You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2011/10/15 01:39:26 UTC
svn commit: r1183564 -
/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/
Author: elecharny
Date: Fri Oct 14 23:39:25 2011
New Revision: 1183564
URL: http://svn.apache.org/viewvc?rev=1183564&view=rev
Log:
Still having some files to commit for interceptors decoupling
Added:
directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/
directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/DefaultPasswordValidator.java
directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyConfiguration.java
directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyException.java
directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PasswordValidator.java
directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PpolicyConfigContainer.java
Added: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/DefaultPasswordValidator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/DefaultPasswordValidator.java?rev=1183564&view=auto
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/DefaultPasswordValidator.java (added)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/DefaultPasswordValidator.java Fri Oct 14 23:39:25 2011
@@ -0,0 +1,84 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.directory.server.core.authn.ppolicy;
+
+
+/**
+ * The default password validator.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class DefaultPasswordValidator implements PasswordValidator
+{
+
+ /** the default validator's instance */
+ public final static DefaultPasswordValidator INSTANCE = new DefaultPasswordValidator();
+
+
+ /**
+ * Creates a new instance of DefaultPasswordValidator.
+ */
+ public DefaultPasswordValidator()
+ {
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public void validate( String password, String entryRdnVal ) throws PasswordPolicyException
+ {
+ checkUsernameSubstring( password, entryRdnVal );
+ //TODO add more checks
+ }
+
+
+ /**
+ * The password does not contain three letter (or more) tokens from the user's account name.
+ *
+ * If the account name is less than three characters long, this check is not performed
+ * because the rate at which passwords would be rejected is too high. For each token that is
+ * three or more characters long, that token is searched for in the password; if it is present,
+ * the password change is rejected. For example, the name "First M. Last" would be split into
+ * three tokens: "First", "M", and "Last". Because the second token is only one character long,
+ * it would be ignored. Therefore, this user could not have a password that included either
+ * "first" or "last" as a substring anywhere in the password. All of these checks are
+ * case-insensitive.
+ */
+ private void checkUsernameSubstring( String password, String username ) throws PasswordPolicyException
+ {
+ if ( username == null || username.trim().length() == 0 )
+ {
+ return;
+ }
+
+ String[] tokens = username.split( "[^a-zA-Z]" );
+
+ for ( int ii = 0; ii < tokens.length; ii++ )
+ {
+ if ( password.matches( "(?i).*" + tokens[ii] + ".*" ) )
+ {
+ throw new PasswordPolicyException( "Password shouldn't contain parts of the username", 5 );// 5 == PasswordPolicyErrorEnum.INSUFFICIENT_PASSWORD_QUALITY
+ }
+ }
+ }
+
+}
Added: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyConfiguration.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyConfiguration.java?rev=1183564&view=auto
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyConfiguration.java (added)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyConfiguration.java Fri Oct 14 23:39:25 2011
@@ -0,0 +1,529 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.directory.server.core.authn.ppolicy;
+
+
+import org.apache.directory.shared.ldap.model.constants.SchemaConstants;
+import org.apache.directory.shared.ldap.model.exception.LdapException;
+
+
+/**
+ * A simple pojo holding the password policy configuration base on
+ * <a href="http://tools.ietf.org/html/draft-behera-ldap-password-policy-10">this draft</a>.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class PasswordPolicyConfiguration
+{
+ /** the name of the attribute to which the password policy is applied.
+ * Currently only "userPassword" attribute is supported
+ */
+ private String pwdAttribute = SchemaConstants.USER_PASSWORD_AT;
+
+ /**
+ * holds the number of seconds that must elapse between modifications to the password.
+ * Default value is 0
+ */
+ private int pwdMinAge = 0;
+
+ /**
+ * holds the number of seconds after which a modified password will expire.
+ * Default value is 0, does not expire. If not 0, the value must be greater than or equal
+ * to the value of the pwdMinAge.
+ */
+ private int pwdMaxAge = 0;
+
+ /**
+ * specifies the maximum number of used passwords stored in the pwdHistory attribute.
+ * Default value is 0, no password history maintained
+ */
+ private int pwdInHistory = 0;
+
+ /** indicates how the password quality will be verified while being modified or added.
+ * Default value 0, do not check
+ */
+ private int pwdCheckQuality = 0;
+
+ /** this attribute holds the minimum number of characters that must be used in a password.
+ * Default value 0, no minimum length enforced
+ */
+ private int pwdMinLength = 0;
+
+ /**
+ * this attribute holds the maximum number of characters that may be used in a password.
