View Javadoc
1   /*
2    * Copyright 2014 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.bremersee.spring.security.ldaptive.authentication;
18  
19  import org.ldaptive.LdapEntry;
20  
21  /**
22   * The interface Account control evaluator.
23   *
24   * @author Christian Bremer
25   */
26  public interface AccountControlEvaluator {
27  
28    /**
29     * Indicates whether the user's account has expired. An expired account cannot be authenticated.
30     *
31     * @param ldapEntry the ldap entry
32     * @return <code>true</code> if the user's account is valid (ie non-expired),
33     *     <code>false</code> if no longer valid (ie expired)
34     */
35    boolean isAccountNonExpired(LdapEntry ldapEntry);
36  
37    /**
38     * Indicates whether the user is locked or unlocked. A locked user cannot be authenticated.
39     *
40     * @param ldapEntry the ldap entry
41     * @return <code>true</code> if the user is not locked, <code>false</code> otherwise
42     */
43    boolean isAccountNonLocked(LdapEntry ldapEntry);
44  
45    /**
46     * Indicates whether the user's credentials (password) has expired. Expired credentials prevent
47     * authentication.
48     *
49     * @param ldapEntry the ldap entry
50     * @return <code>true</code> if the user's credentials are valid (ie non-expired),
51     *     <code>false</code> if no longer valid (ie expired)
52     */
53    boolean isCredentialsNonExpired(LdapEntry ldapEntry);
54  
55    /**
56     * Indicates whether the user is enabled or disabled. A disabled user cannot be authenticated.
57     *
58     * @param ldapEntry the ldap entry
59     * @return <code>true</code> if the user is enabled, <code>false</code> otherwise
60     */
61    boolean isEnabled(LdapEntry ldapEntry);
62  
63  }