@SuppressWarnings("unchecked") public <T extends PolicySpec> T evaluate(final Policy policy, final Any<?, ?, ?> any) { if (policy == null) { return null; } T result = null; switch (policy.getType()) { case PASSWORD: PasswordPolicySpec ppSpec = policy.getSpecification(PasswordPolicySpec.class); PasswordPolicySpec evaluatedPPSpec = new PasswordPolicySpec(); BeanUtils.copyProperties(ppSpec, evaluatedPPSpec, new String[] {"schemasNotPermitted"}); for (String schema : ppSpec.getSchemasNotPermitted()) { PlainAttr attr = any.getPlainAttr(schema); if (attr != null) { List<String> values = attr.getValuesAsStrings(); if (values != null && !values.isEmpty()) { evaluatedPPSpec.getWordsNotPermitted().add(values.get(0)); } } } // Password history verification and update if (!(any instanceof User)) { LOG.error( "Cannot check previous passwords. instance is not user object: {}", any.getClass().getName()); result = (T) evaluatedPPSpec; break; } User user = (User) any; if (user.verifyPasswordHistory(user.getClearPassword(), ppSpec.getHistoryLength())) { evaluatedPPSpec.getWordsNotPermitted().add(user.getClearPassword()); } result = (T) evaluatedPPSpec; break; case ACCOUNT: final AccountPolicySpec spec = policy.getSpecification(AccountPolicySpec.class); final AccountPolicySpec accountPolicy = new AccountPolicySpec(); BeanUtils.copyProperties(spec, accountPolicy, new String[] {"schemasNotPermitted"}); for (String schema : spec.getSchemasNotPermitted()) { PlainAttr attr = any.getPlainAttr(schema); if (attr != null) { List<String> values = attr.getValuesAsStrings(); if (values != null && !values.isEmpty()) { accountPolicy.getWordsNotPermitted().add(values.get(0)); } } } result = (T) accountPolicy; break; case SYNC: default: result = null; } return result; }