com.unboundid.ldap.sdk.unboundidds.controls.PasswordUpdateBehaviorRequestControlProperties Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of unboundid-ldapsdk Show documentation
Show all versions of unboundid-ldapsdk Show documentation
The UnboundID LDAP SDK for Java is a fast, comprehensive, and easy-to-use
Java API for communicating with LDAP directory servers and performing
related tasks like reading and writing LDIF, encoding and decoding data
using base64 and ASN.1 BER, and performing secure communication. This
package contains the Standard Edition of the LDAP SDK, which is a
complete, general-purpose library for communicating with LDAPv3 directory
servers.
/*
* Copyright 2017-2018 Ping Identity Corporation
* All Rights Reserved.
*/
/*
* Copyright (C) 2017-2018 Ping Identity Corporation
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License (GPLv2 only)
* or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see .
*/
package com.unboundid.ldap.sdk.unboundidds.controls;
import java.io.Serializable;
import com.unboundid.util.Mutable;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
/**
* This class provides a set of properties that can be used in conjunction with
* the {@link PasswordUpdateBehaviorRequestControl}.
*
*
* NOTE: This class, and other classes within the
* {@code com.unboundid.ldap.sdk.unboundidds} package structure, are only
* supported for use against Ping Identity, UnboundID, and
* Nokia/Alcatel-Lucent 8661 server products. These classes provide support
* for proprietary functionality or for external specifications that are not
* considered stable or mature enough to be guaranteed to work in an
* interoperable way with other types of LDAP servers.
*
*/
@Mutable()
@ThreadSafety(level=ThreadSafetyLevel.NOT_THREADSAFE)
public final class PasswordUpdateBehaviorRequestControlProperties
implements Serializable
{
/**
* The serial version UID for this serializable class.
*/
private static final long serialVersionUID = -529840713192839805L;
// Indicates whether the requester should be allowed to provide a pre-encoded
// password.
private Boolean allowPreEncodedPassword;
// Indicates whether to ignore any minimum password age configured in the
// password policy.
private Boolean ignoreMinimumPasswordAge;
// Indicates whether to skip the process of checking whether the provided
// password matches the new current password or is in the password history.
private Boolean ignorePasswordHistory;
// Indicates whether to treat the password change as a self change.
private Boolean isSelfChange;
// Indicates whether to update the user's account to indicate that they must
// change their password the next time they authenticate.
private Boolean mustChangePassword;
// Indicates whether to skip password validation for the new password.
private Boolean skipPasswordValidation;
// Specifies the password storage scheme to use for the new password.
private String passwordStorageScheme;
/**
* Creates a new password update behavior request control properties object
* with none of the properties set, which will cause the server to behave as
* if the control had not been included in the request.
*/
public PasswordUpdateBehaviorRequestControlProperties()
{
isSelfChange = null;
allowPreEncodedPassword = null;
skipPasswordValidation = null;
ignorePasswordHistory = null;
ignoreMinimumPasswordAge = null;
passwordStorageScheme = null;
mustChangePassword = null;
}
/**
* Creates a new password update behavior request control properties object
* with the settings used for the provided password update behavior request
* control.
*
* @param control The control to use to initialize this properties object.
*/
public PasswordUpdateBehaviorRequestControlProperties(
final PasswordUpdateBehaviorRequestControl control)
{
isSelfChange = control.getIsSelfChange();
allowPreEncodedPassword = control.getAllowPreEncodedPassword();
skipPasswordValidation = control.getSkipPasswordValidation();
ignorePasswordHistory = control.getIgnorePasswordHistory();
ignoreMinimumPasswordAge = control.getIgnoreMinimumPasswordAge();
passwordStorageScheme = control.getPasswordStorageScheme();
mustChangePassword = control.getMustChangePassword();
}
/**
* Indicates whether the password update behavior request control should
* override the server's automatic classification of the password update as a
* self change or an administrative reset, and if so, what the overridden
* value should be.
