Interface UserSecurityPolicy
-
- All Known Implementing Classes:
DefaultUserSecurityPolicy
public interface UserSecurityPolicy
User Security Policy Settings. TODO roll password management into it's own object.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description void
addPasswordRule(PasswordRule rule)
Add a Specific Rule to the Password Rules List.void
extensionChangePassword(User user)
Extension Point - Change the password of a user.void
extensionChangePassword(User user, boolean passwordChangeRequired)
void
extensionExcessiveLoginAttempts(User user)
Extension Point - Test if user has excessive loginsvoid
extensionPasswordExpiration(User user)
Extension Point - Test User for Password Expiration.String
getId()
Get identifying string for the User Security Policy implementation.int
getLoginAttemptCount()
Gets the count of login attempts to allow.PasswordEncoder
getPasswordEncoder()
Gets the password encoder to use.int
getPasswordExpirationDays()
Gets the policy of how long a password will be valid until it expires.List<PasswordRule>
getPasswordRules()
Get the Password Rules List.int
getPreviousPasswordsCount()
Gets the count of Previous Passwords that should be tracked.CookieSettings
getRememberMeCookieSettings()
Get the Remember Me Settings.CookieSettings
getSignonCookieSettings()
Get the Single Sign On Settings.List<String>
getUnlockableAccounts()
Gets a list of accounts which should never be locked by security policyUserValidationSettings
getUserValidationSettings()
Get the Validation Settings.boolean
isEnabled()
Determines if the policies are enabled or not.void
setEnabled(boolean enabled)
Enable the policies or not.void
setLoginAttemptCount(int count)
Sets the count of login attempts to allow.void
setPasswordExpirationDays(int passwordExpiry)
Sets the policy of how long a password will be valid until it expires.void
setPasswordRules(List<PasswordRule> rules)
Set the Password Rules List.void
setPreviousPasswordsCount(int count)
Sets the count of previous passwords that should be tracked.void
setUnlockableAccounts(List<String> unlockableAccounts)
Sets a list of accounts which should never be locked by security policyvoid
setUserValidationSettings(UserValidationSettings settings)
Set the Validation Settings.void
validatePassword(User user)
Validate the incomingUser.getPassword()
against the specified PasswordRules.
-
-
-
Method Detail
-
getId
String getId()
Get identifying string for the User Security Policy implementation.- Returns:
- the id for the security policy implementation.
-
getPasswordEncoder
PasswordEncoder getPasswordEncoder()
Gets the password encoder to use.- Returns:
- the PasswordEncoder implementation to use.
-
addPasswordRule
void addPasswordRule(PasswordRule rule)
Add a Specific Rule to the Password Rules List.- Parameters:
rule
- the rule to add.
-
getPasswordRules
List<PasswordRule> getPasswordRules()
Get the Password Rules List.- Returns:
- the list of
PasswordRule
objects.
-
setPasswordRules
void setPasswordRules(List<PasswordRule> rules)
Set the Password Rules List.- Parameters:
rules
- the list ofPasswordRule
objects.
-
getPreviousPasswordsCount
int getPreviousPasswordsCount()
Gets the count of Previous Passwords that should be tracked.- Returns:
- the count of previous passwords to track.
-
setPreviousPasswordsCount
void setPreviousPasswordsCount(int count)
Sets the count of previous passwords that should be tracked.- Parameters:
count
- the count of previous passwords to track.
-
getLoginAttemptCount
int getLoginAttemptCount()
Gets the count of login attempts to allow.- Returns:
- the count of login attempts to allow.
-
setLoginAttemptCount
void setLoginAttemptCount(int count)
Sets the count of login attempts to allow.- Parameters:
count
- the count of login attempts to allow.
-
getUserValidationSettings
UserValidationSettings getUserValidationSettings()
Get the Validation Settings.- Returns:
- the validation settings.
-
setUserValidationSettings
void setUserValidationSettings(UserValidationSettings settings)
Set the Validation Settings.- Parameters:
settings
- the settings.
-
getSignonCookieSettings
CookieSettings getSignonCookieSettings()
Get the Single Sign On Settings.- Returns:
- the single sign on settings.
-
getRememberMeCookieSettings
CookieSettings getRememberMeCookieSettings()
Get the Remember Me Settings.- Returns:
- the remember me settings.
-
setEnabled
void setEnabled(boolean enabled)
Enable the policies or not. Useful in code when application startup or application init is being performed.- Parameters:
enabled
- true if enabled.
-
isEnabled
boolean isEnabled()
Determines if the policies are enabled or not.- Returns:
- true if enabled.
-
setPasswordExpirationDays
void setPasswordExpirationDays(int passwordExpiry)
Sets the policy of how long a password will be valid until it expires.- Parameters:
passwordExpiry
- the number of days until a password expires. (or -1 to disable)
-
getPasswordExpirationDays
int getPasswordExpirationDays()
Gets the policy of how long a password will be valid until it expires.- Returns:
- the number of days until a password expires. (or -1 for disabled)
-
getUnlockableAccounts
List<String> getUnlockableAccounts()
Gets a list of accounts which should never be locked by security policy- Returns:
- accounts that should never be locked
-
setUnlockableAccounts
void setUnlockableAccounts(List<String> unlockableAccounts)
Sets a list of accounts which should never be locked by security policy- Parameters:
unlockableAccounts
-
-
extensionChangePassword
void extensionChangePassword(User user) throws PasswordRuleViolationException
Extension Point - Change the password of a user. This method does not check if a user is allowed to change his/her password. Any kind of authorization checks for password change allowed on guest or anonymous users needs to occur before calling this method. This method does not persist the newly changed user password. That will require a call toUserManager.updateUser(User)
.- Parameters:
user
- the user password to validate, remember, and encode.- Throws:
PasswordRuleViolationException
- if the new password violates the password rules
-
extensionChangePassword
void extensionChangePassword(User user, boolean passwordChangeRequired) throws PasswordRuleViolationException
- Throws:
PasswordRuleViolationException
-
extensionPasswordExpiration
void extensionPasswordExpiration(User user) throws MustChangePasswordException
Extension Point - Test User for Password Expiration.- Parameters:
user
- the user to test password expiration against.- Throws:
MustChangePasswordException
- if the password has expired
-
extensionExcessiveLoginAttempts
void extensionExcessiveLoginAttempts(User user) throws AccountLockedException
Extension Point - Test if user has excessive logins- Parameters:
user
- the user to test excessive logins against.- Throws:
AccountLockedException
- if the number of logins was exceeded
-
validatePassword
void validatePassword(User user) throws PasswordRuleViolationException
Validate the incomingUser.getPassword()
against the specified PasswordRules.- Parameters:
user
- the user to validate.- Throws:
PasswordRuleViolationException
- if the password is not valid
-
-