+ * Default value 0, no maximum length enforced
+ */
+ private int pwdMaxLength = 0;
+
+ /**
+ * the maximum number of seconds before a password is due to expire that expiration warning
+ * messages will be returned to an authenticating user.
+ * Default value is 0, never send a warning message.
+ */
+ private int pwdExpireWarning = 0;
+
+ /**
+ * the number of times an expired password can be used to authenticate.
+ * Default value is 0, do not allow a expired password for authentication.
+ */
+ private int pwdGraceAuthNLimit = 0;
+
+ /**
+ * specifies the number of seconds the grace authentications are valid
+ * Default value is 0, no limit.
+ */
+ private int pwdGraceExpire = 0;
+
+ /**
+ * flag to indicate if the account needs to be locked after a specified number of
+ * consecutive failed bind attempts. The maximum number of consecutive
+ * failed bind attempts is specified in {@link #pwdMaxFailure}
+ */
+ private boolean pwdLockout = false;
+
+ /**
+ * the number of seconds that the password cannot be used to authenticate due to
+ * too many failed bind attempts.
+ * Default value is 300 seconds.
+ */
+ private int pwdLockoutDuration = 300;
+
+ /**
+ * the number of consecutive failed bind attempts after which the password may not
+ * be used to authenticate.
+ * Default value is 0, no limit on the number of authentication failures
+ */
+ private int pwdMaxFailure = 0;
+
+ /**
+ * the number of seconds after which the password failures are purged from the failure counter.
+ * Default value is 0, reset all pwdFailureTimes after a successful authentication.
+ */
+ private int pwdFailureCountInterval = 0;
+
+ /**
+ * flag to indicate if the password must be changed by the user after they bind to the
+ * directory after a password is set or reset by a password administrator.
+ * Default value is false, no need to change the password by user.
+ */
+ private boolean pwdMustChange = false;
+
+ /** indicates whether users can change their own passwords. Default value is true, allow change */
+ private boolean pwdAllowUserChange = true;
+
+ /**
+ * flag to specify whether or not the existing password must be sent along with the
+ * new password when being changed.
+ * Default value is false.
+ */
+ private boolean pwdSafeModify = false;
+
+ /**
+ * the number of seconds to delay responding to the first failed authentication attempt
+ * Default value 0, no delay.
+ */
+ private int pwdMinDelay = 0;
+
+ /** the maximum number of seconds to delay when responding to a failed authentication attempt.*/
+ private int pwdMaxDelay = 0;
+
+ /**
+ * the number of seconds an account may remain unused before it becomes locked
+ * Default value is 0, no check for idle time.
+ */
+ private int pwdMaxIdle = 0;
+
+ /** validator used for checking the quality of password */
+ //TODO to be injected from config
+ private PasswordValidator pwdValidator = DefaultPasswordValidator.INSTANCE;
+
+ public String getPwdAttribute()
+ {
+ return pwdAttribute;
+ }
+
+
+ public void setPwdAttribute( String pwdAttribute )
+ {
+ this.pwdAttribute = pwdAttribute;
+ }
+
+
+ public int getPwdMinAge()
+ {
+ return pwdMinAge;
+ }
+
+
+ public void setPwdMinAge( int pwdMinAge )
+ {
+ this.pwdMinAge = pwdMinAge;
+ }
+
+
+ public int getPwdMaxAge()
+ {
+ return pwdMaxAge;
+ }
+
+
+ public void setPwdMaxAge( int pwdMaxAge )
+ {
+ this.pwdMaxAge = pwdMaxAge;
+ }
+
+
+ public int getPwdInHistory()
+ {
+ return pwdInHistory;
+ }
+
+
+ public void setPwdInHistory( int pwdInHistory )
+ {
+ this.pwdInHistory = pwdInHistory;
+ }
+
+
+ public int getPwdCheckQuality()
+ {
+ return pwdCheckQuality;
+ }
+
+
+ public void setPwdCheckQuality( int pwdCheckQuality )
+ {
+ this.pwdCheckQuality = pwdCheckQuality;
+ }
+
+
+ public int getPwdMinLength()
+ {
+ return pwdMinLength;
