|
|||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.apache.jetspeed.security.spi.impl.AbstractInternalPasswordCredentialInterceptorImpl
org.apache.jetspeed.security.spi.impl.PasswordHistoryInterceptor
Maintains a configurable FIFO stack of used password credentials for a principal. It also requires a unique password (with regards to the values currently in the stack) when a password is changed directly by the user itself.
The historical passwords are maintained as InternalCredential
instances with as classname
value HISTORICAL_PASSWORD_CREDENTIAL
to distinguish them from the current password credential.
Implementation Note:
When a new password is about to be saved, a new copy of the current credential is saved as
a historic password credential. This means that the current password credential instance,
and thus also its key
, remains the same.
Field Summary | |
static String |
HISTORICAL_PASSWORD_CREDENTIAL
Value used for InternalCredential.getClassname() to distinguish from current password credentials |
private int |
historySize
|
private static Comparator |
internalCredentialCreationDateComparator
|
Constructor Summary | |
PasswordHistoryInterceptor(int historySize)
|
Method Summary | |
void |
beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal internalUser,
Collection credentials,
String userName,
org.apache.jetspeed.security.om.InternalCredential credential,
String password,
boolean authenticated)
Invoked when a new password value is to be saved for a user. |
Methods inherited from class org.apache.jetspeed.security.spi.impl.AbstractInternalPasswordCredentialInterceptorImpl |
afterAuthenticated, afterLoad, beforeCreate |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
private int historySize
public static String HISTORICAL_PASSWORD_CREDENTIAL
InternalCredential.getClassname()
to distinguish from current password credentials
private static final Comparator internalCredentialCreationDateComparator
Constructor Detail |
public PasswordHistoryInterceptor(int historySize)
historySize
- stack size maintained for historical passwordsMethod Detail |
public void beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal internalUser, Collection credentials, String userName, org.apache.jetspeed.security.om.InternalCredential credential, String password, boolean authenticated) throws org.apache.jetspeed.security.SecurityException
InternalPasswordCredentialInterceptor
Invoked when a new password value is to be saved for a user.
The new password value is not yet set on the provided credential when this callback is invoked. This allows custom history maintenance and/or auditing to be performed.
The provided authenticated flag can be used to differentiate between a new password value set directly by a user itself or through an administrative interface.
After this callback is invoked, the specified password value will be set, as well as a reset of the
updateRequired
flag, before the credential is saved.
A thrown SecurityException is passed on to the set password requestor.
beforeSetPassword
in interface InternalPasswordCredentialInterceptor
beforeSetPassword
in class AbstractInternalPasswordCredentialInterceptorImpl
org.apache.jetspeed.security.SecurityException
InternalPasswordCredentialInterceptor.beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal, java.util.Collection, java.lang.String, org.apache.jetspeed.security.om.InternalCredential, java.lang.String, boolean)
|
|||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |