001/* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt 010 * or http://forgerock.org/license/CDDLv1.0.html. 011 * See the License for the specific language governing permissions 012 * and limitations under the License. 013 * 014 * When distributing Covered Code, include this CDDL HEADER in each 015 * file and include the License file at legal-notices/CDDLv1_0.txt. 016 * If applicable, add the following below this CDDL HEADER, with the 017 * fields enclosed by brackets "[]" replaced with your own identifying 018 * information: 019 * Portions Copyright [yyyy] [name of copyright owner] 020 * 021 * CDDL HEADER END 022 * 023 * 024 * Copyright 2008 Sun Microsystems, Inc. 025 */ 026package org.forgerock.opendj.server.config.meta; 027 028 029 030import java.util.Collection; 031import java.util.SortedSet; 032import org.forgerock.opendj.config.AdministratorAction; 033import org.forgerock.opendj.config.AliasDefaultBehaviorProvider; 034import org.forgerock.opendj.config.AttributeTypePropertyDefinition; 035import org.forgerock.opendj.config.BooleanPropertyDefinition; 036import org.forgerock.opendj.config.ClassPropertyDefinition; 037import org.forgerock.opendj.config.client.ConcurrentModificationException; 038import org.forgerock.opendj.config.client.ManagedObject; 039import org.forgerock.opendj.config.client.MissingMandatoryPropertiesException; 040import org.forgerock.opendj.config.client.OperationRejectedException; 041import org.forgerock.opendj.config.DefaultBehaviorProvider; 042import org.forgerock.opendj.config.DefinedDefaultBehaviorProvider; 043import org.forgerock.opendj.config.IntegerPropertyDefinition; 044import org.forgerock.opendj.config.ManagedObjectAlreadyExistsException; 045import org.forgerock.opendj.config.ManagedObjectDefinition; 046import org.forgerock.opendj.config.PropertyOption; 047import org.forgerock.opendj.config.PropertyProvider; 048import org.forgerock.opendj.config.server.ConfigurationChangeListener; 049import org.forgerock.opendj.config.server.ServerManagedObject; 050import org.forgerock.opendj.config.Tag; 051import org.forgerock.opendj.config.UndefinedDefaultBehaviorProvider; 052import org.forgerock.opendj.ldap.DN; 053import org.forgerock.opendj.ldap.LdapException; 054import org.forgerock.opendj.ldap.schema.AttributeType; 055import org.forgerock.opendj.server.config.client.AttributeValuePasswordValidatorCfgClient; 056import org.forgerock.opendj.server.config.server.AttributeValuePasswordValidatorCfg; 057import org.forgerock.opendj.server.config.server.PasswordValidatorCfg; 058 059 060 061/** 062 * An interface for querying the Attribute Value Password Validator 063 * managed object definition meta information. 064 * <p> 065 * The Attribute Value Password Validator attempts to determine 066 * whether a proposed password is acceptable for use by determining 067 * whether that password is contained in any attribute within the 068 * user's entry. 069 */ 070public final class AttributeValuePasswordValidatorCfgDefn extends ManagedObjectDefinition<AttributeValuePasswordValidatorCfgClient, AttributeValuePasswordValidatorCfg> { 071 072 // The singleton configuration definition instance. 073 private static final AttributeValuePasswordValidatorCfgDefn INSTANCE = new AttributeValuePasswordValidatorCfgDefn(); 074 075 076 077 // The "check-substrings" property definition. 078 private static final BooleanPropertyDefinition PD_CHECK_SUBSTRINGS; 079 080 081 082 // The "java-class" property definition. 083 private static final ClassPropertyDefinition PD_JAVA_CLASS; 084 085 086 087 // The "match-attribute" property definition. 