*
* @return {@code Boolean.TRUE} if the server should treat the password
* update as a self change, {@code Boolean.FALSE} if the server
* should treat the password update as an administrative reset, or
* {@code null} if the server should automatically determine whether
* the password update is a self change or an administrative reset.
*/
public Boolean getIsSelfChange()
{
return isSelfChange;
}
/**
* Specifies whether the password update behavior request control should
* override the server's automatic classification of the password update as a
* self change or an administrative reset, and if so, what the overridden
* value should be.
*
* Normally, the server will consider a password update to be a self change if
* it contains the user's current password in addition to the new password, or
* if the user entry being updated is the entry for the authorization identity
* for the requested operation. Conversely, if the password change does not
* include the target user's current password in addition to the new password,
* and the user performing the password change doesn't own the entry being
* updated, then it will be considered an administrative reset. But if this
* method is called with a value of {@code Boolean.TRUE}, then the server will
* consider the password update to be a self change even if it would have
* otherwise been considered an administrative reset, and if this method is
* called with a value of {@code Boolean.FALSE}, then the server will consider
* the password update to be an administrative reset even if it would have
* otherwise been considered a self change.
*
* Note that this only applies to modify requests and password modify extended
* requests. It does not apply to add requests, which will always be
* considered administrative resets because a user can't change their own
* password before their account exists in the server. However, the password
* update behavior request control can still be used to override the server's
* default behavior for other properties that do apply to add operations.
*
* @param isSelfChange Specifies whether the control should override the
* server's automatic classification of the password
* update as a self change or an administrative reset.
* If this is {@code Boolean.TRUE}, then it indicates
* that the server should treat the password update as a
* self change. If this is {@code Boolean.FALSE}, then
* it indicates that the server should treat the
* password update as an administrative reset. If this
* is {@code null}, it indicates that the server should
* automatically determine whether the password change
* is a self change or an administrative reset.
*/
public void setIsSelfChange(final Boolean isSelfChange)
{
this.isSelfChange = isSelfChange;
}
/**
* Indicates whether the password update behavior request control should
* override the value of the {@code allow-pre-encoded-passwords} configuration
* property for the target user's password policy, and if so, what the
* overridden value should be.
*
* @return {@code Boolean.TRUE} if the server should accept a pre-encoded
* password in the password update even if the server's password
* policy configuration would normally not permit this,
* {@code Boolean.FALSE} if the server should reject a pre-encoded
* password in the password update even if the server's password
* policy configuration would normally accept it, or {@code null} if
* the password policy configuration should be used to determine
* whether to accept pre-encoded passwords.
*/
public Boolean getAllowPreEncodedPassword()
{
return allowPreEncodedPassword;
}
/**
* Specifies whether the password update behavior request control should
* override the value of the {@code allow-pre-encoded-passwords} configuration
* property for the target user's password policy, and if so, what the
* overridden value should be.
*
* Note that certain types of validation cannot be performed for new passwords
* that are pre-encoded. It will not be possible to invoke password
* validators on a pre-encoded password, and it will not be possible to
* compare the a pre-encoded new password against the current password or one
* in the password history. Allowing end users to provide pre-encoded
* passwords could create a loophole in which the user could continue using
* the same password longer than they would otherwise be permitted to because
* they could keep changing the password to a different encoded representation
* of the same password, or to a weaker password than the server would
* normally allow.
*
* @param allowPreEncodedPassword Specifies whether the password update
* behavior request control should override
* the value of the
* {@code allow-pre-encoded-passwords}
* configuration property for the target
* user's password policy, and if so, what
* the overridden value should be. If this
* is {@code Boolean.TRUE}, then the server
* will permit a pre-encoded password, even
* if it would normally reject them. If this
* is {@code Boolean.FALSE}, then the server
* will reject a pre-encoded password, even
* if it would normally accept it. If this
* is {@code null}, then the server will use
* the password policy configuration to
* determine whether to accept a pre-encoded
* password.
