public abstract class AuthenticationPolicyState extends Object
| Modifier and Type | Field and Description |
|---|---|
protected org.forgerock.opendj.ldap.ConditionResult |
isDisabled
A boolean indicating whether or not the account associated with this
authentication state has been administratively disabled.
|
protected Entry |
userEntry
The user entry associated with this authentication policy state.
|
| Modifier | Constructor and Description |
|---|---|
protected |
AuthenticationPolicyState(Entry userEntry)
Creates a new abstract authentication policy context.
|
| Modifier and Type | Method and Description |
|---|---|
void |
finalizeStateAfterBind()
Performs any finalization required after a bind operation has completed.
|
static AuthenticationPolicyState |
forUser(Entry userEntry,
boolean useDefaultOnError)
Returns the authentication policy state for the user provided user.
|
abstract AuthenticationPolicy |
getAuthenticationPolicy()
Returns the authentication policy associated with this state.
|
protected static org.forgerock.opendj.ldap.ConditionResult |
getBoolean(Entry entry,
AttributeType attributeType)
A utility method which may be used by implementations in order to obtain
the value of the specified attribute from the provided entry as a boolean.
|
protected static long |
getGeneralizedTime(Entry entry,
AttributeType attributeType)
A utility method which may be used by implementations in order to obtain
the value of the specified attribute from the provided entry as a time in
generalized time format.
|
boolean |
isDisabled()
Returns
true if this authentication policy state is associated with
a user whose account has been administratively disabled. |
boolean |
isPasswordPolicy()
Returns
true if this authentication policy state is associated with
a password policy and the method getAuthenticationPolicy() will
return a PasswordPolicy. |
abstract boolean |
passwordMatches(org.forgerock.opendj.ldap.ByteString password)
Returns
true if the provided password value matches any of the
user's passwords. |
protected org.forgerock.opendj.ldap.ConditionResult isDisabled
protected AuthenticationPolicyState(Entry userEntry)
userEntry - The user's entry.public static AuthenticationPolicyState forUser(Entry userEntry, boolean useDefaultOnError) throws DirectoryException
AuthenticationPolicy policy = AuthenticationPolicy.forUser(userEntry,
useDefaultOnError);
AuthenticationPolicyState state = policy
.createAuthenticationPolicyState(userEntry);
See the documentation of AuthenticationPolicy.forUser(org.opends.server.types.Entry, boolean) for a
description of the algorithm used to find a user's authentication policy.userEntry - The user entry.useDefaultOnError - Indicates whether the server should fall back to using the default
password policy if there is a problem with the configured policy
for the user.DirectoryException - If a problem occurs while attempting to determine the password
policy for the user.AuthenticationPolicy.forUser(Entry, boolean)protected static org.forgerock.opendj.ldap.ConditionResult getBoolean(Entry entry, AttributeType attributeType) throws DirectoryException
entry - The entry whose attribute is to be parsed as a boolean.attributeType - The attribute type whose value should be parsed as a boolean.DirectoryException - If the value cannot be decoded as a boolean.protected static long getGeneralizedTime(Entry entry, AttributeType attributeType) throws DirectoryException
entry - The entry whose attribute is to be parsed as a boolean.attributeType - The attribute type whose value should be parsed as a generalized
time value.DirectoryException - If a problem occurs while attempting to decode the value as a
generalized time.public void finalizeStateAfterBind() throws DirectoryException
DirectoryException - If a problem occurs during finalization.public abstract AuthenticationPolicy getAuthenticationPolicy()
public boolean isDisabled()
true if this authentication policy state is associated with
a user whose account has been administratively disabled.
The default implementation is use the value of the "ds-pwp-account-disable" attribute in the user's entry.
true if this authentication policy state is associated with
a user whose account has been administratively disabled.public boolean isPasswordPolicy()
true if this authentication policy state is associated with
a password policy and the method getAuthenticationPolicy() will
return a PasswordPolicy.true if this authentication policy state is associated with
a password policy, otherwise false.public abstract boolean passwordMatches(org.forgerock.opendj.ldap.ByteString password) throws DirectoryException
true if the provided password value matches any of the
user's passwords.password - The user-provided password to verify.true if the provided password value matches any of the
user's passwords.DirectoryException - If verification unexpectedly failed.Copyright © 2010-2015 ForgeRock AS. All Rights Reserved.