AbstractPasswordService (JWt Javadoc API)

All Known Implementing Classes:: PasswordService

public interface AbstractPasswordService

Abstract password authentication service.

This abstract class defines the interface for password authentication.

It provides methods to verify a password, to update a password, and to throttle password verification attempts.

See Also:

PasswordService

Nested Class Summary

Nested Classes

Modifier and Type

Interface

Description

static class

AbstractPasswordService.AbstractStrengthValidator

Validator for password strength.

static class

AbstractPasswordService.StrengthValidatorResult

Result returned when validating password strength.
Method Summary

Modifier and Type

Method

Description

int

delayForNextAttempt(User user)

Returns the delay for this user for a next authentication attempt.

AuthService

getBaseAuth()

Returns the basic authentication service.

AbstractPasswordService.AbstractStrengthValidator

getStrengthValidator()

Returns a validator which checks that a password is strong enough.

boolean

isAttemptThrottlingEnabled()

Returns whether password attempt throttling is enabled.

void

updatePassword(User user, String password)

Sets a new password for the given user.

PasswordResult

verifyPassword(User user, String password)

Verifies a password for a given user.

Method Details
- getBaseAuth
  
  AuthService getBaseAuth()
  
  Returns the basic authentication service.
- isAttemptThrottlingEnabled
  
  boolean isAttemptThrottlingEnabled()
  
  Returns whether password attempt throttling is enabled.
- getStrengthValidator
  
  AbstractPasswordService.AbstractStrengthValidator getStrengthValidator()
  
  Returns a validator which checks that a password is strong enough.
- delayForNextAttempt
  
  int delayForNextAttempt(User user)
  
  Returns the delay for this user for a next authentication attempt.
  If password attempt throttling is enabled, then this returns the number of seconds this user must wait for a new authentication attempt, presumably because of a number of failed attempts.
  See Also:
  
  isAttemptThrottlingEnabled()
- verifyPassword
  
  PasswordResult verifyPassword(User user, String password)
  
  Verifies a password for a given user.
  The supplied password is verified against the user's credentials stored in the database. If password account throttling is enabled, it may also refuse an authentication attempt.
- updatePassword
  
  void updatePassword(User user, String password)
  
  Sets a new password for the given user.
  This stores a new password for the user in the database.