001/* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt 010 * or http://forgerock.org/license/CDDLv1.0.html. 011 * See the License for the specific language governing permissions 012 * and limitations under the License. 013 * 014 * When distributing Covered Code, include this CDDL HEADER in each 015 * file and include the License file at legal-notices/CDDLv1_0.txt. 016 * If applicable, add the following below this CDDL HEADER, with the 017 * fields enclosed by brackets "[]" replaced with your own identifying 018 * information: 019 * Portions Copyright [yyyy] [name of copyright owner] 020 * 021 * CDDL HEADER END 022 * 023 * 024 * Copyright 2008 Sun Microsystems, Inc. 025 */ 026package org.opends.server.admin.std.meta; 027 028 029 030import org.opends.server.admin.AdministratorAction; 031import org.opends.server.admin.BooleanPropertyDefinition; 032import org.opends.server.admin.ClassPropertyDefinition; 033import org.opends.server.admin.client.AuthorizationException; 034import org.opends.server.admin.client.CommunicationException; 035import org.opends.server.admin.client.ConcurrentModificationException; 036import org.opends.server.admin.client.ManagedObject; 037import org.opends.server.admin.client.MissingMandatoryPropertiesException; 038import org.opends.server.admin.client.OperationRejectedException; 039import org.opends.server.admin.DefaultBehaviorProvider; 040import org.opends.server.admin.DefinedDefaultBehaviorProvider; 041import org.opends.server.admin.IntegerPropertyDefinition; 042import org.opends.server.admin.ManagedObjectAlreadyExistsException; 043import org.opends.server.admin.ManagedObjectDefinition; 044import org.opends.server.admin.PropertyOption; 045import org.opends.server.admin.PropertyProvider; 046import org.opends.server.admin.server.ConfigurationChangeListener; 047import org.opends.server.admin.server.ServerManagedObject; 048import org.opends.server.admin.std.client.DictionaryPasswordValidatorCfgClient; 049import org.opends.server.admin.std.server.DictionaryPasswordValidatorCfg; 050import org.opends.server.admin.std.server.PasswordValidatorCfg; 051import org.opends.server.admin.StringPropertyDefinition; 052import org.opends.server.admin.Tag; 053import org.opends.server.types.DN; 054 055 056 057/** 058 * An interface for querying the Dictionary Password Validator managed 059 * object definition meta information. 060 * <p> 061 * The Dictionary Password Validator determines whether a proposed 062 * password is acceptable based on whether the given password value 063 * appears in a provided dictionary file. 064 */ 065public final class DictionaryPasswordValidatorCfgDefn extends ManagedObjectDefinition<DictionaryPasswordValidatorCfgClient, DictionaryPasswordValidatorCfg> { 066 067 // The singleton configuration definition instance. 068 private static final DictionaryPasswordValidatorCfgDefn INSTANCE = new DictionaryPasswordValidatorCfgDefn(); 069 070 071 072 // The "case-sensitive-validation" property definition. 073 private static final BooleanPropertyDefinition PD_CASE_SENSITIVE_VALIDATION; 074 075 076 077 // The "check-substrings" property definition. 078 private static final BooleanPropertyDefinition PD_CHECK_SUBSTRINGS; 079 080 081 082 // The "dictionary-file" property definition. 083 private static final StringPropertyDefinition PD_DICTIONARY_FILE; 084 085 086 087 // The "java-class" property definition. 088 private static final ClassPropertyDefinition PD_JAVA_CLASS; 089 090 091 092 // The "min-substring-length" property definition. 093 private static final IntegerPropertyDefinition PD_MIN_SUBSTRING_LENGTH; 094 095 096 097 // The "test-reversed-password" property definition. 098 private static final BooleanPropertyDefinition PD_TEST_REVERSED_PASSWORD; 099 100 101 102 // Build the "case-sensitive-validation" property definition. 