Source code

001/*
002 *   Licensed to the Apache Software Foundation (ASF) under one
003 *   or more contributor license agreements.  See the NOTICE file
004 *   distributed with this work for additional information
005 *   regarding copyright ownership.  The ASF licenses this file
006 *   to you under the Apache License, Version 2.0 (the
007 *   "License"); you may not use this file except in compliance
008 *   with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 *   Unless required by applicable law or agreed to in writing,
013 *   software distributed under the License is distributed on an
014 *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 *   KIND, either express or implied.  See the License for the
016 *   specific language governing permissions and limitations
017 *   under the License.
018 *
019 */
020
021package org.apache.directory.server.config.beans;
022
023
024import org.apache.directory.api.ldap.model.constants.SchemaConstants;
025import org.apache.directory.server.config.ConfigurationElement;
026
027
028/**
029 * A simple pojo holding the password policy configuration base on 
030 * <a href="http://tools.ietf.org/html/draft-behera-ldap-password-policy-10">this draft</a>.
031 * 
032 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
033 */
034public class PasswordPolicyBean extends AdsBaseBean
035{
036    /**
037     * The PasswordPolicy unique identifier
038     */
039    @ConfigurationElement(attributeType = "ads-pwdId", isRdn = true)
040    private String pwdId;
041
042    /** the name of the attribute to which the password policy is applied. 
043     * Currently only "userPassword" attribute is supported
044     */
045    @ConfigurationElement(attributeType = "ads-pwdAttribute")
046    private String pwdAttribute = SchemaConstants.USER_PASSWORD_AT;
047
048    /** 
049     * holds the number of seconds that must elapse between modifications to the password. 
050     * Default value is 0 
051     */
052    @ConfigurationElement(attributeType = "ads-pwdMinAge", isOptional = true, defaultValue = "0")
053    private int pwdMinAge = 0;
054
055    /**
056     *  holds the number of seconds after which a modified password will expire.
057     *  Default value is 0, does not expire.  If not 0, the value must be greater than or equal
058     *  to the value of the pwdMinAge.
059     */
060    @ConfigurationElement(attributeType = "ads-pwdMaxAge", isOptional = true, defaultValue = "0")
061    private int pwdMaxAge = 0;
062
063    /**
064     *  specifies the maximum number of used passwords stored in the pwdHistory attribute.
065     *  Default value is 0, no password history maintained
066     */
067    @ConfigurationElement(attributeType = "ads-pwdInHistory", isOptional = true, defaultValue = "0")
068    private int pwdInHistory = 0;
069
070    /** indicates how the password quality will be verified while being modified or added.
071     *  Default value 0, do not check 
072     */
073    @ConfigurationElement(attributeType = "ads-pwdCheckQuality", isOptional = true, defaultValue = "0")
074    private int pwdCheckQuality = 0;
075
076    /** this attribute holds the minimum number of characters that must be used in a password. 
077     *  Default value 0, no minimum length enforced
078     */
079    @ConfigurationElement(attributeType = "ads-pwdMinLength", isOptional = true, defaultValue = "0")
080    private int pwdMinLength = 0;
081
082    /**
083     * this attribute holds the maximum number of characters that may be used in a password.
084     * Default value 0, no maximum length enforced
085     */
086    @ConfigurationElement(attributeType = "ads-pwdMaxLength", isOptional = true, defaultValue = "0")
087    private int pwdMaxLength = 0;
088
089    /**
090     * the maximum number of seconds before a password is due to expire that expiration warning
091     * messages will be returned to an authenticating user.
092     * Default value is 0, never send a warning message.
093     */
094    @ConfigurationElement(attributeType = "ads-pwdExpireWarning", isOptional = true, defaultValue = "0")
095    private int pwdExpireWarning = 0;
096
097    /** 
098     * the number of times an expired password can be used to authenticate.
099     * Default value is 0, do not allow a expired password for authentication.
100     */
101    @ConfigurationElement(attributeType = "ads-pwdGraceAuthNLimit", isOptional = true, defaultValue = "0")
102    private int pwdGraceAuthNLimit = 0;
103
104    /** 
105     * specifies the number of seconds the grace authentications are valid
106     * Default value is 0, no limit.
