com.atlassian.jira.dev.reference.plugin.user
Class ReferencePasswordPolicy
java.lang.Object
com.atlassian.jira.dev.reference.plugin.user.ReferencePasswordPolicy
- All Implemented Interfaces:
- PasswordPolicy
public class ReferencePasswordPolicy
- extends Object
- implements PasswordPolicy
Provides basic example of the password-policy plugin point
- Since:
- v6.1
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
ReferencePasswordPolicy
public ReferencePasswordPolicy()
validatePolicy
public Collection<WebErrorMessage> validatePolicy(@Nonnull
com.atlassian.crowd.embedded.api.User user,
@Nullable
String oldPassword,
@Nonnull
String newPassword)
- Description copied from interface:
PasswordPolicy
- This will be called when a user attempts to change a password. Returning a non-empty list of
WebErrorMessage
will prevent the new password from being accepted.
- Specified by:
validatePolicy
in interface PasswordPolicy
- Parameters:
user
- the user whose password would be changed. This will never be null
, but if the
intent of the request is to create a new user, then the user will not yet exist and
services like the UserManager
and ApplicationUsers.from(User)
will not
be able to resolve it. The user's
directory ID
will be
-1L
for this case.oldPassword
- the user's existing password, or null
if that information is not
available, either because this is a new user or because an administrator is changing
the passwordnewPassword
- the user's proposed new password
- Returns:
- a collection of
WebErrorMessage
s explaining why the password cannot be accepted
getPolicyDescription
public List<String> getPolicyDescription(boolean hasOldPassword)
- Description copied from interface:
PasswordPolicy
- Returns a list of rules that passwords must follow to satisfy the policy.
- Specified by:
getPolicyDescription
in interface PasswordPolicy
- Parameters:
hasOldPassword
- whether or not the request concerns the rules when the old password
is provided. This is true
for the case where an existing user is changing
his/her own password, but not when an administrator is changing another user's
password or a new account is getting created. The rule list should probably be
different for these cases. For example, it does not make sense to tell an
administrator that the new password can not be similar to the old password when
the administrator does not even know what the old password was. Nor does it make
sense to say this to a new user, for whom the whole idea is completely irrelevant.
- Returns:
- a list of rules that passwords must follow to satisfy the policy.
Copyright © 2002-2013 Atlassian. All Rights Reserved.