Package com.sun.identity.common

Class ISAccountLockout

  • public class ISAccountLockout
extends Object

    • Constructor Detail

      • ISAccountLockout

        public ISAccountLockout​(boolean failureLockoutMode,
                        long failureLockoutTime,
                        int failureLockoutCount,
                        String lockoutNotification,
                        int lockoutUserWarning,
                        String lockoutAttrName,
                        String lockoutAttrValue,
                        long lockoutFailureDuration,
                        int lockoutFailureMultiplier,
                        String invalidAttemptsDataAttrName,
                        String bundleName)
        Using this constructor the caller passes the account lockout attribute values for the service and the resource bundle name from with the localized account locking messages will be picked up.
        Parameters:
        failureLockoutMode - a boolean indicating whether account locking is enabled or not.
        failureLockoutTime - a long which is the interval in minutes between 2 failed attempts.
        failureLockoutCount - an integer indicating the number of allowed failed attempts before account will be locked.
        lockoutNotification - a String , email address to notify when account is locked.
        lockoutUserWarning - an integer , the number of failed counts after which user will be warned about the remaining failed attempts before account will be locked.
        lockoutAttrName - a String , name of attribute to be used for account locking.
        lockoutAttrValue - a String , value of lockoutAttrName to be used for account locking.
        lockoutFailureDuration - a long, lockout duration in minutes used for memory locking.
        invalidAttemptsDataAttrName - a String , name of attribute for storing invalid attempts data.
        bundleName - a String, name of the resource bundle.

    • Method Detail

      • isLockoutEnabled

        public boolean isLockoutEnabled()
        Returns true if account lockout mode is enabled otherwise false.
        Returns:
        true if lockout is enabled else false

      • getStoreInvalidAttemptsInDS

        public boolean getStoreInvalidAttemptsInDS()

      • setStoreInvalidAttemptsInDS

        public void setStoreInvalidAttemptsInDS​(boolean aStoreInvalidAttemptsInDS)

      • isMemoryLocking

        public boolean isMemoryLocking()
        Returns true if memory locking mode is enabled. Memory locking mode is enabled when the failureLockoutDuration is greater then zero.
        Returns:
        true if memory locking is enabled.

      • invalidPasswd

        public int invalidPasswd​(String userDN,
                         String userName,
                         AMIdentity amIdentity,
                         AccountLockoutInfo acInfo)
        Determines the number of times user failed authentication updates the accountInfo object with the user information and count of failed authentication attempts.
        Parameters:
        userDN - DN of the user
        userName - name of the user
        amIdentity - AMidentity object
        acInfo - AccountLockoutInfo
        Returns:
        updated user lockout information

      • invalidPasswd

        public AccountLockoutInfo invalidPasswd​(AMIdentity amIdentity,
                                        AccountLockoutInfo acInfo)
        Determines the number of times user failed authentication updates the accountInfo object with the user information and count of failed authentication attempts.
        Parameters:
        amIdentity - user object.
        acInfo - lockout information object.
        Returns:
        updated user lockout information.

      • sendLockOutNotice

        public void sendLockOutNotice​(String userDN)
        Sends (Email) the lockout notice to the email address specified in the lockout notification attribute with the userDN information of the user whose account is locked.
        Parameters:
        userDN - Distinguished name of the user

      • isLockedOut

        public boolean isLockedOut​(AccountLockoutInfo acInfo)
        Returns true if account is locked. Checks if user's account is locked based on the user's lockout info. This method is for memory locking. If this method returns false then the account is unlocked ie. the memory lock duration has elapsed. Callers of this method must update their account lock hash if the account is unlocked.
        Parameters:
        acInfo - Lockout info for the user.
        Returns:
        true if account is locked.

      • isAccountLocked

        public boolean isAccountLocked​(AMIdentity amIdentity)
        Checks if user account has been unlocked.This method is only for accounts which are physically locked.
        Parameters:
        amIdentity - AMIdentity object
        Returns:
        boolean true if account is locked else false

      • resetLockoutAttempts

        public void resetLockoutAttempts​(String userDN,
                                 AMIdentity amIdentity,
                                 AccountLockoutInfo acInfo,
                                 boolean resetDuration)
        Resets attempts related data in Data store if the user has successfully authenticated.
        Parameters:
        userDN - Distinguished name of user.
        amIdentity - AMidentity object.
        acInfo - Account Lockout Information.