*/
public void setAllowPreEncodedPassword(final Boolean allowPreEncodedPassword)
{
this.allowPreEncodedPassword = allowPreEncodedPassword;
}
/**
* Indicates whether the password update behavior request control should
* override the server's normal behavior with regard to invoking password
* validators for any new passwords included in the password update, and if
* so, what the overridden behavior should be.
*
* @return {@code Boolean.TRUE} if the server should skip invoking the
* password validators configured in the target user's password
* policy validators for any new passwords included in the password
* update even if the server would normally perform password
* validation, {@code Boolean.FALSE} if the server should invoke the
* password validators even if it would normally skip them, or
* {@code null} if the password policy configuration should be used
* to determine whether to skip password validation.
*/
public Boolean getSkipPasswordValidation()
{
return skipPasswordValidation;
}
/**
* Specifies whether the password update behavior request control should
* override the server's normal behavior with regard to invoking password
* validators for any new passwords included in the password update, and if
* so, what the overridden behavior should be.
*
* Note that if password validation is to be performed, it will use the set of
* password validators set in the target user's password policy. It is not
* possible to customize which validators will be used on a per-request basis.
*
* Also note that password validation can only be performed for new passwords
* that are not pre-encoded. Pre-encoded passwords cannot be checked against
* password validators or the password history.
*
* @param skipPasswordValidation Specifies whether the password update
* behavior request control should override
* the server's normal behavior with regard to
* invoking password validators for any new
* passwords included in the password update,
* and if so, what the overridden behavior
* should be. If this is
* {@code Boolean.TRUE}, then the server will
* skip new password validation even if it
* would normally perform it. If this is
* {@code Boolean.FALSE}, then the server will
* perform new password validation even if it
* would normally skip it. If this is
* {@code null}, then the server will use the
* password policy configuration to determine
* whether to perform new password validation.
*/
public void setSkipPasswordValidation(final Boolean skipPasswordValidation)
{
this.skipPasswordValidation = skipPasswordValidation;
}
/**
* Indicates whether the password update behavior request control should
* override the server's normal behavior with regard to checking the password
* history for any new passwords included in the password update, and if so,
* what the overridden behavior should be.
*
* @return {@code Boolean.TRUE} if the server should not check to see whether
* any new password matches the current password or is in the user's
* password history even if it would normally perform that check,
* {@code Boolean.FALSE} if the server should check to see whether
* any new password matches the current or previous password even if
* it would normally not perform such a check, or {@code null} if the
* password policy configuration should be used to determine whether
* to ignore the password history.
*/
public Boolean getIgnorePasswordHistory()
{
return ignorePasswordHistory;
}
/**
* Specifies whether the password update behavior request control should
* override the server's normal behavior with regard to checking the password
* history for any new passwords included in the password update, and if so,
* what the overridden behavior should be.
*
* Note that if the target user's password policy is not configured to
* maintain a password history, then there may not be any previous passwords
* to check. In that case, overriding the behavior to check the password
* history will only compare the new password against the current password.
*
* Also note that this setting only applies to the validation of the new
* password. It will not affect the server's behavior with regard to storing
* the new or previous password in the password history.
*
* Finally, password history validation can only be performed for new
* passwords that are not pre-encoded. Pre-encoded passwords cannot be
* checked against password validators or the password history.
*
* @param ignorePasswordHistory Specifies whether the password update
* behavior request control should override the
* server's normal behavior with regard to
* checking the password history for any new
* passwords included in the password update,
* and if so, what the overridden behavior
* should be. If this is {@code Boolean.TRUE},
* then the server will skip password history
* validation even if it would have normally
* performed it. If this is
* {@code Boolean.FALSE}, then the server will
* perform password history validation even if
* it would have normally skipped it. If this
* is {@code null}, then the server will use
* the password policy configuration to
* determine whether to perform password
* history validation.
*/
public void setIgnorePasswordHistory(final Boolean ignorePasswordHistory)
{
this.ignorePasswordHistory = ignorePasswordHistory;
}
/**
* Indicates whether the password update behavior request control should
* override the server's normal behavior with regard to checking the
* minimum password age, and if so, what the overridden behavior should be.
