|Applies To||RSA ClearTrust 5.5.x Server Side Hooks|
|Issue||From a server side hook, how to check that the authenticated user's password is not expired and that their account is not locked out|
|Resolution||There are 2 options depending on whether or not the user's password is available within the server side hook:|
1. If the password is available, the code can simply call the authenticate( ) method of the RuntimeAPI object to authenticate the user. The method returns a map containing a ResultConstant specifying the result of the attempt to authenticate; if the user's password is expired, or the account has been administratively locked, the value for the key ResultConstant.AUTHENTICATION_RESULT will be either ResultConstant.EXPIRED_PASSWORD or ResultConstant.ADMIN_LOCKOUT, respectively. See the Javadoc for the RuntimeAPI interface in the RSA ClearTrust Developer's Guide for more details.
2. If the user's password is not available, the Administrative API can be used. The IUser interface has the methods getPasswordExpirationDate( ) and isAdminLockedout( ). getPasswordExpirationDate( ) returns a java.util.Date object that can be compared to the current date; isAdminLockedout( ) returns a boolean indicating whether or not the account has been administratively locked. See the Javadoc for the IUser interface in the RSA ClearTrust Developer's Guide for more details.
|Legacy Article ID||a27924|