Class DefaultUserSecurityPolicy
- java.lang.Object
-
- org.apache.archiva.redback.policy.DefaultUserSecurityPolicy
-
- All Implemented Interfaces:
UserSecurityPolicy
@Service("userSecurityPolicy") public class DefaultUserSecurityPolicy extends Object implements UserSecurityPolicy
User Security Policy.- Author:
- Joakim Erdfelt
-
-
Constructor Summary
Constructors Constructor Description DefaultUserSecurityPolicy()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addPasswordRule(PasswordRule rule)
Add a Specific Rule to the Password Rules List.void
extensionChangePassword(User user)
Extension Point - Change the password of a user.void
extensionChangePassword(User user, boolean passwordChangeRequired)
void
extensionExcessiveLoginAttempts(User user)
Extension Point - Test if user has excessive loginsvoid
extensionPasswordExpiration(User user)
Extension Point - Test User for Password Expiration.UserConfiguration
getConfig()
String
getId()
Get identifying string for the User Security Policy implementation.int
getLoginAttemptCount()
Gets the count of login attempts to allow.PasswordEncoder
getPasswordEncoder()
Get the password encoder to be used for password operationsint
getPasswordExpirationDays()
Gets the policy of how long a password will be valid until it expires.List<PasswordRule>
getPasswordRules()
Get the Password Rules List.int
getPreviousPasswordsCount()
Gets the count of Previous Passwords that should be tracked.CookieSettings
getRememberMeCookieSettings()
Get the Remember Me Settings.CookieSettings
getSignonCookieSettings()
Get the Single Sign On Settings.List<String>
getUnlockableAccounts()
Gets a list of accounts which should never be locked by security policyUserValidationSettings
getUserValidationSettings()
Get the Validation Settings.void
initialize()
boolean
isEnabled()
Determines if the policies are enabled or not.void
setConfig(UserConfiguration config)
void
setDefaultPasswordRule(PasswordRule defaultPasswordRule)
void
setEnabled(boolean enabled)
Enable the policies or not.void
setLoginAttemptCount(int count)
Sets the count of login attempts to allow.void
setPasswordEncoder(PasswordEncoder passwordEncoder)
void
setPasswordExpirationDays(int passwordExpiry)
Sets the policy of how long a password will be valid until it expires.void
setPasswordRules(List<PasswordRule> rules)
Set the Password Rules List.void
setPreviousPasswordsCount(int count)
Sets the count of previous passwords that should be tracked.void
setRememberMeCookieSettings(CookieSettings rememberMeCookieSettings)
void
setRules(List<PasswordRule> rules)
void
setSignonCookieSettings(CookieSettings signonCookieSettings)
void
setUnlockableAccounts(List<String> unlockableAccounts)
Sets a list of accounts which should never be locked by security policyvoid
setUserValidationSettings(UserValidationSettings settings)
Set the Validation Settings.void
validatePassword(User user)
Validate the incomingUser.getPassword()
against the specified PasswordRules.
-
-
-
Constructor Detail
-
DefaultUserSecurityPolicy
public DefaultUserSecurityPolicy()
-
-
Method Detail
-
initialize
@PostConstruct public void initialize()
-
getId
public String getId()
Description copied from interface:UserSecurityPolicy
Get identifying string for the User Security Policy implementation.- Specified by:
getId
in interfaceUserSecurityPolicy
- Returns:
- the id for the security policy implementation.
-
getPreviousPasswordsCount
public int getPreviousPasswordsCount()
Description copied from interface:UserSecurityPolicy
Gets the count of Previous Passwords that should be tracked.- Specified by:
getPreviousPasswordsCount
in interfaceUserSecurityPolicy
- Returns:
- the count of previous passwords to track.
-
getUnlockableAccounts
public List<String> getUnlockableAccounts()
Description copied from interface:UserSecurityPolicy
Gets a list of accounts which should never be locked by security policy- Specified by:
getUnlockableAccounts
in interfaceUserSecurityPolicy
- Returns:
- accounts that should never be locked
-
setUnlockableAccounts
public void setUnlockableAccounts(List<String> unlockableAccounts)
Sets a list of accounts which should never be locked by security policy- Specified by:
setUnlockableAccounts
in interfaceUserSecurityPolicy
- Parameters:
unlockableAccounts
-
-
setPreviousPasswordsCount
public void setPreviousPasswordsCount(int count)
Sets the count of previous passwords that should be tracked.- Specified by:
setPreviousPasswordsCount
in interfaceUserSecurityPolicy
- Parameters:
count
- the count of previous passwords to track.
-
getLoginAttemptCount
public int getLoginAttemptCount()
Description copied from interface:UserSecurityPolicy
Gets the count of login attempts to allow.- Specified by:
getLoginAttemptCount
in interfaceUserSecurityPolicy
- Returns:
- the count of login attempts to allow.
-
setLoginAttemptCount
public void setLoginAttemptCount(int count)
Description copied from interface:UserSecurityPolicy
Sets the count of login attempts to allow.- Specified by:
setLoginAttemptCount
in interfaceUserSecurityPolicy
- Parameters:
count
- the count of login attempts to allow.
-
getPasswordEncoder
public PasswordEncoder getPasswordEncoder()
Get the password encoder to be used for password operations- Specified by:
getPasswordEncoder
in interfaceUserSecurityPolicy
- Returns:
- the encoder
-
isEnabled
public boolean isEnabled()
Description copied from interface:UserSecurityPolicy
Determines if the policies are enabled or not.- Specified by:
isEnabled
in interfaceUserSecurityPolicy
- Returns:
- true if enabled.
