directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1183564 - /directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/
Date Fri, 14 Oct 2011 23:39:26 GMT
Author: elecharny
Date: Fri Oct 14 23:39:25 2011
New Revision: 1183564

URL: http://svn.apache.org/viewvc?rev=1183564&view=rev
Log:
Still having some files to commit for interceptors decoupling

Added:
    directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/
    directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/DefaultPasswordValidator.java
    directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyConfiguration.java
    directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyException.java
    directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PasswordValidator.java
    directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PpolicyConfigContainer.java

Added: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/DefaultPasswordValidator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/DefaultPasswordValidator.java?rev=1183564&view=auto
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/DefaultPasswordValidator.java
(added)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/DefaultPasswordValidator.java
Fri Oct 14 23:39:25 2011
@@ -0,0 +1,84 @@
+/*
+ *   Licensed to the Apache Software Foundation (ASF) under one
+ *   or more contributor license agreements.  See the NOTICE file
+ *   distributed with this work for additional information
+ *   regarding copyright ownership.  The ASF licenses this file
+ *   to you under the Apache License, Version 2.0 (the
+ *   "License"); you may not use this file except in compliance
+ *   with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+
+package org.apache.directory.server.core.authn.ppolicy;
+
+
+/**
+ * The default password validator.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class DefaultPasswordValidator implements PasswordValidator
+{
+
+    /** the default validator's instance */
+    public final static DefaultPasswordValidator INSTANCE = new DefaultPasswordValidator();
+
+
+    /**
+     * Creates a new instance of DefaultPasswordValidator.
+     */
+    public DefaultPasswordValidator()
+    {
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public void validate( String password, String entryRdnVal ) throws PasswordPolicyException
+    {
+        checkUsernameSubstring( password, entryRdnVal );
+        //TODO add more checks
+    }
+
+
+    /**
+     * The password does not contain three letter (or more) tokens from the user's account
name.
+     *
+     * If the account name is less than three characters long, this check is not performed
+     * because the rate at which passwords would be rejected is too high. For each token
that is
+     * three or more characters long, that token is searched for in the password; if it is
present,
+     * the password change is rejected. For example, the name "First M. Last" would be split
into
+     * three tokens: "First", "M", and "Last". Because the second token is only one character
long,
+     * it would be ignored. Therefore, this user could not have a password that included
either
+     * "first" or "last" as a substring anywhere in the password. All of these checks are
+     * case-insensitive.
+     */
+    private void checkUsernameSubstring( String password, String username ) throws PasswordPolicyException
+    {
+        if ( username == null || username.trim().length() == 0 )
+        {
+            return;
+        }
+
+        String[] tokens = username.split( "[^a-zA-Z]" );
+
+        for ( int ii = 0; ii < tokens.length; ii++ )
+        {
+            if ( password.matches( "(?i).*" + tokens[ii] + ".*" ) )
+            {
+                throw new PasswordPolicyException( "Password shouldn't contain parts of the
username", 5 );// 5 == PasswordPolicyErrorEnum.INSUFFICIENT_PASSWORD_QUALITY
+            }
+        }
+    }
+
+}

Added: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyConfiguration.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyConfiguration.java?rev=1183564&view=auto
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyConfiguration.java
(added)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyConfiguration.java
Fri Oct 14 23:39:25 2011
@@ -0,0 +1,529 @@
+/*
+ *   Licensed to the Apache Software Foundation (ASF) under one
+ *   or more contributor license agreements.  See the NOTICE file
+ *   distributed with this work for additional information
+ *   regarding copyright ownership.  The ASF licenses this file
+ *   to you under the Apache License, Version 2.0 (the
+ *   "License"); you may not use this file except in compliance
+ *   with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+
+package org.apache.directory.server.core.authn.ppolicy;
+
+
+import org.apache.directory.shared.ldap.model.constants.SchemaConstants;
+import org.apache.directory.shared.ldap.model.exception.LdapException;
+
+
+/**
+ * A simple pojo holding the password policy configuration base on 
+ * <a href="http://tools.ietf.org/html/draft-behera-ldap-password-policy-10">this draft</a>.
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class PasswordPolicyConfiguration
+{
+    /** the name of the attribute to which the password policy is applied. 
+     * Currently only "userPassword" attribute is supported
+     */
+    private String pwdAttribute = SchemaConstants.USER_PASSWORD_AT;
+
+    /** 
+     * holds the number of seconds that must elapse between modifications to the password.