103 static { 104 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "case-sensitive-validation"); 105 builder.setOption(PropertyOption.MANDATORY); 106 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "case-sensitive-validation")); 107 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false"); 108 builder.setDefaultBehaviorProvider(provider); 109 PD_CASE_SENSITIVE_VALIDATION = builder.getInstance(); 110 INSTANCE.registerPropertyDefinition(PD_CASE_SENSITIVE_VALIDATION); 111 } 112 113 114 115 // Build the "check-substrings" property definition. 116 static { 117 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "check-substrings"); 118 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "check-substrings")); 119 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("true"); 120 builder.setDefaultBehaviorProvider(provider); 121 PD_CHECK_SUBSTRINGS = builder.getInstance(); 122 INSTANCE.registerPropertyDefinition(PD_CHECK_SUBSTRINGS); 123 } 124 125 126 127 // Build the "dictionary-file" property definition. 128 static { 129 StringPropertyDefinition.Builder builder = StringPropertyDefinition.createBuilder(INSTANCE, "dictionary-file"); 130 builder.setOption(PropertyOption.MANDATORY); 131 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "dictionary-file")); 132 DefaultBehaviorProvider<String> provider = new DefinedDefaultBehaviorProvider<String>("For Unix and Linux systems: config/wordlist.txt. For Windows systems: config\\wordlist.txt"); 133 builder.setDefaultBehaviorProvider(provider); 134 builder.setPattern(".*", "FILE"); 135 PD_DICTIONARY_FILE = builder.getInstance(); 136 INSTANCE.registerPropertyDefinition(PD_DICTIONARY_FILE); 137 } 138 139 140 141 // Build the "java-class" property definition. 142 static { 143 ClassPropertyDefinition.Builder builder = ClassPropertyDefinition.createBuilder(INSTANCE, "java-class"); 144 builder.setOption(PropertyOption.MANDATORY); 145 builder.setOption(PropertyOption.ADVANCED); 146 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.COMPONENT_RESTART, INSTANCE, "java-class")); 147 DefaultBehaviorProvider<String> provider = new DefinedDefaultBehaviorProvider<String>("org.opends.server.extensions.DictionaryPasswordValidator"); 148 builder.setDefaultBehaviorProvider(provider); 149 builder.addInstanceOf("org.opends.server.api.PasswordValidator"); 150 PD_JAVA_CLASS = builder.getInstance(); 151 INSTANCE.registerPropertyDefinition(PD_JAVA_CLASS); 152 } 153 154 155 156 // Build the "min-substring-length" property definition. 157 static { 158 IntegerPropertyDefinition.Builder builder = IntegerPropertyDefinition.createBuilder(INSTANCE, "min-substring-length"); 159 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "min-substring-length")); 160 DefaultBehaviorProvider<Integer> provider = new DefinedDefaultBehaviorProvider<Integer>("5"); 161 builder.setDefaultBehaviorProvider(provider); 162 PD_MIN_SUBSTRING_LENGTH = builder.getInstance(); 163 INSTANCE.registerPropertyDefinition(PD_MIN_SUBSTRING_LENGTH); 164 } 165 166 167 168 // Build the "test-reversed-password" property definition. 169 static { 170 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "test-reversed-password"); 171 builder.setOption(PropertyOption.MANDATORY); 172 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "test-reversed-password")); 173 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("true"); 174 builder.setDefaultBehaviorProvider(provider); 175 PD_TEST_REVERSED_PASSWORD = builder.getInstance(); 176 INSTANCE.registerPropertyDefinition(PD_TEST_REVERSED_PASSWORD); 177 } 178 179 180 181 // Register the tags associated with this managed object definition. 182 static { 183 INSTANCE.registerTag(Tag.valueOf("user-management")); 184 } 185 186 187 188 /** 189 * Get the Dictionary Password Validator configuration definition 190 * singleton. 191 * 192 * @return Returns the Dictionary Password Validator configuration 193 * definition singleton. 194 */ 195 public static DictionaryPasswordValidatorCfgDefn getInstance() { 196 return INSTANCE; 197 } 198 199 200 201 /** 202 * Private constructor. 