*
* @return {@code Boolean.TRUE} if the server should accept the password
* change even if it has been less than the configured minimum
* password age since the password was last changed,
* {@code Boolean.FALSE} if the server should reject the password
* change if it has been less than teh configured minimum password
* age, or {@code null} if the password policy configuration should
* be used to determine the appropriate behavior.
*/
public Boolean getIgnoreMinimumPasswordAge()
{
return ignoreMinimumPasswordAge;
}
/**
* Specifies whether the password update behavior request control should
* override the server's normal behavior with regard to checking the
* minimum password age, and if so, what the overridden behavior should be.
*
* Normally, if a minimum password age is configured, then it will apply only
* for self password changes but not for administrative resets. With this
* value set to {@code Boolean.TRUE}, then the configured minimum password
* age will be ignored even for self changes. With this value set to
* {@code Boolean.FALSE}, then the configured minimum password age will be
* enforced even for administrative resets. In any case, this will only be
* used if the target user's password policy is configured with a nonzero
* minimum password age.
*
* @param ignoreMinimumPasswordAge Specifies whether the password update
* behavior request control should override
* the server's normal behavior with regard
* to checking the minimum password age, and
* if so, what the overridden behavior
* should be. If this is
* {@code Boolean.TRUE}, then the minimum
* password age will not be enforced, even
* for self password changes. If this is
* {@code Boolean.FALSE}, then the minimum
* password age will be enforced, even for
* administrative resets. If this is
* {@code null}, then the server's default
* behavior will be used so that the minimum
* password age will be enforced for self
* changes but not for administrative
* resets.
*/
public void setIgnoreMinimumPasswordAge(
final Boolean ignoreMinimumPasswordAge)
{
this.ignoreMinimumPasswordAge = ignoreMinimumPasswordAge;
}
/**
* Indicates whether the password update behavior request control should
* override the server's normal behavior with regard to selecting the password
* storage scheme to use to encode new password values, and if so, which
* password storage scheme should be used.
*
* @return The name of the password storage scheme that should be used to
* encode any new password values, or {@code null} if the target
* user's password policy configuration should determine the
* appropriate schemes for encoding new passwords.
*/
public String getPasswordStorageScheme()
{
return passwordStorageScheme;
}
/**
* Specifies whether the password update behavior request control should
* override the server's normal behavior with regard to selecting the password
* storage scheme to use to encode new password values, and if so, which
* password storage scheme should be used.
*
* If a non-{@code null} password storage scheme name is provided, then it
* must be the prefix used in front of passwords encoded with that scheme,
* optionally including or omitting the curly braces. The specified scheme
* must be enabled for use in the server but does not otherwise need to be
* associated with the target user's password policy.
*
* @param passwordStorageScheme The name of the password storage scheme that
* should be used to encode any new password
* values. It may optionally be enclosed in
* curly braces. It may be {@code null} if the
* password policy configuration should be used
* to determine which password storage schemes
* should be used to encode new passwords.
*/
public void setPasswordStorageScheme(final String passwordStorageScheme)
{
this.passwordStorageScheme = passwordStorageScheme;
}
/**
* Indicates whether the password update behavior request control should
* override the server's normal behavior with regard to requiring a password
* change, and if so, what that behavior should be.
*
* @return {@code Boolean.TRUE} if the user will be required to change their
* password before being allowed to perform any other operation,
* {@code Boolean.FALSE} if the user will not be required to change
* their password before being allowed to perform any other
* operation, or {@code null} if the password policy configuration
* should be used to control this behavior.
*/
public Boolean getMustChangePassword()
{
return mustChangePassword;
}
/**
* Specifies whether the password update behavior request control should
* override the server's normal behavior with regard to requiring a password
* change, and if so, what that behavior should be.
*
* Note that the "must change password" behavior will only be enforced if the
* target user's password policy is configured with either
* {@code force-change-on-add} or {@code force-change-on-reset} set to
* {@code true}. If both of those properties are set to {@code false}, then
* this method will have no effect.
