001 /*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License"). You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at
010 * trunk/opends/resource/legal-notices/OpenDS.LICENSE
011 * or https://OpenDS.dev.java.net/OpenDS.LICENSE.
012 * See the License for the specific language governing permissions
013 * and limitations under the License.
014 *
015 * When distributing Covered Code, include this CDDL HEADER in each
016 * file and include the License file at
017 * trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
018 * add the following below this CDDL HEADER, with the fields enclosed
019 * by brackets "[]" replaced with your own identifying information:
020 * Portions Copyright [yyyy] [name of copyright owner]
021 *
022 * CDDL HEADER END
023 *
024 *
025 * Copyright 2006-2008 Sun Microsystems, Inc.
026 */
027 package org.opends.server.api;
028 import org.opends.messages.Message;
029
030
031
032 import java.util.List;
033 import java.util.Set;
034
035 import org.opends.server.admin.std.server.PasswordValidatorCfg;
036 import org.opends.server.config.ConfigException;
037 import org.opends.server.types.ByteString;
038 import org.opends.server.types.Entry;
039 import org.opends.server.types.InitializationException;
040 import org.opends.server.types.Operation;
041
042 import org.opends.messages.MessageBuilder;
043
044
045 /**
046 * This class defines the set of methods and structures that must be
047 * implemented by a Directory Server module that may be used to
048 * determine whether a proposed password is acceptable for a user.
049 *
050 * @param <T> The type of configuration handled by this password
051 * validator.
052 */
053 @org.opends.server.types.PublicAPI(
054 stability=org.opends.server.types.StabilityLevel.UNCOMMITTED,
055 mayInstantiate=false,
056 mayExtend=true,
057 mayInvoke=false)
058 public abstract class PasswordValidator
059 <T extends PasswordValidatorCfg>
060 {
061 /**
062 * Initializes this password validator based on the information in
063 * the provided configuration entry.
064 *
065 * @param configuration The configuration to use to initialize
066 * this password validator.
067 *
068 * @throws ConfigException If an unrecoverable problem arises in
069 * the process of performing the
070 * initialization.
071 *
072 * @throws InitializationException If a problem occurs during
073 * initialization that is not
074 * related to the server
075 * configuration.
076 */
077 public abstract void initializePasswordValidator(T configuration)
078 throws ConfigException, InitializationException;
079
080
081
082 /**
083 * Indicates whether the provided configuration is acceptable for
084 * this password validator. It should be possible to call this
085 * method on an uninitialized password validator instance in order
086 * to determine whether the password validator would be able to use
087 * the provided configuration.
088 * <BR><BR>
089 * Note that implementations which use a subclass of the provided
090 * configuration class will likely need to cast the configuration
091 * to the appropriate subclass type.
092 *
093 * @param configuration The password validator configuration
094 * for which to make the determination.
095 * @param unacceptableReasons A list that may be used to hold the
096 * reasons that the provided
097 * configuration is not acceptable.
098 *
099 * @return {@code true} if the provided configuration is acceptable
100 * for this password validator, or {@code false} if not.
101 */
102 public boolean isConfigurationAcceptable(
103 PasswordValidatorCfg configuration,
104 List<Message> unacceptableReasons)
105 {
106 // This default implementation does not perform any special
107 // validation. It should be overridden by password validator
108 // implementations that wish to perform more detailed validation.
109 return true;
110 }
111
112
113
114 /**
115 * Performs any finalization that might be required when this
116 * password validator is unloaded. No action is taken in the
117 * default implementation.
118 */
119 public void finalizePasswordValidator()
120 {
121 // No action is required by default.
122 }
123
124
125
126 /**
127 * Indicates whether the provided password is acceptable for use by
128 * the specified user. If the password is determined to be
129 * unacceptable, then a human-readable explanation should be
130 * appended to the provided buffer.
131 *
132 * @param newPassword The proposed clear-text password that
133 * should be validated.
134 * @param currentPasswords The set of clear-text current passwords
135 * for the user (if available). Note that
136 * the current passwords may not always be
137 * available, and this may not comprise
138 * entire set of passwords currently
139 * for the user.
140 * @param operation The operation that is being used to set
141 * the password. It may be an add, a
142 * modify, or a password modify operation.
143 * @param userEntry The entry for the user whose password
144 * is being changed.
145 * @param invalidReason The buffer to which the human-readable
146 * explanation should be appended if it is
147 * determined that the password is not
148 * acceptable.
149 *
150 * @return {@code true} if the password is acceptable, or
151 * {@code false} if not.
152 */
153 public abstract boolean passwordIsAcceptable(ByteString newPassword,
154 Set<ByteString> currentPasswords,
155 Operation operation,
156 Entry userEntry,
157 MessageBuilder invalidReason);
158 }
159