PasswordExpirationInterceptor (Jetspeed-2 Enterprise Portal 2.1.3 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.jetspeed.security.spi.impl
Class PasswordExpirationInterceptor

java.lang.Object
  org.apache.jetspeed.security.spi.impl.AbstractInternalPasswordCredentialInterceptorImpl
      org.apache.jetspeed.security.spi.impl.PasswordExpirationInterceptor

All Implemented Interfaces:: InternalPasswordCredentialInterceptor

public class PasswordExpirationInterceptor
extends AbstractInternalPasswordCredentialInterceptorImpl
extends AbstractInternalPasswordCredentialInterceptorImpl

Enforces a maximum lifespan for a password credential.

When on authentication a password its expiration date is reached, its expired flag is set. The DefaultCredentialHandler then will fail the authentication and subsequent authentications will fail immediately.

To ensure proper expiration handling, an empty (null) expiration date will be automatically filled in when the credential is loaded from the persistent store using the configured max lifespan in days.

When a password credential is created or a password is updated a new future expiration date is calculated.

An existing or already provided higher expiration date will be preserved though. This allows to (pre)set a (very) high expiration date, like with InternalCredential.MAX_DATE, for credentials which shouldn't expire.

Version:: $Id$
Author:: Ate Douma

Constructor Summary
`PasswordExpirationInterceptor(int maxLifeSpanInDays)`

Method Summary
`boolean`	`afterAuthenticated(InternalUserPrincipal internalUser, java.lang.String userName, InternalCredential credential, boolean authenticated)` Invoked during authentication after the provided password is compared against the one retrieved from the InternalCredential.
`boolean`	`afterLoad(PasswordCredentialProvider pcProvider, java.lang.String userName, InternalCredential credential)` Invoked after a password credential is loaded from the persistent store.
`void`	`beforeCreate(InternalUserPrincipal internalUser, java.util.Collection credentials, java.lang.String userName, InternalCredential credential, java.lang.String password)` Calculates and sets the default expiration date and the expired flag to false
`void`	`beforeSetPassword(InternalUserPrincipal internalUser, java.util.Collection credentials, java.lang.String userName, InternalCredential credential, java.lang.String password, boolean authenticated)` Sets a new expiration date if a higher expiration date isn't set already and resets the expired flag
`protected void`	`setExpiration(InternalCredential credential)`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

PasswordExpirationInterceptor

public PasswordExpirationInterceptor(int maxLifeSpanInDays)

Parameters:: maxLifeSpanInDays - default lifespan of password credentials in days

Method Detail

afterAuthenticated

public boolean afterAuthenticated(InternalUserPrincipal internalUser,
                                  java.lang.String userName,
                                  InternalCredential credential,
                                  boolean authenticated)
                           throws SecurityException

Description copied from interface: InternalPasswordCredentialInterceptor

Invoked during authentication after the provided password is compared against the one retrieved from the InternalCredential.

If true is returned, the credential is expected to be updated and its enabled and expired flags will checked if the credential is (still) valid.

Note: the enabled and expired flags are only checked if this method returns true.

A thrown SecurityException will be passed on to the authentication requestor.

Specified by:: afterAuthenticated in interface InternalPasswordCredentialInterceptor
Overrides:: afterAuthenticated in class AbstractInternalPasswordCredentialInterceptorImpl

Parameters:: internalUser - the user to which the credential belongs; userName - the name of the principal to which the credential belongs; credential - the credential of the user; authenticated - true if the provided password matches the value of the credential
Returns:: true when the password credential is now expired
Throws:: SecurityException
See Also:: InternalPasswordCredentialInterceptor.afterAuthenticated(org.apache.jetspeed.security.om.InternalUserPrincipal, java.lang.String, org.apache.jetspeed.security.om.InternalCredential, boolean)

afterLoad

public boolean afterLoad(PasswordCredentialProvider pcProvider,
                         java.lang.String userName,
                         InternalCredential credential)
                  throws SecurityException

Description copied from interface: InternalPasswordCredentialInterceptor

Invoked after a password credential is loaded from the persistent store.

If true is returned the credential is expected to be updated and its changes will be stored again.

A thrown SecurityException will be logged as an error and result in the credential to be ignored as if not existing (like for authentication).

Specified by:: afterLoad in interface InternalPasswordCredentialInterceptor
Overrides:: afterLoad in class AbstractInternalPasswordCredentialInterceptorImpl

Parameters:: pcProvider - provides callback access to for instance the configured CredentialPasswordEncoder and CredentialPasswordValidator; userName - the name of the principal to which the credential belongs; credential - the credential just loaded from the persistent store
Returns:: true when a new default expiration date is set
Throws:: SecurityException
See Also:: InternalPasswordCredentialInterceptor.afterLoad(org.apache.jetspeed.security.spi.PasswordCredentialProvider, java.lang.String, org.apache.jetspeed.security.om.InternalCredential)

beforeCreate

public void beforeCreate(InternalUserPrincipal internalUser,
                         java.util.Collection credentials,
                         java.lang.String userName,
                         InternalCredential credential,
                         java.lang.String password)
                  throws SecurityException

Calculates and sets the default expiration date and the expired flag to false

Specified by:: beforeCreate in interface InternalPasswordCredentialInterceptor
Overrides:: beforeCreate in class AbstractInternalPasswordCredentialInterceptorImpl

Parameters:: internalUser - the user to which the credential belongs; credentials - the collection of credentials which will set on the user after (already contains the new credential); userName - the name of the principal to which the credential belongs; credential - the credential of the user; password - the new password value (already set on the new credential)
Throws:: SecurityException
See Also:: InternalPasswordCredentialInterceptor.beforeCreate(org.apache.jetspeed.security.om.InternalUserPrincipal, java.util.Collection, java.lang.String, InternalCredential, java.lang.String)

beforeSetPassword

public void beforeSetPassword(InternalUserPrincipal internalUser,
                              java.util.Collection credentials,
                              java.lang.String userName,
                              InternalCredential credential,
                              java.lang.String password,
                              boolean authenticated)
                       throws SecurityException

Sets a new expiration date if a higher expiration date isn't set already and resets the expired flag

Specified by:: beforeSetPassword in interface InternalPasswordCredentialInterceptor
Overrides:: beforeSetPassword in class AbstractInternalPasswordCredentialInterceptorImpl

Parameters:: internalUser - the user to which the credential belongs; credentials - the collection of credentials which will set on the user after (already contains the new credential); userName - the name of the principal to which the credential belongs; credential - the credential of the user; password - the new password value (already set on the new credential); authenticated - true if the new password value is provided by the user directly
Throws:: SecurityException
See Also:: InternalPasswordCredentialInterceptor.beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal, java.util.Collection, java.lang.String, org.apache.jetspeed.security.om.InternalCredential, java.lang.String, boolean)

setExpiration

protected void setExpiration(InternalCredential credential)