Package org.ldaptive.auth.ext

Class ActiveDirectoryAuthenticationResponseHandler

java.lang.Object
org.ldaptive.AbstractFreezable
org.ldaptive.auth.ext.ActiveDirectoryAuthenticationResponseHandler
All Implemented Interfaces:
AuthenticationResponseHandler, Freezable
public class ActiveDirectoryAuthenticationResponseHandler extends AbstractFreezable implements AuthenticationResponseHandler
Attempts to parse the authentication response message and set the account state using data associated with active directory. If this handler is assigned a expirationPeriod, then the Authenticator should be configured to return the 'pwdLastSet' attribute, so it can be consumed by this handler. This will cause the handler to emit a warning for the pwdLastSet value plus the expiration amount. The scope of that warning can be further narrowed by providing a warningPeriod. By default, if the msDS-UserPasswordExpiryTimeComputed attribute is found, expirationPeriod is ignored.

  • Field Details

    • ATTRIBUTES

      public static final String[] ATTRIBUTES
      Attributes needed to enforce password policy.

    • logger

      private final Logger logger
      Logger for this class.

    • expirationClock

      private final Clock expirationClock
      Clock to calculate current date for comparison with expiration time.

    • expirationPeriod

      private Period expirationPeriod
      Amount of time since a password was set until it will expire. Used if msDS-UserPasswordExpiryTimeComputed cannot be read.

    • warningPeriod

      private Period warningPeriod
      Amount of time before expiration to produce a warning.

  • Constructor Details

    • ActiveDirectoryAuthenticationResponseHandler

      ActiveDirectoryAuthenticationResponseHandler(Clock clock)
      Creates a new active directory authentication response handler.
      Parameters:
      clock - used to convert time before expiration to a datetime

    • ActiveDirectoryAuthenticationResponseHandler

      public ActiveDirectoryAuthenticationResponseHandler()
      Creates a new active directory authentication response handler.

    • ActiveDirectoryAuthenticationResponseHandler

      public ActiveDirectoryAuthenticationResponseHandler(Period warning)
      Creates a new active directory authentication response handler.
      Parameters:
      warning - length of time before expiration that should produce a warning

    • ActiveDirectoryAuthenticationResponseHandler

      public ActiveDirectoryAuthenticationResponseHandler(Period expiration, Period warning)
      Creates a new active directory authentication response handler.
      Parameters:
      expiration - length of time that a password is valid
      warning - length of time before expiration that should produce a warning

  • Method Details

    • handle

      public void handle(AuthenticationResponse response)
      Description copied from interface: AuthenticationResponseHandler
      Handle the response from an ldap authentication.
      Specified by:
      handle in interface AuthenticationResponseHandler
      Parameters:
      response - produced from an authentication

    • getExpirationPeriod

      public Period getExpirationPeriod()
      Returns the amount of time since a password was set until it will expire.
      Returns:
      expiration period

    • setExpirationPeriod

      public void setExpirationPeriod(Period period)
      Sets amount of time since a password was set until it will expire.
      Parameters:
      period - expiration period

    • getWarningPeriod

      public Period getWarningPeriod()
      Returns the amount of time before expiration to produce a warning.
      Returns:
      warning period

    • setWarningPeriod

      public void setWarningPeriod(Period period)
      Sets the amount of time before expiration to produce a warning.
      Parameters:
      period - warning period

    • toString

      public String toString()
      Overrides:
      toString in class Object