088 private static final AttributeTypePropertyDefinition PD_MATCH_ATTRIBUTE; 089 090 091 092 // The "min-substring-length" property definition. 093 private static final IntegerPropertyDefinition PD_MIN_SUBSTRING_LENGTH; 094 095 096 097 // The "test-reversed-password" property definition. 098 private static final BooleanPropertyDefinition PD_TEST_REVERSED_PASSWORD; 099 100 101 102 // Build the "check-substrings" property definition. 103 static { 104 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "check-substrings"); 105 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "check-substrings")); 106 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("true"); 107 builder.setDefaultBehaviorProvider(provider); 108 PD_CHECK_SUBSTRINGS = builder.getInstance(); 109 INSTANCE.registerPropertyDefinition(PD_CHECK_SUBSTRINGS); 110 } 111 112 113 114 // Build the "java-class" property definition. 115 static { 116 ClassPropertyDefinition.Builder builder = ClassPropertyDefinition.createBuilder(INSTANCE, "java-class"); 117 builder.setOption(PropertyOption.MANDATORY); 118 builder.setOption(PropertyOption.ADVANCED); 119 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.COMPONENT_RESTART, INSTANCE, "java-class")); 120 DefaultBehaviorProvider<String> provider = new DefinedDefaultBehaviorProvider<String>("org.opends.server.extensions.AttributeValuePasswordValidator"); 121 builder.setDefaultBehaviorProvider(provider); 122 builder.addInstanceOf("org.opends.server.api.PasswordValidator"); 123 PD_JAVA_CLASS = builder.getInstance(); 124 INSTANCE.registerPropertyDefinition(PD_JAVA_CLASS); 125 } 126 127 128 129 // Build the "match-attribute" property definition. 130 static { 131 AttributeTypePropertyDefinition.Builder builder = AttributeTypePropertyDefinition.createBuilder(INSTANCE, "match-attribute"); 132 builder.setOption(PropertyOption.MULTI_VALUED); 133 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "match-attribute")); 134 builder.setDefaultBehaviorProvider(new AliasDefaultBehaviorProvider<AttributeType>(INSTANCE, "match-attribute")); 135 PD_MATCH_ATTRIBUTE = builder.getInstance(); 136 INSTANCE.registerPropertyDefinition(PD_MATCH_ATTRIBUTE); 137 } 138 139 140 141 // Build the "min-substring-length" property definition. 142 static { 143 IntegerPropertyDefinition.Builder builder = IntegerPropertyDefinition.createBuilder(INSTANCE, "min-substring-length"); 144 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "min-substring-length")); 145 DefaultBehaviorProvider<Integer> provider = new DefinedDefaultBehaviorProvider<Integer>("5"); 146 builder.setDefaultBehaviorProvider(provider); 147 PD_MIN_SUBSTRING_LENGTH = builder.getInstance(); 148 INSTANCE.registerPropertyDefinition(PD_MIN_SUBSTRING_LENGTH); 149 } 150 151 152 153 // Build the "test-reversed-password" property definition. 154 static { 155 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "test-reversed-password"); 156 builder.setOption(PropertyOption.MANDATORY); 157 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "test-reversed-password")); 158 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<Boolean>()); 159 PD_TEST_REVERSED_PASSWORD = builder.getInstance(); 160 INSTANCE.registerPropertyDefinition(PD_TEST_REVERSED_PASSWORD); 161 } 162 163 164 165 // Register the tags associated with this managed object definition. 166 static { 167 INSTANCE.registerTag(Tag.valueOf("user-management")); 168 } 169 170 171 172 /** 173 * Get the Attribute Value Password Validator configuration 174 * definition singleton. 175 * 176 * @return Returns the Attribute Value Password Validator 177 * configuration definition singleton. 