Class PasswordUpdateBehaviorRequestControlProperties

  • All Implemented Interfaces:
    java.io.Serializable

    @Mutable
    @ThreadSafety(level=NOT_THREADSAFE)
    public final class PasswordUpdateBehaviorRequestControlProperties
    extends java.lang.Object
    implements java.io.Serializable
    This class provides a set of properties that can be used in conjunction with the PasswordUpdateBehaviorRequestControl.
    NOTE: This class, and other classes within the com.unboundid.ldap.sdk.unboundidds package structure, are only supported for use against Ping Identity, UnboundID, and Nokia/Alcatel-Lucent 8661 server products. These classes provide support for proprietary functionality or for external specifications that are not considered stable or mature enough to be guaranteed to work in an interoperable way with other types of LDAP servers.
    See Also:
    Serialized Form
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.lang.Boolean getAllowPreEncodedPassword()
      Indicates whether the password update behavior request control should override the value of the allow-pre-encoded-passwords configuration property for the target user's password policy, and if so, what the overridden value should be.
      java.lang.Boolean getIgnoreMinimumPasswordAge()
      Indicates whether the password update behavior request control should override the server's normal behavior with regard to checking the minimum password age, and if so, what the overridden behavior should be.
      java.lang.Boolean getIgnorePasswordHistory()
      Indicates whether the password update behavior request control should override the server's normal behavior with regard to checking the password history for any new passwords included in the password update, and if so, what the overridden behavior should be.
      java.lang.Boolean getIsSelfChange()
      Indicates whether the password update behavior request control should override the server's automatic classification of the password update as a self change or an administrative reset, and if so, what the overridden value should be.
      java.lang.Boolean getMustChangePassword()
      Indicates whether the password update behavior request control should override the server's normal behavior with regard to requiring a password change, and if so, what that behavior should be.
      java.lang.String getPasswordStorageScheme()
      Indicates whether the password update behavior request control should override the server's normal behavior with regard to selecting the password storage scheme to use to encode new password values, and if so, which password storage scheme should be used.
      java.lang.Boolean getSkipPasswordValidation()
      Indicates whether the password update behavior request control should override the server's normal behavior with regard to invoking password validators for any new passwords included in the password update, and if so, what the overridden behavior should be.
      void setAllowPreEncodedPassword​(java.lang.Boolean allowPreEncodedPassword)
      Specifies whether the password update behavior request control should override the value of the allow-pre-encoded-passwords configuration property for the target user's password policy, and if so, what the overridden value should be.
      void setIgnoreMinimumPasswordAge​(java.lang.Boolean ignoreMinimumPasswordAge)
      Specifies whether the password update behavior request control should override the server's normal behavior with regard to checking the minimum password age, and if so, what the overridden behavior should be.
      void setIgnorePasswordHistory​(java.lang.Boolean ignorePasswordHistory)
      Specifies whether the password update behavior request control should override the server's normal behavior with regard to checking the password history for any new passwords included in the password update, and if so, what the overridden behavior should be.
      void setIsSelfChange​(java.lang.Boolean isSelfChange)
      Specifies whether the password update behavior request control should override the server's automatic classification of the password update as a self change or an administrative reset, and if so, what the overridden value should be.
      void setMustChangePassword​(java.lang.Boolean mustChangePassword)
      Specifies whether the password update behavior request control should override the server's normal behavior with regard to requiring a password change, and if so, what that behavior should be.
      void setPasswordStorageScheme​(java.lang.String passwordStorageScheme)
      Specifies whether the password update behavior request control should override the server's normal behavior with regard to selecting the password storage scheme to use to encode new password values, and if so, which password storage scheme should be used.
      void setSkipPasswordValidation​(java.lang.Boolean skipPasswordValidation)
      Specifies whether the password update behavior request control should override the server's normal behavior with regard to invoking password validators for any new passwords included in the password update, and if so, what the overridden behavior should be.
      java.lang.String toString()
      Retrieves a string representation of this password update behavior request control properties object.
      void toString​(java.lang.StringBuilder buffer)
      Appends a string representation of this password update behavior request control properties object to the provided buffer.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
    • Constructor Detail

