• Home
• com.stuartbeard.iorek
• iorek-constraints
• 0.0.21
• source code
• NotKnowinglyCompromised.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.stuartbeard.iorek.constraints.NotKnowinglyCompromised Maven / Gradle / Ivy

/*
 * MIT License
 *
 * Copyright (c) 2019-2021 Stuart Beard
 */
package com.stuartbeard.iorek.constraints;

import com.stuartbeard.iorek.constraints.validation.CompromisedPasswordConstraintValidator;
import com.stuartbeard.iorek.service.model.PasswordRiskLevel;

import javax.validation.Constraint;
import javax.validation.Payload;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;

/**
 * Annotation interface that determines which field level elements in a given POJO class should be checked for known
 * password compromise. Applies to 'in-band' notification of password compromise only.
 *
 * @author Stuart Beard
 * @version 1.0.0
 * @since 1.0.0
 */
@Target({ElementType.FIELD})
@Retention(RetentionPolicy.RUNTIME)
@Constraint(validatedBy = {CompromisedPasswordConstraintValidator.class})
public @interface NotKnowinglyCompromised {

    String message() default "{com.stuartbeard.iorek.constraints.NotKnowinglyCompromised.message}";

    Class[] groups() default {};

    Class[] payload() default {};

    /**
     *  @return the request flow defined by the specific API Request Model class if set. The default
     *  is 'unspecified'.
     */
    String requestFlow() default "unspecified";

    /**
     * Provides the maximum level of acceptable risk for a given API Request Object. Setting this will have the
     * following consequences;
     *
     * - {@link PasswordRiskLevel#OK} - Allow all passwords that have been compromised less than the warning threshold
     * defined in {@link com.stuartbeard.iorek.service.config.CompromisedPasswordThresholdConfigurationProperties}
     * - {@link PasswordRiskLevel#COMPROMISED} - Allow all passwords that have been compromised less than the severe
     * threshold defined in {@link com.stuartbeard.iorek.service.config.CompromisedPasswordThresholdConfigurationProperties}
     * - {@link PasswordRiskLevel#SEVERELY_COMPROMISED} - Allow all passwords to be used (...what's the point in using
     * this library then?) {@link com.stuartbeard.iorek.service.config.CompromisedPasswordThresholdConfigurationProperties}
     *
     * @return the level of acceptable risk request flow defined by the specific API Request Model
     * class if set. The default is {@link PasswordRiskLevel#COMPROMISED} so that by default there is a perceived
     * balance between preventing poor password choices, while keeping it reasonably easy to choose a more secure one.
     * This is impacted by the chosen configuration defined by
     * {@link com.stuartbeard.iorek.service.config.CompromisedPasswordThresholdConfigurationProperties}
     */
    PasswordRiskLevel maxAcceptableRisk() default PasswordRiskLevel.COMPROMISED;

}