203 */ 204 private DictionaryPasswordValidatorCfgDefn() { 205 super("dictionary-password-validator", PasswordValidatorCfgDefn.getInstance()); 206 } 207 208 209 210 /** 211 * {@inheritDoc} 212 */ 213 public DictionaryPasswordValidatorCfgClient createClientConfiguration( 214 ManagedObject<? extends DictionaryPasswordValidatorCfgClient> impl) { 215 return new DictionaryPasswordValidatorCfgClientImpl(impl); 216 } 217 218 219 220 /** 221 * {@inheritDoc} 222 */ 223 public DictionaryPasswordValidatorCfg createServerConfiguration( 224 ServerManagedObject<? extends DictionaryPasswordValidatorCfg> impl) { 225 return new DictionaryPasswordValidatorCfgServerImpl(impl); 226 } 227 228 229 230 /** 231 * {@inheritDoc} 232 */ 233 public Class<DictionaryPasswordValidatorCfg> getServerConfigurationClass() { 234 return DictionaryPasswordValidatorCfg.class; 235 } 236 237 238 239 /** 240 * Get the "case-sensitive-validation" property definition. 241 * <p> 242 * Indicates whether this password validator is to treat password 243 * characters in a case-sensitive manner. 244 * <p> 245 * If it is set to true, then the validator rejects a password only 246 * if it appears in the dictionary with exactly the same 247 * capitalization as provided by the user. 248 * 249 * @return Returns the "case-sensitive-validation" property definition. 250 */ 251 public BooleanPropertyDefinition getCaseSensitiveValidationPropertyDefinition() { 252 return PD_CASE_SENSITIVE_VALIDATION; 253 } 254 255 256 257 /** 258 * Get the "check-substrings" property definition. 259 * <p> 260 * Indicates whether this password validator is to match portions of 261 * the password string against dictionary words. 262 * <p> 263 * If "false" then only match the entire password against words 264 * otherwise ("true") check whether the password contains words. 265 * 266 * @return Returns the "check-substrings" property definition. 267 */ 268 public BooleanPropertyDefinition getCheckSubstringsPropertyDefinition() { 269 return PD_CHECK_SUBSTRINGS; 270 } 271 272 273 274 /** 275 * Get the "dictionary-file" property definition. 276 * <p> 277 * Specifies the path to the file containing a list of words that 278 * cannot be used as passwords. 279 * <p> 280 * It should be formatted with one word per line. The value can be 281 * an absolute path or a path that is relative to the OpenDJ instance 282 * root. 283 * 284 * @return Returns the "dictionary-file" property definition. 285 */ 286 public StringPropertyDefinition getDictionaryFilePropertyDefinition() { 287 return PD_DICTIONARY_FILE; 288 } 289 290 291 292 /** 293 * Get the "enabled" property definition. 294 * <p> 295 * Indicates whether the password validator is enabled for use. 296 * 297 * @return Returns the "enabled" property definition. 298 */ 299 public BooleanPropertyDefinition getEnabledPropertyDefinition() { 300 return PasswordValidatorCfgDefn.getInstance().getEnabledPropertyDefinition(); 301 } 302 303 304 305 /** 306 * Get the "java-class" property definition. 307 * <p> 308 * Specifies the fully-qualified name of the Java class that 309 * provides the password validator implementation. 310 * 311 * @return Returns the "java-class" property definition. 312 */ 313 public ClassPropertyDefinition getJavaClassPropertyDefinition() { 314 return PD_JAVA_CLASS; 315 } 316 317 318 319 /** 320 * Get the "min-substring-length" property definition. 321 * <p> 322 * Indicates the minimal length of the substring within the password 323 * in case substring checking is enabled. 324 * <p> 325 * If "check-substrings" option is set to true, then this parameter 326 * defines the length of the smallest word which should be used for 327 * substring matching. Use with caution because values below 3 might 328 * disqualify valid passwords. 329 * 330 * @return Returns the "min-substring-length" property definition. 331 */ 332 public IntegerPropertyDefinition getMinSubstringLengthPropertyDefinition() { 333 return PD_MIN_SUBSTRING_LENGTH; 334 } 335 336 337 338 /** 339 * Get the "test-reversed-password" property definition. 340 * <p> 341 * Indicates whether this password validator is to test the reversed 342 * value of the provided password as well as the order in which it 343 * was given. 