View Javadoc
1   /*
2    *   Licensed to the Apache Software Foundation (ASF) under one
3    *   or more contributor license agreements.  See the NOTICE file
4    *   distributed with this work for additional information
5    *   regarding copyright ownership.  The ASF licenses this file
6    *   to you under the Apache License, Version 2.0 (the
7    *   "License"); you may not use this file except in compliance
8    *   with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   *   Unless required by applicable law or agreed to in writing,
13   *   software distributed under the License is distributed on an
14   *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *   KIND, either express or implied.  See the License for the
16   *   specific language governing permissions and limitations
17   *   under the License.
18   *
19   */
20  
21  package org.apache.directory.server.config.beans;
22  
23  
24  import org.apache.directory.api.ldap.model.constants.SchemaConstants;
25  import org.apache.directory.server.config.ConfigurationElement;
26  
27  
28  /**
29   * A simple pojo holding the password policy configuration base on 
30   * <a href="http://tools.ietf.org/html/draft-behera-ldap-password-policy-10">this draft</a>.
31   * 
32   * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
33   */
34  public class PasswordPolicyBean extends AdsBaseBean
35  {
36      /**
37       * The PasswordPolicy unique identifier
38       */
39      @ConfigurationElement(attributeType = "ads-pwdId", isRdn = true)
40      private String pwdId;
41  
42      /** the name of the attribute to which the password policy is applied. 
43       * Currently only "userPassword" attribute is supported
44       */
45      @ConfigurationElement(attributeType = "ads-pwdAttribute")
46      private String pwdAttribute = SchemaConstants.USER_PASSWORD_AT;
47  
48      /** 
49       * holds the number of seconds that must elapse between modifications to the password. 
50       * Default value is 0 
51       */
52      @ConfigurationElement(attributeType = "ads-pwdMinAge", isOptional = true, defaultValue = "0")
53      private int pwdMinAge = 0;
54  
55      /**
56       *  holds the number of seconds after which a modified password will expire.
57       *  Default value is 0, does not expire.  If not 0, the value must be greater than or equal
58       *  to the value of the pwdMinAge.
59       */
60      @ConfigurationElement(attributeType = "ads-pwdMaxAge", isOptional = true, defaultValue = "0")
61      private int pwdMaxAge = 0;
62  
63      /**
64       *  specifies the maximum number of used passwords stored in the pwdHistory attribute.
65       *  Default value is 0, no password history maintained
66       */
67      @ConfigurationElement(attributeType = "ads-pwdInHistory", isOptional = true, defaultValue = "0")
68      private int pwdInHistory = 0;
69  
70      /** indicates how the password quality will be verified while being modified or added.
71       *  Default value 0, do not check 
72       */
73      @ConfigurationElement(attributeType = "ads-pwdCheckQuality", isOptional = true, defaultValue = "0")
74      private int pwdCheckQuality = 0;
75  
76      /** this attribute holds the minimum number of characters that must be used in a password. 
77       *  Default value 0, no minimum length enforced
78       */
79      @ConfigurationElement(attributeType = "ads-pwdMinLength", isOptional = true, defaultValue = "0")
80      private int pwdMinLength = 0;
81  
82      /**
83       * this attribute holds the maximum number of characters that may be used in a password.
84       * Default value 0, no maximum length enforced
85       */
86      @ConfigurationElement(attributeType = "ads-pwdMaxLength", isOptional = true, defaultValue = "0")
87      private int pwdMaxLength = 0;
88  
89      /**
90       * the maximum number of seconds before a password is due to expire that expiration warning
91       * messages will be returned to an authenticating user.
92       * Default value is 0, never send a warning message.
93       */
94      @ConfigurationElement(attributeType = "ads-pwdExpireWarning", isOptional = true, defaultValue = "0")
95      private int pwdExpireWarning = 0;
96  
97      /** 
98       * the number of times an expired password can be used to authenticate.
99       * Default value is 0, do not allow a expired password for authentication.
100      */
101     @ConfigurationElement(attributeType = "ads-pwdGraceAuthNLimit", isOptional = true, defaultValue = "0")
102     private int pwdGraceAuthNLimit = 0;
103 
104     /** 
105      * specifies the number of seconds the grace authentications are valid
106      * Default value is 0, no limit.