+     * Default value is 0 
+     */
+    private int pwdMinAge = 0;
+
+    /**
+     *  holds the number of seconds after which a modified password will expire.
+     *  Default value is 0, does not expire.  If not 0, the value must be greater than or
equal
+     *  to the value of the pwdMinAge.
+     */
+    private int pwdMaxAge = 0;
+
+    /**
+     *  specifies the maximum number of used passwords stored in the pwdHistory attribute.
+     *  Default value is 0, no password history maintained
+     */
+    private int pwdInHistory = 0;
+
+    /** indicates how the password quality will be verified while being modified or added.
+     *  Default value 0, do not check 
+     */
+    private int pwdCheckQuality = 0;
+
+    /** this attribute holds the minimum number of characters that must be used in a password.

+     *  Default value 0, no minimum length enforced
+     */
+    private int pwdMinLength = 0;
+
+    /**
+     * this attribute holds the maximum number of characters that may be used in a password.
+     * Default value 0, no maximum length enforced
+     */
+    private int pwdMaxLength = 0;
+
+    /**
+     * the maximum number of seconds before a password is due to expire that expiration warning
+     * messages will be returned to an authenticating user.
+     * Default value is 0, never send a warning message.
+     */
+    private int pwdExpireWarning = 0;
+
+    /** 
+     * the number of times an expired password can be used to authenticate.
+     * Default value is 0, do not allow a expired password for authentication.
+     */
+    private int pwdGraceAuthNLimit = 0;
+
+    /** 
+     * specifies the number of seconds the grace authentications are valid
+     * Default value is 0, no limit.
+     */
+    private int pwdGraceExpire = 0;
+
+    /**
+     * flag to indicate if the account needs to be locked after a specified number of
+     * consecutive failed bind attempts. The maximum number of consecutive
+     * failed bind attempts is specified in {@link #pwdMaxFailure}
+     */
+    private boolean pwdLockout = false;
+
+    /**
+     * the number of seconds that the password cannot be used to authenticate due to 
+     * too many failed bind attempts.
+     * Default value is 300 seconds.
+     */
+    private int pwdLockoutDuration = 300;
+
+    /**
+     * the number of consecutive failed bind attempts after which the password may not 
+     * be used to authenticate.
+     * Default value is 0, no limit on the number of authentication failures
+     */
+    private int pwdMaxFailure = 0;
+
+    /**
+     * the number of seconds after which the password failures are purged from the failure
counter.
+     * Default value is 0, reset all pwdFailureTimes after a successful authentication.
+     */
+    private int pwdFailureCountInterval = 0;
+
+    /** 
+     * flag to indicate if the password must be changed by the user after they bind to the