+ }
+
+
+ public void setPwdMinLength( int pwdMinLength )
+ {
+ this.pwdMinLength = pwdMinLength;
+ }
+
+
+ public int getPwdMaxLength()
+ {
+ return pwdMaxLength;
+ }
+
+
+ public void setPwdMaxLength( int pwdMaxLength )
+ {
+ this.pwdMaxLength = pwdMaxLength;
+ }
+
+
+ public int getPwdExpireWarning()
+ {
+ return pwdExpireWarning;
+ }
+
+
+ public void setPwdExpireWarning( int pwdExpireWarning )
+ {
+ this.pwdExpireWarning = pwdExpireWarning;
+ }
+
+
+ public int getPwdGraceAuthNLimit()
+ {
+ return pwdGraceAuthNLimit;
+ }
+
+
+ public void setPwdGraceAuthNLimit( int pwdGraceAuthNLimit )
+ {
+ this.pwdGraceAuthNLimit = pwdGraceAuthNLimit;
+ }
+
+
+ public int getPwdGraceExpire()
+ {
+ return pwdGraceExpire;
+ }
+
+
+ public void setPwdGraceExpire( int pwdGraceExpire )
+ {
+ this.pwdGraceExpire = pwdGraceExpire;
+ }
+
+
+ public boolean isPwdLockout()
+ {
+ return pwdLockout;
+ }
+
+
+ public void setPwdLockout( boolean pwdLockout )
+ {
+ this.pwdLockout = pwdLockout;
+ }
+
+
+ public int getPwdLockoutDuration()
+ {
+ return pwdLockoutDuration;
+ }
+
+
+ public void setPwdLockoutDuration( int pwdLockoutDuration )
+ {
+ this.pwdLockoutDuration = pwdLockoutDuration;
+ }
+
+
+ public int getPwdMaxFailure()
+ {
+ return pwdMaxFailure;
+ }
+
+
+ public void setPwdMaxFailure( int pwdMaxFailure )
+ {
+ this.pwdMaxFailure = pwdMaxFailure;
+ }
+
+
+ public int getPwdFailureCountInterval()
+ {
+ return pwdFailureCountInterval;
+ }
+
+
+ public void setPwdFailureCountInterval( int pwdFailureCountInterval )
+ {
+ this.pwdFailureCountInterval = pwdFailureCountInterval;
+ }
+
+
+ public boolean isPwdMustChange()
+ {
+ return pwdMustChange;
+ }
+
+
+ public void setPwdMustChange( boolean pwdMustChange )
+ {
+ this.pwdMustChange = pwdMustChange;
+ }
+
+
+ public boolean isPwdAllowUserChange()
+ {
+ return pwdAllowUserChange;
+ }
+
+
+ public void setPwdAllowUserChange( boolean pwdAllowUserChange )
+ {
+ this.pwdAllowUserChange = pwdAllowUserChange;
+ }
+
+
+ public boolean isPwdSafeModify()
+ {
+ return pwdSafeModify;
+ }
+
+
+ public void setPwdSafeModify( boolean pwdSafeModify )
+ {
+ this.pwdSafeModify = pwdSafeModify;
+ }
+
+
+ public int getPwdMinDelay()
+ {
+ return pwdMinDelay;
+ }
+
+
+ public void setPwdMinDelay( int pwdMinDelay )
+ {
+ this.pwdMinDelay = pwdMinDelay;
+ }
+
+
+ public int getPwdMaxDelay()
+ {
+ return pwdMaxDelay;
+ }
+
+
+ public void setPwdMaxDelay( int pwdMaxDelay )
+ {
+ this.pwdMaxDelay = pwdMaxDelay;
+ }
+
+
+ public int getPwdMaxIdle()
+ {
+ return pwdMaxIdle;
+ }
+
+
+ public void setPwdMaxIdle( int pwdMaxIdle )
+ {
+ this.pwdMaxIdle = pwdMaxIdle;
+ }
+
+
+ /**
+ * @return the pwdValidator
+ */
+ public PasswordValidator getPwdValidator()
+ {
+ return pwdValidator;
+ }
+
+
+ /**
+ * @param pwdValidator the pwdValidator to set
+ */
+ public void setPwdValidator( PasswordValidator pwdValidator )
+ {
+ this.pwdValidator = pwdValidator;
+ }
+
+
+ /**
+ * validates the policy configuration and throws a LdapException if there are any errors
+ *
+ * @throws LdapException if there are any errors in the configuration
+ */
+ public void validate() throws LdapException
+ {
+ StringBuilder sb = new StringBuilder();
+
+ int errCount = 0;
+
+ if ( pwdMinAge < 0 )
+ {
+ sb.append( ++errCount ).append( ". password minimum age cannot be negative\n" );
+ }
+
+ if ( pwdMaxAge < 0 )
+ {
+ sb.append( ++errCount ).append( ". password maximum age cannot be negative\n" );
+ }
+
+ if ( ( pwdMaxAge > 0 ) && ( pwdMaxAge < pwdMinAge ) )
+ {
+ sb.append( ++errCount ).append( ". password maximum age should be greater than the minimum age\n" );
+ }
+
+ if ( pwdInHistory < 0 )
+ {
+ sb.append( ++errCount ).append( ". password history count cannot be negative\n" );
+ }
+
+ if ( ( pwdCheckQuality < 0 ) || ( pwdCheckQuality > 2 ) )