107     */
108    @ConfigurationElement(attributeType = "ads-pwdGraceExpire", isOptional = true, defaultValue = "0")
109    private int pwdGraceExpire = 0;
110
111    /**
112     * flag to indicate if the account needs to be locked after a specified number of
113     * consecutive failed bind attempts. The maximum number of consecutive
114     * failed bind attempts is specified in {@link #pwdMaxFailure}
115     */
116    @ConfigurationElement(attributeType = "ads-pwdLockout", isOptional = true, defaultValue = "false")
117    private boolean pwdLockout = false;
118
119    /**
120     * the number of seconds that the password cannot be used to authenticate due to 
121     * too many failed bind attempts.
122     * Default value is 300 seconds.
123     */
124    @ConfigurationElement(attributeType = "ads-pwdLockoutDuration", isOptional = true, defaultValue = "300")
125    private int pwdLockoutDuration = 300;
126
127    /**
128     * the number of consecutive failed bind attempts after which the password may not 
129     * be used to authenticate.
130     * Default value is 0, no limit on the number of authentication failures
131     */
132    @ConfigurationElement(attributeType = "ads-pwdMaxFailure", isOptional = true, defaultValue = "0")
133    private int pwdMaxFailure = 0;
134
135    /**
136     * the number of seconds after which the password failures are purged from the failure counter.
137     * Default value is 0, reset all pwdFailureTimes after a successful authentication.
138     */
139    @ConfigurationElement(attributeType = "ads-pwdFailureCountInterval", isOptional = true, defaultValue = "0")
140    private int pwdFailureCountInterval = 0;
141
142    /** 
143     * flag to indicate if the password must be changed by the user after they bind to the 
144     * directory after a password is set or reset by a password administrator.
145     * Default value is false, no need to change the password by user.
146     */
147    @ConfigurationElement(attributeType = "ads-pwdMustChange", isOptional = true, defaultValue = "false")
148    private boolean pwdMustChange = false;
149
150    /** indicates whether users can change their own passwords. Default value is true, allow change */
151    @ConfigurationElement(attributeType = "ads-pwdAllowUserChange", isOptional = true, defaultValue = "true")
152    private boolean pwdAllowUserChange = true;
153
154    /**
155     *  flag to specify whether or not the existing password must be sent along with the
156     *  new password when being changed.
157     *  Default value is false.
158     */
159    @ConfigurationElement(attributeType = "ads-pwdSafeModify", isOptional = true, defaultValue = "false")
160    private boolean pwdSafeModify = false;
161
162    /** 
163     * the number of seconds to delay responding to the first failed authentication attempt
164     * Default value 0, no delay.
165     */
166    @ConfigurationElement(attributeType = "ads-pwdMinDelay", isOptional = true, defaultValue = "0")
167    private int pwdMinDelay = 0;
168
169    /** the maximum number of seconds to delay when responding to a failed authentication attempt.*/
170    @ConfigurationElement(attributeType = "ads-pwdMaxDelay", isOptional = true, defaultValue = "0")
171    private int pwdMaxDelay = 0;
172
173    /** 
174     * the number of seconds an account may remain unused before it becomes locked
175     * Default value is 0, no check for idle time.
