This project has retired. For details please refer to its Attic page.
ReusePasswordRule xref
View Javadoc

1   package org.apache.archiva.redback.policy.rules;
2   
3   /*
4    * Copyright 2001-2006 The Apache Software Foundation.
5    *
6    * Licensed under the Apache License, Version 2.0 (the "License");
7    * you may not use this file except in compliance with the License.
8    * You may obtain a copy of the License at
9    *
10   *      http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  
19  import org.apache.archiva.redback.configuration.UserConfigurationKeys;
20  import org.apache.archiva.redback.policy.PasswordRuleViolations;
21  import org.apache.archiva.redback.policy.UserSecurityPolicy;
22  import org.apache.archiva.redback.users.User;
23  import org.apache.commons.lang.StringUtils;
24  import org.springframework.stereotype.Service;
25  
26  import javax.annotation.PostConstruct;
27  import java.util.Iterator;
28  
29  /**
30   * Password Rule, Checks supplied password found at {@link User#getPassword()} against
31   * the {@link User#getPreviousEncodedPasswords()} to ensure that a password is not reused.
32   *
33   * @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
34   */
35  @Service("passwordRule#reuse")
36  public class ReusePasswordRule
37      extends AbstractPasswordRule
38  {
39      public static final String REUSE_VIOLATION = "user.password.violation.reuse";
40  
41      private UserSecurityPolicy securityPolicy;
42  
43      public void setUserSecurityPolicy( UserSecurityPolicy policy )
44      {
45          this.securityPolicy = policy;
46      }
47  
48      /**
49       * true if the security policy is required for this rule
50       *
51       * @return boolean
52       */
53      public boolean requiresSecurityPolicy()
54      {
55          return true;
56      }
57  
58      public int getPreviousPasswordCount()
59      {
60          if ( securityPolicy == null )
61          {
62              throw new IllegalStateException( "The security policy has not yet been set." );
63          }
64  
65          return securityPolicy.getPreviousPasswordsCount();
66      }
67  
68      private boolean hasReusedPassword( User user, String password )
69      {
70          if ( securityPolicy == null )
71          {
72              throw new IllegalStateException( "The security policy has not yet been set." );
73          }
74  
75          if ( StringUtils.isEmpty( password ) )
76          {
77              return false;
78          }
79  
80          String encodedPassword = securityPolicy.getPasswordEncoder().encodePassword( password );
81  
82          int checkCount = getPreviousPasswordCount();
83  
84          Iterator<String> it = user.getPreviousEncodedPasswords().iterator();
85  
86          while ( it.hasNext() && checkCount >= 0 )
87          {
88              String prevEncodedPassword = it.next();
89              if ( encodedPassword.equals( prevEncodedPassword ) )
90              {
91                  return true;
92              }
93              checkCount--;
94          }
95  
96          return false;
97      }
98  
99      public void setPreviousPasswordCount( int previousPasswordCount )
100     {
101         securityPolicy.setPreviousPasswordsCount( previousPasswordCount );
102     }
103 
104     public void testPassword( PasswordRuleViolations violations, User user )
105     {
106         String password = user.getPassword();
107 
108         if ( hasReusedPassword( user, password ) )
109         {
110             violations.addViolation( REUSE_VIOLATION,
111                                      new String[]{ String.valueOf( getPreviousPasswordCount() ) } ); //$NON-NLS-1$
112         }
113     }
114 
115     @PostConstruct
116     public void initialize()
117     {
118         enabled = config.getBoolean( UserConfigurationKeys.POLICY_PASSWORD_RULE_REUSE_ENABLED );
119     }
120 }