001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020 021package org.apache.directory.server.config.beans; 022 023 024import org.apache.directory.api.ldap.model.constants.SchemaConstants; 025import org.apache.directory.server.config.ConfigurationElement; 026 027 028/** 029 * A simple pojo holding the password policy configuration base on 030 * <a href="http://tools.ietf.org/html/draft-behera-ldap-password-policy-10">this draft</a>. 031 * 032 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 033 */ 034public class PasswordPolicyBean extends AdsBaseBean 035{ 036 /** 037 * The PasswordPolicy unique identifier 038 */ 039 @ConfigurationElement(attributeType = "ads-pwdId", isRdn = true) 040 private String pwdId; 041 042 /** the name of the attribute to which the password policy is applied. 043 * Currently only "userPassword" attribute is supported 044 */ 045 @ConfigurationElement(attributeType = "ads-pwdAttribute") 046 private String pwdAttribute = SchemaConstants.USER_PASSWORD_AT; 047 048 /** 049 * holds the number of seconds that must elapse between modifications to the password. 050 * Default value is 0 051 */ 052 @ConfigurationElement(attributeType = "ads-pwdMinAge", isOptional = true, defaultValue = "0") 053 private int pwdMinAge = 0; 054 055 /** 056 * holds the number of seconds after which a modified password will expire. 057 * Default value is 0, does not expire. If not 0, the value must be greater than or equal 058 * to the value of the pwdMinAge. 059 */ 060 @ConfigurationElement(attributeType = "ads-pwdMaxAge", isOptional = true, defaultValue = "0") 061 private int pwdMaxAge = 0; 062 063 /** 064 * specifies the maximum number of used passwords stored in the pwdHistory attribute. 065 * Default value is 0, no password history maintained 066 */ 067 @ConfigurationElement(attributeType = "ads-pwdInHistory", isOptional = true, defaultValue = "0") 068 private int pwdInHistory = 0; 069 070 /** indicates how the password quality will be verified while being modified or added. 071 * Default value 0, do not check 072 */ 073 @ConfigurationElement(attributeType = "ads-pwdCheckQuality", isOptional = true, defaultValue = "0") 074 private int pwdCheckQuality = 0; 075 076 /** this attribute holds the minimum number of characters that must be used in a password. 077 * Default value 0, no minimum length enforced 078 */ 079 @ConfigurationElement(attributeType = "ads-pwdMinLength", isOptional = true, defaultValue = "0") 080 private int pwdMinLength = 0; 081 082 /** 083 * this attribute holds the maximum number of characters that may be used in a password. 084 * Default value 0, no maximum length enforced 085 */ 086 @ConfigurationElement(attributeType = "ads-pwdMaxLength", isOptional = true, defaultValue = "0") 087 private int pwdMaxLength = 0; 088 089 /** 090 * the maximum number of seconds before a password is due to expire that expiration warning 091 * messages will be returned to an authenticating user. 092 * Default value is 0, never send a warning message. 093 */ 094 @ConfigurationElement(attributeType = "ads-pwdExpireWarning", isOptional = true, defaultValue = "0") 095 private int pwdExpireWarning = 0; 096 097 /** 098 * the number of times an expired password can be used to authenticate. 099 * Default value is 0, do not allow a expired password for authentication. 100 */ 101 @ConfigurationElement(attributeType = "ads-pwdGraceAuthNLimit", isOptional = true, defaultValue = "0") 102 private int pwdGraceAuthNLimit = 0; 103 104 /** 105 * specifies the number of seconds the grace authentications are valid 106 * Default value is 0, no limit. 