/** This method is used to check pre conditions when changing the user password. */ public boolean doPreUpdateCredential( String userName, Object newCredential, Object oldCredential, UserStoreManager userStoreManager) throws UserStoreException { if (log.isDebugEnabled()) { log.debug("Pre update credential is called in IdentityMgtEventListener"); } IdentityMgtConfig config = IdentityMgtConfig.getInstance(); if (!config.isListenerEnable()) { return true; } try { // Enforcing the password policies. if (newCredential != null && (newCredential instanceof String && (newCredential.toString().trim().length() > 0))) { policyRegistry.enforcePasswordPolicies(newCredential.toString(), userName); } } catch (PolicyViolationException pe) { log.error(pe.getMessage()); throw new UserStoreException(pe.getMessage()); } return true; }
/** * This method is used when the admin is updating the credentials with an empty credential. A * random password will be generated and will be mailed to the user. */ @Override public boolean doPreUpdateCredentialByAdmin( String userName, Object newCredential, UserStoreManager userStoreManager) throws UserStoreException { if (log.isDebugEnabled()) { log.debug("Pre update credential by admin is called in IdentityMgtEventListener"); } IdentityMgtConfig config = IdentityMgtConfig.getInstance(); if (!config.isListenerEnable()) { return true; } try { // Enforcing the password policies. if (newCredential != null && (newCredential instanceof StringBuffer && (newCredential.toString().trim().length() > 0))) { policyRegistry.enforcePasswordPolicies(newCredential.toString(), userName); } } catch (PolicyViolationException pe) { log.error(pe.getMessage()); throw new UserStoreException(pe.getMessage()); } if (newCredential == null || (newCredential instanceof StringBuffer && ((StringBuffer) newCredential).toString().trim().length() < 1)) { if (!config.isEnableTemporaryPassword()) { log.error("Empty passwords are not allowed"); return false; } if (log.isDebugEnabled()) { log.debug("Credentials are null. Using a temporary password as credentials"); } // temporary passwords will be used char[] temporaryPassword = UserIdentityManagementUtil.generateTemporaryPassword(); // setting the password value ((StringBuffer) newCredential) .replace(0, temporaryPassword.length, new String(temporaryPassword)); UserIdentityMgtBean bean = new UserIdentityMgtBean(); bean.setUserId(userName); bean.setConfirmationCode(newCredential.toString()); bean.setRecoveryType(IdentityMgtConstants.Notification.TEMPORARY_PASSWORD); log.debug("Sending the tempory password to the user " + userName); UserIdentityManagementUtil.notifyViaEmail(bean); } else { log.debug("Updating credentials of user " + userName + " by admin with a non-empty password"); } return true; }
/** * This method will set the default/random password if the password provided is null. The thread * local parameter EMPTY_PASSWORD_USED will be used to track if the password empty in the * doPostAddUser. This method will filter the security question URIs from claims and put those to * the thread local properties. */ @Override public boolean doPreAddUser( String userName, Object credential, String[] roleList, Map<String, String> claims, String profile, UserStoreManager userStoreManager) throws UserStoreException { if (log.isDebugEnabled()) { log.debug("Pre add user is called in IdentityMgtEventListener"); } IdentityMgtConfig config = IdentityMgtConfig.getInstance(); if (!config.isListenerEnable()) { return true; } try { // Enforcing the password policies. if (credential != null && (credential instanceof StringBuffer && (credential.toString().trim().length() > 0))) { policyRegistry.enforcePasswordPolicies(credential.toString(), userName); } } catch (PolicyViolationException pe) { log.error(pe.getMessage()); throw new UserStoreException(pe.getMessage()); } // empty password account creation if (credential == null || (credential instanceof StringBuffer && (credential.toString().trim().length() < 1))) { if (!config.isEnableTemporaryPassword()) { log.error("Empty passwords are not allowed"); return false; } if (log.isDebugEnabled()) { log.debug("Credentials are null. Using a temporary password as credentials"); } // setting the thread-local to check in doPostAddUser threadLocalProperties.get().put(EMPTY_PASSWORD_USED, true); // temporary passwords will be used char[] temporaryPassword = UserIdentityManagementUtil.generateTemporaryPassword(); // setting the password value ((StringBuffer) credential) .replace(0, temporaryPassword.length, new String(temporaryPassword)); } // Filtering security question URIs from claims and add them to the thread local dto Map<String, String> userDataMap = new HashMap<String, String>(); // TODO why challenge Q Iterator<Entry<String, String>> it = claims.entrySet().iterator(); while (it.hasNext()) { Map.Entry<String, String> claim = it.next(); if (claim.getKey().contains(UserCoreConstants.ClaimTypeURIs.CHALLENGE_QUESTION_URI) || claim.getKey().contains(UserCoreConstants.ClaimTypeURIs.IDENTITY_CLAIM_URI)) { userDataMap.put(claim.getKey(), claim.getValue()); it.remove(); } } UserIdentityClaimsDO identityDTO = new UserIdentityClaimsDO(userName, userDataMap); // adding dto to thread local to be read again from the doPostAddUser method threadLocalProperties.get().put(USER_IDENTITY_DO, identityDTO); return true; }