+     * directory after a password is set or reset by a password administrator.
+     * Default value is false, no need to change the password by user.
+     */
+    private boolean pwdMustChange = false;
+
+    /** indicates whether users can change their own passwords. Default value is true, allow
change */
+    private boolean pwdAllowUserChange = true;
+
+    /**
+     *  flag to specify whether or not the existing password must be sent along with the
+     *  new password when being changed.
+     *  Default value is false.
+     */
+    private boolean pwdSafeModify = false;
+
+    /** 
+     * the number of seconds to delay responding to the first failed authentication attempt
+     * Default value 0, no delay.
+     */
+    private int pwdMinDelay = 0;
+
+    /** the maximum number of seconds to delay when responding to a failed authentication
attempt.*/
+    private int pwdMaxDelay = 0;
+
+    /** 
+     * the number of seconds an account may remain unused before it becomes locked
+     * Default value is 0, no check for idle time.
+     */
+    private int pwdMaxIdle = 0;
+
+    /** validator used for checking the quality of password */
+    //TODO to be injected from config  
+    private PasswordValidator pwdValidator = DefaultPasswordValidator.INSTANCE;
+
+    public String getPwdAttribute()
+    {
+        return pwdAttribute;
+    }
+
+
+    public void setPwdAttribute( String pwdAttribute )
+    {
+        this.pwdAttribute = pwdAttribute;
+    }
+
+
+    public int getPwdMinAge()
+    {
+        return pwdMinAge;
+    }
+
+
+    public void setPwdMinAge( int pwdMinAge )
+    {
+        this.pwdMinAge = pwdMinAge;
+    }
+
+
+    public int getPwdMaxAge()
+    {
+        return pwdMaxAge;
+    }
+
+
+    public void setPwdMaxAge( int pwdMaxAge )
+    {
+        this.pwdMaxAge = pwdMaxAge;
+    }
+
+
+    public int getPwdInHistory()
+    {
+        return pwdInHistory;
+    }
+
+
+    public void setPwdInHistory( int pwdInHistory )
+    {
+        this.pwdInHistory = pwdInHistory;
+    }
+
+
+    public int getPwdCheckQuality()
+    {
+        return pwdCheckQuality;
+    }
+
+
+    public void setPwdCheckQuality( int pwdCheckQuality )
+    {
+        this.pwdCheckQuality = pwdCheckQuality;
+    }
+
+
+    public int getPwdMinLength()
+    {
+        return pwdMinLength;
+    }
+
+
+    public void setPwdMinLength( int pwdMinLength )
+    {
+        this.pwdMinLength = pwdMinLength;
+    }
+
+
+    public int getPwdMaxLength()
+    {
+        return pwdMaxLength;
+    }
+
+
+    public void setPwdMaxLength( int pwdMaxLength )
+    {
+        this.pwdMaxLength = pwdMaxLength;
+    }
+
+
+    public int getPwdExpireWarning()
+    {
+        return pwdExpireWarning;
+    }
+
+
+    public void setPwdExpireWarning( int pwdExpireWarning )
+    {
+        this.pwdExpireWarning = pwdExpireWarning;
+    }
+
+
+    public int getPwdGraceAuthNLimit()
+    {
+        return pwdGraceAuthNLimit;
+    }
+
+
+    public void setPwdGraceAuthNLimit( int pwdGraceAuthNLimit )
+    {
+        this.pwdGraceAuthNLimit = pwdGraceAuthNLimit;
+    }
+
+
+    public int getPwdGraceExpire()
+    {
+        return pwdGraceExpire;
+    }
+
+
+    public void setPwdGraceExpire( int pwdGraceExpire )
+    {
+        this.pwdGraceExpire = pwdGraceExpire;
+    }
+
+
+    public boolean isPwdLockout()
+    {
+        return pwdLockout;
+    }
+
+
+    public void setPwdLockout( boolean pwdLockout )
+    {
+        this.pwdLockout = pwdLockout;
+    }
+
+
+    public int getPwdLockoutDuration()
+    {
+        return pwdLockoutDuration;
+    }
+
+
+    public void setPwdLockoutDuration( int pwdLockoutDuration )
+    {
+        this.pwdLockoutDuration = pwdLockoutDuration;
+    }
+
+
+    public int getPwdMaxFailure()
+    {
+        return pwdMaxFailure;
+    }
+
+
+    public void setPwdMaxFailure( int pwdMaxFailure )
+    {
+        this.pwdMaxFailure = pwdMaxFailure;
+    }
+
+
+    public int getPwdFailureCountInterval()
+    {
+        return pwdFailureCountInterval;
+    }
+
+
+    public void setPwdFailureCountInterval( int pwdFailureCountInterval )
+    {
+        this.pwdFailureCountInterval = pwdFailureCountInterval;
+    }
+
+
+    public boolean isPwdMustChange()
+    {
+        return pwdMustChange;
+    }
+
+
+    public void setPwdMustChange( boolean pwdMustChange )
+    {
+        this.pwdMustChange = pwdMustChange;
+    }
+
+
+    public boolean isPwdAllowUserChange()
+    {
+        return pwdAllowUserChange;
+    }
+
+
+    public void setPwdAllowUserChange( boolean pwdAllowUserChange )
+    {
+        this.pwdAllowUserChange = pwdAllowUserChange;
+    }
+
+
+    public boolean isPwdSafeModify()
+    {
+        return pwdSafeModify;
+    }
+
+
+    public void setPwdSafeModify( boolean pwdSafeModify )
+    {
+        this.pwdSafeModify = pwdSafeModify;
+    }
+
+
+    public int getPwdMinDelay()
+    {
+        return pwdMinDelay;
+    }
+
+
+    public void setPwdMinDelay( int pwdMinDelay )
+    {
+        this.pwdMinDelay = pwdMinDelay;
+    }
+
+
+    public int getPwdMaxDelay()
+    {
+        return pwdMaxDelay;
+    }
+
+
+    public void setPwdMaxDelay( int pwdMaxDelay )
+    {
+        this.pwdMaxDelay = pwdMaxDelay;
+    }
+
+
+    public int getPwdMaxIdle()
+    {
+        return pwdMaxIdle;
+    }
+
+
+    public void setPwdMaxIdle( int pwdMaxIdle )
+    {
+        this.pwdMaxIdle = pwdMaxIdle;
+    }
+
+
+    /**
+     * @return the pwdValidator
+     */
+    public PasswordValidator getPwdValidator()
+    {
+        return pwdValidator;
+    }
+
+
+    /**
+     * @param pwdValidator the pwdValidator to set
+     */
+    public void setPwdValidator( PasswordValidator pwdValidator )
+    {
+        this.pwdValidator = pwdValidator;
+    }
+
+
+    /**
+     * validates the policy configuration and throws a LdapException if there are any errors
+     * 
+     * @throws LdapException if there are any errors in the configuration
+     */
+    public void validate() throws LdapException
+    {
+        StringBuilder sb = new StringBuilder();
+
+        int errCount = 0;
+
+        if ( pwdMinAge < 0 )
+        {
+            sb.append( ++errCount ).append( ". password minimum age cannot be negative\n"
);
+        }
+
+        if ( pwdMaxAge < 0 )
+        {
+            sb.append( ++errCount ).append( ". password maximum age cannot be negative\n"
);
+        }
+
+        if ( ( pwdMaxAge > 0 ) && ( pwdMaxAge < pwdMinAge ) )
+        {
+            sb.append( ++errCount ).append( ". password maximum age should be greater than
the minimum age\n" );
+        }
+
+        if ( pwdInHistory < 0 )
+        {
+            sb.append( ++errCount ).append( ". password history count cannot be negative\n"
);
+        }
+
+        if ( ( pwdCheckQuality < 0 ) || ( pwdCheckQuality > 2 ) )
+        {
+            sb.append( ++errCount ).append( ". invalid password quality check value, valid
values are 0, 1 and 2 \n" );
+        }
+
+        if ( pwdMinLength < 0 )
+        {
+            sb.append( ++errCount ).append( ". password minimum length cannot be negative\n"
);
+        }
+
+        if ( pwdMaxLength < 0 )
+        {
+            sb.append( ++errCount ).append( ". password maximum length cannot be negative\n"
);
+        }
+
+        if ( ( pwdMaxLength > 0 ) && ( pwdMaxLength < pwdMinLength ) )
+        {
+            sb.append( ++errCount ).append( ". password maximum length should be greater
than minimum length\n" );
+        }
+
+        if ( pwdExpireWarning < 0 )
+        {
+            sb.append( ++errCount ).append( ". password expire warning time cannot be negative\n"
);
+        }
+
+        if ( pwdGraceAuthNLimit < 0 )
+        {
+            sb.append( ++errCount ).append( ". password grace authentication limits cannot
be negative\n" );
+        }
+
+        if ( pwdGraceExpire < 0 )
+        {
+            sb.append( ++errCount ).append( ". password grace expiration time cannot be negative\n"
);
+        }
+
+        if ( pwdLockoutDuration < 0 )
+        {
+            sb.append( ++errCount ).append( ". password lockout duration time cannot be negative\n"
);
+        }
+
+        if ( pwdMaxFailure < 0 )
+        {
+            sb.append( ++errCount ).append( ". password maximum failure count cannot be negative\n"
);
+        }
+
+        if ( pwdFailureCountInterval < 0 )
+        {
+            sb.append( ++errCount ).append( ". password failure count interval time cannot
be negative\n" );
+        }
+
+        if ( ( ( pwdMinDelay > 0 ) && ( pwdMaxDelay <= 0 ) )
+            || ( ( pwdMaxDelay > 0 ) && ( pwdMinDelay <= 0 ) ) )
+        {
+            sb
+                .append( ++errCount )
+                .append(
+                    ". if password minimum or maximum delay time is specified then the correspomding
maximu or minimum delay time should also be specified\n" );
+        }
+        else
+        // just to avoid both warnings
+        {
+            if ( pwdMinDelay < 0 )
+            {
+                sb.append( ++errCount ).append( ". password minimum delay time cannot be
negative\n" );
+            }
+
+            if ( pwdMaxDelay < 0 )
+            {
+                sb.append( ++errCount ).append( ". password maximum delay time cannot be
negative\n" );
+            }
+        }
+
+        if ( pwdMaxIdle < 0 )
+        {
+            sb.append( ++errCount ).append( ". password maximum idle time cannot be negative\n"
);
+        }
+
+        if ( errCount > 0 )
+        {
+            throw new LdapException( "There are errors in password policy configuration\n"
+ sb.toString() );
+        }
+    }
+}

