Source code

001package org.apache.archiva.redback.policy;
002
003/*
004 * Copyright 2001-2006 The Apache Software Foundation.
005 *
006 * Licensed under the Apache License, Version 2.0 (the "License");
007 * you may not use this file except in compliance with the License.
008 * You may obtain a copy of the License at
009 *
010 *      http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018
019import org.apache.archiva.redback.users.User;
020
021import java.util.List;
022
023/**
024 * User Security Policy Settings.
025 *
026 *
027 * TODO roll password management into it's own object.
028 */
029public interface UserSecurityPolicy
030{
031    /**
032     * Get identifying string for the User Security Policy implementation.
033     *
034     * @return the id for the security policy implementation.
035     */
036    String getId();
037
038    // ----------------------------------------------------------------------
039    // Password Management
040    // ----------------------------------------------------------------------
041
042    /**
043     * Gets the password encoder to use.
044     *
045     * @return the PasswordEncoder implementation to use.
046     */
047    PasswordEncoder getPasswordEncoder();
048
049    /**
050     * Add a Specific Rule to the Password Rules List.
051     *
052     * @param rule the rule to add.
053     */
054    void addPasswordRule( PasswordRule rule );
055
056    /**
057     * Get the Password Rules List.
058     *
059     * @return the list of {@link PasswordRule} objects.
060     */
061    List<PasswordRule> getPasswordRules();
062
063    /**
064     * Set the Password Rules List.
065     *
066     * @param rules the list of {@link PasswordRule} objects.
067     */
068    void setPasswordRules( List<PasswordRule> rules );
069
070    /**
071     * Gets the count of Previous Passwords that should be tracked.
072     *
073     * @return the count of previous passwords to track.
074     */
075    int getPreviousPasswordsCount();
076
077    /**
078     * Sets the count of previous passwords that should be tracked.
079     *
080     * @param count the count of previous passwords to track.
081     */
082    void setPreviousPasswordsCount( int count );
083
084    /**
085     * Gets the count of login attempts to allow.
086     *
087     * @return the count of login attempts to allow.
088     */
089    int getLoginAttemptCount();
090
091    /**
092     * Sets the count of login attempts to allow.
093     *
094     * @param count the count of login attempts to allow.
095     */
096    void setLoginAttemptCount( int count );
097
098    /**
099     * Get the Validation Settings.
100     *
101     * @return the validation settings.
102     */
103    UserValidationSettings getUserValidationSettings();
104
105    /**
106     * Set the Validation Settings.
107     *
108     * @param settings the settings.
109     */
110    void setUserValidationSettings( UserValidationSettings settings );
111
112    /**
113     * Get the Single Sign On Settings.
114     *
115     * @return the single sign on settings.
116     */
117    CookieSettings getSignonCookieSettings();
118
119    /**
120     * Get the Remember Me Settings.
121     *
122     * @return the remember me settings.
123     */
124    CookieSettings getRememberMeCookieSettings();
125
126    /**
127     * Enable the policies or not.
128     *
129     * Useful in code when application startup or application init is being performed.
130     *
131     * @param enabled true if enabled.
132     */
133    void setEnabled( boolean enabled );
134
135    /**
136     * Determines if the policies are enabled or not.
137     *
138     * @return true if enabled.
139     */
140    boolean isEnabled();
141
142    /**
143     * Sets the policy of how long a password will be valid until it expires.
144     *
145     * @param passwordExpiry the number of days until a password expires. (or -1 to disable)
146     */
147    void setPasswordExpirationDays( int passwordExpiry );
148
149    /**
150     * Gets the policy of how long a password will be valid until it expires.
151     *
152     * @return the number of days until a password expires. (or -1 for disabled)
153     */
154    int getPasswordExpirationDays();
155
156    /**
157     * Gets a list of accounts which should never be locked by security policy
158     * @return accounts that should never be locked
159     */
160    List<String> getUnlockableAccounts();
161
162    /**
163     * Sets a list of accounts which should never be locked by security policy
164     * @param unlockableAccounts
165     */
166    void setUnlockableAccounts(List<String> unlockableAccounts);
167
168    /**
169     * Extension Point - Change the password of a user.
170     *
171     * This method does not check if a user is allowed to change his/her password.
172     * Any kind of authorization checks for password change allowed on guest or
173     * anonymous users needs to occur before calling this method.
174     *
175     * This method does not persist the newly changed user password.
176     * That will require a call to {@link org.apache.archiva.redback.users.UserManager#updateUser(User)}.
177     *
178     * @param user the user password to validate, remember, and encode.
179     * @throws PasswordRuleViolationException if the new password violates the password rules
180     */
181    void extensionChangePassword( User user )
182        throws PasswordRuleViolationException;
183
184    void extensionChangePassword( User user, boolean passwordChangeRequired )
185        throws PasswordRuleViolationException;
186
187    /**
188     * Extension Point - Test User for Password Expiration.
189     *
190     * @param user the user to test password expiration against.
191     * @throws MustChangePasswordException if the password has expired
192     */
193    void extensionPasswordExpiration( User user )
194        throws MustChangePasswordException;
195
196    /**
197     * Extension Point - Test if user has excessive logins
198     *
199     * @param user the user to test excessive logins against.
200     * @throws org.apache.archiva.redback.policy.AccountLockedException if the number of logins was exceeded
201     */
202    void extensionExcessiveLoginAttempts( User user )
203        throws AccountLockedException;
204
205    /**
206     * Validate the incoming {@link User#getPassword()} against the specified
207     * PasswordRules.
208     *
209     * @param user the user to validate.
210     * @throws PasswordRuleViolationException if the password is not valid
211     */
212    void validatePassword( User user )
213        throws PasswordRuleViolationException;
214}