176     */
177    @ConfigurationElement(attributeType = "ads-pwdMaxIdle", isOptional = true, defaultValue = "0")
178    private int pwdMaxIdle = 0;
179
180    /** the FQCN of the password validator */
181    @ConfigurationElement(attributeType = "ads-pwdValidator", isOptional = true)
182    private String pwdValidator = null;
183
184    public String getPwdAttribute()
185    {
186        return pwdAttribute;
187    }
188
189
190    public void setPwdAttribute( String pwdAttribute )
191    {
192        this.pwdAttribute = pwdAttribute;
193    }
194
195
196    public int getPwdMinAge()
197    {
198        return pwdMinAge;
199    }
200
201
202    public void setPwdMinAge( int pwdMinAge )
203    {
204        this.pwdMinAge = pwdMinAge;
205    }
206
207
208    public int getPwdMaxAge()
209    {
210        return pwdMaxAge;
211    }
212
213
214    public void setPwdMaxAge( int pwdMaxAge )
215    {
216        this.pwdMaxAge = pwdMaxAge;
217    }
218
219
220    public int getPwdInHistory()
221    {
222        return pwdInHistory;
223    }
224
225
226    public void setPwdInHistory( int pwdInHistory )
227    {
228        this.pwdInHistory = pwdInHistory;
229    }
230
231
232    public int getPwdCheckQuality()
233    {
234        return pwdCheckQuality;
235    }
236
237
238    public void setPwdCheckQuality( int pwdCheckQuality )
239    {
240        this.pwdCheckQuality = pwdCheckQuality;
241    }
242
243
244    public int getPwdMinLength()
245    {
246        return pwdMinLength;
247    }
248
249
250    public void setPwdMinLength( int pwdMinLength )
251    {
252        this.pwdMinLength = pwdMinLength;
253    }
254
255
256    public int getPwdMaxLength()
257    {
258        return pwdMaxLength;
259    }
260
261
262    public void setPwdMaxLength( int pwdMaxLength )
263    {
264        this.pwdMaxLength = pwdMaxLength;
265    }
266
267
268    public int getPwdExpireWarning()
269    {
270        return pwdExpireWarning;
271    }
272
273
274    public void setPwdExpireWarning( int pwdExpireWarning )
275    {
276        this.pwdExpireWarning = pwdExpireWarning;
277    }
278
279
280    public int getPwdGraceAuthNLimit()
281    {
282        return pwdGraceAuthNLimit;
283    }
284
285
286    public void setPwdGraceAuthNLimit( int pwdGraceAuthNLimit )
287    {
288        this.pwdGraceAuthNLimit = pwdGraceAuthNLimit;
289    }
290
291
292    public int getPwdGraceExpire()
293    {
294        return pwdGraceExpire;
295    }
296
297
298    public void setPwdGraceExpire( int pwdGraceExpire )
299    {
300        this.pwdGraceExpire = pwdGraceExpire;
301    }
302
303
304    public boolean isPwdLockout()
305    {
306        return pwdLockout;
307    }
308
309
310    public void setPwdLockout( boolean pwdLockout )
311    {
312        this.pwdLockout = pwdLockout;
313    }
314
315
316    public int getPwdLockoutDuration()
317    {
318        return pwdLockoutDuration;
319    }
320
321
322    public void setPwdLockoutDuration( int pwdLockoutDuration )
323    {
324        this.pwdLockoutDuration = pwdLockoutDuration;
325    }
326
327
328    public int getPwdMaxFailure()
329    {
330        return pwdMaxFailure;
331    }
332
333
334    public void setPwdMaxFailure( int pwdMaxFailure )
335    {
336        this.pwdMaxFailure = pwdMaxFailure;
337    }
338
339
340    public int getPwdFailureCountInterval()
341    {
342        return pwdFailureCountInterval;
343    }
344
345
346    public void setPwdFailureCountInterval( int pwdFailureCountInterval )
347    {
348        this.pwdFailureCountInterval = pwdFailureCountInterval;
349    }
350
351
352    public boolean isPwdMustChange()
353    {
354        return pwdMustChange;
355    }
356
357
358    public void setPwdMustChange( boolean pwdMustChange )
359    {
360        this.pwdMustChange = pwdMustChange;
361    }
362
363
364    public boolean isPwdAllowUserChange()
365    {
366        return pwdAllowUserChange;
367    }
368
369
370    public void setPwdAllowUserChange( boolean pwdAllowUserChange )
371    {
372        this.pwdAllowUserChange = pwdAllowUserChange;
373    }
374
375
376    public boolean isPwdSafeModify()
377    {
378        return pwdSafeModify;
379    }
