This project has retired. For details please refer to its Attic page.
UserSecurityPolicy xref
View Javadoc

1   package org.apache.archiva.redback.policy;
2   
3   /*
4    * Copyright 2001-2006 The Apache Software Foundation.
5    *
6    * Licensed under the Apache License, Version 2.0 (the "License");
7    * you may not use this file except in compliance with the License.
8    * You may obtain a copy of the License at
9    *
10   *      http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  
19  import org.apache.archiva.redback.users.User;
20  
21  import java.util.List;
22  
23  /**
24   * User Security Policy Settings.
25   *
26   *
27   * @todo roll password management into it's own object.
28   */
29  public interface UserSecurityPolicy
30  {
31      /**
32       * Get identifying string for the User Security Policy implementation.
33       *
34       * @return the id for the security policy implementation.
35       */
36      String getId();
37  
38      // ----------------------------------------------------------------------
39      // Password Management
40      // ----------------------------------------------------------------------
41  
42      /**
43       * Gets the password encoder to use.
44       *
45       * @return the PasswordEncoder implementation to use.
46       */
47      PasswordEncoder getPasswordEncoder();
48  
49      /**
50       * Add a Specific Rule to the Password Rules List.
51       *
52       * @param rule the rule to add.
53       */
54      void addPasswordRule( PasswordRule rule );
55  
56      /**
57       * Get the Password Rules List.
58       *
59       * @return the list of {@link PasswordRule} objects.
60       */
61      List<PasswordRule> getPasswordRules();
62  
63      /**
64       * Set the Password Rules List.
65       *
66       * @param rules the list of {@link PasswordRule} objects.
67       */
68      void setPasswordRules( List<PasswordRule> rules );
69  
70      /**
71       * Gets the count of Previous Passwords that should be tracked.
72       *
73       * @return the count of previous passwords to track.
74       */
75      int getPreviousPasswordsCount();
76  
77      /**
78       * Sets the count of previous passwords that should be tracked.
79       *
80       * @param count the count of previous passwords to track.
81       */
82      void setPreviousPasswordsCount( int count );
83  
84      /**
85       * Gets the count of login attempts to allow.
86       *
87       * @return the count of login attempts to allow.
88       */
89      int getLoginAttemptCount();
90  
91      /**
92       * Sets the count of login attempts to allow.
93       *
94       * @param count the count of login attempts to allow.
95       */
96      void setLoginAttemptCount( int count );
97  
98      /**
99       * Get the Validation Settings.
100      *
101      * @return the validation settings.
102      */
103     UserValidationSettings getUserValidationSettings();
104 
105     /**
106      * Set the Validation Settings.
107      *
108      * @param settings the settings.
109      */
110     void setUserValidationSettings( UserValidationSettings settings );
111 
112     /**
113      * Get the Single Sign On Settings.
114      *
115      * @return the single sign on settings.
116      */
117     CookieSettings getSignonCookieSettings();
118 
119     /**
120      * Get the Remember Me Settings.
121      *
122      * @return the remember me settings.
123      */
124     CookieSettings getRememberMeCookieSettings();
125 
126     /**
127      * Enable the policies or not.
128      * <p/>
129      * Useful in code when application startup or application init is being performed.
130      *
131      * @param enabled true if enabled.
132      */
133     void setEnabled( boolean enabled );
134 
135     /**
136      * Determines if the policies are enabled or not.
137      *
138      * @return true if enabled.
139      */
140     boolean isEnabled();
141 
142     /**
143      * Sets the policy of how long a password will be valid until it expires.
144      *
145      * @param passwordExpiry the number of days until a password expires. (or -1 to disable)
146      */
147     void setPasswordExpirationDays( int passwordExpiry );
148 
149     /**
150      * Gets the policy of how long a password will be valid until it expires.
151      *
152      * @return the number of days until a password expires. (or -1 for disabled)
153      */
154     int getPasswordExpirationDays();
155 
156     /**
157      * Gets a list of accounts which should never be locked by security policy
158      * @return accounts that should never be locked
159      */
160     List<String> getUnlockableAccounts();
161 
162     /**
163      * Sets a list of accounts which should never be locked by security policy
164      * @param unlockableAccounts
165      */
166     void setUnlockableAccounts(List<String> unlockableAccounts);
167 
168     /**
169      * Extension Point - Change the password of a user.
170      * <p/>
171      * This method does not check if a user is allowed to change his/her password.
172      * Any kind of authorization checks for password change allowed on guest or
173      * anonymous users needs to occur before calling this method.
174      * <p/>
175      * This method does not persist the newly changed user password.
176      * That will require a call to {@link org.apache.archiva.redback.users.UserManager#updateUser(User)}.
177      *
178      * @param user the user password to validate, remember, and encode.
179      * @throws PasswordRuleViolationException if the new password violates the password rules
180      */
181     void extensionChangePassword( User user )
182         throws PasswordRuleViolationException;
183 
184     void extensionChangePassword( User user, boolean passwordChangeRequired )
185         throws PasswordRuleViolationException;
186 
187     /**
188      * Extension Point - Test User for Password Expiration.
189      *
190      * @param user the user to test password expiration against.
191      * @throws MustChangePasswordException if the password has expired
192      */
193     void extensionPasswordExpiration( User user )
194         throws MustChangePasswordException;
195 
196     /**
197      * Extension Point - Test if user has excessive logins
198      *
199      * @param user the user to test excessive logins against.
200      * @throws org.apache.archiva.redback.policy.AccountLockedException if the number of logins was exceeded
201      */
202     void extensionExcessiveLoginAttempts( User user )
203         throws AccountLockedException;
204 
205     /**
206      * Validate the incoming {@link User#getPassword()} against the specified
207      * PasswordRules.
208      *
209      * @param user the user to validate.
210      * @throws PasswordRuleViolationException if the password is not valid
211      */
212     void validatePassword( User user )
213         throws PasswordRuleViolationException;
214 }