178 */ 179 public static AttributeValuePasswordValidatorCfgDefn getInstance() { 180 return INSTANCE; 181 } 182 183 184 185 /** 186 * Private constructor. 187 */ 188 private AttributeValuePasswordValidatorCfgDefn() { 189 super("attribute-value-password-validator", PasswordValidatorCfgDefn.getInstance()); 190 } 191 192 193 194 /** 195 * {@inheritDoc} 196 */ 197 public AttributeValuePasswordValidatorCfgClient createClientConfiguration( 198 ManagedObject<? extends AttributeValuePasswordValidatorCfgClient> impl) { 199 return new AttributeValuePasswordValidatorCfgClientImpl(impl); 200 } 201 202 203 204 /** 205 * {@inheritDoc} 206 */ 207 public AttributeValuePasswordValidatorCfg createServerConfiguration( 208 ServerManagedObject<? extends AttributeValuePasswordValidatorCfg> impl) { 209 return new AttributeValuePasswordValidatorCfgServerImpl(impl); 210 } 211 212 213 214 /** 215 * {@inheritDoc} 216 */ 217 public Class<AttributeValuePasswordValidatorCfg> getServerConfigurationClass() { 218 return AttributeValuePasswordValidatorCfg.class; 219 } 220 221 222 223 /** 224 * Get the "check-substrings" property definition. 225 * <p> 226 * Indicates whether this password validator is to match portions of 227 * the password string against attribute values. 228 * <p> 229 * If "false" then only match the entire password against attribute 230 * values otherwise ("true") check whether the password contains 231 * attribute values. 232 * 233 * @return Returns the "check-substrings" property definition. 234 */ 235 public BooleanPropertyDefinition getCheckSubstringsPropertyDefinition() { 236 return PD_CHECK_SUBSTRINGS; 237 } 238 239 240 241 /** 242 * Get the "enabled" property definition. 243 * <p> 244 * Indicates whether the password validator is enabled for use. 245 * 246 * @return Returns the "enabled" property definition. 247 */ 248 public BooleanPropertyDefinition getEnabledPropertyDefinition() { 249 return PasswordValidatorCfgDefn.getInstance().getEnabledPropertyDefinition(); 250 } 251 252 253 254 /** 255 * Get the "java-class" property definition. 256 * <p> 257 * Specifies the fully-qualified name of the Java class that 258 * provides the password validator implementation. 259 * 260 * @return Returns the "java-class" property definition. 261 */ 262 public ClassPropertyDefinition getJavaClassPropertyDefinition() { 263 return PD_JAVA_CLASS; 264 } 265 266 267 268 /** 269 * Get the "match-attribute" property definition. 270 * <p> 271 * Specifies the name(s) of the attribute(s) whose values should be 272 * checked to determine whether they match the provided password. If 273 * no values are provided, then the server checks if the proposed 274 * password matches the value of any attribute in the user's entry. 275 * 276 * @return Returns the "match-attribute" property definition. 277 */ 278 public AttributeTypePropertyDefinition getMatchAttributePropertyDefinition() { 279 return PD_MATCH_ATTRIBUTE; 280 } 281 282 283 284 /** 285 * Get the "min-substring-length" property definition. 286 * <p> 287 * Indicates the minimal length of the substring within the password 288 * in case substring checking is enabled. 289 * <p> 290 * If "check-substrings" option is set to true, then this parameter 291 * defines the length of the smallest word which should be used for 292 * substring matching. Use with caution because values below 3 might 293 * disqualify valid passwords. 294 * 295 * @return Returns the "min-substring-length" property definition. 296 */ 297 public IntegerPropertyDefinition getMinSubstringLengthPropertyDefinition() { 298 return PD_MIN_SUBSTRING_LENGTH; 299 } 300 301 302 303 /** 304 * Get the "test-reversed-password" property definition. 