107      */
108     @ConfigurationElement(attributeType = "ads-pwdGraceExpire", isOptional = true, defaultValue = "0")
109     private int pwdGraceExpire = 0;
110 
111     /**
112      * flag to indicate if the account needs to be locked after a specified number of
113      * consecutive failed bind attempts. The maximum number of consecutive
114      * failed bind attempts is specified in {@link #pwdMaxFailure}
115      */
116     @ConfigurationElement(attributeType = "ads-pwdLockout", isOptional = true, defaultValue = "false")
117     private boolean pwdLockout = false;
118 
119     /**
120      * the number of seconds that the password cannot be used to authenticate due to 
121      * too many failed bind attempts.
122      * Default value is 300 seconds.
123      */
124     @ConfigurationElement(attributeType = "ads-pwdLockoutDuration", isOptional = true, defaultValue = "300")
125     private int pwdLockoutDuration = 300;
126 
127     /**
128      * the number of consecutive failed bind attempts after which the password may not 
129      * be used to authenticate.
130      * Default value is 0, no limit on the number of authentication failures
131      */
132     @ConfigurationElement(attributeType = "ads-pwdMaxFailure", isOptional = true, defaultValue = "0")
133     private int pwdMaxFailure = 0;
134 
135     /**
136      * the number of seconds after which the password failures are purged from the failure counter.
137      * Default value is 0, reset all pwdFailureTimes after a successful authentication.
138      */
139     @ConfigurationElement(attributeType = "ads-pwdFailureCountInterval", isOptional = true, defaultValue = "0")
140     private int pwdFailureCountInterval = 0;
141 
142     /** 
143      * flag to indicate if the password must be changed by the user after they bind to the 
144      * directory after a password is set or reset by a password administrator.
145      * Default value is false, no need to change the password by user.
146      */
147     @ConfigurationElement(attributeType = "ads-pwdMustChange", isOptional = true, defaultValue = "false")
148     private boolean pwdMustChange = false;
149 
150     /** indicates whether users can change their own passwords. Default value is true, allow change */
151     @ConfigurationElement(attributeType = "ads-pwdAllowUserChange", isOptional = true, defaultValue = "true")
152     private boolean pwdAllowUserChange = true;
153 
154     /**
155      *  flag to specify whether or not the existing password must be sent along with the
156      *  new password when being changed.
157      *  Default value is false.
158      */
159     @ConfigurationElement(attributeType = "ads-pwdSafeModify", isOptional = true, defaultValue = "false")
160     private boolean pwdSafeModify = false;
161 
162     /** 
163      * the number of seconds to delay responding to the first failed authentication attempt
164      * Default value 0, no delay.
165      */
166     @ConfigurationElement(attributeType = "ads-pwdMinDelay", isOptional = true, defaultValue = "0")
167     private int pwdMinDelay = 0;
168 
169     /** the maximum number of seconds to delay when responding to a failed authentication attempt.*/
170     @ConfigurationElement(attributeType = "ads-pwdMaxDelay", isOptional = true, defaultValue = "0")
171     private int pwdMaxDelay = 0;
172 
173     /** 
174      * the number of seconds an account may remain unused before it becomes locked
175      * Default value is 0, no check for idle time.