-
setEnabled
public void setEnabled(boolean enabled)
Description copied from interface:UserSecurityPolicy
Enable the policies or not. Useful in code when application startup or application init is being performed.- Specified by:
setEnabled
in interfaceUserSecurityPolicy
- Parameters:
enabled
- true if enabled.
-
addPasswordRule
public void addPasswordRule(PasswordRule rule)
Add a Specific Rule to the Password Rules List.- Specified by:
addPasswordRule
in interfaceUserSecurityPolicy
- Parameters:
rule
- the rule to add.
-
getPasswordRules
public List<PasswordRule> getPasswordRules()
Get the Password Rules List.- Specified by:
getPasswordRules
in interfaceUserSecurityPolicy
- Returns:
- the list of
PasswordRule
objects.
-
setPasswordRules
public void setPasswordRules(List<PasswordRule> rules)
Set the Password Rules List.- Specified by:
setPasswordRules
in interfaceUserSecurityPolicy
- Parameters:
rules
- the list ofPasswordRule
objects.
-
extensionPasswordExpiration
public void extensionPasswordExpiration(User user) throws MustChangePasswordException
Description copied from interface:UserSecurityPolicy
Extension Point - Test User for Password Expiration.- Specified by:
extensionPasswordExpiration
in interfaceUserSecurityPolicy
- Parameters:
user
- the user to test password expiration against.- Throws:
MustChangePasswordException
- if the password has expired
-
extensionExcessiveLoginAttempts
public void extensionExcessiveLoginAttempts(User user) throws AccountLockedException
Description copied from interface:UserSecurityPolicy
Extension Point - Test if user has excessive logins- Specified by:
extensionExcessiveLoginAttempts
in interfaceUserSecurityPolicy
- Parameters:
user
- the user to test excessive logins against.- Throws:
AccountLockedException
- if the number of logins was exceeded
-
extensionChangePassword
public void extensionChangePassword(User user) throws PasswordRuleViolationException
Description copied from interface:UserSecurityPolicy
Extension Point - Change the password of a user. This method does not check if a user is allowed to change his/her password. Any kind of authorization checks for password change allowed on guest or anonymous users needs to occur before calling this method. This method does not persist the newly changed user password. That will require a call toUserManager.updateUser(User)
.- Specified by:
extensionChangePassword
in interfaceUserSecurityPolicy
- Parameters:
user
- the user password to validate, remember, and encode.- Throws:
PasswordRuleViolationException
- if the new password violates the password rules
-
extensionChangePassword
public void extensionChangePassword(User user, boolean passwordChangeRequired) throws PasswordRuleViolationException
- Specified by:
extensionChangePassword
in interfaceUserSecurityPolicy
- Throws:
PasswordRuleViolationException
-
validatePassword
public void validatePassword(User user) throws PasswordRuleViolationException
Description copied from interface:UserSecurityPolicy
Validate the incomingUser.getPassword()
against the specified PasswordRules.- Specified by:
validatePassword
in interfaceUserSecurityPolicy
- Parameters:
user
- the user to validate.- Throws:
PasswordRuleViolationException
- if the password is not valid
-
getPasswordExpirationDays
public int getPasswordExpirationDays()
Description copied from interface:UserSecurityPolicy
Gets the policy of how long a password will be valid until it expires.- Specified by:
getPasswordExpirationDays
in interfaceUserSecurityPolicy
- Returns:
- the number of days until a password expires. (or -1 for disabled)
-
setPasswordExpirationDays
public void setPasswordExpirationDays(int passwordExpiry)
Description copied from interface:UserSecurityPolicy
Sets the policy of how long a password will be valid until it expires.- Specified by:
setPasswordExpirationDays
in interfaceUserSecurityPolicy
- Parameters:
passwordExpiry
- the number of days until a password expires. (or -1 to disable)
-
getUserValidationSettings
public UserValidationSettings getUserValidationSettings()
Description copied from interface:UserSecurityPolicy
Get the Validation Settings.- Specified by:
getUserValidationSettings
in interfaceUserSecurityPolicy
- Returns:
- the validation settings.
-
setUserValidationSettings
public void setUserValidationSettings(UserValidationSettings settings)
Description copied from interface:UserSecurityPolicy
Set the Validation Settings.- Specified by:
setUserValidationSettings
in interfaceUserSecurityPolicy
- Parameters:
settings
- the settings.
-
getRememberMeCookieSettings
public CookieSettings getRememberMeCookieSettings()
Description copied from interface:UserSecurityPolicy
Get the Remember Me Settings.- Specified by:
getRememberMeCookieSettings
in interfaceUserSecurityPolicy
- Returns:
- the remember me settings.
-
getSignonCookieSettings
public CookieSettings getSignonCookieSettings()
Description copied from interface:UserSecurityPolicy
Get the Single Sign On Settings.- Specified by:
getSignonCookieSettings
in interfaceUserSecurityPolicy
- Returns:
- the single sign on settings.
-
getConfig
public UserConfiguration getConfig()
-
setConfig
public void setConfig(UserConfiguration config)
-
setPasswordEncoder
public void setPasswordEncoder(PasswordEncoder passwordEncoder)
-
setRememberMeCookieSettings
public void setRememberMeCookieSettings(CookieSettings rememberMeCookieSettings)
-
setSignonCookieSettings
public void setSignonCookieSettings(CookieSettings signonCookieSettings)
-
setRules
public void setRules(List<PasswordRule> rules)
-
setDefaultPasswordRule
public void setDefaultPasswordRule(PasswordRule defaultPasswordRule)
-
-