Package com.identityworksllc.iiq.common.password

Class ExtendedPasswordPolice

  • public class ExtendedPasswordPolice
extends sailpoint.api.PasswordPolice
    An extension of the OOTB PasswordPolice that allows adding custom constraints.

    Note that you should NOT reuse an instance of this class to check two different users’ passwords, as the superclass does some odd stuff.

    • Nested Class Summary

      • Nested classes/interfaces inherited from class sailpoint.api.PasswordPolice

        sailpoint.api.PasswordPolice.Expiry

    • Field Summary

      • Fields inherited from class sailpoint.api.PasswordPolice

        EXPIRATION_DAYS, FAKE_PASSWORD, PASSWORD_CHANGE_MIN_DURATION, RESET_EXPIRATION_DAYS

    • Constructor Summary

      Constructors 
      Constructor Description
      ExtendedPasswordPolice​(sailpoint.api.SailPointContext con)
      Constructs a new ExtendedPasswordPolice with an empty list of extra rules.
      ExtendedPasswordPolice​(sailpoint.api.SailPointContext con, sailpoint.object.PasswordPolicy policy)
      Constructs a new ExtendedPasswordPolice with the given PasswordPolicy and an empty list of extra rules.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void addConstraint​(ExtendedPasswordConstraint constraint)
      Adds a new password constraint to the list of rules.
      void checkPassword​(sailpoint.object.Identity identity, String password, boolean isSystemAdmin)  
      List<String> getIIQPasswordConstraints​(Locale locale, TimeZone timeZone, boolean showNoConstraintMessage)
      Generates the descriptions of the various configured constraints, including any of our extra rules.
      void validate()
      Validates the current state of the PasswordPolice, ensuring that any extra rules have been set to admin mode if the _admin field is true.

      • Methods inherited from class sailpoint.api.PasswordPolice

        addPasswordHistory, addPasswordHistory, auditExpiredPasswordChange, auditPasswordChangefailure, checkCurrentPassword, checkExpiration, checkPassword, checkPassword, checkPassword, checkPassword, checkPasswordWithHistory, findInvalidHashingPolicies, getEffectivePolicy, getEffectivePolicy, getIIQPasswordConstraints, getIIQPasswordConstraints, setConstraints, setPassword, setPassword, setPassword, setPassword, setPassword, setPasswordExpiration, setPasswordNoCheck, validatePasswordFields, validatePasswordPolicy

    • Constructor Detail

      • ExtendedPasswordPolice

        public ExtendedPasswordPolice​(sailpoint.api.SailPointContext con)
                       throws sailpoint.tools.GeneralException
        Constructs a new ExtendedPasswordPolice with an empty list of extra rules.
        Parameters:
        con - the SailPointContext
        Throws:
        sailpoint.tools.GeneralException - if there is an error initializing the PasswordPolice

      • ExtendedPasswordPolice

        public ExtendedPasswordPolice​(sailpoint.api.SailPointContext con,
                              sailpoint.object.PasswordPolicy policy)
                       throws sailpoint.tools.GeneralException
        Constructs a new ExtendedPasswordPolice with the given PasswordPolicy and an empty list of extra rules.
        Parameters:
        con - the SailPointContext
        policy - the PasswordPolicy to use
        Throws:
        sailpoint.tools.GeneralException - if there is an error initializing the PasswordPolice

    • Method Detail

      • addConstraint

        public void addConstraint​(ExtendedPasswordConstraint constraint)
                   throws sailpoint.tools.GeneralException
        Adds a new password constraint to the list of rules.

        Since the _rules field is private, we use reflection to access it and add the new constraint.

        There is no uniqueness check, so if you call this method twice with the same constraint, you will end up wasting your time.

        Parameters:
        constraint - the ExtendedPasswordConstraint to add
        Throws:
        sailpoint.tools.GeneralException - if there is an error accessing the _rules field

      • checkPassword

        public void checkPassword​(sailpoint.object.Identity identity,
                          String password,
                          boolean isSystemAdmin)
                   throws sailpoint.tools.GeneralException
        Overrides:
        checkPassword in class sailpoint.api.PasswordPolice
        Throws:
        sailpoint.tools.GeneralException

      • getIIQPasswordConstraints

        public List<StringgetIIQPasswordConstraints​(Locale locale,
                                              TimeZone timeZone,
                                              boolean showNoConstraintMessage)
                                       throws sailpoint.tools.GeneralException
        Generates the descriptions of the various configured constraints, including any of our extra rules.
        Overrides:
        getIIQPasswordConstraints in class sailpoint.api.PasswordPolice
        Parameters:
        locale - the locale to use for formatting
        timeZone - the time zone to use for formatting
        showNoConstraintMessage - whether to show the “no constraints” message
        Returns:
        a list of constraint descriptions
        Throws:
        sailpoint.tools.GeneralException

      • validate

        public void validate()
              throws sailpoint.tools.GeneralException
        Validates the current state of the PasswordPolice, ensuring that any extra rules have been set to admin mode if the _admin field is true.

        Note that this will re-add all of the OOTB constraints to _rules, which suggests that SP doesn’t particularly care about efficiency here.

        Overrides:
        validate in class sailpoint.api.PasswordPolice
        Throws:
        sailpoint.tools.GeneralException - if there is an error accessing the _admin field
        sailpoint.api.PasswordPolicyException - if there are validation errors in the password policy