344 * <p> 345 * For example, if the user provides a new password of "password" 346 * and this configuration attribute is set to true, then the value 347 * "drowssap" is also tested against attribute values in the user's 348 * entry. 349 * 350 * @return Returns the "test-reversed-password" property definition. 351 */ 352 public BooleanPropertyDefinition getTestReversedPasswordPropertyDefinition() { 353 return PD_TEST_REVERSED_PASSWORD; 354 } 355 356 357 358 /** 359 * Managed object client implementation. 360 */ 361 private static class DictionaryPasswordValidatorCfgClientImpl implements 362 DictionaryPasswordValidatorCfgClient { 363 364 // Private implementation. 365 private ManagedObject<? extends DictionaryPasswordValidatorCfgClient> impl; 366 367 368 369 // Private constructor. 370 private DictionaryPasswordValidatorCfgClientImpl( 371 ManagedObject<? extends DictionaryPasswordValidatorCfgClient> impl) { 372 this.impl = impl; 373 } 374 375 376 377 /** 378 * {@inheritDoc} 379 */ 380 public boolean isCaseSensitiveValidation() { 381 return impl.getPropertyValue(INSTANCE.getCaseSensitiveValidationPropertyDefinition()); 382 } 383 384 385 386 /** 387 * {@inheritDoc} 388 */ 389 public void setCaseSensitiveValidation(boolean value) { 390 impl.setPropertyValue(INSTANCE.getCaseSensitiveValidationPropertyDefinition(), value); 391 } 392 393 394 395 /** 396 * {@inheritDoc} 397 */ 398 public boolean isCheckSubstrings() { 399 return impl.getPropertyValue(INSTANCE.getCheckSubstringsPropertyDefinition()); 400 } 401 402 403 404 /** 405 * {@inheritDoc} 406 */ 407 public void setCheckSubstrings(Boolean value) { 408 impl.setPropertyValue(INSTANCE.getCheckSubstringsPropertyDefinition(), value); 409 } 410 411 412 413 /** 414 * {@inheritDoc} 415 */ 416 public String getDictionaryFile() { 417 return impl.getPropertyValue(INSTANCE.getDictionaryFilePropertyDefinition()); 418 } 419 420 421 422 /** 423 * {@inheritDoc} 424 */ 425 public void setDictionaryFile(String value) { 426 impl.setPropertyValue(INSTANCE.getDictionaryFilePropertyDefinition(), value); 427 } 428 429 430 431 /** 432 * {@inheritDoc} 433 */ 434 public Boolean isEnabled() { 435 return impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition()); 436 } 437 438 439 440 /** 441 * {@inheritDoc} 442 */ 443 public void setEnabled(boolean value) { 444 impl.setPropertyValue(INSTANCE.getEnabledPropertyDefinition(), value); 445 } 446 447 448 449 /** 450 * {@inheritDoc} 451 */ 452 public String getJavaClass() { 453 return impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition()); 454 } 455 456 457 458 /** 459 * {@inheritDoc} 460 */ 461 public void setJavaClass(String value) { 462 impl.setPropertyValue(INSTANCE.getJavaClassPropertyDefinition(), value); 463 } 464 465 466 467 /** 468 * {@inheritDoc} 469 */ 470 public int getMinSubstringLength() { 471 return impl.getPropertyValue(INSTANCE.getMinSubstringLengthPropertyDefinition()); 472 } 473 474 475 476 /** 477 * {@inheritDoc} 478 */ 479 public void setMinSubstringLength(Integer value) { 480 impl.setPropertyValue(INSTANCE.getMinSubstringLengthPropertyDefinition(), value); 481 } 482 483 484 485 /** 486 * {@inheritDoc} 487 */ 488 public boolean isTestReversedPassword() { 489 return impl.getPropertyValue(INSTANCE.getTestReversedPasswordPropertyDefinition()); 490 } 491 492 493 494 /** 495 * {@inheritDoc} 496 */ 497 public void setTestReversedPassword(boolean value) { 498 impl.setPropertyValue(INSTANCE.getTestReversedPasswordPropertyDefinition(), value); 499 } 500 501 502 503 /** 504 * {@inheritDoc} 505 */ 506 public ManagedObjectDefinition<? extends DictionaryPasswordValidatorCfgClient, ? extends DictionaryPasswordValidatorCfg> definition() { 507 return INSTANCE; 508 } 509 510 511 512 /** 513 * {@inheritDoc} 514 */ 515 public PropertyProvider properties() { 516 return impl; 517 } 518 519 520 521 /** 522 * {@inheritDoc} 523 */ 524 public void commit() throws ManagedObjectAlreadyExistsException, 525 MissingMandatoryPropertiesException, ConcurrentModificationException, 526 OperationRejectedException, AuthorizationException, 527 CommunicationException { 528 impl.commit(); 529 } 530 531 } 532 533 534 535 /** 536 * Managed object server implementation. 