Class BcryptPasswordStorageSchemeCfgDefn
- java.lang.Object
-
- org.forgerock.opendj.config.AbstractManagedObjectDefinition<C,S>
-
- org.forgerock.opendj.config.ManagedObjectDefinition<BcryptPasswordStorageSchemeCfgClient,BcryptPasswordStorageSchemeCfg>
-
- org.forgerock.opendj.server.config.meta.BcryptPasswordStorageSchemeCfgDefn
-
public final class BcryptPasswordStorageSchemeCfgDefn extends ManagedObjectDefinition<BcryptPasswordStorageSchemeCfgClient,BcryptPasswordStorageSchemeCfg>
An interface for querying the Bcrypt Password Storage Scheme managed object definition meta information.The Bcrypt Password Storage Scheme provides a mechanism for encoding user passwords using the bcrypt message digest algorithm.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
BcryptPasswordStorageSchemeCfgDefn.RehashPolicy
Defines the set of permissible values for the "rehash-policy" property.
-
Method Summary
-
Methods inherited from class org.forgerock.opendj.config.AbstractManagedObjectDefinition
getAggregationPropertyDefinition, getAggregationPropertyDefinitions, getAllAggregationPropertyDefinitions, getAllChildren, getAllConstraints, getAllPropertyDefinitions, getAllRelationDefinitions, getAllReverseAggregationPropertyDefinitions, getAllReverseRelationDefinitions, getAllTags, getChild, getChildren, getConstraints, getDescription, getDescription, getName, getParent, getPropertyDefinition, getPropertyDefinitions, getRelationDefinition, getRelationDefinitions, getReverseAggregationPropertyDefinitions, getReverseRelationDefinitions, getSynopsis, getSynopsis, getUserFriendlyName, getUserFriendlyName, getUserFriendlyPluralName, getUserFriendlyPluralName, hasChildren, hasOption, hasTag, initialize, isChildOf, isParentOf, isTop, registerConstraint, registerOption, registerPropertyDefinition, registerRelationDefinition, registerTag, resolveManagedObjectDefinition, toString, toString
-
-
-
-
Method Detail
-
getInstance
public static BcryptPasswordStorageSchemeCfgDefn getInstance()
Get the Bcrypt Password Storage Scheme configuration definition singleton.- Returns:
- Returns the Bcrypt Password Storage Scheme configuration definition singleton.
-
createClientConfiguration
public BcryptPasswordStorageSchemeCfgClient createClientConfiguration(ManagedObject<? extends BcryptPasswordStorageSchemeCfgClient> impl)
Description copied from class:ManagedObjectDefinition
Creates a client configuration view of the provided managed object. Modifications made to the underlying managed object will be reflected in the client configuration view and vice versa.- Specified by:
createClientConfiguration
in classManagedObjectDefinition<BcryptPasswordStorageSchemeCfgClient,BcryptPasswordStorageSchemeCfg>
- Parameters:
impl
- The managed object.- Returns:
- Returns a client configuration view of the provided managed object.
-
createServerConfiguration
public BcryptPasswordStorageSchemeCfg createServerConfiguration(ServerManagedObject<? extends BcryptPasswordStorageSchemeCfg> impl)
Description copied from class:ManagedObjectDefinition
Creates a server configuration view of the provided server managed object.- Specified by:
createServerConfiguration
in classManagedObjectDefinition<BcryptPasswordStorageSchemeCfgClient,BcryptPasswordStorageSchemeCfg>
- Parameters:
impl
- The server managed object.- Returns:
- Returns a server configuration view of the provided server managed object.
-
getServerConfigurationClass
public Class<BcryptPasswordStorageSchemeCfg> getServerConfigurationClass()
Description copied from class:ManagedObjectDefinition
Gets the server configuration class instance associated with this managed object definition.- Specified by:
getServerConfigurationClass
in classManagedObjectDefinition<BcryptPasswordStorageSchemeCfgClient,BcryptPasswordStorageSchemeCfg>
- Returns:
- Returns the server configuration class instance associated with this managed object definition.
-
getBcryptCostPropertyDefinition
public IntegerPropertyDefinition getBcryptCostPropertyDefinition()
Get the "bcrypt-cost" property definition.The cost parameter specifies a key expansion iteration count as a power of two. A default value of 12 (2^12 iterations) is considered in 2016 as a reasonable balance between responsiveness and security for regular users.
By default, changes to this setting impact only newly created and updated passwords. However, if the rehash-policy is set to always or only-increase, it causes the server to recalculate each user's password hash on their next authentication, and write the new hash to the user's entry on disk. Changing the number of iterations therefore leads to a short-term spike in CPU and disk use as the server updates each user's password when they next authenticate. Longer term, increasing this settings results in more secure passwords at the expense of longer response times and lower throughput.
- Returns:
- Returns the "bcrypt-cost" property definition.
-
getEnabledPropertyDefinition
public BooleanPropertyDefinition getEnabledPropertyDefinition()
Get the "enabled" property definition.Indicates whether the Bcrypt Password Storage Scheme is enabled for use.
- Returns:
- Returns the "enabled" property definition.
-
getJavaClassPropertyDefinition
public ClassPropertyDefinition getJavaClassPropertyDefinition()
Get the "java-class" property definition.Specifies the fully-qualified name of the Java class that provides the Bcrypt Password Storage Scheme implementation.
- Returns:
- Returns the "java-class" property definition.
-
getRehashPolicyPropertyDefinition
public EnumPropertyDefinition<BcryptPasswordStorageSchemeCfgDefn.RehashPolicy> getRehashPolicyPropertyDefinition()
Get the "rehash-policy" property definition.Indicates whether the server should rehash passwords after the cost has been changed.
Passwords will be rehashed when a user successfully authenticates. Note that rehashing will increase the write load on the server.
- Returns:
- Returns the "rehash-policy" property definition.
-
-