1 package org.apache.archiva.redback.policy; 2 3 /* 4 * Copyright 2001-2006 The Apache Software Foundation. 5 * 6 * Licensed under the Apache License, Version 2.0 (the "License"); 7 * you may not use this file except in compliance with the License. 8 * You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, software 13 * distributed under the License is distributed on an "AS IS" BASIS, 14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 * See the License for the specific language governing permissions and 16 * limitations under the License. 17 */ 18 19 import org.apache.archiva.redback.users.User; 20 21 import java.util.List; 22 23 /** 24 * User Security Policy Settings. 25 * 26 * 27 * @todo roll password management into it's own object. 28 */ 29 public interface UserSecurityPolicy 30 { 31 /** 32 * Get identifying string for the User Security Policy implementation. 33 * 34 * @return the id for the security policy implementation. 35 */ 36 String getId(); 37 38 // ---------------------------------------------------------------------- 39 // Password Management 40 // ---------------------------------------------------------------------- 41 42 /** 43 * Gets the password encoder to use. 44 * 45 * @return the PasswordEncoder implementation to use. 46 */ 47 PasswordEncoder getPasswordEncoder(); 48 49 /** 50 * Add a Specific Rule to the Password Rules List. 51 * 52 * @param rule the rule to add. 53 */ 54 void addPasswordRule( PasswordRule rule ); 55 56 /** 57 * Get the Password Rules List. 58 * 59 * @return the list of {@link PasswordRule} objects. 60 */ 61 List<PasswordRule> getPasswordRules(); 62 63 /** 64 * Set the Password Rules List. 65 * 66 * @param rules the list of {@link PasswordRule} objects. 67 */ 68 void setPasswordRules( List<PasswordRule> rules ); 69 70 /** 71 * Gets the count of Previous Passwords that should be tracked. 72 * 73 * @return the count of previous passwords to track. 74 */ 75 int getPreviousPasswordsCount(); 76 77 /** 78 * Sets the count of previous passwords that should be tracked. 79 * 80 * @param count the count of previous passwords to track. 81 */ 82 void setPreviousPasswordsCount( int count ); 83 84 /** 85 * Gets the count of login attempts to allow. 86 * 87 * @return the count of login attempts to allow. 88 */ 89 int getLoginAttemptCount(); 90 91 /** 92 * Sets the count of login attempts to allow. 93 * 94 * @param count the count of login attempts to allow. 95 */ 96 void setLoginAttemptCount( int count ); 97 98 /** 99 * Get the Validation Settings. 100 * 101 * @return the validation settings. 102 */ 103 UserValidationSettings getUserValidationSettings(); 104 105 /** 106 * Set the Validation Settings. 107 * 108 * @param settings the settings. 109 */ 110 void setUserValidationSettings( UserValidationSettings settings ); 111 112 /** 113 * Get the Single Sign On Settings. 114 * 115 * @return the single sign on settings. 116 */ 117 CookieSettings getSignonCookieSettings(); 118 119 /** 120 * Get the Remember Me Settings. 121 * 122 * @return the remember me settings. 123 */ 124 CookieSettings getRememberMeCookieSettings(); 125 126 /** 127 * Enable the policies or not. 128 * <p/> 129 * Useful in code when application startup or application init is being performed. 130 * 131 * @param enabled true if enabled. 132 */ 133 void setEnabled( boolean enabled ); 134 135 /** 136 * Determines if the policies are enabled or not. 137 * 138 * @return true if enabled. 139 */ 140 boolean isEnabled(); 141 142 /** 143 * Sets the policy of how long a password will be valid until it expires. 144 * 145 * @param passwordExpiry the number of days until a password expires. (or -1 to disable) 146 */ 147 void setPasswordExpirationDays( int passwordExpiry ); 148 149 /** 150 * Gets the policy of how long a password will be valid until it expires. 151 * 152 * @return the number of days until a password expires. (or -1 for disabled) 153 */ 154 int getPasswordExpirationDays(); 155 156 /** 157 * Gets a list of accounts which should never be locked by security policy 158 * @return accounts that should never be locked 159 */ 160 List<String> getUnlockableAccounts(); 161 162 /** 163 * Sets a list of accounts which should never be locked by security policy 164 * @param unlockableAccounts 165 */ 166 void setUnlockableAccounts(List<String> unlockableAccounts); 167 168 /** 169 * Extension Point - Change the password of a user. 170 * <p/> 171 * This method does not check if a user is allowed to change his/her password. 172 * Any kind of authorization checks for password change allowed on guest or 173 * anonymous users needs to occur before calling this method. 174 * <p/> 175 * This method does not persist the newly changed user password. 176 * That will require a call to {@link org.apache.archiva.redback.users.UserManager#updateUser(User)}. 177 * 178 * @param user the user password to validate, remember, and encode. 179 * @throws PasswordRuleViolationException if the new password violates the password rules 180 */ 181 void extensionChangePassword( User user ) 182 throws PasswordRuleViolationException; 183 184 void extensionChangePassword( User user, boolean passwordChangeRequired ) 185 throws PasswordRuleViolationException; 186 187 /** 188 * Extension Point - Test User for Password Expiration. 189 * 190 * @param user the user to test password expiration against. 191 * @throws MustChangePasswordException if the password has expired 192 */ 193 void extensionPasswordExpiration( User user ) 194 throws MustChangePasswordException; 195 196 /** 197 * Extension Point - Test if user has excessive logins 198 * 199 * @param user the user to test excessive logins against. 200 * @throws org.apache.archiva.redback.policy.AccountLockedException if the number of logins was exceeded 201 */ 202 void extensionExcessiveLoginAttempts( User user ) 203 throws AccountLockedException; 204 205 /** 206 * Validate the incoming {@link User#getPassword()} against the specified 207 * PasswordRules. 208 * 209 * @param user the user to validate. 210 * @throws PasswordRuleViolationException if the password is not valid 211 */ 212 void validatePassword( User user ) 213 throws PasswordRuleViolationException; 214 }