305 * <p> 306 * Indicates whether this password validator should test the 307 * reversed value of the provided password as well as the order in 308 * which it was given. 309 * 310 * @return Returns the "test-reversed-password" property definition. 311 */ 312 public BooleanPropertyDefinition getTestReversedPasswordPropertyDefinition() { 313 return PD_TEST_REVERSED_PASSWORD; 314 } 315 316 317 318 /** 319 * Managed object client implementation. 320 */ 321 private static class AttributeValuePasswordValidatorCfgClientImpl implements 322 AttributeValuePasswordValidatorCfgClient { 323 324 // Private implementation. 325 private ManagedObject<? extends AttributeValuePasswordValidatorCfgClient> impl; 326 327 328 329 // Private constructor. 330 private AttributeValuePasswordValidatorCfgClientImpl( 331 ManagedObject<? extends AttributeValuePasswordValidatorCfgClient> impl) { 332 this.impl = impl; 333 } 334 335 336 337 /** 338 * {@inheritDoc} 339 */ 340 public boolean isCheckSubstrings() { 341 return impl.getPropertyValue(INSTANCE.getCheckSubstringsPropertyDefinition()); 342 } 343 344 345 346 /** 347 * {@inheritDoc} 348 */ 349 public void setCheckSubstrings(Boolean value) { 350 impl.setPropertyValue(INSTANCE.getCheckSubstringsPropertyDefinition(), value); 351 } 352 353 354 355 /** 356 * {@inheritDoc} 357 */ 358 public Boolean isEnabled() { 359 return impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition()); 360 } 361 362 363 364 /** 365 * {@inheritDoc} 366 */ 367 public void setEnabled(boolean value) { 368 impl.setPropertyValue(INSTANCE.getEnabledPropertyDefinition(), value); 369 } 370 371 372 373 /** 374 * {@inheritDoc} 375 */ 376 public String getJavaClass() { 377 return impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition()); 378 } 379 380 381 382 /** 383 * {@inheritDoc} 384 */ 385 public void setJavaClass(String value) { 386 impl.setPropertyValue(INSTANCE.getJavaClassPropertyDefinition(), value); 387 } 388 389 390 391 /** 392 * {@inheritDoc} 393 */ 394 public SortedSet<AttributeType> getMatchAttribute() { 395 return impl.getPropertyValues(INSTANCE.getMatchAttributePropertyDefinition()); 396 } 397 398 399 400 /** 401 * {@inheritDoc} 402 */ 403 public void setMatchAttribute(Collection<AttributeType> values) { 404 impl.setPropertyValues(INSTANCE.getMatchAttributePropertyDefinition(), values); 405 } 406 407 408 409 /** 410 * {@inheritDoc} 411 */ 412 public int getMinSubstringLength() { 413 return impl.getPropertyValue(INSTANCE.getMinSubstringLengthPropertyDefinition()); 414 } 415 416 417 418 /** 419 * {@inheritDoc} 420 */ 421 public void setMinSubstringLength(Integer value) { 422 impl.setPropertyValue(INSTANCE.getMinSubstringLengthPropertyDefinition(), value); 423 } 424 425 426 427 /** 428 * {@inheritDoc} 429 */ 430 public Boolean isTestReversedPassword() { 431 return impl.getPropertyValue(INSTANCE.getTestReversedPasswordPropertyDefinition()); 432 } 433 434 435 436 /** 437 * {@inheritDoc} 438 */ 439 public void setTestReversedPassword(boolean value) { 440 impl.setPropertyValue(INSTANCE.getTestReversedPasswordPropertyDefinition(), value); 441 } 442 443 444 445 /** 446 * {@inheritDoc} 447 */ 448 public ManagedObjectDefinition<? extends AttributeValuePasswordValidatorCfgClient, ? extends AttributeValuePasswordValidatorCfg> definition() { 449 return INSTANCE; 450 } 451 452 453 454 /** 455 * {@inheritDoc} 456 */ 457 public PropertyProvider properties() { 458 return impl; 459 } 460 461 462 463 /** 464 * {@inheritDoc} 465 */ 466 public void commit() throws ManagedObjectAlreadyExistsException, 467 MissingMandatoryPropertiesException, ConcurrentModificationException, 468 OperationRejectedException, LdapException { 469 impl.commit(); 470 } 471 472 } 473 474 475 476 /** 477 * Managed object server implementation. 