PwPolicyMgrRestImpl (Apache Fortress Core Javadoc 1.0.1)

Constructors
Constructor and Description
`PwPolicyMgrRestImpl()`

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`add(PwPolicy policy)` This method will add a new policy entry to the POLICIES data set.
`void`	`delete(PwPolicy policy)` This method will delete exiting policy entry from the POLICIES data set.
`void`	`deletePasswordPolicy(String userId)` This method will remove the pw policy assignment from a user entity.
`PwPolicy`	`read(String name)` This method will return the password policy entity to the caller.
`List<PwPolicy>`	`search(String searchVal)` This method will return a list of all password policy entities that match a particular search string.
`void`	`update(PwPolicy policy)` This method will update an exiting policy entry to the POLICIES data set.
`void`	`updateUserPolicy(String userId, String name)` This method will associate a user entity with a password policy entity.

- Constructor Detail
  - PwPolicyMgrRestImpl
```
public PwPolicyMgrRestImpl()
```
- Method Detail
  - add
```
public void add(PwPolicy policy)
         throws SecurityException
```
    This method will add a new policy entry to the POLICIES data set. This command is valid if and only if the policy entry is not already present in the POLICIES data set.
    
    required parameters
    - PwPolicy.name - Maps to name attribute of pwdPolicy object class being added.
    optional parameters
    - PwPolicy.minAge - This attribute holds the number of seconds that must elapse between modifications to the password. If this attribute is not present, 0 seconds is assumed.
    - PwPolicy.maxAge - This attribute holds the number of seconds after which a modified password will expire. If this attribute is not present, or if the value is 0 the password does not expire. If not 0, the value must be greater than or equal to the value of the pwdMinAge.
    - PwPolicy.inHistory - This attribute specifies the maximum number of used passwords stored in the pwdHistory attribute. If this attribute is not present, or if the value is 0, used passwords are not stored in the pwdHistory attribute and thus may be reused.
    - PwPolicy.minLength - When quality checking is enabled, this attribute holds the minimum number of characters that must be used in a password. If this attribute is not present, no minimum password length will be enforced. If the server is unable to check the length (due to a hashed password or otherwise), the server will, depending on the value of the pwdCheckQuality attribute, either accept the password without checking it ('0' or '1') or refuse it ('2').
    - PwPolicy.expireWarning - This attribute specifies the maximum number of seconds before a password is due to expire that expiration warning messages will be returned to an authenticating user. If this attribute is not present, or if the value is 0 no warnings will be returned. If not 0, the value must be smaller than the value of the pwdMaxAge attribute.
    - PwPolicy.graceLoginLimit - This attribute specifies the number of times an expired password can be used to authenticate. If this attribute is not present or if the value is 0, authentication will fail.
    - PwPolicy.lockout - This attribute indicates, when its value is "TRUE", that the password may not be used to authenticate after a specified number of consecutive failed bind attempts. The maximum number of consecutive failed bind attempts is specified in pwdMaxFailure. If this attribute is not present, or if the value is "FALSE", the password may be used to authenticate when the number of failed bind attempts has been reached.
    - PwPolicy.lockoutDuration - This attribute holds the number of seconds that the password cannot be used to authenticate due to too many failed bind attempts. If this attribute is not present, or if the value is 0 the password cannot be used to authenticate until reset by a password administrator.
    - PwPolicy.maxFailure - This attribute specifies the number of consecutive failed bind attempts after which the password may not be used to authenticate. If this attribute is not present, or if the value is 0, this policy is not checked, and the value of pwdLockout will be ignored.
    - PwPolicy.failureCountInterval - This attribute holds the number of seconds after which the password failures are purged from the failure counter, even though no successful authentication occurred. If this attribute is not present, or if its value is 0, the failure counter is only reset by a successful authentication.
    - PwPolicy.mustChange - This attribute specifies with a value of "TRUE" that users must change their passwords when they first bind to the directory after a password is set or reset by a password administrator. If this attribute is not present, or if the value is "FALSE", users are not required to change their password upon binding after the password administrator sets or resets the password. This attribute is not set due to any actions specified by this document, it is typically set by a password administrator after resetting a user's password.
    - PwPolicy.allowUserChange - This attribute indicates whether users can change their own passwords, although the change operation is still subject to access control. If this attribute is not present, a value of "TRUE" is assumed. This attribute is intended to be used in the absence of an access control mechanism.
    - PwPolicy.safeModify - This attribute specifies whether or not the existing password must be sent along with the new password when being changed. If this attribute is not present, a "FALSE" value is assumed.
    - PwPolicy.checkQuality - This attribute indicates how the password quality will be verified while being modified or added. If this attribute is not present, or if the value is '0', quality checking will not be enforced. A value of '1' indicates that the server will check the quality, and if the server is unable to check it (due to a hashed password or other reasons) it will be accepted. A value of '2' indicates that the server will check the quality, and if the server is unable to verify it, it will return an error refusing the password.
    - PwPolicy.attribute - This holds the name of the attribute to which the password policy is applied. For example, the password policy may be applied to the userPassword attribute
    Specified by:
    