380
381
382    public void setPwdSafeModify( boolean pwdSafeModify )
383    {
384        this.pwdSafeModify = pwdSafeModify;
385    }
386
387
388    public int getPwdMinDelay()
389    {
390        return pwdMinDelay;
391    }
392
393
394    public void setPwdMinDelay( int pwdMinDelay )
395    {
396        this.pwdMinDelay = pwdMinDelay;
397    }
398
399
400    public int getPwdMaxDelay()
401    {
402        return pwdMaxDelay;
403    }
404
405
406    public void setPwdMaxDelay( int pwdMaxDelay )
407    {
408        this.pwdMaxDelay = pwdMaxDelay;
409    }
410
411
412    public int getPwdMaxIdle()
413    {
414        return pwdMaxIdle;
415    }
416
417
418    public void setPwdMaxIdle( int pwdMaxIdle )
419    {
420        this.pwdMaxIdle = pwdMaxIdle;
421    }
422
423
424    /**
425     * @return the pwdId
426     */
427    public String getPwdId()
428    {
429        return pwdId;
430    }
431
432
433    /**
434     * @param pwdId the pwdId to set
435     */
436    public void setPwdId( String pwdId )
437    {
438        this.pwdId = pwdId;
439    }
440
441
442    /**
443     * @return gives the FQCN of the password validator
444     */
445    public String getPwdValidator()
446    {
447        return pwdValidator;
448    }
449
450
451    /**
452     * Sets the password validator
453     * 
454     * @param pwdValidator the FQCN of the password validator
455     */
456    public void setPwdValidator( String pwdValidator )
457    {
458        this.pwdValidator = pwdValidator;
459    }
460
461
462    /**
463     * {@inheritDoc}
464     */
465    @Override
466    public String toString( String tabs )
467    {
468        StringBuilder sb = new StringBuilder();
469
470        sb.append( tabs ).append( "PasswordPolicy :\n" );
471        sb.append( super.toString( tabs + "  " ) );
472        sb.append( tabs ).append( "  identifier : " ).append( pwdId ).append( '\n' );
473        sb.append( toString( tabs, "  password attribute", pwdAttribute ) );
474        sb.append( tabs ).append( "  password min age : " ).append( pwdMinAge ).append( '\n' );
475        sb.append( tabs ).append( "  password max age : " ).append( pwdMaxAge ).append( '\n' );
476        sb.append( tabs ).append( "  password min length : " ).append( pwdMinLength ).append( '\n' );
477        sb.append( tabs ).append( "  password max length : " ).append( pwdMaxLength ).append( '\n' );
478        sb.append( tabs ).append( "  password min delay : " ).append( pwdMinDelay ).append( '\n' );
479        sb.append( tabs ).append( "  password max delay : " ).append( pwdMaxDelay ).append( '\n' );
480        sb.append( tabs ).append( "  password max idle : " ).append( pwdMaxIdle ).append( '\n' );
481        sb.append( tabs ).append( "  password max failure : " ).append( pwdMaxFailure ).append( '\n' );
482        sb.append( tabs ).append( "  password lockout duration : " ).append( pwdLockoutDuration ).append( '\n' );
483        sb.append( tabs ).append( "  password expire warning : " ).append( pwdExpireWarning ).append( '\n' );
484        sb.append( tabs ).append( "  password grace expire : " ).append( pwdGraceExpire ).append( '\n' );
485        sb.append( tabs ).append( "  password grace Auth N limit : " ).append( pwdGraceAuthNLimit ).append( '\n' );
486        sb.append( tabs ).append( "  password in history : " ).append( pwdInHistory ).append( '\n' );
487        sb.append( tabs ).append( "  password check quality : " ).append( pwdCheckQuality ).append( '\n' );
488        sb.append( tabs ).append( "  password failure count interval : " ).append( pwdFailureCountInterval )
489            .append( '\n' );
490        sb.append( toString( tabs, "  password lockout", pwdLockout ) );
491        sb.append( toString( tabs, "  password must change", pwdMustChange ) );
492        sb.append( toString( tabs, "  password allow user change", pwdAllowUserChange ) );
493        sb.append( toString( tabs, "  password safe modify", pwdSafeModify ) );
494
495        return sb.toString();
496    }
497
498
499    /**
500     * {@inheritDoc}
501     */
502    @Override
503    public String toString()
504    {
505        return toString( "" );
506    }
507}