Class ActiveDirectoryAuthenticationResponseHandler

  • All Implemented Interfaces:
    AuthenticationResponseHandler, Freezable

    public class ActiveDirectoryAuthenticationResponseHandler
    extends AbstractFreezable
    implements AuthenticationResponseHandler
    Attempts to parse the authentication response message and set the account state using data associated with active directory. If this handler is assigned a expirationPeriod, then the Authenticator should be configured to return the 'pwdLastSet' attribute, so it can be consumed by this handler. This will cause the handler to emit a warning for the pwdLastSet value plus the expiration amount. The scope of that warning can be further narrowed by providing a warningPeriod. By default, if the msDS-UserPasswordExpiryTimeComputed attribute is found, expirationPeriod is ignored.
    • Field Detail

      • ATTRIBUTES

        public static final String[] ATTRIBUTES
        Attributes needed to enforce password policy.
      • logger

        private final Logger logger
        Logger for this class.
      • expirationPeriod

        private Period expirationPeriod
        Amount of time since a password was set until it will expire. Used if msDS-UserPasswordExpiryTimeComputed cannot be read.
      • warningPeriod

        private Period warningPeriod
        Amount of time before expiration to produce a warning.
    • Constructor Detail

      • ActiveDirectoryAuthenticationResponseHandler

        public ActiveDirectoryAuthenticationResponseHandler()
        Default constructor.
      • ActiveDirectoryAuthenticationResponseHandler

        public ActiveDirectoryAuthenticationResponseHandler​(Period warning)
        Creates a new active directory authentication response handler.
        Parameters:
        warning - length of time before expiration that should produce a warning
      • ActiveDirectoryAuthenticationResponseHandler

        public ActiveDirectoryAuthenticationResponseHandler​(Period expiration,
                                                            Period warning)
        Creates a new active directory authentication response handler.
        Parameters:
        expiration - length of time that a password is valid
        warning - length of time before expiration that should produce a warning
    • Method Detail

      • getExpirationPeriod

        public Period getExpirationPeriod()
        Returns the amount of time since a password was set until it will expire.
        Returns:
        expiration period
      • setExpirationPeriod

        public void setExpirationPeriod​(Period period)
        Sets amount of time since a password was set until it will expire.
        Parameters:
        period - expiration period
      • getWarningPeriod

        public Period getWarningPeriod()
        Returns the amount of time before expiration to produce a warning.
        Returns:
        warning period
      • setWarningPeriod

        public void setWarningPeriod​(Period period)
        Sets the amount of time before expiration to produce a warning.
        Parameters:
        period - warning period