|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.apache.jetspeed.security.spi.impl.AbstractInternalPasswordCredentialInterceptorImpl
org.apache.jetspeed.security.spi.impl.PasswordHistoryInterceptor
public class PasswordHistoryInterceptor
Maintains a configurable FIFO stack of used password credentials for a principal. It also requires a unique password (with regards to the values currently in the stack) when a password is changed directly by the user itself.
The historical passwords are maintained as InternalCredential
instances with as classname
value HISTORICAL_PASSWORD_CREDENTIAL
to distinguish them from the current password credential.
Implementation Note:
When a new password is about to be saved, a new copy of the current credential is saved as
a historic password credential. This means that the current password credential instance,
and thus also its key
, remains the same.
Field Summary | |
---|---|
static java.lang.String |
HISTORICAL_PASSWORD_CREDENTIAL
Value used for InternalCredential.getClassname() to distinguish from current password credentials |
Constructor Summary | |
---|---|
PasswordHistoryInterceptor(int historySize)
|
Method Summary | |
---|---|
void |
beforeSetPassword(InternalUserPrincipal internalUser,
java.util.Collection credentials,
java.lang.String userName,
InternalCredential credential,
java.lang.String password,
boolean authenticated)
Invoked when a new password value is to be saved for a user. |
Methods inherited from class org.apache.jetspeed.security.spi.impl.AbstractInternalPasswordCredentialInterceptorImpl |
---|
afterAuthenticated, afterLoad, beforeCreate |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final java.lang.String HISTORICAL_PASSWORD_CREDENTIAL
InternalCredential.getClassname()
to distinguish from current password credentials
Constructor Detail |
---|
public PasswordHistoryInterceptor(int historySize)
historySize
- stack size maintained for historical passwordsMethod Detail |
---|
public void beforeSetPassword(InternalUserPrincipal internalUser, java.util.Collection credentials, java.lang.String userName, InternalCredential credential, java.lang.String password, boolean authenticated) throws SecurityException
InternalPasswordCredentialInterceptor
Invoked when a new password value is to be saved for a user.
The new password value is not yet set on the provided credential when this callback is invoked. This allows custom history maintenance and/or auditing to be performed.
The provided authenticated flag can be used to differentiate between a new password value set directly by a user itself or through an administrative interface.
After this callback is invoked, the specified password value will be set, as well as a reset of the
updateRequired
flag, before the credential is saved.
A thrown SecurityException is passed on to the set password requestor.
beforeSetPassword
in interface InternalPasswordCredentialInterceptor
beforeSetPassword
in class AbstractInternalPasswordCredentialInterceptorImpl
internalUser
- the user to which the credential belongscredentials
- the collection of credentials which will set on the user after (already contains the new credential)userName
- the name of the principal to which the credential belongscredential
- the credential of the userpassword
- the new password value (already set on the new credential)authenticated
- true if the new password value is provided by the user directly
SecurityException
InternalPasswordCredentialInterceptor.beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal, java.util.Collection, java.lang.String, org.apache.jetspeed.security.om.InternalCredential, java.lang.String, boolean)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |