Package org.ldaptive.auth.ext

Class FreeIPAAuthenticationResponseHandler

java.lang.Object

org.ldaptive.AbstractFreezable

org.ldaptive.auth.ext.FreeIPAAuthenticationResponseHandler

All Implemented Interfaces:

AuthenticationResponseHandler, Freezable

public class FreeIPAAuthenticationResponseHandler
extends AbstractFreezable
implements AuthenticationResponseHandler

Attempts to parse the authentication response and set the account state using data associated with FreeIPA. The Authenticator should be configured to return 'krbPasswordExpiration', 'krbLoginFailedCount' and 'krbLastPwdChange' attributes, so they can be consumed by this handler.

Field Summary

Fields

Modifier and Type	Field	Description
static final String[]	ATTRIBUTES	Attributes needed to enforce password policy.
private final Clock	expirationClock	Clock to calculate current date for comparison with expiration time.
private Period	expirationPeriod	Amount of time since a password was set until it will expire.
private final Logger	logger	Logger for this class.
private int	maxLoginFailures	Maximum number of login failures to allow.
private Period	warningPeriod	Amount of time before expiration to produce a warning.

Constructor Summary

Constructors

Constructor	Description
FreeIPAAuthenticationResponseHandler()	Creates a new freeipa authentication response handler.
FreeIPAAuthenticationResponseHandler(Clock clock)	Creates a new freeipa authentication response handler.
FreeIPAAuthenticationResponseHandler(Period warning, int loginFailures)	Creates a new freeipa authentication response handler.
FreeIPAAuthenticationResponseHandler(Period expiration, Period warning, int loginFailures)	Creates a new freeipa authentication response handler.

Method Summary

Modifier and Type	Method	Description
Period	getExpirationPeriod()	Returns the amount of time since a password was set until it will expire.
int	getMaxLoginFailures()	Returns the maximum login failures.
Period	getWarningPeriod()	Returns the amount of time before expiration to produce a warning.
void	handle(AuthenticationResponse response)	Handle the response from an ldap authentication.
void	setExpirationPeriod(Period period)	Sets the amount of time since a password was set until it will expire.
void	setMaxLoginFailures(int loginFailures)	Sets the maximum login failures.
void	setWarningPeriod(Period period)	Sets the amount of time before expiration to produce a warning.
String	toString()

Methods inherited from class org.ldaptive.AbstractFreezable

assertMutable, freeze, freeze, freeze, isFrozen

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Details

ATTRIBUTES

public static final String[] ATTRIBUTES

Attributes needed to enforce password policy.

logger

private final Logger logger

Logger for this class.

expirationClock

private final Clock expirationClock

Clock to calculate current date for comparison with expiration time.

expirationPeriod

private Period expirationPeriod

Amount of time since a password was set until it will expire. Used if krbPasswordExpiration cannot be read.

warningPeriod

private Period warningPeriod

Amount of time before expiration to produce a warning.

maxLoginFailures

private int maxLoginFailures

Maximum number of login failures to allow.

Constructor Details

FreeIPAAuthenticationResponseHandler

FreeIPAAuthenticationResponseHandler(Clock clock)

Creates a new freeipa authentication response handler.

Parameters:

clock - used to convert time before expiration to a datetime

FreeIPAAuthenticationResponseHandler

public FreeIPAAuthenticationResponseHandler()

Creates a new freeipa authentication response handler.

FreeIPAAuthenticationResponseHandler

public FreeIPAAuthenticationResponseHandler(Period warning,
 int loginFailures)

Creates a new freeipa authentication response handler.

Parameters:

warning - length of time before expiration that should produce a warning

loginFailures - number of login failures to allow

FreeIPAAuthenticationResponseHandler

public FreeIPAAuthenticationResponseHandler(Period expiration,
 Period warning,
 int loginFailures)

Creates a new freeipa authentication response handler.

Parameters:

expiration - length of time that a password is valid

warning - length of time before expiration that should produce a warning

loginFailures - number of login failures to allow

Method Details

handle

public void handle(AuthenticationResponse response)

Description copied from interface: AuthenticationResponseHandler

Handle the response from an ldap authentication.

Specified by:

handle in interface AuthenticationResponseHandler

Parameters:

response - produced from an authentication

getMaxLoginFailures

public int getMaxLoginFailures()

Returns the maximum login failures.

Returns:

maximum login failures before lockout.

setMaxLoginFailures

public void setMaxLoginFailures(int loginFailures)

Sets the maximum login failures.

Parameters:

loginFailures - before lockout.

getExpirationPeriod

public Period getExpirationPeriod()

Returns the amount of time since a password was set until it will expire. Only used if the krbPasswordExpiration attribute cannot be read from the directory.

Returns:

expiration period

setExpirationPeriod

public void setExpirationPeriod(Period period)

Sets the amount of time since a password was set until it will expire. Only used if the krbPasswordExpiration attribute cannot be read from the directory.

Parameters:

period - expiration period

getWarningPeriod

public Period getWarningPeriod()

Returns the amount of time before expiration to produce a warning.

Returns:

warning period

setWarningPeriod

public void setWarningPeriod(Period period)

Sets the amount of time before expiration to produce a warning.

Parameters:

period - warning period

toString

public String toString()

Overrides:

toString in class Object