Added: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyException.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyException.java?rev=1183564&view=auto
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyException.java
(added)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyException.java
Fri Oct 14 23:39:25 2011
@@ -0,0 +1,93 @@
+/*
+ *   Licensed to the Apache Software Foundation (ASF) under one
+ *   or more contributor license agreements.  See the NOTICE file
+ *   distributed with this work for additional information
+ *   regarding copyright ownership.  The ASF licenses this file
+ *   to you under the Apache License, Version 2.0 (the
+ *   "License"); you may not use this file except in compliance
+ *   with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+package org.apache.directory.server.core.authn.ppolicy;
+
+
+import org.apache.directory.shared.ldap.model.exception.LdapException;
+
+
+/**
+ * A exception class defined for PasswordPolicy related errors.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class PasswordPolicyException extends LdapException
+{
+    private static final long serialVersionUID = -9158126177779964262L;
+
+    /** password policy error code */
+    private int errorCode;
+
+    /** the array of valid error codes representing password policy errors */
+    private static final int[] VALID_CODES = {0, 1, 2, 3, 4, 5, 6, 7, 8};
+
+    public PasswordPolicyException( Throwable cause )
+    {
+        super( cause );
+    }
+
+
+    public PasswordPolicyException( String message )
+    {
+        super( message );
+    }
+
+
+    public PasswordPolicyException( String message, int errorCode )
+    {
+        super( message );
+        validateErrorCode( errorCode );
+        this.errorCode = errorCode;
+    }
+
+
+    public PasswordPolicyException( int errorCode )
+    {
+        validateErrorCode( errorCode );
+        this.errorCode = errorCode;
+    }
+
+
+    public int getErrorCode()
+    {
+        return errorCode;
+    }
+    
+    
+    /**
+     * this method checks if the given error code is valid or not.
+     * This method was created cause using PasswordPolicyErrorEnum class creates some 
+     * unwanted dependency issues on core-api
+     * 
+     * @param errorCode the error code of password policy
+     */
+    private void validateErrorCode( int errorCode )
+    {
+        for ( int i : VALID_CODES )
+        {
+            if ( i == errorCode )
+            {
+                return;
+            }
+        }
+        
+        throw new IllegalArgumentException( "Unknown password policy response error code
" + errorCode );
+    }
+}

