This project has retired. For details please refer to its
Attic page.
ReusePasswordRule xref
1 package org.apache.archiva.redback.policy.rules;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 import org.apache.archiva.redback.configuration.UserConfigurationKeys;
20 import org.apache.archiva.redback.policy.PasswordRuleViolations;
21 import org.apache.archiva.redback.policy.UserSecurityPolicy;
22 import org.apache.archiva.redback.users.User;
23 import org.apache.commons.lang.StringUtils;
24 import org.springframework.stereotype.Service;
25
26 import javax.annotation.PostConstruct;
27 import java.util.Iterator;
28
29
30
31
32
33
34
35 @Service("passwordRule#reuse")
36 public class ReusePasswordRule
37 extends AbstractPasswordRule
38 {
39 public static final String REUSE_VIOLATION = "user.password.violation.reuse";
40
41 private UserSecurityPolicy securityPolicy;
42
43 public void setUserSecurityPolicy( UserSecurityPolicy policy )
44 {
45 this.securityPolicy = policy;
46 }
47
48
49
50
51
52
53 public boolean requiresSecurityPolicy()
54 {
55 return true;
56 }
57
58 public int getPreviousPasswordCount()
59 {
60 if ( securityPolicy == null )
61 {
62 throw new IllegalStateException( "The security policy has not yet been set." );
63 }
64
65 return securityPolicy.getPreviousPasswordsCount();
66 }
67
68 private boolean hasReusedPassword( User user, String password )
69 {
70 if ( securityPolicy == null )
71 {
72 throw new IllegalStateException( "The security policy has not yet been set." );
73 }
74
75 if ( StringUtils.isEmpty( password ) )
76 {
77 return false;
78 }
79
80 String encodedPassword = securityPolicy.getPasswordEncoder().encodePassword( password );
81
82 int checkCount = getPreviousPasswordCount();
83
84 Iterator<String> it = user.getPreviousEncodedPasswords().iterator();
85
86 while ( it.hasNext() && checkCount >= 0 )
87 {
88 String prevEncodedPassword = it.next();
89 if ( encodedPassword.equals( prevEncodedPassword ) )
90 {
91 return true;
92 }
93 checkCount--;
94 }
95
96 return false;
97 }
98
99 public void setPreviousPasswordCount( int previousPasswordCount )
100 {
101 securityPolicy.setPreviousPasswordsCount( previousPasswordCount );
102 }
103
104 public void testPassword( PasswordRuleViolations violations, User user )
105 {
106 String password = user.getPassword();
107
108 if ( hasReusedPassword( user, password ) )
109 {
110 violations.addViolation( REUSE_VIOLATION,
111 new String[]{ String.valueOf( getPreviousPasswordCount() ) } );
112 }
113 }
114
115 @PostConstruct
116 public void initialize()
117 {
118 enabled = config.getBoolean( UserConfigurationKeys.POLICY_PASSWORD_RULE_REUSE_ENABLED );
119 }
120 }