*
* Normally, if {@code force-change-on-reset} is {@code true}, then the server
* will put the user's account into a "must change password" state after an
* administrative password reset, but not after a self change. If this
* method is called with a value of {@code Boolean.TRUE}, then the "must
* change password" flag will be set, even if the password update is a self
* change. It this method is called with a value of {@code Boolean.FALSE},
* then the "must change password" flag will not be set even if the password
* update is an administrative change. If this method is called with a value
* of {@code null}, then the server's normal logic will be used to determine
* whether to set the "must change password" flag.
*
* @param mustChangePassword Specifies whether the password update behavior
* request control should override the server's
* normal behavior with regard to requiring a
* password change, and if so, what that behavior
* should be. If this is {@code Boolean.TRUE},
* then the user entry will be required to change
* their password after their next login even if
* this is a self change. If this is
* {@code Boolean.FALSE}, then the user will not
* be required to change their password after the
* next login even if this is an administrative
* reset. If this is {@code null}, then the
* server's normal logic will be used to make the
* determination.
*/
public void setMustChangePassword(final Boolean mustChangePassword)
{
this.mustChangePassword = mustChangePassword;
}
/**
* Retrieves a string representation of this password update behavior request
* control properties object.
*
* @return A string representation of this password update behavior request
* control properties object.
*/
@Override()
public String toString()
{
final StringBuilder buffer = new StringBuilder();
toString(buffer);
return buffer.toString();
}
/**
* Appends a string representation of this password update behavior request
* control properties object to the provided buffer.
*
* @param buffer The buffer to which the information should be appended.
*/
public void toString(final StringBuilder buffer)
{
buffer.append("PasswordUpdateBehaviorRequestControlProperties(");
boolean appended = appendNameValuePair(buffer, "isSelfChange", isSelfChange,
false);
appended = appendNameValuePair(buffer, "allowPreEncodedPassword",
allowPreEncodedPassword, appended);
appended = appendNameValuePair(buffer, "skipPasswordValidation",
skipPasswordValidation, appended);
appended = appendNameValuePair(buffer, "ignorePasswordHistory",
ignorePasswordHistory, appended);
appended = appendNameValuePair(buffer, "ignoreMinimumPasswordAge",
ignoreMinimumPasswordAge, appended);
appended = appendNameValuePair(buffer, "passwordStorageScheme",
passwordStorageScheme, appended);
appendNameValuePair(buffer, "mustChangePassword",
mustChangePassword, appended);
buffer.append(')');
}
/**
* Appends a name-value pair to the provided buffer, if appropriate.
*
* @param buffer The buffer to which the name-value pair
* should be appended. It must not be
* {@code null}.
* @param propertyName The name for the property to consider
* appending. It must not be {@code null}.
* @param propertyValue The value for the property to consider
* appending. It may be {@code null} if the
* name-value pair should not be appended. If
* it is non-{@code null}, then it must have a
* type of {@code Boolean} or {@code String}.
* @param appendedPreviousPair Indicates whether a previous name-value pair
* has already been appended to the buffer. If
* the provided name-value pair should not be
* appended, then this will be returned. If the
* provided name-value pair should be appended,
* then this will be used to indicate whether it
* should be preceded by a comma.
*
* @return {@code true} if this or a previous name-value pair has been
* appended to the buffer, or {@code false} if no name-value pair has
* yet been appended to the buffer.
*/
private static boolean appendNameValuePair(final StringBuilder buffer,
final String propertyName,
final Object propertyValue,
final boolean appendedPreviousPair)
{
if (propertyValue == null)
{
return appendedPreviousPair;
}
if (appendedPreviousPair)
{
buffer.append(", ");
}
buffer.append(propertyName);
buffer.append('=');
if (propertyValue instanceof Boolean)
{
buffer.append(((Boolean) propertyValue).booleanValue());
}
else
{
buffer.append('"');
buffer.append(propertyValue);
buffer.append('"');
}
return true;
}
}