176      */
177     @ConfigurationElement(attributeType = "ads-pwdMaxIdle", isOptional = true, defaultValue = "0")
178     private int pwdMaxIdle = 0;
179 
180     /** the FQCN of the password validator */
181     @ConfigurationElement(attributeType = "ads-pwdValidator", isOptional = true)
182     private String pwdValidator = null;
183 
184     public String getPwdAttribute()
185     {
186         return pwdAttribute;
187     }
188 
189 
190     public void setPwdAttribute( String pwdAttribute )
191     {
192         this.pwdAttribute = pwdAttribute;
193     }
194 
195 
196     public int getPwdMinAge()
197     {
198         return pwdMinAge;
199     }
200 
201 
202     public void setPwdMinAge( int pwdMinAge )
203     {
204         this.pwdMinAge = pwdMinAge;
205     }
206 
207 
208     public int getPwdMaxAge()
209     {
210         return pwdMaxAge;
211     }
212 
213 
214     public void setPwdMaxAge( int pwdMaxAge )
215     {
216         this.pwdMaxAge = pwdMaxAge;
217     }
218 
219 
220     public int getPwdInHistory()
221     {
222         return pwdInHistory;
223     }
224 
225 
226     public void setPwdInHistory( int pwdInHistory )
227     {
228         this.pwdInHistory = pwdInHistory;
229     }
230 
231 
232     public int getPwdCheckQuality()
233     {
234         return pwdCheckQuality;
235     }
236 
237 
238     public void setPwdCheckQuality( int pwdCheckQuality )
239     {
240         this.pwdCheckQuality = pwdCheckQuality;
241     }
242 
243 
244     public int getPwdMinLength()
245     {
246         return pwdMinLength;
247     }
248 
249 
250     public void setPwdMinLength( int pwdMinLength )
251     {
252         this.pwdMinLength = pwdMinLength;
253     }
254 
255 
256     public int getPwdMaxLength()
257     {
258         return pwdMaxLength;
259     }
260 
261 
262     public void setPwdMaxLength( int pwdMaxLength )
263     {
264         this.pwdMaxLength = pwdMaxLength;
265     }
266 
267 
268     public int getPwdExpireWarning()
269     {
270         return pwdExpireWarning;
271     }
272 
273 
274     public void setPwdExpireWarning( int pwdExpireWarning )
275     {
276         this.pwdExpireWarning = pwdExpireWarning;
277     }
278 
279 
280     public int getPwdGraceAuthNLimit()
281     {
282         return pwdGraceAuthNLimit;
283     }
284 
285 
286     public void setPwdGraceAuthNLimit( int pwdGraceAuthNLimit )
287     {
288         this.pwdGraceAuthNLimit = pwdGraceAuthNLimit;
289     }
290 
291 
292     public int getPwdGraceExpire()
293     {
294         return pwdGraceExpire;
295     }
296 
297 
298     public void setPwdGraceExpire( int pwdGraceExpire )
299     {
300         this.pwdGraceExpire = pwdGraceExpire;
301     }
302 
303 
304     public boolean isPwdLockout()
305     {
306         return pwdLockout;
307     }
308 
309 
310     public void setPwdLockout( boolean pwdLockout )
311     {
312         this.pwdLockout = pwdLockout;
313     }
314 
315 
316     public int getPwdLockoutDuration()
317     {
318         return pwdLockoutDuration;
319     }
320 
321 
322     public void setPwdLockoutDuration( int pwdLockoutDuration )
323     {
324         this.pwdLockoutDuration = pwdLockoutDuration;
325     }
326 
327 
328     public int getPwdMaxFailure()
329     {
330         return pwdMaxFailure;
331     }
332 
333 
334     public void setPwdMaxFailure( int pwdMaxFailure )
335     {
336         this.pwdMaxFailure = pwdMaxFailure;
337     }
338 
339 
340     public int getPwdFailureCountInterval()
341     {
342         return pwdFailureCountInterval;
343     }
344 
345 
346     public void setPwdFailureCountInterval( int pwdFailureCountInterval )
347     {
348         this.pwdFailureCountInterval = pwdFailureCountInterval;
349     }
350 
351 
352     public boolean isPwdMustChange()
353     {
354         return pwdMustChange;
355     }
356 
357 
358     public void setPwdMustChange( boolean pwdMustChange )
359     {
360         this.pwdMustChange = pwdMustChange;
361     }
362 
363 
364     public boolean isPwdAllowUserChange()
365     {
366         return pwdAllowUserChange;
367     }
368 
369 
370     public void setPwdAllowUserChange( boolean pwdAllowUserChange )
371     {
372         this.pwdAllowUserChange = pwdAllowUserChange;
373     }
374 
375 
376     public boolean isPwdSafeModify()
377     {
