|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.apache.jetspeed.security.spi.impl.AbstractInternalPasswordCredentialInterceptorImpl
org.apache.jetspeed.security.spi.impl.PasswordExpirationInterceptor
public class PasswordExpirationInterceptor
Enforces a maximum lifespan for a password credential.
Whenon authentication
a password its expiration date is reached, its expired flag is set.
The DefaultCredentialHandler
then will fail the authentication and subsequent authentications
will fail immediately.
To ensure proper expiration handling, an empty (null) expiration date will be automatically
filled in when the credential is loaded from the persistent store using the configured
max lifespan in days.
When a password credential is created
or a password is updated
a new future expiration date is calculated.
An existing or already provided higher expiration date will be preserved though.
This allows to (pre)set a (very) high expiration date, like with InternalCredential.MAX_DATE
,
for credentials which shouldn't expire.
Constructor Summary | |
---|---|
PasswordExpirationInterceptor(int maxLifeSpanInDays)
|
Method Summary | |
---|---|
boolean |
afterAuthenticated(InternalUserPrincipal internalUser,
java.lang.String userName,
InternalCredential credential,
boolean authenticated)
Invoked during authentication after the provided password is compared against the one retrieved from the InternalCredential. |
boolean |
afterLoad(PasswordCredentialProvider pcProvider,
java.lang.String userName,
InternalCredential credential)
Invoked after a password credential is loaded from the persistent store. |
void |
beforeCreate(InternalUserPrincipal internalUser,
java.util.Collection credentials,
java.lang.String userName,
InternalCredential credential,
java.lang.String password)
Calculates and sets the default expiration date and the expired flag to false |
void |
beforeSetPassword(InternalUserPrincipal internalUser,
java.util.Collection credentials,
java.lang.String userName,
InternalCredential credential,
java.lang.String password,
boolean authenticated)
Sets a new expiration date if a higher expiration date isn't set already and resets the expired flag |
protected void |
setExpiration(InternalCredential credential)
|
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public PasswordExpirationInterceptor(int maxLifeSpanInDays)
maxLifeSpanInDays
- default lifespan of password credentials in daysMethod Detail |
---|
public boolean afterAuthenticated(InternalUserPrincipal internalUser, java.lang.String userName, InternalCredential credential, boolean authenticated) throws SecurityException
InternalPasswordCredentialInterceptor
Invoked during authentication after the provided password is compared against the one retrieved from the InternalCredential.
If true is returned, the credential is expected to be updated and its enabled
and expired
flags will checked if the credential is (still) valid.
Note: the enabled and expired flags are only checked if this method returns true.
A thrown SecurityException will be passed on to the authentication requestor.
afterAuthenticated
in interface InternalPasswordCredentialInterceptor
afterAuthenticated
in class AbstractInternalPasswordCredentialInterceptorImpl
internalUser
- the user to which the credential belongsuserName
- the name of the principal to which the credential belongscredential
- the credential of the userauthenticated
- true if the provided password matches the value of the credential
SecurityException
InternalPasswordCredentialInterceptor.afterAuthenticated(org.apache.jetspeed.security.om.InternalUserPrincipal, java.lang.String, org.apache.jetspeed.security.om.InternalCredential, boolean)
public boolean afterLoad(PasswordCredentialProvider pcProvider, java.lang.String userName, InternalCredential credential) throws SecurityException
InternalPasswordCredentialInterceptor
Invoked after a password credential is loaded from the persistent store.
If true is returned the credential is expected to be updated and its changes will be stored again.
A thrown SecurityException will be logged as an error and result in the credential to be ignored as if not existing (like for authentication).
afterLoad
in interface InternalPasswordCredentialInterceptor
afterLoad
in class AbstractInternalPasswordCredentialInterceptorImpl
pcProvider
- provides callback access to for instance the configured CredentialPasswordEncoder
and
CredentialPasswordValidator
userName
- the name of the principal to which the credential belongscredential
- the credential just loaded from the persistent store
SecurityException
InternalPasswordCredentialInterceptor.afterLoad(org.apache.jetspeed.security.spi.PasswordCredentialProvider, java.lang.String, org.apache.jetspeed.security.om.InternalCredential)
public void beforeCreate(InternalUserPrincipal internalUser, java.util.Collection credentials, java.lang.String userName, InternalCredential credential, java.lang.String password) throws SecurityException
beforeCreate
in interface InternalPasswordCredentialInterceptor
beforeCreate
in class AbstractInternalPasswordCredentialInterceptorImpl
internalUser
- the user to which the credential belongscredentials
- the collection of credentials which will set on the user after (already contains the new credential)userName
- the name of the principal to which the credential belongscredential
- the credential of the userpassword
- the new password value (already set on the new credential)
SecurityException
InternalPasswordCredentialInterceptor.beforeCreate(org.apache.jetspeed.security.om.InternalUserPrincipal, java.util.Collection, java.lang.String, InternalCredential, java.lang.String)
public void beforeSetPassword(InternalUserPrincipal internalUser, java.util.Collection credentials, java.lang.String userName, InternalCredential credential, java.lang.String password, boolean authenticated) throws SecurityException
beforeSetPassword
in interface InternalPasswordCredentialInterceptor
beforeSetPassword
in class AbstractInternalPasswordCredentialInterceptorImpl
internalUser
- the user to which the credential belongscredentials
- the collection of credentials which will set on the user after (already contains the new credential)userName
- the name of the principal to which the credential belongscredential
- the credential of the userpassword
- the new password value (already set on the new credential)authenticated
- true if the new password value is provided by the user directly
SecurityException
InternalPasswordCredentialInterceptor.beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal, java.util.Collection, java.lang.String, org.apache.jetspeed.security.om.InternalCredential, java.lang.String, boolean)
protected void setExpiration(InternalCredential credential)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |