001package org.apache.archiva.redback.policy; 002 003/* 004 * Copyright 2001-2006 The Apache Software Foundation. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); 007 * you may not use this file except in compliance with the License. 008 * You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018 019import org.apache.archiva.redback.users.User; 020 021import java.util.List; 022 023/** 024 * User Security Policy Settings. 025 * 026 * 027 * TODO roll password management into it's own object. 028 */ 029public interface UserSecurityPolicy 030{ 031 /** 032 * Get identifying string for the User Security Policy implementation. 033 * 034 * @return the id for the security policy implementation. 035 */ 036 String getId(); 037 038 // ---------------------------------------------------------------------- 039 // Password Management 040 // ---------------------------------------------------------------------- 041 042 /** 043 * Gets the password encoder to use. 044 * 045 * @return the PasswordEncoder implementation to use. 046 */ 047 PasswordEncoder getPasswordEncoder(); 048 049 /** 050 * Add a Specific Rule to the Password Rules List. 051 * 052 * @param rule the rule to add. 053 */ 054 void addPasswordRule( PasswordRule rule ); 055 056 /** 057 * Get the Password Rules List. 058 * 059 * @return the list of {@link PasswordRule} objects. 060 */ 061 List<PasswordRule> getPasswordRules(); 062 063 /** 064 * Set the Password Rules List. 065 * 066 * @param rules the list of {@link PasswordRule} objects. 067 */ 068 void setPasswordRules( List<PasswordRule> rules ); 069 070 /** 071 * Gets the count of Previous Passwords that should be tracked. 072 * 073 * @return the count of previous passwords to track. 074 */ 075 int getPreviousPasswordsCount(); 076 077 /** 078 * Sets the count of previous passwords that should be tracked. 079 * 080 * @param count the count of previous passwords to track. 081 */ 082 void setPreviousPasswordsCount( int count ); 083 084 /** 085 * Gets the count of login attempts to allow. 086 * 087 * @return the count of login attempts to allow. 088 */ 089 int getLoginAttemptCount(); 090 091 /** 092 * Sets the count of login attempts to allow. 093 * 094 * @param count the count of login attempts to allow. 095 */ 096 void setLoginAttemptCount( int count ); 097 098 /** 099 * Get the Validation Settings. 100 * 101 * @return the validation settings. 102 */ 103 UserValidationSettings getUserValidationSettings(); 104 105 /** 106 * Set the Validation Settings. 107 * 108 * @param settings the settings. 109 */ 110 void setUserValidationSettings( UserValidationSettings settings ); 111 112 /** 113 * Get the Single Sign On Settings. 114 * 115 * @return the single sign on settings. 116 */ 117 CookieSettings getSignonCookieSettings(); 118 119 /** 120 * Get the Remember Me Settings. 121 * 122 * @return the remember me settings. 123 */ 124 CookieSettings getRememberMeCookieSettings(); 125 126 /** 127 * Enable the policies or not. 128 * 129 * Useful in code when application startup or application init is being performed. 130 * 131 * @param enabled true if enabled. 132 */ 133 void setEnabled( boolean enabled ); 134 135 /** 136 * Determines if the policies are enabled or not. 137 * 138 * @return true if enabled. 139 */ 140 boolean isEnabled(); 141 142 /** 143 * Sets the policy of how long a password will be valid until it expires. 144 * 145 * @param passwordExpiry the number of days until a password expires. (or -1 to disable) 146 */ 147 void setPasswordExpirationDays( int passwordExpiry ); 148 149 /** 150 * Gets the policy of how long a password will be valid until it expires. 151 * 152 * @return the number of days until a password expires. (or -1 for disabled) 153 */ 154 int getPasswordExpirationDays(); 155 156 /** 157 * Gets a list of accounts which should never be locked by security policy 158 * @return accounts that should never be locked 159 */ 160 List<String> getUnlockableAccounts(); 161 162 /** 163 * Sets a list of accounts which should never be locked by security policy 164 * @param unlockableAccounts 165 */ 166 void setUnlockableAccounts(List<String> unlockableAccounts); 167 168 /** 169 * Extension Point - Change the password of a user. 170 * 171 * This method does not check if a user is allowed to change his/her password. 172 * Any kind of authorization checks for password change allowed on guest or 173 * anonymous users needs to occur before calling this method. 174 * 175 * This method does not persist the newly changed user password. 176 * That will require a call to {@link org.apache.archiva.redback.users.UserManager#updateUser(User)}. 177 * 178 * @param user the user password to validate, remember, and encode. 179 * @throws PasswordRuleViolationException if the new password violates the password rules 180 */ 181 void extensionChangePassword( User user ) 182 throws PasswordRuleViolationException; 183 184 void extensionChangePassword( User user, boolean passwordChangeRequired ) 185 throws PasswordRuleViolationException; 186 187 /** 188 * Extension Point - Test User for Password Expiration. 189 * 190 * @param user the user to test password expiration against. 191 * @throws MustChangePasswordException if the password has expired 192 */ 193 void extensionPasswordExpiration( User user ) 194 throws MustChangePasswordException; 195 196 /** 197 * Extension Point - Test if user has excessive logins 198 * 199 * @param user the user to test excessive logins against. 200 * @throws org.apache.archiva.redback.policy.AccountLockedException if the number of logins was exceeded 201 */ 202 void extensionExcessiveLoginAttempts( User user ) 203 throws AccountLockedException; 204 205 /** 206 * Validate the incoming {@link User#getPassword()} against the specified 207 * PasswordRules. 208 * 209 * @param user the user to validate. 210 * @throws PasswordRuleViolationException if the password is not valid 211 */ 212 void validatePassword( User user ) 213 throws PasswordRuleViolationException; 214}