Class CredentialPolicyEvaluator<R extends AbstractCredentialType,P extends CredentialPolicyType>
- java.lang.Object
-
- com.evolveum.midpoint.model.impl.lens.projector.credentials.CredentialPolicyEvaluator<R,P>
-
- Direct Known Subclasses:
NoncePolicyEvaluator
,PasswordPolicyEvaluator
,SecurityQuestionsPolicyEvaluator
public abstract class CredentialPolicyEvaluator<R extends AbstractCredentialType,P extends CredentialPolicyType> extends Object
Processor for evaluating credential policies. This class is processing the credential-related settings of security policy: credential lifetime, history and so on. This class is supposed to be quite generic. It should be able to operate on all credential types. This class does NOT deal with value policies, validation and generation. That task is delegated to ValuePolicyProcessor.- Author:
- mamut, katkav, semancik
-
-
Constructor Summary
Constructors Constructor Description CredentialPolicyEvaluator()
-
Method Summary
-
-
-
Method Detail
-
getPrismContext
public PrismContext getPrismContext()
-
setPrismContext
public void setPrismContext(PrismContext prismContext)
-
getProtector
public Protector getProtector()
-
setProtector
public void setProtector(Protector protector)
-
getLocalizationService
public LocalizationService getLocalizationService()
-
setLocalizationService
public void setLocalizationService(LocalizationService localizationService)
-
getMetadataManager
public OperationalDataManager getMetadataManager()
-
setMetadataManager
public void setMetadataManager(OperationalDataManager metadataManager)
-
getValuePolicyProcessor
public ValuePolicyProcessor getValuePolicyProcessor()
-
setValuePolicyProcessor
public void setValuePolicyProcessor(ValuePolicyProcessor valuePolicyProcessor)
-
getResolver
public ModelObjectResolver getResolver()
-
setResolver
public void setResolver(ModelObjectResolver resolver)
-
getContext
public LensContext<UserType> getContext()
-
setContext
public void setContext(LensContext<UserType> context)
-
getNow
public XMLGregorianCalendar getNow()
-
setNow
public void setNow(XMLGregorianCalendar now)
-
getTask
public Task getTask()
-
setTask
public void setTask(Task task)
-
getResult
public OperationResult getResult()
-
setResult
public void setResult(OperationResult result)
-
getCredentialsContainerPath
protected abstract ItemPath getCredentialsContainerPath()
E.g. "credentials/password"
-
getCredentialRelativeValuePath
protected ItemPath getCredentialRelativeValuePath()
E.g. "value"
-
getCredentialValuePath
protected ItemPath getCredentialValuePath()
E.g. "credentials/password/value"
-
getCredentialHumanReadableName
protected abstract String getCredentialHumanReadableName()
-
getCredentialHumanReadableKey
protected abstract String getCredentialHumanReadableKey()
-
supportsHistory
protected boolean supportsHistory()
-
getCredentialPolicy
protected P getCredentialPolicy() throws SchemaException
- Throws:
SchemaException
-
determineEffectiveCredentialPolicy
protected abstract P determineEffectiveCredentialPolicy() throws SchemaException
- Throws:
SchemaException
-
getSecurityPolicy
protected SecurityPolicyType getSecurityPolicy()
-
process
public void process() throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, PolicyViolationException, CommunicationException, ConfigurationException, SecurityViolationException
-
processCredentialContainerValue
protected void processCredentialContainerValue(PrismObject<UserType> focus, PrismContainerValue<R> cVal) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, PolicyViolationException, CommunicationException, ConfigurationException, SecurityViolationException
Process values from credential deltas that add/replace the whole container. E.g. $user/credentials/password, $user/credentials/securityQuestions
-
getValuesCount
protected int getValuesCount(PrismContainer<R> credentialsContainer)
-
processValueDelta
protected void processValueDelta(ObjectDelta<UserType> focusDelta) throws PolicyViolationException, SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException
Process values from credential deltas that add/replace values below value container E.g. $user/credentials/password/value, $user/credentials/securityQuestions/questionAnswer $user/credentials/securityQuestions/questionAnswer/questionAnswer This implementation is OK for the password, nonce and similar simple cases. It needs to be overridden for more complex cases.
-
validateCredentialContainerValues
protected void validateCredentialContainerValues(PrismContainerValue<R> cVal) throws PolicyViolationException, SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException
-
validateProtectedStringValue
protected void validateProtectedStringValue(ProtectedStringType value) throws PolicyViolationException, SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException
-
getOldCredentialContainer
protected PrismContainer<R> getOldCredentialContainer()
-
-