107 */ 108 @ConfigurationElement(attributeType = "ads-pwdGraceExpire", isOptional = true, defaultValue = "0") 109 private int pwdGraceExpire = 0; 110 111 /** 112 * flag to indicate if the account needs to be locked after a specified number of 113 * consecutive failed bind attempts. The maximum number of consecutive 114 * failed bind attempts is specified in {@link #pwdMaxFailure} 115 */ 116 @ConfigurationElement(attributeType = "ads-pwdLockout", isOptional = true, defaultValue = "false") 117 private boolean pwdLockout = false; 118 119 /** 120 * the number of seconds that the password cannot be used to authenticate due to 121 * too many failed bind attempts. 122 * Default value is 300 seconds. 123 */ 124 @ConfigurationElement(attributeType = "ads-pwdLockoutDuration", isOptional = true, defaultValue = "300") 125 private int pwdLockoutDuration = 300; 126 127 /** 128 * the number of consecutive failed bind attempts after which the password may not 129 * be used to authenticate. 130 * Default value is 0, no limit on the number of authentication failures 131 */ 132 @ConfigurationElement(attributeType = "ads-pwdMaxFailure", isOptional = true, defaultValue = "0") 133 private int pwdMaxFailure = 0; 134 135 /** 136 * the number of seconds after which the password failures are purged from the failure counter. 137 * Default value is 0, reset all pwdFailureTimes after a successful authentication. 138 */ 139 @ConfigurationElement(attributeType = "ads-pwdFailureCountInterval", isOptional = true, defaultValue = "0") 140 private int pwdFailureCountInterval = 0; 141 142 /** 143 * flag to indicate if the password must be changed by the user after they bind to the 144 * directory after a password is set or reset by a password administrator. 145 * Default value is false, no need to change the password by user. 146 */ 147 @ConfigurationElement(attributeType = "ads-pwdMustChange", isOptional = true, defaultValue = "false") 148 private boolean pwdMustChange = false; 149 150 /** indicates whether users can change their own passwords. Default value is true, allow change */ 151 @ConfigurationElement(attributeType = "ads-pwdAllowUserChange", isOptional = true, defaultValue = "true") 152 private boolean pwdAllowUserChange = true; 153 154 /** 155 * flag to specify whether or not the existing password must be sent along with the 156 * new password when being changed. 157 * Default value is false. 158 */ 159 @ConfigurationElement(attributeType = "ads-pwdSafeModify", isOptional = true, defaultValue = "false") 160 private boolean pwdSafeModify = false; 161 162 /** 163 * the number of seconds to delay responding to the first failed authentication attempt 164 * Default value 0, no delay. 165 */ 166 @ConfigurationElement(attributeType = "ads-pwdMinDelay", isOptional = true, defaultValue = "0") 167 private int pwdMinDelay = 0; 168 169 /** the maximum number of seconds to delay when responding to a failed authentication attempt.