@SuppressWarnings("unchecked")
public <T extends PolicySpec> T evaluate(final Policy policy, final Any<?, ?, ?> any) {
if (policy == null) {
return null;
}
T result = null;
switch (policy.getType()) {
case PASSWORD:
PasswordPolicySpec ppSpec = policy.getSpecification(PasswordPolicySpec.class);
PasswordPolicySpec evaluatedPPSpec = new PasswordPolicySpec();
BeanUtils.copyProperties(ppSpec, evaluatedPPSpec, new String[] {"schemasNotPermitted"});
for (String schema : ppSpec.getSchemasNotPermitted()) {
PlainAttr attr = any.getPlainAttr(schema);
if (attr != null) {
List<String> values = attr.getValuesAsStrings();
if (values != null && !values.isEmpty()) {
evaluatedPPSpec.getWordsNotPermitted().add(values.get(0));
}
}
}
// Password history verification and update
if (!(any instanceof User)) {
LOG.error(
"Cannot check previous passwords. instance is not user object: {}",
any.getClass().getName());
result = (T) evaluatedPPSpec;
break;
}
User user = (User) any;
if (user.verifyPasswordHistory(user.getClearPassword(), ppSpec.getHistoryLength())) {
evaluatedPPSpec.getWordsNotPermitted().add(user.getClearPassword());
}
result = (T) evaluatedPPSpec;
break;
case ACCOUNT:
final AccountPolicySpec spec = policy.getSpecification(AccountPolicySpec.class);
final AccountPolicySpec accountPolicy = new AccountPolicySpec();
BeanUtils.copyProperties(spec, accountPolicy, new String[] {"schemasNotPermitted"});
for (String schema : spec.getSchemasNotPermitted()) {
PlainAttr attr = any.getPlainAttr(schema);
if (attr != null) {
List<String> values = attr.getValuesAsStrings();
if (values != null && !values.isEmpty()) {
accountPolicy.getWordsNotPermitted().add(values.get(0));
}
}
}
result = (T) accountPolicy;
break;
case SYNC:
default:
result = null;
}
return result;
}
