Package com.unboundid.ldap.sdk.unboundidds.controls

Class PasswordValidationDetailsResponseControl

java.lang.Object
com.unboundid.ldap.sdk.Control
com.unboundid.ldap.sdk.unboundidds.controls.PasswordValidationDetailsResponseControl
All Implemented Interfaces:
DecodeableControl, Serializable
@NotMutable @ThreadSafety(level=COMPLETELY_THREADSAFE) public final class PasswordValidationDetailsResponseControl extends Control implements DecodeableControl
This class provides an implementation for a response control that can be returned by the server in the response for add, modify, and password modify requests that include the password validation details request control. This response control will provide details about the password quality requirements that are in effect for the operation and whether the password included in the request satisfies each of those requirements.
NOTE: This class, and other classes within the com.unboundid.ldap.sdk.unboundidds package structure, are only supported for use against Ping Identity, UnboundID, and Nokia/Alcatel-Lucent 8661 server products. These classes provide support for proprietary functionality or for external specifications that are not considered stable or mature enough to be guaranteed to work in an interoperable way with other types of LDAP servers.

This response control has an OID of 1.3.6.1.4.1.30221.2.5.41, a criticality of false, and a value with the provided encoding: 
   PasswordValidationDetailsResponse ::= SEQUENCE {
        validationResult            CHOICE {
             validationDetails             [0] SEQUENCE OF
                  PasswordQualityRequirementValidationResult,
             noPasswordProvided            [1] NULL,
             multiplePasswordsProvided     [2] NULL,
             noValidationAttempted         [3] NULL,
             ... },
        missingCurrentPassword     [3] BOOLEAN DEFAULT FALSE,
        mustChangePassword         [4] BOOLEAN DEFAULT FALSE,
        secondsUntilExpiration     [5] INTEGER OPTIONAL,
        ... }
See Also:

  • Field Details

  • Constructor Details

    • PasswordValidationDetailsResponseControl

      public PasswordValidationDetailsResponseControl(@NotNull PasswordValidationDetailsResponseType responseType, @Nullable Collection<PasswordQualityRequirementValidationResult> validationResults, boolean missingCurrentPassword, boolean mustChangePassword, @Nullable Integer secondsUntilExpiration)
      Creates a password validation details response control with the provided information.
      Parameters:
      responseType - The response type for this password validation details response control. This must not be null.
      validationResults - A list of the results obtained when validating the password against the password quality requirements. This must be null or empty if the responseType element has a value other than VALIDATION_DETAILS.
      missingCurrentPassword - Indicates whether the associated operation is a self change that failed (or would have failed if not for additional validation failures) because the user did not provide his/her current password as required.
      mustChangePassword - Indicates whether the associated operation is an add or administrative reset that will require the user to change his/her password immediately after authenticating before allowing them to perform any other operation in the server.
      secondsUntilExpiration - The maximum length of time, in seconds, that the newly-set password will be considered valid. This may be null if the new password will be considered valid indefinitely.

    • PasswordValidationDetailsResponseControl

      public PasswordValidationDetailsResponseControl(@NotNull String oid, boolean isCritical, @Nullable ASN1OctetString value) throws LDAPException
      Creates a new password validation details response control by decoding the provided generic control information.
      Parameters:
      oid - The OID for the control.
      isCritical - Indicates whether the control should be considered critical.
      value - The value for the control.
      Throws:
      LDAPException - If the provided information cannot be decoded to create a password validation details response control.

  • Method Details

    • getResponseType

      @NotNull public PasswordValidationDetailsResponseType getResponseType()
      Retrieves the response type for this password validation details response control.
      Returns:
      The response type for this password validation details response control.

    • getValidationResults

      @NotNull public List<PasswordQualityRequirementValidationResult> getValidationResults()
      Retrieves a list of the results obtained when attempting to validate the proposed password against the password quality requirements in effect for the operation.
      Returns:
      A list of the results obtained when attempting to validate the proposed password against the password quality requirements in effect for the operation, or an empty list if no validation results are available.

    • missingCurrentPassword

      public boolean missingCurrentPassword()
      Indicates whether the associated operation is a self password change that requires the user to provide his/her current password when setting a new password, but no current password was provided.
      Returns:
      true if the associated operation is a self password change that requires the user to provide his/her current password when setting a new password but none was required, or false if the associated operation was not a self change, or if the user's current password was provided.

    • mustChangePassword

      public boolean mustChangePassword()
      Indicates whether the user will be required to immediately change his/her password after the associated add or administrative reset is complete.
      Returns:
      true if the associated operation is an add or administrative reset and the user will be required to change his/her password before being allowed to perform any other operation, or false if the associated operation was not am add or an administrative reset, or if the user will not be required to immediately change his/her password.

    • getSecondsUntilExpiration

      @Nullable public Integer getSecondsUntilExpiration()
      Retrieves the maximum length of time, in seconds, that the newly-set password will be considered valid. If mustChangePassword() returns true, then this value will be the length of time that the user has to perform a self password change before the account becomes locked. If mustChangePassword() returns false, then this value will be the length of time until the password expires.
      Returns:
      The maximum length of time, in seconds, that the newly-set password will be considered valid, or null if the new password will be valid indefinitely.