+ {
+ sb.append( ++errCount ).append( ". invalid password quality check value, valid values are 0, 1 and 2 \n" );
+ }
+
+ if ( pwdMinLength < 0 )
+ {
+ sb.append( ++errCount ).append( ". password minimum length cannot be negative\n" );
+ }
+
+ if ( pwdMaxLength < 0 )
+ {
+ sb.append( ++errCount ).append( ". password maximum length cannot be negative\n" );
+ }
+
+ if ( ( pwdMaxLength > 0 ) && ( pwdMaxLength < pwdMinLength ) )
+ {
+ sb.append( ++errCount ).append( ". password maximum length should be greater than minimum length\n" );
+ }
+
+ if ( pwdExpireWarning < 0 )
+ {
+ sb.append( ++errCount ).append( ". password expire warning time cannot be negative\n" );
+ }
+
+ if ( pwdGraceAuthNLimit < 0 )
+ {
+ sb.append( ++errCount ).append( ". password grace authentication limits cannot be negative\n" );
+ }
+
+ if ( pwdGraceExpire < 0 )
+ {
+ sb.append( ++errCount ).append( ". password grace expiration time cannot be negative\n" );
+ }
+
+ if ( pwdLockoutDuration < 0 )
+ {
+ sb.append( ++errCount ).append( ". password lockout duration time cannot be negative\n" );
+ }
+
+ if ( pwdMaxFailure < 0 )
+ {
+ sb.append( ++errCount ).append( ". password maximum failure count cannot be negative\n" );
+ }
+
+ if ( pwdFailureCountInterval < 0 )
+ {
+ sb.append( ++errCount ).append( ". password failure count interval time cannot be negative\n" );
+ }
+
+ if ( ( ( pwdMinDelay > 0 ) && ( pwdMaxDelay <= 0 ) )
+ || ( ( pwdMaxDelay > 0 ) && ( pwdMinDelay <= 0 ) ) )
+ {
+ sb
+ .append( ++errCount )
+ .append(
+ ". if password minimum or maximum delay time is specified then the correspomding maximu or minimum delay time should also be specified\n" );
+ }
+ else
+ // just to avoid both warnings
+ {
+ if ( pwdMinDelay < 0 )
+ {
+ sb.append( ++errCount ).append( ". password minimum delay time cannot be negative\n" );
+ }
+
+ if ( pwdMaxDelay < 0 )
+ {
+ sb.append( ++errCount ).append( ". password maximum delay time cannot be negative\n" );
+ }
+ }
+
+ if ( pwdMaxIdle < 0 )
+ {
+ sb.append( ++errCount ).append( ". password maximum idle time cannot be negative\n" );
+ }
+
+ if ( errCount > 0 )
+ {
+ throw new LdapException( "There are errors in password policy configuration\n" + sb.toString() );
+ }
+ }
+}
Added: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyException.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyException.java?rev=1183564&view=auto
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyException.java (added)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyException.java Fri Oct 14 23:39:25 2011
@@ -0,0 +1,93 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.core.authn.ppolicy;
+
+
+import org.apache.directory.shared.ldap.model.exception.LdapException;
+
+
+/**
+ * A exception class defined for PasswordPolicy related errors.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class PasswordPolicyException extends LdapException
+{
+ private static final long serialVersionUID = -9158126177779964262L;
+
+ /** password policy error code */
+ private int errorCode;
+
+ /** the array of valid error codes representing password policy errors */
+ private static final int[] VALID_CODES = {0, 1, 2, 3, 4, 5, 6, 7, 8};
+
+ public PasswordPolicyException( Throwable cause )
+ {
+ super( cause );
+ }
+
+
+ public PasswordPolicyException( String message )
+ {
+ super( message );
+ }
+
+
+ public PasswordPolicyException( String message, int errorCode )
+ {
+ super( message );
+ validateErrorCode( errorCode );
+ this.errorCode = errorCode;
+ }
+
+
+ public PasswordPolicyException( int errorCode )
+ {
+ validateErrorCode( errorCode );
+ this.errorCode = errorCode;
+ }
+
+
+ public int getErrorCode()
+ {
+ return errorCode;
+ }
+
+
+ /**
+ * this method checks if the given error code is valid or not.