537 */ 538 private static class DictionaryPasswordValidatorCfgServerImpl implements 539 DictionaryPasswordValidatorCfg { 540 541 // Private implementation. 542 private ServerManagedObject<? extends DictionaryPasswordValidatorCfg> impl; 543 544 // The value of the "case-sensitive-validation" property. 545 private final boolean pCaseSensitiveValidation; 546 547 // The value of the "check-substrings" property. 548 private final boolean pCheckSubstrings; 549 550 // The value of the "dictionary-file" property. 551 private final String pDictionaryFile; 552 553 // The value of the "enabled" property. 554 private final boolean pEnabled; 555 556 // The value of the "java-class" property. 557 private final String pJavaClass; 558 559 // The value of the "min-substring-length" property. 560 private final int pMinSubstringLength; 561 562 // The value of the "test-reversed-password" property. 563 private final boolean pTestReversedPassword; 564 565 566 567 // Private constructor. 568 private DictionaryPasswordValidatorCfgServerImpl(ServerManagedObject<? extends DictionaryPasswordValidatorCfg> impl) { 569 this.impl = impl; 570 this.pCaseSensitiveValidation = impl.getPropertyValue(INSTANCE.getCaseSensitiveValidationPropertyDefinition()); 571 this.pCheckSubstrings = impl.getPropertyValue(INSTANCE.getCheckSubstringsPropertyDefinition()); 572 this.pDictionaryFile = impl.getPropertyValue(INSTANCE.getDictionaryFilePropertyDefinition()); 573 this.pEnabled = impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition()); 574 this.pJavaClass = impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition()); 575 this.pMinSubstringLength = impl.getPropertyValue(INSTANCE.getMinSubstringLengthPropertyDefinition()); 576 this.pTestReversedPassword = impl.getPropertyValue(INSTANCE.getTestReversedPasswordPropertyDefinition()); 577 } 578 579 580 581 /** 582 * {@inheritDoc} 583 */ 584 public void addDictionaryChangeListener( 585 ConfigurationChangeListener<DictionaryPasswordValidatorCfg> listener) { 586 impl.registerChangeListener(listener); 587 } 588 589 590 591 /** 592 * {@inheritDoc} 593 */ 594 public void removeDictionaryChangeListener( 595 ConfigurationChangeListener<DictionaryPasswordValidatorCfg> listener) { 596 impl.deregisterChangeListener(listener); 597 } 598 /** 599 * {@inheritDoc} 600 */ 601 public void addChangeListener( 602 ConfigurationChangeListener<PasswordValidatorCfg> listener) { 603 impl.registerChangeListener(listener); 604 } 605 606 607 608 /** 609 * {@inheritDoc} 610 */ 611 public void removeChangeListener( 612 ConfigurationChangeListener<PasswordValidatorCfg> listener) { 613 impl.deregisterChangeListener(listener); 614 } 615 616 617 618 /** 619 * {@inheritDoc} 620 */ 621 public boolean isCaseSensitiveValidation() { 622 return pCaseSensitiveValidation; 623 } 624 625 626 627 /** 628 * {@inheritDoc} 629 */ 630 public boolean isCheckSubstrings() { 631 return pCheckSubstrings; 632 } 633 634 635 636 /** 637 * {@inheritDoc} 638 */ 639 public String getDictionaryFile() { 640 return pDictionaryFile; 641 } 642 643 644 645 /** 646 * {@inheritDoc} 647 */ 648 public boolean isEnabled() { 649 return pEnabled; 650 } 651 652 653 654 /** 655 * {@inheritDoc} 656 */ 657 public String getJavaClass() { 658 return pJavaClass; 659 } 660 661 662 663 /** 664 * {@inheritDoc} 665 */ 666 public int getMinSubstringLength() { 667 return pMinSubstringLength; 668 } 669 670 671 672 /** 673 * {@inheritDoc} 674 */ 675 public boolean isTestReversedPassword() { 676 return pTestReversedPassword; 677 } 678 679 680 681 /** 682 * {@inheritDoc} 683 */ 684 public Class<? extends DictionaryPasswordValidatorCfg> configurationClass() { 685 return DictionaryPasswordValidatorCfg.class; 686 } 687 688 689 690 /** 691 * {@inheritDoc} 692 */ 693 public DN dn() { 694 return impl.getDN(); 695 } 696 697 } 698}