@PublicSpi public interface PasswordPolicy
|Modifier and Type||Method and Description|
Returns a list of rules that passwords must follow to satisfy the policy.
This will be called when a user attempts to change a password.
Collection<WebErrorMessage> validatePolicy(@Nonnull com.atlassian.crowd.embedded.api.User user, @Nullable String oldPassword, @Nonnull String newPassword)
WebErrorMessagewill prevent the new password from being accepted.
user- the user whose password would be changed. This will never be
null, but if the intent of the request is to create a new user, then the user will not yet exist and services like the
ApplicationUsers.from(User)will not be able to resolve it. The user's
directory IDwill be
-1Lfor this case.
oldPassword- the user's existing password, or
nullif that information is not available, either because this is a new user or because an administrator is changing the password
newPassword- the user's proposed new password
WebErrorMessages explaining why the password cannot be accepted
hasOldPassword- whether or not the request concerns the rules when the old password is provided. This is
truefor the case where an existing user is changing his/her own password, but not when an administrator is changing another user's password or a new account is getting created. The rule list should probably be different for these cases. For example, it does not make sense to tell an administrator that the new password can not be similar to the old password when the administrator does not even know what the old password was. Nor does it make sense to say this to a new user, for whom the whole idea is completely irrelevant.
Copyright © 2002-2015 Atlassian. All Rights Reserved.