    add in interface PwPolicyMgr
    
    Parameters:
    
    policy - Object must contain PwPolicy.name and optionally other attributes.
    
    Throws:
    
    SecurityException - In the event of data validation or system error.
  - update
```
public void update(PwPolicy policy)
            throws SecurityException
```
    This method will update an exiting policy entry to the POLICIES data set. This command is valid if and only if the policy entry is already present in the POLICIES data set.
    
    required parameters
    - PwPolicy.name - Maps to name attribute of pwdPolicy object class being updated.
    optional parameters
    - PwPolicy.minAge - This attribute holds the number of seconds that must elapse between modifications to the password. If this attribute is not present, 0 seconds is assumed.
    - PwPolicy.maxAge - This attribute holds the number of seconds after which a modified password will expire. If this attribute is not present, or if the value is 0 the password does not expire. If not 0, the value must be greater than or equal to the value of the pwdMinAge.
    - PwPolicy.inHistory - This attribute specifies the maximum number of used passwords stored in the pwdHistory attribute. If this attribute is not present, or if the value is 0, used passwords are not stored in the pwdHistory attribute and thus may be reused.
    - PwPolicy.minLength - When quality checking is enabled, this attribute holds the minimum number of characters that must be used in a password. If this attribute is not present, no minimum password length will be enforced. If the server is unable to check the length (due to a hashed password or otherwise), the server will, depending on the value of the pwdCheckQuality attribute, either accept the password without checking it ('0' or '1') or refuse it ('2').
    - PwPolicy.expireWarning - This attribute specifies the maximum number of seconds before a password is due to expire that expiration warning messages will be returned to an authenticating user. If this attribute is not present, or if the value is 0 no warnings will be returned. If not 0, the value must be smaller than the value of the pwdMaxAge attribute.
    - PwPolicy.graceLoginLimit - This attribute specifies the number of times an expired password can be used to authenticate. If this attribute is not present or if the value is 0, authentication will fail.
    - PwPolicy.lockout - This attribute indicates, when its value is "TRUE", that the password may not be used to authenticate after a specified number of consecutive failed bind attempts. The maximum number of consecutive failed bind attempts is specified in pwdMaxFailure. If this attribute is not present, or if the value is "FALSE", the password may be used to authenticate when the number of failed bind attempts has been reached.
    - PwPolicy.lockoutDuration - This attribute holds the number of seconds that the password cannot be used to authenticate due to too many failed bind attempts. If this attribute is not present, or if the value is 0 the password cannot be used to authenticate until reset by a password administrator.
    - PwPolicy.maxFailure - This attribute specifies the number of consecutive failed bind attempts after which the password may not be used to authenticate. If this attribute is not present, or if the value is 0, this policy is not checked, and the value of pwdLockout will be ignored.
    - PwPolicy.failureCountInterval - This attribute holds the number of seconds after which the password failures are purged from the failure counter, even though no successful authentication occurred. If this attribute is not present, or if its value is 0, the failure counter is only reset by a successful authentication.
    - PwPolicy.mustChange - This attribute specifies with a value of "TRUE" that users must change their passwords when they first bind to the directory after a password is set or reset by a password administrator. If this attribute is not present, or if the value is "FALSE", users are not required to change their password upon binding after the password administrator sets or resets the password. This attribute is not set due to any actions specified by this document, it is typically set by a password administrator after resetting a user's password.
    - PwPolicy.allowUserChange - This attribute indicates whether users can change their own passwords, although the change operation is still subject to access control. If this attribute is not present, a value of "TRUE" is assumed. This attribute is intended to be used in the absence of an access control mechanism.
    - PwPolicy.safeModify - This attribute specifies whether or not the existing password must be sent along with the new password when being changed. If this attribute is not present, a "FALSE" value is assumed.
    - PwPolicy.checkQuality - This attribute indicates how the password quality will be verified while being modified or added. If this attribute is not present, or if the value is '0', quality checking will not be enforced. A value of '1' indicates that the server will check the quality, and if the server is unable to check it (due to a hashed password or other reasons) it will be accepted. A value of '2' indicates that the server will check the quality, and if the server is unable to verify it, it will return an error refusing the password.
    - PwPolicy.attribute - This holds the name of the attribute to which the password policy is applied. For example, the password policy may be applied to the userPassword attribute
    Specified by:
    
