com.atlassian.jira.dev.reference.plugin.user

Class ReferencePasswordPolicy

java.lang.Object

com.atlassian.jira.dev.reference.plugin.user.ReferencePasswordPolicy

All Implemented Interfaces:

PasswordPolicy

public class ReferencePasswordPolicy
extends Object
implements PasswordPolicy

Provides basic example of the password-policy plugin point

Since:

v6.1

Field Summary

Fields inherited from interface com.atlassian.jira.plugin.user.PasswordPolicy

DUMMY_ID

Constructor Summary

Constructors

Constructor and Description
ReferencePasswordPolicy()

Method Summary

Modifier and Type	Method and Description
List<String>	getPolicyDescription(boolean hasOldPassword) Returns a list of rules that passwords must follow to satisfy the policy.
Collection<WebErrorMessage>	validatePolicy(ApplicationUser user, String oldPassword, String newPassword) This will be called when a user attempts to change a password.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ReferencePasswordPolicy

public ReferencePasswordPolicy()

Method Detail

validatePolicy

public Collection<WebErrorMessage> validatePolicy(@Nonnull
                                                  ApplicationUser user,
                                                  @Nullable
                                                  String oldPassword,
                                                  @Nonnull
                                                  String newPassword)

Description copied from interface: PasswordPolicy

This will be called when a user attempts to change a password. Returning a non-empty list of WebErrorMessage will prevent the new password from being accepted.

Specified by:

validatePolicy in interface PasswordPolicy

Parameters:

user - the user whose password would be changed. This will never be null, but if the intent of the request is to create a new user, then the user will not yet exist and services like the UserManager and ApplicationUsers.from(User) will not be able to resolve it. The user's directory ID and ID will be -1 for this case.

oldPassword - the user's existing password, or null if that information is not available, either because this is a new user or because an administrator is changing the password

newPassword - the user's proposed new password

Returns:

a collection of WebErrorMessages explaining why the password cannot be accepted

getPolicyDescription

public List<String> getPolicyDescription(boolean hasOldPassword)

Description copied from interface: PasswordPolicy

Returns a list of rules that passwords must follow to satisfy the policy.

Specified by:

getPolicyDescription in interface PasswordPolicy

Parameters:

hasOldPassword - whether or not the request concerns the rules when the old password is provided. This is true for the case where an existing user is changing his/her own password, but not when an administrator is changing another user's password or a new account is getting created. The rule list should probably be different for these cases. For example, it does not make sense to tell an administrator that the new password can not be similar to the old password when the administrator does not even know what the old password was. Nor does it make sense to say this to a new user, for whom the whole idea is completely irrelevant.

Returns:

a list of rules that passwords must follow to satisfy the policy.