001 /* 002 * Copyright 2013-2015 UnboundID Corp. 003 * All Rights Reserved. 004 */ 005 /* 006 * Copyright (C) 2015 UnboundID Corp. 007 * 008 * This program is free software; you can redistribute it and/or modify 009 * it under the terms of the GNU General Public License (GPLv2 only) 010 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only) 011 * as published by the Free Software Foundation. 012 * 013 * This program is distributed in the hope that it will be useful, 014 * but WITHOUT ANY WARRANTY; without even the implied warranty of 015 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 016 * GNU General Public License for more details. 017 * 018 * You should have received a copy of the GNU General Public License 019 * along with this program; if not, see <http://www.gnu.org/licenses>. 020 */ 021 package com.unboundid.ldap.sdk.unboundidds.controls; 022 023 024 025 import com.unboundid.ldap.sdk.Control; 026 import com.unboundid.ldap.sdk.LDAPException; 027 import com.unboundid.ldap.sdk.ResultCode; 028 import com.unboundid.util.NotMutable; 029 import com.unboundid.util.ThreadSafety; 030 import com.unboundid.util.ThreadSafetyLevel; 031 032 import static com.unboundid.ldap.sdk.unboundidds.controls.ControlMessages.*; 033 034 035 036 /** 037 * <BLOCKQUOTE> 038 * <B>NOTE:</B> This class is part of the Commercial Edition of the UnboundID 039 * LDAP SDK for Java. It is not available for use in applications that 040 * include only the Standard Edition of the LDAP SDK, and is not supported for 041 * use in conjunction with non-UnboundID products. 042 * </BLOCKQUOTE> 043 * This class provides a request control that can be included in a modify 044 * request or a password modify extended request in order to indicate that if 045 * the operation results in changing the password for a user, the user's former 046 * password should be marked as "retired", which may allow it to remain in use 047 * for a brief period of time (as configured in the password policy governing 048 * that user) to allow for applications which may have been configured with that 049 * password can be updated to use the new password. 050 * <BR><BR> 051 * This control has an OID of "1.3.6.1.4.1.30221.2.5.31" and does not have a 052 * value. The criticality may be either true (in which case the operation will 053 * succeed only if the user's password policy allows passwords to be retired by 054 * a request control) or false (in which case if the password policy does not 055 * allow the use of this control, the operation will be processed as if the 056 * control had not been included in the request). 057 * <BR><BR> 058 * <H2>Example</H2> 059 * The following example demonstrates the use of the retire password request 060 * control to request that a user's current password be retired in the course of 061 * a password change. 062 * <PRE> 063 * Control[] requestControls = 064 * { 065 * new RetirePasswordRequestControl(true) 066 * }; 067 * 068 * PasswordModifyExtendedRequest passwordModifyRequest = 069 * new PasswordModifyExtendedRequest( 070 * "uid=test.user,ou=People,dc=example,dc=com", // The user to update 071 * null, // The current password -- we don't know it. 072 * "newPassword", // The new password to assign to the user. 073 * requestControls); // The controls to include in the request. 074 * PasswordModifyExtendedResult passwordModifyResult = 075 * (PasswordModifyExtendedResult) 076 * connection.processExtendedOperation(passwordModifyRequest); 077 * </PRE> 078 * 079 * @see PurgePasswordRequestControl 080 */ 081 @NotMutable() 082 @ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE) 083 public final class RetirePasswordRequestControl 084 extends Control 085 { 086 /** 087 * The OID (1.3.6.1.4.1.4203.1.10.2) for the LDAP no-op request control. 088 */ 089 public static final String RETIRE_PASSWORD_REQUEST_OID = 090 "1.3.6.1.4.1.30221.2.5.31"; 091 092 093 094 /** 095 * The serial version UID for this serializable class. 096 */ 097 private static final long serialVersionUID = 7261376468186883355L; 098 099 100 101 /** 102 * Creates a new retire password request control with the specified 103 * criticality. 104 * 105 * @param isCritical Indicates whether the control should be considered 106 * critical. 107 */ 108 public RetirePasswordRequestControl(final boolean isCritical) 109 { 110 super(RETIRE_PASSWORD_REQUEST_OID, isCritical, null); 111 } 112 113 114 115 /** 116 * Creates a new retire password request control which is decoded from the 117 * provided generic control. 118 * 119 * @param control The generic control to be decoded as a retire password 120 * request control. 121 * 122 * @throws LDAPException If the provided control cannot be decoded as a 123 * retire password request control. 124 */ 125 public RetirePasswordRequestControl(final Control control) 126 throws LDAPException 127 { 128 super(control); 129 130 if (control.hasValue()) 131 { 132 throw new LDAPException(ResultCode.DECODING_ERROR, 133 ERR_RETIRE_PASSWORD_REQUEST_CONTROL_HAS_VALUE.get()); 134 } 135 } 136 137 138 139 /** 140 * {@inheritDoc} 141 */ 142 @Override() 143 public String getControlName() 144 { 145 return INFO_CONTROL_NAME_RETIRE_PASSWORD_REQUEST.get(); 146 } 147 148 149 150 /** 151 * {@inheritDoc} 152 */ 153 @Override() 154 public void toString(final StringBuilder buffer) 155 { 156 buffer.append("RetirePasswordRequestControl(isCritical="); 157 buffer.append(isCritical()); 158 buffer.append(')'); 159 } 160 }