public class PasswordResource extends Object
Constructor and Description |
---|
PasswordResource(PasswordPolicyManager passwordPolicyManager,
UserManager userManager) |
Modifier and Type | Method and Description |
---|---|
javax.ws.rs.core.Response |
getPasswordPolicy(boolean hasOldPassword)
Returns user-friendly statements governing the system's password policy.
|
javax.ws.rs.core.Response |
policyCheckCreateUser(PasswordPolicyCreateUserBean bean)
Returns user-friendly explanations of why the password policy would disallow a proposed user from being
created.
|
javax.ws.rs.core.Response |
policyCheckUpdateUser(PasswordPolicyUpdateUserBean bean)
Returns user-friendly explanations of why the password policy would disallow an existing user's password
from being updated.
|
public PasswordResource(PasswordPolicyManager passwordPolicyManager, UserManager userManager)
public javax.ws.rs.core.Response getPasswordPolicy(boolean hasOldPassword)
hasOldPassword
- whether or not the user will be required to enter their current password. Use
false
(the default) if this is a new user or if an administrator is forcibly changing
another user's password.public javax.ws.rs.core.Response policyCheckCreateUser(PasswordPolicyCreateUserBean bean)
This is a "dry run" of the password policy validation that would be performed by the various user creation
methods in UserService
. The intended use is for a user interface to
verify the password on the fly as the user enters it (or upon moving to another input field or delaying
for some time period, and so on). At the very least, the username and password must be non-empty to run
these validations. Note that this validation is only for the password policy itself; other validations,
such as whether or not a user with the same name already exists, are not checked by this request.
bean
- a representation of the intended parameters for the user that would be created.public javax.ws.rs.core.Response policyCheckUpdateUser(PasswordPolicyUpdateUserBean bean)
This is a "dry run" of the password policy validation that would be performed by the various ways to
update a user's password, such as the ChangePassword
and ResetPassword
web actions.
The intended use is for a user interface to verify the password on the fly as the user enters it (or upon
moving to another input field or delaying for some time period, and so on). At the very least, the username
and new password must be non-empty to run these validations, and the user must actually exist. Note that this
validation is only for the password policy itself; other validations that would be performed upon submitting
the request are not checked by this request. In particular, the old password (if specified) is deliberately
not verified by this request, as doing so could cause security problems.
bean
- a representation of the intended parameters for the update that would be performedCopyright © 2002-2016 Atlassian. All Rights Reserved.