org.apache.jetspeed.security.spi.impl
Class PasswordExpirationInterceptor

java.lang.Object
  extended byorg.apache.jetspeed.security.spi.impl.AbstractInternalPasswordCredentialInterceptorImpl
      extended byorg.apache.jetspeed.security.spi.impl.PasswordExpirationInterceptor
All Implemented Interfaces:
InternalPasswordCredentialInterceptor

public class PasswordExpirationInterceptor
extends AbstractInternalPasswordCredentialInterceptorImpl

Enforces a maximum lifespan for a password credential.

When on authentication a password its expiration date is reached, its expired flag is set. The DefaultCredentialHandler then will fail the authentication and subsequent authentications will fail immediately.

To ensure proper expiration handling, an empty (null) expiration date will be automatically filled in when the credential is loaded from the persistent store using the configured max lifespan in days.

When a password credential is created or a password is updated a new future expiration date is calculated.

An existing or already provided higher expiration date will be preserved though. This allows to (pre)set a (very) high expiration date, like with InternalCredential.MAX_DATE, for credentials which shouldn't expire.

Version:
$Id$
Author:
Ate Douma

Field Summary
private  long maxLifeSpanInMillis
           
 
Constructor Summary
PasswordExpirationInterceptor(int maxLifeSpanInDays)
           
 
Method Summary
 boolean afterAuthenticated(org.apache.jetspeed.security.om.InternalUserPrincipal internalUser, String userName, org.apache.jetspeed.security.om.InternalCredential credential, boolean authenticated)
           Invoked during authentication after the provided password is compared against the one retrieved from the InternalCredential.
 boolean afterLoad(PasswordCredentialProvider pcProvider, String userName, org.apache.jetspeed.security.om.InternalCredential credential)
           Invoked after a password credential is loaded from the persistent store.
 void beforeCreate(org.apache.jetspeed.security.om.InternalUserPrincipal internalUser, Collection credentials, String userName, org.apache.jetspeed.security.om.InternalCredential credential, String password)
          Calculates and sets the default expiration date and the expired flag to false
 void beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal internalUser, Collection credentials, String userName, org.apache.jetspeed.security.om.InternalCredential credential, String password, boolean authenticated)
          Sets a new expiration date if a higher expiration date isn't set already and resets the expired flag
protected  void setExpiration(org.apache.jetspeed.security.om.InternalCredential credential)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

maxLifeSpanInMillis

private long maxLifeSpanInMillis
Constructor Detail

PasswordExpirationInterceptor

public PasswordExpirationInterceptor(int maxLifeSpanInDays)
Parameters:
maxLifeSpanInDays - default lifespan of password credentials in days
Method Detail

afterAuthenticated

public boolean afterAuthenticated(org.apache.jetspeed.security.om.InternalUserPrincipal internalUser,
                                  String userName,
                                  org.apache.jetspeed.security.om.InternalCredential credential,
                                  boolean authenticated)
                           throws org.apache.jetspeed.security.SecurityException
Description copied from interface: InternalPasswordCredentialInterceptor

Invoked during authentication after the provided password is compared against the one retrieved from the InternalCredential.

If true is returned, the credential is expected to be updated and its enabled and expired flags will checked if the credential is (still) valid.

Note: the enabled and expired flags are only checked if this method returns true.

A thrown SecurityException will be passed on to the authentication requestor.

Specified by:
afterAuthenticated in interface InternalPasswordCredentialInterceptor
Overrides:
afterAuthenticated in class AbstractInternalPasswordCredentialInterceptorImpl
Returns:
true when the password credential is now expired
Throws:
org.apache.jetspeed.security.SecurityException
See Also:
InternalPasswordCredentialInterceptor.afterAuthenticated(org.apache.jetspeed.security.om.InternalUserPrincipal, java.lang.String, org.apache.jetspeed.security.om.InternalCredential, boolean)

afterLoad

public boolean afterLoad(PasswordCredentialProvider pcProvider,
                         String userName,
                         org.apache.jetspeed.security.om.InternalCredential credential)
                  throws org.apache.jetspeed.security.SecurityException
Description copied from interface: InternalPasswordCredentialInterceptor

Invoked after a password credential is loaded from the persistent store.

If true is returned the credential is expected to be updated and its changes will be stored again.

A thrown SecurityException will be logged as an error and result in the credential to be ignored as if not existing (like for authentication).

Specified by:
afterLoad in interface InternalPasswordCredentialInterceptor
Overrides:
afterLoad in class AbstractInternalPasswordCredentialInterceptorImpl
Returns:
true when a new default expiration date is set
Throws:
org.apache.jetspeed.security.SecurityException
See Also:
InternalPasswordCredentialInterceptor.afterLoad(org.apache.jetspeed.security.spi.PasswordCredentialProvider, java.lang.String, org.apache.jetspeed.security.om.InternalCredential)

beforeCreate

public void beforeCreate(org.apache.jetspeed.security.om.InternalUserPrincipal internalUser,
                         Collection credentials,
                         String userName,
                         org.apache.jetspeed.security.om.InternalCredential credential,
                         String password)
                  throws org.apache.jetspeed.security.SecurityException
Calculates and sets the default expiration date and the expired flag to false

Specified by:
beforeCreate in interface InternalPasswordCredentialInterceptor
Overrides:
beforeCreate in class AbstractInternalPasswordCredentialInterceptorImpl
Throws:
org.apache.jetspeed.security.SecurityException
See Also:
InternalPasswordCredentialInterceptor.beforeCreate(org.apache.jetspeed.security.om.InternalUserPrincipal, java.util.Collection, java.lang.String, InternalCredential, java.lang.String)

beforeSetPassword

public void beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal internalUser,
                              Collection credentials,
                              String userName,
                              org.apache.jetspeed.security.om.InternalCredential credential,
                              String password,
                              boolean authenticated)
                       throws org.apache.jetspeed.security.SecurityException
Sets a new expiration date if a higher expiration date isn't set already and resets the expired flag

Specified by:
beforeSetPassword in interface InternalPasswordCredentialInterceptor
Overrides:
beforeSetPassword in class AbstractInternalPasswordCredentialInterceptorImpl
Throws:
org.apache.jetspeed.security.SecurityException
See Also:
InternalPasswordCredentialInterceptor.beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal, java.util.Collection, java.lang.String, org.apache.jetspeed.security.om.InternalCredential, java.lang.String, boolean)

setExpiration

protected void setExpiration(org.apache.jetspeed.security.om.InternalCredential credential)


Copyright © 1999-2005 Apache Software Foundation. All Rights Reserved.