    • decodeControl

      @NotNull public PasswordValidationDetailsResponseControl decodeControl(@NotNull String oid, boolean isCritical, @Nullable ASN1OctetString value) throws LDAPException
      Creates a new instance of this decodeable control from the provided information.
      Specified by:
      decodeControl in interface DecodeableControl
      Parameters:
      oid - The OID for the control.
      isCritical - Indicates whether the control should be marked critical.
      value - The encoded value for the control. This may be null if no value was provided.
      Returns:
      The decoded representation of this control.
      Throws:
      LDAPException - If the provided information cannot be decoded as a valid instance of this decodeable control.

    • get

      @Nullable public static PasswordValidationDetailsResponseControl get(@NotNull LDAPResult result) throws LDAPException
      Extracts a password validation details response control from the provided result.
      Parameters:
      result - The result from which to retrieve the password validation details response control.
      Returns:
      The password validation details response control contained in the provided result, or null if the result did not contain a password validation details response control.
      Throws:
      LDAPException - If a problem is encountered while attempting to decode the password validation details response control contained in the provided result.

    • get

      @NotNull public static PasswordValidationDetailsResponseControl get(@NotNull LDAPException exception) throws LDAPException
      Extracts a password validation details response control from the provided result.
      Parameters:
      exception - The exception that was thrown when trying to process the associated operation.
      Returns:
      The password validation details response control contained in the provided result, or null if the result did not contain a password validation details response control.
      Throws:
      LDAPException - If a problem is encountered while attempting to decode the password validation details response control contained in the provided result.

    • getControlName

      @NotNull public String getControlName()
      Retrieves the user-friendly name for this control, if available. If no user-friendly name has been defined, then the OID will be returned.
      Overrides:
      getControlName in class Control
      Returns:
      The user-friendly name for this control, or the OID if no user-friendly name is available.

    • toJSONControl

      @NotNull public JSONObject toJSONControl()
      Retrieves a representation of this password validation details response control as a JSON object. The JSON object uses the following fields:
      • oid -- A mandatory string field whose value is the object identifier for this control. For the password validation details response control, the OID is "1.3.6.1.4.1.30221.2.5.41".
      • control-name -- An optional string field whose value is a human-readable name for this control. This field is only intended for descriptive purposes, and when decoding a control, the oid field should be used to identify the type of control.
      • criticality -- A mandatory Boolean field used to indicate whether this control is considered critical.
      • value-base64 -- An optional string field whose value is a base64-encoded representation of the raw value for this password validation details response control. Exactly one of the value-base64 and value-json fields must be present.
      • value-json -- An optional JSON object field whose value is a user-friendly representation of the value for this password validation details response control. Exactly one of the value-base64 and value-json fields must be present, and if the value-json field is used, then it will use the following fields:
        • response-type -- A string field that specifies the result of the password validation processing for the attempt. The value will be one of "validation-performed", "no-password-provided", "multiple-passwords-provided", or "no-validation-attempted".
        • validation-details -- An optional array field whose values are JSON objects with information about the types of validation performed for the new password. The fields that may be used in these JSON objects include:
          • password-quality-requirement -- A JSON object whose value provides information about a password quality requirement that was evaluated. The fields used in these JSON objects include:
            • description -- A string field whose value is a user-friendly description of the password quality requirement.
            • client-side-validation-type -- An optional string field whose value is an identifier that the client can use to programmatically determine the type of requirement.
            • client-side-validation-properties -- An optional array field whose values are JSON objects with additional properties that the client can use in the course of programmatically determining whether a proposed password is likely to satisfy the requirement. Each of these JSON objects will include a name field whose value is a string that specifies the property name, and a value field whose value is a string that specifies the property value.
          • requirement-satisfied -- A Boolean field that indicates whether the provided new password satisfies the password quality requirement.
          • additional-information -- An optional string field whose value provides additional information about the validation for the associated requirement.
        • missing-current-password -- A Boolean field that indicates whether the server requires the user's current password to be provided when choosing a new password, but that password was not provided.
        • must-change-password -- A Boolean field that indicates whether the user will be required to choose a new password before they will be allowed to request any other operations.
        • seconds-until-expiration -- An optional integer field whose value is the number of seconds until the new password will expire.
      Overrides:
      toJSONControl in class Control
      Returns:
      A JSON object that contains a representation of this control.

    • decodeJSONControl

      @NotNull public static PasswordValidationDetailsResponseControl decodeJSONControl(@NotNull JSONObject controlObject, boolean strict) throws LDAPException
      Attempts to decode the provided object as a JSON representation of a password validation details response control.
      Parameters:
      controlObject - The JSON object to be decoded. It must not be null.
      strict - Indicates whether to use strict mode when decoding the provided JSON object. If this is true, then this method will throw an exception if the provided JSON object contains any unrecognized fields. If this is false, then unrecognized fields will be ignored.
      Returns:
      The password validation details response control that was decoded from the provided JSON object.
      Throws:
      LDAPException - If the provided JSON object cannot be parsed as a valid password validation details response control.

    • toString

      public void toString(@NotNull StringBuilder buffer)
      Appends a string representation of this LDAP control to the provided buffer.
      Overrides:
      toString in class Control
      Parameters:
      buffer - The buffer to which to append the string representation of this buffer.