Source code

001package com.identityworksllc.iiq.common.password;
002
003import sailpoint.api.passwordConstraints.PasswordConstraintAttribute;
004import sailpoint.object.Attributes;
005import sailpoint.object.Identity;
006import sailpoint.tools.Util;
007
008/**
009 * Extends the OOTB PasswordConstraintAttribute to create a constraint for
010 * a single identity attribute. (The existing one is far too broad and
011 * will include attributes we really don't care about, like flags with
012 * value of "true" and such.)
013 */
014public class IdentityAttributeConstraint extends PasswordConstraintAttribute implements ExtendedPasswordConstraint {
015
016    /**
017     * The name of the identity attribute that this constraint checks against.
018     */
019    private final String attributeName;
020
021    /**
022     * Constructs a new IdentityAttributeConstraint for the given identity and attribute name.
023     * @param target The identity to check against
024     * @param attributeName The name of the attribute to check against
025     */
026    public IdentityAttributeConstraint(Identity target, String attributeName) {
027        super(buildAttributes(target, attributeName));
028
029        this.attributeName = attributeName;
030    }
031
032    /**
033     * Builds the attributes for the constraint based on the target identity and attribute name.
034     * This is the value required for the superclass constructor.
035     *
036     * @param target The identity to check against
037     * @param attributeName The name of the attribute to check against
038     * @return An Attributes object containing the attribute name and its value
039     */
040    private static Attributes<String, Object> buildAttributes(Identity target, String attributeName) {
041        Attributes<String, Object> attributes = new Attributes<>();
042        String value = Util.otoa(target.getAttribute(attributeName));
043        attributes.put(attributeName, value);
044        return attributes;
045    }
046
047    @Override
048    public String getDescription() {
049        return "Password cannot contain the value of identity attribute: " + attributeName;
050    }
051
052    /**
053     * Sets the admin flag for this constraint. In our case, this is a no-op, because we
054     * want this constraint to still apply when an admin is changing the password.
055     */
056    @Override
057    public void setAdmin(boolean isAdmin) {
058        // Do nothing here
059    }
060}