478 */ 479 private static class AttributeValuePasswordValidatorCfgServerImpl implements 480 AttributeValuePasswordValidatorCfg { 481 482 // Private implementation. 483 private ServerManagedObject<? extends AttributeValuePasswordValidatorCfg> impl; 484 485 // The value of the "check-substrings" property. 486 private final boolean pCheckSubstrings; 487 488 // The value of the "enabled" property. 489 private final boolean pEnabled; 490 491 // The value of the "java-class" property. 492 private final String pJavaClass; 493 494 // The value of the "match-attribute" property. 495 private final SortedSet<AttributeType> pMatchAttribute; 496 497 // The value of the "min-substring-length" property. 498 private final int pMinSubstringLength; 499 500 // The value of the "test-reversed-password" property. 501 private final boolean pTestReversedPassword; 502 503 504 505 // Private constructor. 506 private AttributeValuePasswordValidatorCfgServerImpl(ServerManagedObject<? extends AttributeValuePasswordValidatorCfg> impl) { 507 this.impl = impl; 508 this.pCheckSubstrings = impl.getPropertyValue(INSTANCE.getCheckSubstringsPropertyDefinition()); 509 this.pEnabled = impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition()); 510 this.pJavaClass = impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition()); 511 this.pMatchAttribute = impl.getPropertyValues(INSTANCE.getMatchAttributePropertyDefinition()); 512 this.pMinSubstringLength = impl.getPropertyValue(INSTANCE.getMinSubstringLengthPropertyDefinition()); 513 this.pTestReversedPassword = impl.getPropertyValue(INSTANCE.getTestReversedPasswordPropertyDefinition()); 514 } 515 516 517 518 /** 519 * {@inheritDoc} 520 */ 521 public void addAttributeValueChangeListener( 522 ConfigurationChangeListener<AttributeValuePasswordValidatorCfg> listener) { 523 impl.registerChangeListener(listener); 524 } 525 526 527 528 /** 529 * {@inheritDoc} 530 */ 531 public void removeAttributeValueChangeListener( 532 ConfigurationChangeListener<AttributeValuePasswordValidatorCfg> listener) { 533 impl.deregisterChangeListener(listener); 534 } 535 /** 536 * {@inheritDoc} 537 */ 538 public void addChangeListener( 539 ConfigurationChangeListener<PasswordValidatorCfg> listener) { 540 impl.registerChangeListener(listener); 541 } 542 543 544 545 /** 546 * {@inheritDoc} 547 */ 548 public void removeChangeListener( 549 ConfigurationChangeListener<PasswordValidatorCfg> listener) { 550 impl.deregisterChangeListener(listener); 551 } 552 553 554 555 /** 556 * {@inheritDoc} 557 */ 558 public boolean isCheckSubstrings() { 559 return pCheckSubstrings; 560 } 561 562 563 564 /** 565 * {@inheritDoc} 566 */ 567 public boolean isEnabled() { 568 return pEnabled; 569 } 570 571 572 573 /** 574 * {@inheritDoc} 575 */ 576 public String getJavaClass() { 577 return pJavaClass; 578 } 579 580 581 582 /** 583 * {@inheritDoc} 584 */ 585 public SortedSet<AttributeType> getMatchAttribute() { 586 return pMatchAttribute; 587 } 588 589 590 591 /** 592 * {@inheritDoc} 593 */ 594 public int getMinSubstringLength() { 595 return pMinSubstringLength; 596 } 597 598 599 600 /** 601 * {@inheritDoc} 602 */ 603 public boolean isTestReversedPassword() { 604 return pTestReversedPassword; 605 } 606 607 608 609 /** 610 * {@inheritDoc} 611 */ 612 public Class<? extends AttributeValuePasswordValidatorCfg> configurationClass() { 613 return AttributeValuePasswordValidatorCfg.class; 614 } 615 616 617 618 /** 619 * {@inheritDoc} 620 */ 621 public DN dn() { 622 return impl.getDN(); 623 } 624 625 } 626}