Class PasswordPolicyProperties
java.lang.Object
org.apereo.cas.configuration.model.core.authentication.PasswordPolicyProperties
- All Implemented Interfaces:
Serializable
- Direct Known Subclasses:
LdapPasswordPolicyProperties
@RequiresModule(name="cas-server-core-authentication",
automated=true)
public class PasswordPolicyProperties
extends Object
implements Serializable
Configuration properties class for password.policy.
- Since:
- 5.0.0
- See Also:
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic enum
The Password policy handling options. -
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionHandle password policy via Groovy script.int
When dealing with FreeIPA, indicates the number of allows login failures.Map
<String, Class<? extends LoginException>> Key-value structure (Map) that indicates a list of boolean attributes as keys.Decide how authentication should handle password policy changes.Used by an account state handling policy that only calculates account warnings in case the entry carries this attribute.Used by an account state handling policy that only calculates account warnings in case the entry carries an attributewarningAttributeName
whose value matches this field.int
This is used to calculate a warning period to see if account expiry is within the calculated window.boolean
Indicates whether account state handling should be enabled to process warnings or errors reported back from the authentication response, produced by the source.boolean
Indicates if warning should be displayed, when the ldap attribute value matches thewarningAttributeValue
.boolean
Whether password policy should be enabled.boolean
Always display the password expiration warning regardless.setAccountStateHandlingEnabled
(boolean accountStateHandlingEnabled) Indicates whether account state handling should be enabled to process warnings or errors reported back from the authentication response, produced by the source.setDisplayWarningOnMatch
(boolean displayWarningOnMatch) Indicates if warning should be displayed, when the ldap attribute value matches thewarningAttributeValue
.setEnabled
(boolean enabled) Whether password policy should be enabled.Handle password policy via Groovy script.setLoginFailures
(int loginFailures) When dealing with FreeIPA, indicates the number of allows login failures.setPolicyAttributes
(Map<String, Class<? extends LoginException>> policyAttributes) Key-value structure (Map) that indicates a list of boolean attributes as keys.Decide how authentication should handle password policy changes.setWarnAll
(boolean warnAll) Always display the password expiration warning regardless.setWarningAttributeName
(String warningAttributeName) Used by an account state handling policy that only calculates account warnings in case the entry carries this attribute.setWarningAttributeValue
(String warningAttributeValue) Used by an account state handling policy that only calculates account warnings in case the entry carries an attributewarningAttributeName
whose value matches this field.setWarningDays
(int warningDays) This is used to calculate a warning period to see if account expiry is within the calculated window.
-
Constructor Details
-
PasswordPolicyProperties
public PasswordPolicyProperties()
-
-
Method Details
-
getStrategy
Decide how authentication should handle password policy changes. -
getPolicyAttributes
Key-value structure (Map) that indicates a list of boolean attributes as keys. If either attribute value is true, indicating an account state is flagged, the corresponding error can be thrown. ExampleaccountLocked=javax.security.auth.login.AccountLockedException
-
isEnabled
public boolean isEnabled()Whether password policy should be enabled. -
isAccountStateHandlingEnabled
public boolean isAccountStateHandlingEnabled()Indicates whether account state handling should be enabled to process warnings or errors reported back from the authentication response, produced by the source. -
getLoginFailures
public int getLoginFailures()When dealing with FreeIPA, indicates the number of allows login failures. -
getWarningAttributeValue
Used by an account state handling policy that only calculates account warnings in case the entry carries an attributewarningAttributeName
whose value matches this field. -
getWarningAttributeName
Used by an account state handling policy that only calculates account warnings in case the entry carries this attribute. -
isDisplayWarningOnMatch
public boolean isDisplayWarningOnMatch()Indicates if warning should be displayed, when the ldap attribute value matches thewarningAttributeValue
. -
isWarnAll
public boolean isWarnAll()Always display the password expiration warning regardless. -
getWarningDays
public int getWarningDays()This is used to calculate a warning period to see if account expiry is within the calculated window. -
getGroovy
Handle password policy via Groovy script. -
setStrategy
public PasswordPolicyProperties setStrategy(PasswordPolicyProperties.PasswordPolicyHandlingOptions strategy) Decide how authentication should handle password policy changes.- Returns:
this
.
-
setPolicyAttributes
public PasswordPolicyProperties setPolicyAttributes(Map<String, Class<? extends LoginException>> policyAttributes) Key-value structure (Map) that indicates a list of boolean attributes as keys. If either attribute value is true, indicating an account state is flagged, the corresponding error can be thrown. ExampleaccountLocked=javax.security.auth.login.AccountLockedException
- Returns:
this
.
-
setEnabled
Whether password policy should be enabled.- Returns:
this
.
-
setAccountStateHandlingEnabled
Indicates whether account state handling should be enabled to process warnings or errors reported back from the authentication response, produced by the source.- Returns:
this
.
-
setLoginFailures
When dealing with FreeIPA, indicates the number of allows login failures.- Returns:
this
.
-
setWarningAttributeValue
Used by an account state handling policy that only calculates account warnings in case the entry carries an attributewarningAttributeName
whose value matches this field.- Returns:
this
.
-
setWarningAttributeName
Used by an account state handling policy that only calculates account warnings in case the entry carries this attribute.- Returns:
this
.
-
setDisplayWarningOnMatch
Indicates if warning should be displayed, when the ldap attribute value matches thewarningAttributeValue
.- Returns:
this
.
-
setWarnAll
Always display the password expiration warning regardless.- Returns:
this
.
-
setWarningDays
This is used to calculate a warning period to see if account expiry is within the calculated window.- Returns:
this
.
-
setGroovy
Handle password policy via Groovy script.- Returns:
this
.
-