      • PasswordUpdateBehaviorRequestControlProperties

        public PasswordUpdateBehaviorRequestControlProperties()
        Creates a new password update behavior request control properties object with none of the properties set, which will cause the server to behave as if the control had not been included in the request.
    • Method Detail

      • getIsSelfChange

        @Nullable
        public java.lang.Boolean getIsSelfChange()
        Indicates whether the password update behavior request control should override the server's automatic classification of the password update as a self change or an administrative reset, and if so, what the overridden value should be.
        Returns:
        Boolean.TRUE if the server should treat the password update as a self change, Boolean.FALSE if the server should treat the password update as an administrative reset, or null if the server should automatically determine whether the password update is a self change or an administrative reset.
      • setIsSelfChange

        public void setIsSelfChange​(@Nullable
                                    java.lang.Boolean isSelfChange)
        Specifies whether the password update behavior request control should override the server's automatic classification of the password update as a self change or an administrative reset, and if so, what the overridden value should be.

        Normally, the server will consider a password update to be a self change if it contains the user's current password in addition to the new password, or if the user entry being updated is the entry for the authorization identity for the requested operation. Conversely, if the password change does not include the target user's current password in addition to the new password, and the user performing the password change doesn't own the entry being updated, then it will be considered an administrative reset. But if this method is called with a value of Boolean.TRUE, then the server will consider the password update to be a self change even if it would have otherwise been considered an administrative reset, and if this method is called with a value of Boolean.FALSE, then the server will consider the password update to be an administrative reset even if it would have otherwise been considered a self change.

        Note that this only applies to modify requests and password modify extended requests. It does not apply to add requests, which will always be considered administrative resets because a user can't change their own password before their account exists in the server. However, the password update behavior request control can still be used to override the server's default behavior for other properties that do apply to add operations.
        Parameters:
        isSelfChange - Specifies whether the control should override the server's automatic classification of the password update as a self change or an administrative reset. If this is Boolean.TRUE, then it indicates that the server should treat the password update as a self change. If this is Boolean.FALSE, then it indicates that the server should treat the password update as an administrative reset. If this is null, it indicates that the server should automatically determine whether the password change is a self change or an administrative reset.
      • getAllowPreEncodedPassword

        @Nullable
        public java.lang.Boolean getAllowPreEncodedPassword()
        Indicates whether the password update behavior request control should override the value of the allow-pre-encoded-passwords configuration property for the target user's password policy, and if so, what the overridden value should be.
        Returns:
        Boolean.TRUE if the server should accept a pre-encoded password in the password update even if the server's password policy configuration would normally not permit this, Boolean.FALSE if the server should reject a pre-encoded password in the password update even if the server's password policy configuration would normally accept it, or null if the password policy configuration should be used to determine whether to accept pre-encoded passwords.
      • setAllowPreEncodedPassword

        public void setAllowPreEncodedPassword​(@Nullable
                                               java.lang.Boolean allowPreEncodedPassword)
        Specifies whether the password update behavior request control should override the value of the allow-pre-encoded-passwords configuration property for the target user's password policy, and if so, what the overridden value should be.

        Note that certain types of validation cannot be performed for new passwords that are pre-encoded. It will not be possible to invoke password validators on a pre-encoded password, and it will not be possible to compare the a pre-encoded new password against the current password or one in the password history. Allowing end users to provide pre-encoded passwords could create a loophole in which the user could continue using the same password longer than they would otherwise be permitted to because they could keep changing the password to a different encoded representation of the same password, or to a weaker password than the server would normally allow.
        Parameters:
        allowPreEncodedPassword - Specifies whether the password update behavior request control should override the value of the allow-pre-encoded-passwords configuration property for the target user's password policy, and if so, what the overridden value should be. If this is Boolean.TRUE, then the server will permit a pre-encoded password, even if it would normally reject them. If this is Boolean.FALSE, then the server will reject a pre-encoded password, even if it would normally accept it. If this is null, then the server will use the password policy configuration to determine whether to accept a pre-encoded password.
      • getSkipPasswordValidation

