public abstract class AuthenticationPolicyState extends Object
Modifier and Type | Field and Description |
---|---|
protected org.forgerock.opendj.ldap.ConditionResult |
isDisabled
A boolean indicating whether the account associated with this authentication state has been administratively
disabled.
|
protected Entry |
userEntry
The user entry associated with this authentication policy state.
|
Modifier | Constructor and Description |
---|---|
protected |
AuthenticationPolicyState(Entry userEntry)
Creates a new abstract authentication policy context.
|
Modifier and Type | Method and Description |
---|---|
void |
finalizeStateAfterBind()
Performs any finalization required after a bind operation has completed.
|
static AuthenticationPolicyState |
forUser(Entry userEntry,
boolean useDefaultOnError)
Returns the authentication policy state for the user provided user.
|
abstract AuthenticationPolicy |
getAuthenticationPolicy()
Returns the authentication policy associated with this state.
|
protected static org.forgerock.opendj.ldap.ConditionResult |
getBoolean(Entry entry,
String attributeName)
A utility method which may be used by implementations in order to obtain the value of the specified attribute
from the provided entry as a boolean.
|
protected static long |
getGeneralizedTime(Entry entry,
org.forgerock.opendj.ldap.schema.AttributeType attributeType)
A utility method which may be used by implementations in order to obtain the value of the specified attribute
from the provided entry as a time in generalized time format.
|
boolean |
isDisabled()
Returns
true if this authentication policy state is associated with a user whose account has been
administratively disabled. |
boolean |
isPasswordPolicy()
Returns
true if this authentication policy state is associated with a password policy and the method
getAuthenticationPolicy() will return a PasswordPolicy . |
abstract boolean |
passwordMatches(org.forgerock.opendj.ldap.ByteString password)
Returns
true if the provided password value matches any of the user's passwords. |
protected org.forgerock.opendj.ldap.ConditionResult isDisabled
protected final Entry userEntry
protected AuthenticationPolicyState(Entry userEntry)
userEntry
- The user's entry.public static AuthenticationPolicyState forUser(Entry userEntry, boolean useDefaultOnError) throws DirectoryException
AuthenticationPolicy policy = AuthenticationPolicy.forUser(userEntry, useDefaultOnError); AuthenticationPolicyState state = policy.createAuthenticationPolicyState(userEntry);See the documentation of
AuthenticationPolicy.forUser(org.opends.server.types.Entry, boolean)
for a description of the algorithm used to find a
user's authentication policy.userEntry
- The user entry.useDefaultOnError
- Indicates whether the server should fall back to using the default password policy if there is a
problem with the configured policy for the user.DirectoryException
- If a problem occurs while attempting to determine the password policy for the user.AuthenticationPolicy.forUser(Entry, boolean)
protected static org.forgerock.opendj.ldap.ConditionResult getBoolean(Entry entry, String attributeName) throws DirectoryException
entry
- The entry whose attribute is to be parsed as a boolean.attributeName
- The attribute name whose value should be parsed as a boolean.DirectoryException
- If the value cannot be decoded as a boolean.protected static long getGeneralizedTime(Entry entry, org.forgerock.opendj.ldap.schema.AttributeType attributeType) throws DirectoryException
entry
- The entry whose attribute is to be parsed as a boolean.attributeType
- The attribute type whose value should be parsed as a generalized time value.DirectoryException
- If a problem occurs while attempting to decode the value as a generalized time.public void finalizeStateAfterBind() throws DirectoryException
DirectoryException
- If a problem occurs during finalization.public abstract AuthenticationPolicy getAuthenticationPolicy()
public boolean isDisabled()
true
if this authentication policy state is associated with a user whose account has been
administratively disabled.
The default implementation is use the value of the "ds-pwp-account-disable" attribute in the user's entry.
true
if this authentication policy state is associated with a user whose account has been
administratively disabled.public boolean isPasswordPolicy()
true
if this authentication policy state is associated with a password policy and the method
getAuthenticationPolicy()
will return a PasswordPolicy
.true
if this authentication policy state is associated with a password policy, otherwise
false
.public abstract boolean passwordMatches(org.forgerock.opendj.ldap.ByteString password) throws DirectoryException
true
if the provided password value matches any of the user's passwords.password
- The user-provided password to verify.true
if the provided password value matches any of the user's passwords.DirectoryException
- If verification unexpectedly failed.Copyright © 2010–2017 ForgeRock AS. All rights reserved.