    update in interface PwPolicyMgr
    
    Parameters:
    
    policy - Object must contain PwPolicy.name and optionally all non-null attributes will be updated. null attributes will be ignored.
    
    Throws:
    
    SecurityException - In the event policy not found , data validation or system error.
  - delete
```
public void delete(PwPolicy policy)
            throws SecurityException
```
    This method will delete exiting policy entry from the POLICIES data set. This command is valid if and only if the policy entry is already present in the POLICIES data set. Existing users that are assigned this policy will be removed from association.
    
    required parameters
    - PwPolicy.name - Maps to name attribute of pwdPolicy object class being removed.
    Specified by:
    
    delete in interface PwPolicyMgr
    
    Parameters:
    
    policy - Object must contain PwPolicy.name of the policy entity to remove.
    
    Throws:
    
    SecurityException - In the event policy entity not found or system error.
  - read
```
public PwPolicy read(String name)
              throws SecurityException
```
    This method will return the password policy entity to the caller. This command is valid if and only if the policy entry is present in the POLICIES data set.
    
    required parameters
    - PwPolicy.name - Maps to name attribute of pwdPolicy object class being read.
    Specified by:
    
    read in interface PwPolicyMgr
    
    Parameters:
    
    name - String contains the PwPolicy.name of the policy entity to read.
    
    Returns:
    
    PswdPolicy entity returns fully populated with attributes.
    
    Throws:
    
    SecurityException - In the event policy entry not found, data validation or system error.
  - search
```
public List<PwPolicy> search(String searchVal)
                      throws SecurityException
```
    This method will return a list of all password policy entities that match a particular search string. This command will return an empty list of no matching entries are found.
    
    Specified by:
    
    search in interface PwPolicyMgr
    
    Parameters:
    
    searchVal - String contains the leading chars of a policy entity. This search is not case sensitive.
    
    Returns:
    
    List<PswdPolicy> contains all matching password policy entities. If no records found this will be empty.
    
    Throws:
    
    SecurityException - In the event of data validation or system error.
  - updateUserPolicy
```
public void updateUserPolicy(String userId,
                             String name)
                      throws SecurityException
```
    This method will associate a user entity with a password policy entity. This function is valid if and only if the user is a member of the USERS data set and the policyName refers to a policy that is a member of the PWPOLICIES data set.
    
    Specified by:
    
    updateUserPolicy in interface PwPolicyMgr
    
    Parameters:
    
    userId - Contains User.userId of a User entity in USERS data set.
    
    name - String contains the PwPolicy.name of a pw policy entity contained within the PWPOLICIES data set.
    
    Throws:
    
    SecurityException - thrown in the event either user or policy not valid or system error.
  - deletePasswordPolicy
```
public void deletePasswordPolicy(String userId)
                          throws SecurityException
```
    This method will remove the pw policy assignment from a user entity. This function is valid if and only if the user is a member of the USERS data set and the policy attribute is assigned. Removal of pw policy assignment will revert the user's policy to use the global default for OpenLDAP instance that contains user.
    
    Specified by:
    
    deletePasswordPolicy in interface PwPolicyMgr
    
    Parameters:
    
    userId - Contains User.userId of a User entity in USERS data set.
    
    Throws:
    
    SecurityException - Thrown in the event either user not valid or system error.

Class PwPolicyMgrRestImpl

Password Policies

Field Summary

Fields inherited from class org.apache.directory.fortress.core.impl.Manageable

Constructor Summary

Method Summary

Methods inherited from class org.apache.directory.fortress.core.impl.Manageable

Methods inherited from class java.lang.Object

Methods inherited from interface org.apache.directory.fortress.core.Manageable

Constructor Detail

PwPolicyMgrRestImpl

Method Detail

add

required parameters

optional parameters

update

required parameters

optional parameters

delete

required parameters

read

required parameters

search

updateUserPolicy

deletePasswordPolicy