*/ 170 @ConfigurationElement(attributeType = "ads-pwdMaxDelay", isOptional = true, defaultValue = "0") 171 private int pwdMaxDelay = 0; 172 173 /** 174 * the number of seconds an account may remain unused before it becomes locked 175 * Default value is 0, no check for idle time. 176 */ 177 @ConfigurationElement(attributeType = "ads-pwdMaxIdle", isOptional = true, defaultValue = "0") 178 private int pwdMaxIdle = 0; 179 180 /** the FQCN of the password validator */ 181 @ConfigurationElement(attributeType = "ads-pwdValidator", isOptional = true) 182 private String pwdValidator = null; 183 184 public String getPwdAttribute() 185 { 186 return pwdAttribute; 187 } 188 189 190 public void setPwdAttribute( String pwdAttribute ) 191 { 192 this.pwdAttribute = pwdAttribute; 193 } 194 195 196 public int getPwdMinAge() 197 { 198 return pwdMinAge; 199 } 200 201 202 public void setPwdMinAge( int pwdMinAge ) 203 { 204 this.pwdMinAge = pwdMinAge; 205 } 206 207 208 public int getPwdMaxAge() 209 { 210 return pwdMaxAge; 211 } 212 213 214 public void setPwdMaxAge( int pwdMaxAge ) 215 { 216 this.pwdMaxAge = pwdMaxAge; 217 } 218 219 220 public int getPwdInHistory() 221 { 222 return pwdInHistory; 223 } 224 225 226 public void setPwdInHistory( int pwdInHistory ) 227 { 228 this.pwdInHistory = pwdInHistory; 229 } 230 231 232 public int getPwdCheckQuality() 233 { 234 return pwdCheckQuality; 235 } 236 237 238 public void setPwdCheckQuality( int pwdCheckQuality ) 239 { 240 this.pwdCheckQuality = pwdCheckQuality; 241 } 242 243 244 public int getPwdMinLength() 245 { 246 return pwdMinLength; 247 } 248 249 250 public void setPwdMinLength( int pwdMinLength ) 251 { 252 this.pwdMinLength = pwdMinLength; 253 } 254 255 256 public int getPwdMaxLength() 257 { 258 return pwdMaxLength; 259 } 260 261 262 public void setPwdMaxLength( int pwdMaxLength ) 263 { 264 this.pwdMaxLength = pwdMaxLength; 265 } 266 267 268 public int getPwdExpireWarning() 269 { 270 return pwdExpireWarning; 271 } 272 273 274 public void setPwdExpireWarning( int pwdExpireWarning ) 275 { 276 this.pwdExpireWarning = pwdExpireWarning; 277 } 278 279 280 public int getPwdGraceAuthNLimit() 281 { 282 return pwdGraceAuthNLimit; 283 } 284 285 286 public void setPwdGraceAuthNLimit( int pwdGraceAuthNLimit ) 287 { 288 this.pwdGraceAuthNLimit = pwdGraceAuthNLimit; 289 } 290 291 292 public int getPwdGraceExpire() 293 { 294 return pwdGraceExpire; 295 } 296 297 298 public void setPwdGraceExpire( int pwdGraceExpire ) 299 { 300 this.pwdGraceExpire = pwdGraceExpire; 301 } 302 303 304 public boolean isPwdLockout() 305 { 306 return pwdLockout; 307 } 308 309 310 public void setPwdLockout( boolean pwdLockout ) 311 { 312 this.pwdLockout = pwdLockout; 313 } 314 315 316 public int getPwdLockoutDuration() 317 { 318 return pwdLockoutDuration; 319 } 320 321 322 public void setPwdLockoutDuration( int pwdLockoutDuration ) 323 { 324 this.pwdLockoutDuration = pwdLockoutDuration; 325 } 326 327 328 public int getPwdMaxFailure() 329 { 330 return pwdMaxFailure; 331 } 332 333 334 public void setPwdMaxFailure( int pwdMaxFailure ) 335 { 336 this.pwdMaxFailure = pwdMaxFailure; 337 } 338 339 340 public int getPwdFailureCountInterval() 341 { 342 return pwdFailureCountInterval; 343 } 344 345 346 public void setPwdFailureCountInterval( int pwdFailureCountInterval ) 347 { 348 this.pwdFailureCountInterval = pwdFailureCountInterval; 349 } 350 351 352 public boolean isPwdMustChange() 353 { 354 return pwdMustChange; 355 } 356 357 358 public void setPwdMustChange( boolean pwdMustChange ) 359 { 360 this.pwdMustChange = pwdMustChange; 361 } 362 363 364 public boolean isPwdAllowUserChange() 365 { 366 return pwdAllowUserChange; 367 } 368 369 370 public void setPwdAllowUserChange( boolean pwdAllowUserChange ) 371 { 372 this.pwdAllowUserChange = pwdAllowUserChange; 373 } 374 375 376 public boolean isPwdSafeModify() 377 { 378 return pwdSafeModify; 379 } 380 381 382 public void setPwdSafeModify( boolean pwdSafeModify ) 383 { 384 this.pwdSafeModify = pwdSafeModify; 385 } 386 387 388 public int