Added: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PasswordValidator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PasswordValidator.java?rev=1183564&view=auto
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PasswordValidator.java
(added)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PasswordValidator.java
Fri Oct 14 23:39:25 2011
@@ -0,0 +1,41 @@
+/*
+ *   Licensed to the Apache Software Foundation (ASF) under one
+ *   or more contributor license agreements.  See the NOTICE file
+ *   distributed with this work for additional information
+ *   regarding copyright ownership.  The ASF licenses this file
+ *   to you under the Apache License, Version 2.0 (the
+ *   "License"); you may not use this file except in compliance
+ *   with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+
+package org.apache.directory.server.core.authn.ppolicy;
+
+/**
+ * An interface for implementing password quality verifiers.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public interface PasswordValidator
+{
+    /**
+     * checks if the given password meets the required quality contraints.<br>
+     * <p>Note: the length based validations are already done before calling this method<br>
+     *       &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+     *       so the implementor should concentrate on the content checking.</p>
+     *  
+     * @param password the password value
+     * @param entryRdnVal the value of entry's RDN(typically this is the username) e.x 'admin'
if the entry's DN is {uid/cn/etc..}=admin,ou=system
+     * @throws PasswordPolicyException if the password doesn't meet the quality contraints
+     */
+    void validate( String password, String entryRdnVal ) throws PasswordPolicyException;
+}

