Class FreeIPAAuthenticationResponseHandler

java.lang.Object
org.ldaptive.auth.ext.FreeIPAAuthenticationResponseHandler
All Implemented Interfaces:
AuthenticationResponseHandler

public class FreeIPAAuthenticationResponseHandler extends Object implements AuthenticationResponseHandler
Attempts to parse the authentication response and set the account state using data associated with FreeIPA. The Authenticator should be configured to return 'krbPasswordExpiration', 'krbLoginFailedCount' and 'krbLastPwdChange' attributes so they can be consumed by this handler.
  • Field Details

    • ATTRIBUTES

      public static final String[] ATTRIBUTES
      Attributes needed to enforce password policy.
    • logger

      protected final org.slf4j.Logger logger
      Logger for this class.
    • expirationPeriod

      private Period expirationPeriod
      Amount of time since a password was set until it will expire. Used if krbPasswordExpiration cannot be read.
    • warningPeriod

      private Period warningPeriod
      Amount of time before expiration to produce a warning.
    • maxLoginFailures

      private int maxLoginFailures
      Maximum number of login failures to allow.
  • Constructor Details

    • FreeIPAAuthenticationResponseHandler

      public FreeIPAAuthenticationResponseHandler()
      Default constructor.
    • FreeIPAAuthenticationResponseHandler

      public FreeIPAAuthenticationResponseHandler(Period warning, int loginFailures)
      Creates a new freeipa authentication response handler.
      Parameters:
      warning - length of time before expiration that should produce a warning
      loginFailures - number of login failures to allow
    • FreeIPAAuthenticationResponseHandler

      public FreeIPAAuthenticationResponseHandler(Period expiration, Period warning, int loginFailures)
      Creates a new freeipa authentication response handler.
      Parameters:
      expiration - length of time that a password is valid
      warning - length of time before expiration that should produce a warning
      loginFailures - number of login failures to allow
  • Method Details

    • handle

      public void handle(AuthenticationResponse response)
      Description copied from interface: AuthenticationResponseHandler
      Handle the response from an ldap authentication.
      Specified by:
      handle in interface AuthenticationResponseHandler
      Parameters:
      response - produced from an authentication
    • getMaxLoginFailures

      public int getMaxLoginFailures()
      Returns the maximum login failures.
      Returns:
      maximum login failures before lockout.
    • setMaxLoginFailures

      public void setMaxLoginFailures(int loginFailures)
      Sets the maximum login failures.
      Parameters:
      loginFailures - before lockout.
    • getExpirationPeriod

      public Period getExpirationPeriod()
      Returns the amount of time since a password was set until it will expire. Only used if the krbPasswordExpiration attribute cannot be read from the directory.
      Returns:
      expiration period
    • setExpirationPeriod

      public void setExpirationPeriod(Period period)
      Sets the amount of time since a password was set until it will expire. Only used if the krbPasswordExpiration attribute cannot be read from the directory.
      Parameters:
      period - expiration period
    • getWarningPeriod

      public Period getWarningPeriod()
      Returns the amount of time before expiration to produce a warning.
      Returns:
      warning period
    • setWarningPeriod

      public void setWarningPeriod(Period period)
      Sets the amount of time before expiration to produce a warning.
      Parameters:
      period - warning period
    • toString

      public String toString()
      Overrides:
      toString in class Object