getPwdMinDelay() 389 { 390 return pwdMinDelay; 391 } 392 393 394 public void setPwdMinDelay( int pwdMinDelay ) 395 { 396 this.pwdMinDelay = pwdMinDelay; 397 } 398 399 400 public int getPwdMaxDelay() 401 { 402 return pwdMaxDelay; 403 } 404 405 406 public void setPwdMaxDelay( int pwdMaxDelay ) 407 { 408 this.pwdMaxDelay = pwdMaxDelay; 409 } 410 411 412 public int getPwdMaxIdle() 413 { 414 return pwdMaxIdle; 415 } 416 417 418 public void setPwdMaxIdle( int pwdMaxIdle ) 419 { 420 this.pwdMaxIdle = pwdMaxIdle; 421 } 422 423 424 /** 425 * @return the pwdId 426 */ 427 public String getPwdId() 428 { 429 return pwdId; 430 } 431 432 433 /** 434 * @param pwdId the pwdId to set 435 */ 436 public void setPwdId( String pwdId ) 437 { 438 this.pwdId = pwdId; 439 } 440 441 442 /** 443 * @return gives the FQCN of the password validator 444 */ 445 public String getPwdValidator() 446 { 447 return pwdValidator; 448 } 449 450 451 /** 452 * Sets the password validator 453 * 454 * @param pwdValidator the FQCN of the password validator 455 */ 456 public void setPwdValidator( String pwdValidator ) 457 { 458 this.pwdValidator = pwdValidator; 459 } 460 461 462 /** 463 * {@inheritDoc} 464 */ 465 @Override 466 public String toString( String tabs ) 467 { 468 StringBuilder sb = new StringBuilder(); 469 470 sb.append( tabs ).append( "PasswordPolicy :\n" ); 471 sb.append( super.toString( tabs + " " ) ); 472 sb.append( tabs ).append( " identifier : " ).append( pwdId ).append( '\n' ); 473 sb.append( toString( tabs, " password attribute", pwdAttribute ) ); 474 sb.append( tabs ).append( " password min age : " ).append( pwdMinAge ).append( '\n' ); 475 sb.append( tabs ).append( " password max age : " ).append( pwdMaxAge ).append( '\n' ); 476 sb.append( tabs ).append( " password min length : " ).append( pwdMinLength ).append( '\n' ); 477 sb.append( tabs ).append( " password max length : " ).append( pwdMaxLength ).append( '\n' ); 478 sb.append( tabs ).append( " password min delay : " ).append( pwdMinDelay ).append( '\n' ); 479 sb.append( tabs ).append( " password max delay : " ).append( pwdMaxDelay ).append( '\n' ); 480 sb.append( tabs ).append( " password max idle : " ).append( pwdMaxIdle ).append( '\n' ); 481 sb.append( tabs ).append( " password max failure : " ).append( pwdMaxFailure ).append( '\n' ); 482 sb.append( tabs ).append( " password lockout duration : " ).append( pwdLockoutDuration ).append( '\n' ); 483 sb.append( tabs ).append( " password expire warning : " ).append( pwdExpireWarning ).append( '\n' ); 484 sb.append( tabs ).append( " password grace expire : " ).append( pwdGraceExpire ).append( '\n' ); 485 sb.append( tabs ).append( " password grace Auth N limit : " ).append( pwdGraceAuthNLimit ).append( '\n' ); 486 sb.append( tabs ).append( " password in history : " ).append( pwdInHistory ).append( '\n' ); 487 sb.append( tabs ).append( " password check quality : " ).append( pwdCheckQuality ).append( '\n' ); 488 sb.append( tabs ).append( " password failure count interval : " ).append( pwdFailureCountInterval ) 489 .append( '\n' ); 490 sb.append( toString( tabs, " password lockout", pwdLockout ) ); 491 sb.append( toString( tabs, " password must change", pwdMustChange ) ); 492 sb.append( toString( tabs, " password allow user change", pwdAllowUserChange ) ); 493 sb.append( toString( tabs, " password safe modify", pwdSafeModify ) ); 494 495 return sb.toString(); 496 } 497 498 499 /** 500 * {@inheritDoc} 501 */ 502 @Override 503 public String toString() 504 { 505 return toString( "" ); 506 } 507}