378         return pwdSafeModify;
379     }
380 
381 
382     public void setPwdSafeModify( boolean pwdSafeModify )
383     {
384         this.pwdSafeModify = pwdSafeModify;
385     }
386 
387 
388     public int getPwdMinDelay()
389     {
390         return pwdMinDelay;
391     }
392 
393 
394     public void setPwdMinDelay( int pwdMinDelay )
395     {
396         this.pwdMinDelay = pwdMinDelay;
397     }
398 
399 
400     public int getPwdMaxDelay()
401     {
402         return pwdMaxDelay;
403     }
404 
405 
406     public void setPwdMaxDelay( int pwdMaxDelay )
407     {
408         this.pwdMaxDelay = pwdMaxDelay;
409     }
410 
411 
412     public int getPwdMaxIdle()
413     {
414         return pwdMaxIdle;
415     }
416 
417 
418     public void setPwdMaxIdle( int pwdMaxIdle )
419     {
420         this.pwdMaxIdle = pwdMaxIdle;
421     }
422 
423 
424     /**
425      * @return the pwdId
426      */
427     public String getPwdId()
428     {
429         return pwdId;
430     }
431 
432 
433     /**
434      * @param pwdId the pwdId to set
435      */
436     public void setPwdId( String pwdId )
437     {
438         this.pwdId = pwdId;
439     }
440 
441 
442     /**
443      * @return gives the FQCN of the password validator
444      */
445     public String getPwdValidator()
446     {
447         return pwdValidator;
448     }
449 
450 
451     /**
452      * Sets the password validator
453      * 
454      * @param pwdValidator the FQCN of the password validator
455      */
456     public void setPwdValidator( String pwdValidator )
457     {
458         this.pwdValidator = pwdValidator;
459     }
460 
461 
462     /**
463      * {@inheritDoc}
464      */
465     @Override
466     public String toString( String tabs )
467     {
468         StringBuilder sb = new StringBuilder();
469 
470         sb.append( tabs ).append( "PasswordPolicy :\n" );
471         sb.append( super.toString( tabs + "  " ) );
472         sb.append( tabs ).append( "  identifier : " ).append( pwdId ).append( '\n' );
473         sb.append( toString( tabs, "  password attribute", pwdAttribute ) );
474         sb.append( tabs ).append( "  password min age : " ).append( pwdMinAge ).append( '\n' );
475         sb.append( tabs ).append( "  password max age : " ).append( pwdMaxAge ).append( '\n' );
476         sb.append( tabs ).append( "  password min length : " ).append( pwdMinLength ).append( '\n' );
477         sb.append( tabs ).append( "  password max length : " ).append( pwdMaxLength ).append( '\n' );
478         sb.append( tabs ).append( "  password min delay : " ).append( pwdMinDelay ).append( '\n' );
479         sb.append( tabs ).append( "  password max delay : " ).append( pwdMaxDelay ).append( '\n' );
480         sb.append( tabs ).append( "  password max idle : " ).append( pwdMaxIdle ).append( '\n' );
481         sb.append( tabs ).append( "  password max failure : " ).append( pwdMaxFailure ).append( '\n' );
482         sb.append( tabs ).append( "  password lockout duration : " ).append( pwdLockoutDuration ).append( '\n' );
483         sb.append( tabs ).append( "  password expire warning : " ).append( pwdExpireWarning ).append( '\n' );
484         sb.append( tabs ).append( "  password grace expire : " ).append( pwdGraceExpire ).append( '\n' );
485         sb.append( tabs ).append( "  password grace Auth N limit : " ).append( pwdGraceAuthNLimit ).append( '\n' );
486         sb.append( tabs ).append( "  password in history : " ).append( pwdInHistory ).append( '\n' );
487         sb.append( tabs ).append( "  password check quality : " ).append( pwdCheckQuality ).append( '\n' );
488         sb.append( tabs ).append( "  password failure count interval : " ).append( pwdFailureCountInterval )
489             .append( '\n' );
490         sb.append( toString( tabs, "  password lockout", pwdLockout ) );
491         sb.append( toString( tabs, "  password must change", pwdMustChange ) );
492         sb.append( toString( tabs, "  password allow user change", pwdAllowUserChange ) );
493         sb.append( toString( tabs, "  password safe modify", pwdSafeModify ) );
494 
495         return sb.toString();
496     }
497 
498 
499     /**
500      * {@inheritDoc}
501      */
502     @Override
503     public String toString()
504     {
505         return toString( "" );
506     }
507 }