001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions Copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2006-2008 Sun Microsystems, Inc. 015 * Portions Copyright 2014-2016 ForgeRock AS. 016 */ 017package org.opends.server.api; 018import org.forgerock.i18n.LocalizableMessage; 019 020 021 022import java.util.List; 023import java.util.Set; 024 025import org.forgerock.opendj.server.config.server.PasswordValidatorCfg; 026import org.forgerock.opendj.config.server.ConfigException; 027import org.opends.server.types.*; 028import org.forgerock.opendj.ldap.ByteString; 029import org.forgerock.i18n.LocalizableMessageBuilder; 030 031 032/** 033 * This class defines the set of methods and structures that must be 034 * implemented by a Directory Server module that may be used to 035 * determine whether a proposed password is acceptable for a user. 036 * 037 * @param <T> The type of configuration handled by this password 038 * validator. 039 */ 040@org.opends.server.types.PublicAPI( 041 stability=org.opends.server.types.StabilityLevel.UNCOMMITTED, 042 mayInstantiate=false, 043 mayExtend=true, 044 mayInvoke=false) 045public abstract class PasswordValidator 046 <T extends PasswordValidatorCfg> 047{ 048 /** 049 * Initializes this password validator based on the information in 050 * the provided configuration entry. 051 * 052 * @param configuration The configuration to use to initialize 053 * this password validator. 054 * 055 * @throws ConfigException If an unrecoverable problem arises in 056 * the process of performing the 057 * initialization. 058 * 059 * @throws InitializationException If a problem occurs during 060 * initialization that is not 061 * related to the server 062 * configuration. 063 */ 064 public abstract void initializePasswordValidator(T configuration) 065 throws ConfigException, InitializationException; 066 067 068 069 /** 070 * Indicates whether the provided configuration is acceptable for 071 * this password validator. It should be possible to call this 072 * method on an uninitialized password validator instance in order 073 * to determine whether the password validator would be able to use 074 * the provided configuration. 075 * <BR><BR> 076 * Note that implementations which use a subclass of the provided 077 * configuration class will likely need to cast the configuration 078 * to the appropriate subclass type. 079 * 080 * @param configuration The password validator configuration 081 * for which to make the determination. 082 * @param unacceptableReasons A list that may be used to hold the 083 * reasons that the provided 084 * configuration is not acceptable. 085 * 086 * @return {@code true} if the provided configuration is acceptable 087 * for this password validator, or {@code false} if not. 088 */ 089 public boolean isConfigurationAcceptable( 090 PasswordValidatorCfg configuration, 091 List<LocalizableMessage> unacceptableReasons) 092 { 093 // This default implementation does not perform any special 094 // validation. It should be overridden by password validator 095 // implementations that wish to perform more detailed validation. 096 return true; 097 } 098 099 100 101 /** 102 * Performs any finalization that might be required when this 103 * password validator is unloaded. No action is taken in the 104 * default implementation. 105 */ 106 public void finalizePasswordValidator() 107 { 108 // No action is required by default. 109 } 110 111 112 113 /** 114 * Indicates whether the provided password is acceptable for use by 115 * the specified user. If the password is determined to be 116 * unacceptable, then a human-readable explanation should be 117 * appended to the provided buffer. 118 * 119 * @param newPassword The proposed clear-text password that 120 * should be validated. 121 * @param currentPasswords The set of clear-text current passwords 122 * for the user (if available). Note that 123 * the current passwords may not always be 124 * available, and this may not comprise 125 * entire set of passwords currently 126 * for the user. 127 * @param operation The operation that is being used to set 128 * the password. It may be an add, a 129 * modify, or a password modify operation. 130 * @param userEntry The entry for the user whose password 131 * is being changed. 132 * @param invalidReason The buffer to which the human-readable 133 * explanation should be appended if it is 134 * determined that the password is not 135 * acceptable. 136 * 137 * @return {@code true} if the password is acceptable, or 138 * {@code false} if not. 139 */ 140 public abstract boolean passwordIsAcceptable(ByteString newPassword, 141 Set<ByteString> currentPasswords, 142 Operation operation, 143 Entry userEntry, 144 LocalizableMessageBuilder invalidReason); 145} 146