com.sun.identity.common

Class ISAccountLockout

java.lang.Object

com.sun.identity.common.ISAccountLockout

public class ISAccountLockout
extends Object

Constructor Summary

Constructors

Constructor and Description

ISAccountLockout(boolean failureLockoutMode, long failureLockoutTime, int failureLockoutCount, String lockoutNotification, int lockoutUserWarning, String lockoutAttrName, String lockoutAttrValue, long lockoutFailureDuration, int lockoutFailureMultiplier, String invalidAttemptsDataAttrName, String bundleName) Using this constructor the caller passes the account lockout attribute values for the service and the resource bundle name from with the localized account locking messages will be picked up.

Method Summary

Modifier and Type	Method and Description
AccountLockoutInfo	getAcInfo(String userDN, AMIdentity amIdentity)
boolean	getStoreInvalidAttemptsInDS()
AccountLockoutInfo	invalidPasswd(AMIdentity amIdentity, AccountLockoutInfo acInfo) Determines the number of times user failed authentication updates the accountInfo object with the user information and count of failed authentication attempts.
int	invalidPasswd(String userDN, String userName, AMIdentity amIdentity, AccountLockoutInfo acInfo) Determines the number of times user failed authentication updates the accountInfo object with the user information and count of failed authentication attempts.
boolean	isAccountLocked(AMIdentity amIdentity) Checks if user account has been unlocked.This method is only for accounts which are physically locked.
boolean	isLockedOut(AccountLockoutInfo acInfo) Returns true if account is locked.
boolean	isLockoutEnabled() Returns true if account lockout mode is enabled otherwise false.
boolean	isMemoryLocking() Returns true if memory locking mode is enabled.
void	resetLockoutAttempts(String userDN, AMIdentity amIdentity, AccountLockoutInfo acInfo, boolean resetDuration) Resets attempts related data in Data store if the user has successfully authenticated.
void	sendLockOutNotice(String userDN) Sends (Email) the lockout notice to the email address specified in the lockout notification attribute with the userDN information of the user whose account is locked.
void	setStoreInvalidAttemptsInDS(boolean aStoreInvalidAttemptsInDS)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ISAccountLockout

public ISAccountLockout(boolean failureLockoutMode,
                        long failureLockoutTime,
                        int failureLockoutCount,
                        String lockoutNotification,
                        int lockoutUserWarning,
                        String lockoutAttrName,
                        String lockoutAttrValue,
                        long lockoutFailureDuration,
                        int lockoutFailureMultiplier,
                        String invalidAttemptsDataAttrName,
                        String bundleName)

Using this constructor the caller passes the account lockout attribute values for the service and the resource bundle name from with the localized account locking messages will be picked up.

Parameters:

failureLockoutMode - a boolean indicating whether account locking is enabled or not.

failureLockoutTime - a long which is the interval in minutes between 2 failed attempts.

failureLockoutCount - an integer indicating the number of allowed failed attempts before account will be locked.

lockoutNotification - a String , email address to notify when account is locked.

lockoutUserWarning - an integer , the number of failed counts after which user will be warned about the remaining failed attempts before account will be locked.

lockoutAttrName - a String , name of attribute to be used for account locking.

lockoutAttrValue - a String , value of lockoutAttrName to be used for account locking.

lockoutFailureDuration - a long, lockout duration in minutes used for memory locking.

invalidAttemptsDataAttrName - a String , name of attribute for storing invalid attempts data.

bundleName - a String, name of the resource bundle.

Method Detail

isLockoutEnabled

public boolean isLockoutEnabled()

Returns true if account lockout mode is enabled otherwise false.

Returns:

true if lockout is enabled else false

getStoreInvalidAttemptsInDS

public boolean getStoreInvalidAttemptsInDS()

setStoreInvalidAttemptsInDS

public void setStoreInvalidAttemptsInDS(boolean aStoreInvalidAttemptsInDS)

isMemoryLocking

public boolean isMemoryLocking()

Returns true if memory locking mode is enabled. Memory locking mode is enabled when the failureLockoutDuration is greater then zero.

Returns:

true if memory locking is enabled.

invalidPasswd

public int invalidPasswd(String userDN,
                         String userName,
                         AMIdentity amIdentity,
                         AccountLockoutInfo acInfo)

Determines the number of times user failed authentication updates the accountInfo object with the user information and count of failed authentication attempts.

Parameters:

userDN - DN of the user

userName - name of the user

amIdentity - AMidentity object

acInfo - AccountLockoutInfo

Returns:

updated user lockout information

getAcInfo

public AccountLockoutInfo getAcInfo(String userDN,
                                    AMIdentity amIdentity)

invalidPasswd

public AccountLockoutInfo invalidPasswd(AMIdentity amIdentity,
                                        AccountLockoutInfo acInfo)

Determines the number of times user failed authentication updates the accountInfo object with the user information and count of failed authentication attempts.

Parameters:

amIdentity - user object.

acInfo - lockout information object.

Returns:

updated user lockout information.

sendLockOutNotice

public void sendLockOutNotice(String userDN)

Sends (Email) the lockout notice to the email address specified in the lockout notification attribute with the userDN information of the user whose account is locked.

Parameters:

userDN - Distinguished name of the user

isLockedOut

public boolean isLockedOut(AccountLockoutInfo acInfo)

Returns true if account is locked. Checks if user's account is locked based on the user's lockout info. This method is for memory locking. If this method returns false then the account is unlocked ie. the memory lock duration has elapsed. Callers of this method must update their account lock hash if the account is unlocked.

Parameters:

acInfo - Lockout info for the user.

Returns:

true if account is locked.

isAccountLocked

public boolean isAccountLocked(AMIdentity amIdentity)

Checks if user account has been unlocked.This method is only for accounts which are physically locked.

Parameters:

amIdentity - AMIdentity object

Returns:

boolean true if account is locked else false

resetLockoutAttempts

public void resetLockoutAttempts(String userDN,
                                 AMIdentity amIdentity,
                                 AccountLockoutInfo acInfo,
                                 boolean resetDuration)

Resets attempts related data in Data store if the user has successfully authenticated.

Parameters:

userDN - Distinguished name of user.

amIdentity - AMidentity object.

acInfo - Account Lockout Information.