        @Nullable
        public java.lang.Boolean getSkipPasswordValidation()
        Indicates whether the password update behavior request control should override the server's normal behavior with regard to invoking password validators for any new passwords included in the password update, and if so, what the overridden behavior should be.
        Returns:
        Boolean.TRUE if the server should skip invoking the password validators configured in the target user's password policy validators for any new passwords included in the password update even if the server would normally perform password validation, Boolean.FALSE if the server should invoke the password validators even if it would normally skip them, or null if the password policy configuration should be used to determine whether to skip password validation.
      • setSkipPasswordValidation

        public void setSkipPasswordValidation​(@Nullable
                                              java.lang.Boolean skipPasswordValidation)
        Specifies whether the password update behavior request control should override the server's normal behavior with regard to invoking password validators for any new passwords included in the password update, and if so, what the overridden behavior should be.

        Note that if password validation is to be performed, it will use the set of password validators set in the target user's password policy. It is not possible to customize which validators will be used on a per-request basis.

        Also note that password validation can only be performed for new passwords that are not pre-encoded. Pre-encoded passwords cannot be checked against password validators or the password history.
        Parameters:
        skipPasswordValidation - Specifies whether the password update behavior request control should override the server's normal behavior with regard to invoking password validators for any new passwords included in the password update, and if so, what the overridden behavior should be. If this is Boolean.TRUE, then the server will skip new password validation even if it would normally perform it. If this is Boolean.FALSE, then the server will perform new password validation even if it would normally skip it. If this is null, then the server will use the password policy configuration to determine whether to perform new password validation.
      • getIgnorePasswordHistory

        @Nullable
        public java.lang.Boolean getIgnorePasswordHistory()
        Indicates whether the password update behavior request control should override the server's normal behavior with regard to checking the password history for any new passwords included in the password update, and if so, what the overridden behavior should be.
        Returns:
        Boolean.TRUE if the server should not check to see whether any new password matches the current password or is in the user's password history even if it would normally perform that check, Boolean.FALSE if the server should check to see whether any new password matches the current or previous password even if it would normally not perform such a check, or null if the password policy configuration should be used to determine whether to ignore the password history.
      • setIgnorePasswordHistory

        public void setIgnorePasswordHistory​(@Nullable
                                             java.lang.Boolean ignorePasswordHistory)
        Specifies whether the password update behavior request control should override the server's normal behavior with regard to checking the password history for any new passwords included in the password update, and if so, what the overridden behavior should be.

        Note that if the target user's password policy is not configured to maintain a password history, then there may not be any previous passwords to check. In that case, overriding the behavior to check the password history will only compare the new password against the current password.

        Also note that this setting only applies to the validation of the new password. It will not affect the server's behavior with regard to storing the new or previous password in the password history.

        Finally, password history validation can only be performed for new passwords that are not pre-encoded. Pre-encoded passwords cannot be checked against password validators or the password history.
        Parameters:
        ignorePasswordHistory - Specifies whether the password update behavior request control should override the server's normal behavior with regard to checking the password history for any new passwords included in the password update, and if so, what the overridden behavior should be. If this is Boolean.TRUE, then the server will skip password history validation even if it would have normally performed it. If this is Boolean.FALSE, then the server will perform password history validation even if it would have normally skipped it. If this is null, then the server will use the password policy configuration to determine whether to perform password history validation.
      • getIgnoreMinimumPasswordAge

        @Nullable
        public java.lang.Boolean getIgnoreMinimumPasswordAge()
        Indicates whether the password update behavior request control should override the server's normal behavior with regard to checking the minimum password age, and if so, what the overridden behavior should be.
        Returns:
        Boolean.TRUE if the server should accept the password change even if it has been less than the configured minimum password age since the password was last changed, Boolean.FALSE if the server should reject the password change if it has been less than teh configured minimum password age, or null if the password policy configuration should be used to determine the appropriate behavior.
      • setIgnoreMinimumPasswordAge

        public void setIgnoreMinimumPasswordAge​(@Nullable
                                                java.lang.Boolean ignoreMinimumPasswordAge)
        Specifies whether the password update behavior request control should override the server's normal behavior with regard to checking the minimum password age, and if so, what the overridden behavior should be.

