Package org.ldaptive.auth.ext

Class ActiveDirectoryAuthenticationResponseHandler

  • All Implemented Interfaces:
    AuthenticationResponseHandler, Freezable
    public class ActiveDirectoryAuthenticationResponseHandler
extends AbstractFreezable
implements AuthenticationResponseHandler
    Attempts to parse the authentication response message and set the account state using data associated with active directory. If this handler is assigned a expirationPeriod, then the Authenticator should be configured to return the 'pwdLastSet' attribute, so it can be consumed by this handler. This will cause the handler to emit a warning for the pwdLastSet value plus the expiration amount. The scope of that warning can be further narrowed by providing a warningPeriod. By default, if the msDS-UserPasswordExpiryTimeComputed attribute is found, expirationPeriod is ignored.

    • Field Detail

      • ATTRIBUTES

        public static final String[] ATTRIBUTES
        Attributes needed to enforce password policy.

      • logger

        private final Logger logger
        Logger for this class.

      • expirationClock

        private final Clock expirationClock
        Clock to calculate current date for comparison with expiration time.

      • expirationPeriod

        private Period expirationPeriod
        Amount of time since a password was set until it will expire. Used if msDS-UserPasswordExpiryTimeComputed cannot be read.

      • warningPeriod

        private Period warningPeriod
        Amount of time before expiration to produce a warning.

    • Constructor Detail

      • ActiveDirectoryAuthenticationResponseHandler

        ActiveDirectoryAuthenticationResponseHandler​(Clock clock)
        Creates a new active directory authentication response handler.
        Parameters:
        clock - used to convert time before expiration to a datetime

      • ActiveDirectoryAuthenticationResponseHandler

        public ActiveDirectoryAuthenticationResponseHandler()
        Creates a new active directory authentication response handler.

      • ActiveDirectoryAuthenticationResponseHandler

        public ActiveDirectoryAuthenticationResponseHandler​(Period warning)
        Creates a new active directory authentication response handler.
        Parameters:
        warning - length of time before expiration that should produce a warning

      • ActiveDirectoryAuthenticationResponseHandler

        public ActiveDirectoryAuthenticationResponseHandler​(Period expiration,
                                                    Period warning)
        Creates a new active directory authentication response handler.
        Parameters:
        expiration - length of time that a password is valid
        warning - length of time before expiration that should produce a warning

    • Method Detail

      • getExpirationPeriod

        public Period getExpirationPeriod()
        Returns the amount of time since a password was set until it will expire.
        Returns:
        expiration period

      • setExpirationPeriod

        public void setExpirationPeriod​(Period period)
        Sets amount of time since a password was set until it will expire.
        Parameters:
        period - expiration period

      • getWarningPeriod

        public Period getWarningPeriod()
        Returns the amount of time before expiration to produce a warning.
        Returns:
        warning period

      • setWarningPeriod

        public void setWarningPeriod​(Period period)
        Sets the amount of time before expiration to produce a warning.
        Parameters:
        period - warning period