Added: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PpolicyConfigContainer.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PpolicyConfigContainer.java?rev=1183564&view=auto
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PpolicyConfigContainer.java
(added)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PpolicyConfigContainer.java
Fri Oct 14 23:39:25 2011
@@ -0,0 +1,113 @@
+/*
+ *   Licensed to the Apache Software Foundation (ASF) under one
+ *   or more contributor license agreements.  See the NOTICE file
+ *   distributed with this work for additional information
+ *   regarding copyright ownership.  The ASF licenses this file
+ *   to you under the Apache License, Version 2.0 (the
+ *   "License"); you may not use this file except in compliance
+ *   with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+
+package org.apache.directory.server.core.authn.ppolicy;
+
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.directory.shared.ldap.model.name.Dn;
+
+
+/**
+ * A container to hold all the password policies defined in the server
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class PpolicyConfigContainer
+{
+
+    /** a map holding the entry specific password policies */
+    private Map<Dn, PasswordPolicyConfiguration> ppolicyConfigMap = new HashMap<Dn,
PasswordPolicyConfiguration>();
+
+    /** the default password policy */
+    private PasswordPolicyConfiguration defaultPolicy;
+
+
+    /**
+     * add a entry specific policy
+     *
+     * @param configDn the Dn where this entry's password policy is defined
+     * @param policyConfig the password policy configuration
+     */
+    public void addPolicy( Dn configDn, PasswordPolicyConfiguration policyConfig )
+    {
+        if ( configDn == null )
+        {
+            throw new IllegalArgumentException( "password policy config's Dn cannot be null"
);
+        }
+
+        ppolicyConfigMap.put( configDn, policyConfig );
+    }
+
+
+    /**
+     * @return true if atleast one entry specific password policy exists, false otherwise
+     */
+    public boolean hasCustomConfigs()
+    {
+        return ( !ppolicyConfigMap.isEmpty() );
+    }
+    
+    
+    /**
+     * Get the password policy configuration defined at a given Dn
+     *  
+     * @param configDn the Dn where password policy was configured
+     * @return
+     */
+    public PasswordPolicyConfiguration getPolicyConfig( Dn configDn )
+    {
+        return ppolicyConfigMap.get( configDn );
+    }
+
+
+    /**
+     * @return the default password policy, null if not configured
+     */
+    public PasswordPolicyConfiguration getDefaultPolicy()
+    {
+        return defaultPolicy;
+    }
+
+
+    /**
+     * Set the default password policy configuration
+     * 
+     * @param defaultPolicy the password policy configuration instance
+     */
+    public void setDefaultPolicy( PasswordPolicyConfiguration defaultPolicy )
+    {
+        this.defaultPolicy = defaultPolicy;
+    }
+
+    
+    /**
+     * deactivate an existing password policy.
+     *  
+     * @param ppolicyConfigDn the Dn of the password policy configuration
+     * @return the deactivated password policy config object of the given reference Dn, null
otherwise
+     */
+    public PasswordPolicyConfiguration removePolicyConfig( Dn ppolicyConfigDn )
+    {
+        return ppolicyConfigMap.remove( ppolicyConfigDn );
+    }
+}



Mime
View raw message