This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Page tree
Skip to end of metadata
Go to start of metadata

Version Warning

The content below is for Apache Syncope <= 1.2 - for later versions the Reference Guide is available.

This page explains how you can configure a PasswordExpirationJob inside Apache Syncope. The PasswordExpirationJob searches all users whose passwords are expired from a certain number of days and suspends them.

  1. Create a new Java class for your Scheduled Job.
  2. Configure a new Scheduled Task.
  3. From the Apache Syncope console, create a new configuration schema and set the expiration days.

public class PasswordExpirationJob extends AbstractTransactionalTaskJob {

    private UserController userController;

    private ConfDAO confDAO;

    private EntitlementDAO entitlementDAO;

    private EntityManager entityManager;

    protected String doExecute(final boolean dryRun) throws JobExecutionException {
        if (!(task instanceof SchedTask)) {
            throw new JobExecutionException("Task " + taskId + " isn't a SchedTask");

        //Take the xDays parameter from Syncope configuration
        final CAttr expirationDays = confDAO.find("expirationDays", 10);

        // Build your time condition with expirationDays parameter
        final Calendar yourTimeCondition = ....

        // Search all user that match your condition
        final Query query = entityManager.createNativeQuery(
                "SELECT id FROM SyncopeUser WHERE changePwdDate < ?1");
        query.setParameter(1, yourTimeCondition);

        final List<Long> users = (List<Long>) query.getResultList();

        if (!dryRun) {
            try {
                // Exec the operation with admin user
                final List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
                for (Entitlement entitlement : entitlementDAO.findAll()) {
                    authorities.add(new SimpleGrantedAuthority(entitlement.getName()));
                final UserDetails userDetails = new User("admin", "FAKE_PASSWORD", true, true, true, true, authorities);
                        new UsernamePasswordAuthenticationToken(userDetails, "FAKE_PASSWORD", authorities));

                // for all user
                for (Long userId : users) {
                    final StatusMod statusMod = new StatusMod();

            } finally {
                // Remove admin permission

        return (dryRun
                ? "Will Suspend"
                : "Suspended") + " " + users.size() + " utenti";

    protected boolean hasToBeRegistered(final TaskExec execution) {
        return true;
  • No labels