPasswordAttribute()
Retrieves the attribute type used to store the password. |
PasswordGenerator |
getPasswordGenerator()
Retrieves the password generator that will be used with this password policy. |
DN |
getPasswordGeneratorDN()
Retrieves the DN of the password validator configuration entry. |
int |
getPasswordHistoryCount()
Retrieves the maximum number of previous passwords to maintain in the password history. |
int |
getPasswordHistoryDuration()
Retrieves the maximum length of time in seconds that previous passwords should remain in the password history. |
java.util.concurrent.ConcurrentHashMap<DN,PasswordValidator<? extends PasswordValidatorCfg>> |
getPasswordValidators()
Retrieves the set of password validators for this password policy. |
java.util.concurrent.CopyOnWriteArrayList<java.lang.String> |
getPreviousLastLoginTimeFormats()
Retrieves the list of previous last login time formats that might have been used for users associated with this password policy. |
long |
getRequireChangeByTime()
Retrieves the time by which all users will be required to change their passwords, expressed in the number of milliseconds since midnight of January 1, 1970 (i.e., the zero time for System.currentTimeMillis() ). |
PasswordPolicyCfgDefn.StateUpdateFailurePolicy |
getStateUpdateFailurePolicy()
Retrieves the state update failure policy for this password policy. |
int |
getWarningInterval()
Retrieves the maximum length of time in seconds before the password will expire that the user should start receiving warning notifications. |
boolean |
isDefaultStorageScheme(java.lang.String name)
Indicates whether the specified storage scheme is a default scheme for this password policy. |
boolean |
isDeprecatedStorageScheme(java.lang.String name)
Indicates whether the specified storage scheme is deprecated. |
boolean |
requireCurrentPassword()
Indicates whether the end user must provide their current password (via the password modify extended operation) in order to set a new password. |
boolean |
requireSecureAuthentication()
Indicates whether users with this password policy will be required to authenticate in a secure manner that does not expose their password. |
boolean |
requireSecurePasswordChanges()
Indicates whether users with this password policy will be required to change their passwords in a secure manner that does not expose the new password. |
boolean |
skipValidationForAdministrators()
Indicates whether operations by administrators that specify a new password for a user (e.g., add, modify, or password modify) will be allowed to bypass the password validation process that will be required for user password changes. |
java.lang.String |
toString()
Retrieves a string representation of this password policy. |
void |
toString(java.lang.StringBuilder buffer)
Appends a string representation of this password policy to the provided buffer. |
boolean |
usesAuthPasswordSyntax()
Indicates whether the associated password attribute uses the auth password syntax. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Constructor Detail |
---|
public PasswordPolicy(PasswordPolicyCfg configuration) throws ConfigException, InitializationException
configuration
- The configuration with the information to use to
initialize this password policy.
ConfigException
- If the provided entry does not contain a valid
password policy configuration.
InitializationException
- If an error occurs while initializing the
password policy that is not related to
the server configuration.Method Detail |
---|
public DN getConfigEntryDN()
public AttributeType getPasswordAttribute()
public boolean usesAuthPasswordSyntax()
true
if the associated password attribute uses the
auth password syntax, or false
if not.public java.util.concurrent.CopyOnWriteArrayList<PasswordStorageScheme> getDefaultStorageSchemes()
public boolean isDefaultStorageScheme(java.lang.String name)
name
- The name of the password storage scheme for which to make the
determination.
true
if the storage scheme is a default scheme for
this password policy, or false
if not.public java.util.concurrent.CopyOnWriteArraySet<java.lang.String> getDeprecatedStorageSchemes()
public boolean isDeprecatedStorageScheme(java.lang.String name)
name
- The name of the password storage scheme for which to make the
determination.
true
if the storage scheme is deprecated, or
false
if not.public java.util.concurrent.ConcurrentHashMap<DN,PasswordValidator<? extends PasswordValidatorCfg>> getPasswordValidators()
public java.util.concurrent.ConcurrentHashMap<DN,AccountStatusNotificationHandler> getAccountStatusNotificationHandlers()
public boolean allowUserPasswordChanges()
true
if users will be allowed to change their own
passwords, or false
if not.public boolean requireCurrentPassword()
true
if the end user must provide their current
password in order to set a new password, or false
if
they will not.public boolean forceChangeOnAdd()
true
if users will be required to change their
passwords at the initial authentication, or false
if
not.public boolean forceChangeOnReset()
true
if a user will be required to change their
password after it has been reset by an administrator, or
false
if they can continue using that password.public boolean skipValidationForAdministrators()
true
if administrators will be allowed to bypass the
validation checks, or false
if not.public DN getPasswordGeneratorDN()
public PasswordGenerator getPasswordGenerator()
null
if there is none.public int getPasswordHistoryCount()
public int getPasswordHistoryDuration()
public boolean requireSecureAuthentication()
true
if users with this password policy will be
required to authenticate in a secure manner that does not expose
their password, or false
if they may authenticate in
an insecure manner.public boolean requireSecurePasswordChanges()
true
if users with this password policy will be
required to change their passwords in a secure manner that does
not expose the new password, or false
if they may
change their password in an insecure manner.public boolean allowMultiplePasswordValues()
true
if clients will be allowed to have multiple
distinct password values, or false
if not.public boolean allowPreEncodedPasswords()
true
if clients will be allowed to set pre-encoded
passwords that cannot be validated, or false
if not.public int getMinimumPasswordAge()
public int getMaximumPasswordAge()
public int getMaximumPasswordResetAge()
public int getWarningInterval()
public boolean expirePasswordsWithoutWarning()
true
if user passwords will be allowed to expire
without the user receiving at least one notification during the
warning period, or false
if the user will always see
at least one warning before the password expires.public boolean allowExpiredPasswordChanges()
true
if a user will be allowed to change their
password after it expires and they have no remaining grace longs,
or false
if the account will be completely locked and
the password must be reset by an administrator.public int getGraceLoginCount()
public int getLockoutFailureCount()
public int getLockoutDuration()
public int getLockoutFailureExpirationInterval()
public long getRequireChangeByTime()
System.currentTimeMillis()
). Any passwords not changed before
this time will automatically enter a state in which they must be changed
before any other operation will be allowed.
public AttributeType getLastLoginTimeAttribute()
null
if the last login time is not to be maintained.public java.lang.String getLastLoginTimeFormat()
null
if the last login time is not to be
maintained.public java.util.concurrent.CopyOnWriteArrayList<java.lang.String> getPreviousLastLoginTimeFormats()
public int getIdleLockoutInterval()
public PasswordPolicyCfgDefn.StateUpdateFailurePolicy getStateUpdateFailurePolicy()
public java.lang.String toString()
toString
in class java.lang.Object
public void toString(java.lang.StringBuilder buffer)
buffer
- The buffer to which the information should be appended.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |