The following sections describe the Interface Class Definitions for IPasswordSecurityData, IPasswordRule and IPasswordSecurityService.
IPasswordSecurityData
package com.savvion.sbm.security.password;
import java.util.List;
/**
* Defines the contract for password security data, providing methods
* for getting details of password policy and rules.
*/
public interface IPasswordSecurityData {
public static final int SYSTEM_PASSWORD = 1;
public static final int USER_PASSWORD = 2;
public static final int GUEST_PASSWORD = 3;
/**
* Checks if policy to change the password at first login is enabled.
* @return true if this policy is enabled; false otherwise.
*/
public boolean isChangeAtFirstLogin();
/**
* Checks if password longevity is enabled.
* @return true if password expires after no. of days returned by getLongevity(type)
* @return false if password never expires
*/
public boolean isLongevityEnabled();
/**
* Returns the life (in days) of the specified password type.
* The valid password types are:<br>
* <ul>
* <li> {@link IPasswordSecurityData#SYSTEM_PASSWORD}
* <li> {@link IPasswordSecurityData#USER_PASSWORD}
* <li> {@link IPasswordSecurityData#GUEST_PASSWORD}
* </ul>
*
* @param type - One of the valid password type.
* @return Life (in days) of the specified password type
*/
public int getLongevity(int type);
/**
* Checks if policy to lockout an account is enabled.
* @return true if this policy is enabled; false otherwise.
*/
public boolean isAccountLockoutEnabled();
/**
* Returns the maximum wrong login attempts allowed before the account
* is locked.
*
* @return Maximum wrong login attempts allowed.
*/
public int getMaxLoginAttempts();
/**
* The duration (in hours) after which a locked account will be unlocked.
*
* @return Duration (in hours) after which a locked account will be
* unlocked.
*/
public int getLockoutDuration();
/**
* Checks if policy to notify the user about the password expiration
* is enabled.
* @return true if this policy is enabled; false otherwise.
*/
public boolean isNotifyEnabled();
/**
* Returns the days before password expiration notification is to be send.
*
* @return Days before password expiration notification is to be send.
*/
public int getNotifyBeforeExpiration();
/**
* Checks if policy to validate a new password against previously provided
* passwords in history, is enabled.
* @return true if this policy is enabled; false otherwise.
*/
public boolean isHistoryEnabled();
/**
* Returns the number of previous passwords to be stored. Any new
* password created must be different from the stored old passwords.
*
* @return The number of previous passwords to be stored.
*/
public int getHistoryCount();
/**
* Returns password hints (questions) which aids the user to recollect
* a forgot password.
*
* @return Hints to aid the user to recollect a forgot password.
*/
public List<String> getPasswordHints();
/**
* Returns the password rules object containing all the password rules.
* This is used to validate a new password.
*
* @return Password rule object (null if no rule is defined)
*/
public IPasswordRule getPasswordRule();
}
IPasswordSecurityService
package com.savvion.sbm.security.password;
import java.util.List;
/**
* Defines the contract for different services provide to verify and
* validate the password is compliant with the policy and rules.
*/
public interface IPasswordSecurityService {
/**
* Returns the password security data object stored within this service.
*
* @return IPasswordSecurityData - Password security data object.
*/
public IPasswordSecurityData getPasswordSecurity();
/**
* Checks if policy to change the password at first login is enabled.
*
* @return true if this policy is enabled; false otherwise.
*/
public boolean isChangeAtFirstLoginEnabled();
/**
* Checks if the password of the specified user, which was last modified
* on the specified time is due for change. The life of a password is
* determined by the type of the user.
*
* The valid user types are:<br>
* <ul>
* <li> {@link IPasswordSecurityData#SYSTEM_PASSWORD}
* <li> {@link IPasswordSecurityData#USER_PASSWORD}
* <li> {@link IPasswordSecurityData#GUEST_PASSWORD}
* </ul>
*
* @return true if password is due for change; false otherwise
*/
public boolean isDueForChange(String userName, int userType,
long lastModifiedTime);
/**
* Checks if the time to notify the user about the password expiration
* is reached. It is calculated using:
* <ul>
* <li>The life of the Password i.e. Days after password expiration happens.
* <li>Last modified time of password.
* <li>Days before expiration, notification is to be send.
* </ul>
*
* @return true if password is due for notify; false otherwise
*/
public boolean isDueForNotify(String userName, long lastModifiedTime);
/**
* Returns true if the maximum allowed wrong tries is less than or equal to
* the specified incorrect attempts count.
*
* @return true if the account can be locked; false otherwise
*/
public boolean canLockoutAccount(int incorrectCount);
/**
* Returns true if the specified lockout time is greater than or equal
* to defined lockout duration. The specified value is the time elapsed
* after the account was locked
*
* @return true if the account can be unlocked; false otherwise
*/
public boolean canUnlockAccount(long lockoutTime);
/**
* Validates the specified password against the defined password policies
* and rules.
*
* @param password - Password (Such that it is not null and not empty).
* @throws RuntimeException
* <ul>
* <li>If the specified password is null or empty.
* <li>If the specified password is also part of the password history.
* </ul>
*/
public void validatePassword(String password);
/**
* Validates the specified password against the defined password policies and
* rules. The password specified should be different from the passwords
* specified in the history.
*
* @param password - Password (Such that it is not null and not empty).
* @param history - Password history (Ignored if null or empty)
* @throws RuntimeException - If the specified password is null or empty
*/
public void validatePassword(String password, List<String> history);
/**
* Returns the strength of the specified password. The password strength
* is the measurement of the effectiveness of a password as an
* authentication credential.
*
* @param password - Password (Such that it is not null and not empty).
* @return - The strength of the password
* @throws RuntimeException - If the specified password is null or empty
*/
public int getPasswordStrength(String password);
/**
* Returns true if the specified password does not meet the required
* safety and strength policies.
*
* @param password - Password (Such that it is not null and not empty).
* @return - true if the password is weak; false otherwise
* @throws RuntimeException - If the specified password is null or empty
*/
public boolean isWeakPassword(String password);
}
IPasswordSecurityRule
package com.savvion.sbm.security.password;
/**
* Defines the contract for password rules. This provides methods for
* validating a password against defined rules. The rule is part of
* the password security data can be retrieved using IPasswordSecurityData.
*/
public interface IPasswordRule {
/**
* Validates the specified password against the defined password rules.
*
* @param password - Password (Such that it is not null and not empty).
* @throws RuntimeException - If the specified password is null or empty
*/
public void validate(String password);
/**
* Returns the description of the rules that will be applied on the
* password.
*
* @return Description of the rules
*/
public String getHelp();
}