+ * This method was created cause using PasswordPolicyErrorEnum class creates some
+ * unwanted dependency issues on core-api
+ *
+ * @param errorCode the error code of password policy
+ */
+ private void validateErrorCode( int errorCode )
+ {
+ for ( int i : VALID_CODES )
+ {
+ if ( i == errorCode )
+ {
+ return;
+ }
+ }
+
+ throw new IllegalArgumentException( "Unknown password policy response error code " + errorCode );
+ }
+}
Added: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PasswordValidator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PasswordValidator.java?rev=1183564&view=auto
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PasswordValidator.java (added)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PasswordValidator.java Fri Oct 14 23:39:25 2011
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.directory.server.core.authn.ppolicy;
+
+/**
+ * An interface for implementing password quality verifiers.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public interface PasswordValidator
+{
+ /**
+ * checks if the given password meets the required quality contraints.<br>
+ * <p>Note: the length based validations are already done before calling this method<br>
+ *
+ * so the implementor should concentrate on the content checking.</p>
+ *
+ * @param password the password value
+ * @param entryRdnVal the value of entry's RDN(typically this is the username) e.x 'admin' if the entry's DN is {uid/cn/etc..}=admin,ou=system
+ * @throws PasswordPolicyException if the password doesn't meet the quality contraints
+ */
+ void validate( String password, String entryRdnVal ) throws PasswordPolicyException;
+}
Added: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PpolicyConfigContainer.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PpolicyConfigContainer.java?rev=1183564&view=auto
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PpolicyConfigContainer.java (added)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ppolicy/PpolicyConfigContainer.java Fri Oct 14 23:39:25 2011
@@ -0,0 +1,113 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.directory.server.core.authn.ppolicy;
+
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.directory.shared.ldap.model.name.Dn;
+
+
+/**
+ * A container to hold all the password policies defined in the server
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class PpolicyConfigContainer
+{
+
+ /** a map holding the entry specific password policies */
+ private Map<Dn, PasswordPolicyConfiguration> ppolicyConfigMap = new HashMap<Dn, PasswordPolicyConfiguration>();
+
+ /** the default password policy */
+ private PasswordPolicyConfiguration defaultPolicy;
+
+
+ /**
+ * add a entry specific policy
+ *
+ * @param configDn the Dn where this entry's password policy is defined
+ * @param policyConfig the password policy configuration
+ */
+ public void addPolicy( Dn configDn, PasswordPolicyConfiguration policyConfig )
+ {
+ if ( configDn == null )
+ {
+ throw new IllegalArgumentException( "password policy config's Dn cannot be null" );
+ }
+
+ ppolicyConfigMap.put( configDn, policyConfig );
+ }
+
+
+ /**
+ * @return true if atleast one entry specific password policy exists, false otherwise
+ */
+ public boolean hasCustomConfigs()
+ {
+ return ( !ppolicyConfigMap.isEmpty() );
+ }
+
+
+ /**
+ * Get the password policy configuration defined at a given Dn
+ *
+ * @param configDn the Dn where password policy was configured
+ * @return
+ */
+ public PasswordPolicyConfiguration getPolicyConfig( Dn configDn )
+ {
+ return ppolicyConfigMap.get( configDn );
+ }
+
+
+ /**
+ * @return the default password policy, null if not configured
+ */
+ public PasswordPolicyConfiguration getDefaultPolicy()
+ {
+ return defaultPolicy;
+ }
+
+
+ /**
+ * Set the default password policy configuration
+ *
+ * @param defaultPolicy the password policy configuration instance
+ */
+ public void setDefaultPolicy( PasswordPolicyConfiguration defaultPolicy )
+ {
+ this.defaultPolicy = defaultPolicy;
+ }
+
+
+ /**
+ * deactivate an existing password policy.
+ *
+ * @param ppolicyConfigDn the Dn of the password policy configuration
+ * @return the deactivated password policy config object of the given reference Dn, null otherwise
+ */
+ public PasswordPolicyConfiguration removePolicyConfig( Dn ppolicyConfigDn )
+ {
+ return ppolicyConfigMap.remove( ppolicyConfigDn );
+ }
+}