        Normally, if a minimum password age is configured, then it will apply only for self password changes but not for administrative resets. With this value set to Boolean.TRUE, then the configured minimum password age will be ignored even for self changes. With this value set to Boolean.FALSE, then the configured minimum password age will be enforced even for administrative resets. In any case, this will only be used if the target user's password policy is configured with a nonzero minimum password age.
        Parameters:
        ignoreMinimumPasswordAge - Specifies whether the password update behavior request control should override the server's normal behavior with regard to checking the minimum password age, and if so, what the overridden behavior should be. If this is Boolean.TRUE, then the minimum password age will not be enforced, even for self password changes. If this is Boolean.FALSE, then the minimum password age will be enforced, even for administrative resets. If this is null, then the server's default behavior will be used so that the minimum password age will be enforced for self changes but not for administrative resets.
      • getPasswordStorageScheme

        @Nullable
        public java.lang.String getPasswordStorageScheme()
        Indicates whether the password update behavior request control should override the server's normal behavior with regard to selecting the password storage scheme to use to encode new password values, and if so, which password storage scheme should be used.
        Returns:
        The name of the password storage scheme that should be used to encode any new password values, or null if the target user's password policy configuration should determine the appropriate schemes for encoding new passwords.
      • setPasswordStorageScheme

        public void setPasswordStorageScheme​(@Nullable
                                             java.lang.String passwordStorageScheme)
        Specifies whether the password update behavior request control should override the server's normal behavior with regard to selecting the password storage scheme to use to encode new password values, and if so, which password storage scheme should be used.

        If a non-null password storage scheme name is provided, then it must be the prefix used in front of passwords encoded with that scheme, optionally including or omitting the curly braces. The specified scheme must be enabled for use in the server but does not otherwise need to be associated with the target user's password policy.
        Parameters:
        passwordStorageScheme - The name of the password storage scheme that should be used to encode any new password values. It may optionally be enclosed in curly braces. It may be null if the password policy configuration should be used to determine which password storage schemes should be used to encode new passwords.
      • getMustChangePassword

        @Nullable
        public java.lang.Boolean getMustChangePassword()
        Indicates whether the password update behavior request control should override the server's normal behavior with regard to requiring a password change, and if so, what that behavior should be.
        Returns:
        Boolean.TRUE if the user will be required to change their password before being allowed to perform any other operation, Boolean.FALSE if the user will not be required to change their password before being allowed to perform any other operation, or null if the password policy configuration should be used to control this behavior.
      • setMustChangePassword

        public void setMustChangePassword​(@Nullable
                                          java.lang.Boolean mustChangePassword)
        Specifies whether the password update behavior request control should override the server's normal behavior with regard to requiring a password change, and if so, what that behavior should be.

        Note that the "must change password" behavior will only be enforced if the target user's password policy is configured with either force-change-on-add or force-change-on-reset set to true. If both of those properties are set to false, then this method will have no effect.

        Normally, if force-change-on-reset is true, then the server will put the user's account into a "must change password" state after an administrative password reset, but not after a self change. If this method is called with a value of Boolean.TRUE, then the "must change password" flag will be set, even if the password update is a self change. It this method is called with a value of Boolean.FALSE, then the "must change password" flag will not be set even if the password update is an administrative change. If this method is called with a value of null, then the server's normal logic will be used to determine whether to set the "must change password" flag.
        Parameters:
        mustChangePassword - Specifies whether the password update behavior request control should override the server's normal behavior with regard to requiring a password change, and if so, what that behavior should be. If this is Boolean.TRUE, then the user entry will be required to change their password after their next login even if this is a self change. If this is Boolean.FALSE, then the user will not be required to change their password after the next login even if this is an administrative reset. If this is null, then the server's normal logic will be used to make the determination.
      • toString

        @NotNull
        public java.lang.String toString()
        Retrieves a string representation of this password update behavior request control properties object.
        Overrides:
        toString in class java.lang.Object
        Returns:
        A string representation of this password update behavior request control properties object.
      • toString

        public void toString​(@NotNull
                             java.lang.StringBuilder buffer)
        Appends a string representation of this password update behavior request control properties object to the provided buffer.
        Parameters:
        buffer - The buffer to which the information should be appended.