mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: 78aaa424 | patch | commit | show whitespace
Jean-Noel Rouvignac
07.02.2013 3783f3982200f058abdb94e728e63159b02b1dea 
OPENDJ-655 Message about authentication failures should contain identification of the user for easier analysis.

Fixed other occurences of copy/pasted code.

LocalBackendBindOperation.java:
In processBind(), fixed the code.
Extracted methods generateAccountStatusNotificationForLockedBindAccount() and getIntegerUserAttribute() to remove duplicated code.

1 files modified
253 ■■■■■ changed files
opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendBindOperation.java 253 ●●●●● patch | view | raw | blame | history 
 opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendBindOperation.java


@@ -29,11 +29,12 @@








import java.util.Iterator;


import java.util.List;


import java.util.concurrent.locks.Lock;




import org.opends.messages.Message;


import org.opends.messages.MessageDescriptor.Arg1;


import org.opends.messages.MessageDescriptor.Arg2;


import org.opends.server.admin.std.meta.PasswordPolicyCfgDefn;


import org.opends.server.api.*;


import org.opends.server.api.plugin.PluginResult;


@@ -608,36 +609,8 @@




          if (policy.getLockoutFailureCount() > 0)


          {


            pwPolicyState.updateAuthFailureTimes();


            if (pwPolicyState.lockedDueToFailures())


            {


              AccountStatusNotificationType notificationType;


              Message m;




              boolean tempLocked;


              int lockoutDuration = pwPolicyState.getSecondsUntilUnlock();


              if (lockoutDuration > -1)


              {


                notificationType =


                  AccountStatusNotificationType.ACCOUNT_TEMPORARILY_LOCKED;


                tempLocked = true;




                m = ERR_BIND_ACCOUNT_TEMPORARILY_LOCKED


                    .get(secondsToTimeString(lockoutDuration));


              }


              else


              {


                notificationType =


                  AccountStatusNotificationType.ACCOUNT_PERMANENTLY_LOCKED;


                tempLocked = false;




                m = ERR_BIND_ACCOUNT_PERMANENTLY_LOCKED.get();


              }




              pwPolicyState.generateAccountStatusNotification(notificationType,


                  userEntry, m, AccountStatusNotification.createProperties(


                      pwPolicyState, tempLocked, -1, null, null));


            }


            generateAccountStatusNotificationForLockedBindAccount(userEntry,


                pwPolicyState);


          }


        }


      }


@@ -871,6 +844,21 @@


          if (pwPolicyState.getAuthenticationPolicy()


              .getLockoutFailureCount() > 0)


          {


            generateAccountStatusNotificationForLockedBindAccount(


                saslAuthUserEntry, pwPolicyState);


          }


        }


      }


    }




    return true;


  }








  private void generateAccountStatusNotificationForLockedBindAccount(


      Entry userEntry, PasswordPolicyState pwPolicyState)


  {


            pwPolicyState.updateAuthFailureTimes();


            if (pwPolicyState.lockedDueToFailures())


            {


@@ -881,11 +869,12 @@


              int lockoutDuration = pwPolicyState.getSecondsUntilUnlock();


              if (lockoutDuration > -1)


              {


                notificationType = AccountStatusNotificationType.


                                        ACCOUNT_TEMPORARILY_LOCKED;


        notificationType =


            AccountStatusNotificationType.ACCOUNT_TEMPORARILY_LOCKED;


                tempLocked = true;


                m = ERR_BIND_ACCOUNT_TEMPORARILY_LOCKED.get(


                         secondsToTimeString(lockoutDuration));


        m =


            ERR_BIND_ACCOUNT_TEMPORARILY_LOCKED


                .get(secondsToTimeString(lockoutDuration));


              }


              else


              {


@@ -895,19 +884,11 @@


                m = ERR_BIND_ACCOUNT_PERMANENTLY_LOCKED.get();


              }




              pwPolicyState.generateAccountStatusNotification(


                   notificationType, saslAuthUserEntry, m,


                   AccountStatusNotification.createProperties(


      pwPolicyState.generateAccountStatusNotification(notificationType,


          userEntry, m, AccountStatusNotification.createProperties(


                        pwPolicyState, tempLocked, -1, null, null));


            }


          }


        }


      }


    }




    return true;


  }








  private boolean invokePreOpPlugins()


@@ -1161,26 +1142,64 @@


  protected void setResourceLimits(Entry userEntry)


  {


    // See if the user's entry contains a custom size limit.


    Integer customSizeLimit =


        getIntegerUserAttribute(userEntry, OP_ATTR_USER_SIZE_LIMIT,


            WARN_BIND_MULTIPLE_USER_SIZE_LIMITS,


            WARN_BIND_CANNOT_PROCESS_USER_SIZE_LIMIT);


    if (customSizeLimit != null)


    {


      sizeLimit = customSizeLimit;


    }




    // See if the user's entry contains a custom time limit.


    Integer customTimeLimit =


        getIntegerUserAttribute(userEntry, OP_ATTR_USER_TIME_LIMIT,


            WARN_BIND_MULTIPLE_USER_TIME_LIMITS,


            WARN_BIND_CANNOT_PROCESS_USER_TIME_LIMIT);


    if (customTimeLimit != null)


    {


      timeLimit = customTimeLimit;


    }




    // See if the user's entry contains a custom idle time limit.


    // idleTimeLimit = 1000L * Long.parseLong(v.getValue().toString());


    Integer customIdleTimeLimitInSec =


        getIntegerUserAttribute(userEntry, OP_ATTR_USER_IDLE_TIME_LIMIT,


            WARN_BIND_MULTIPLE_USER_IDLE_TIME_LIMITS,


            WARN_BIND_CANNOT_PROCESS_USER_IDLE_TIME_LIMIT);


    if (customIdleTimeLimitInSec != null)


    {


      idleTimeLimit = 1000L * customIdleTimeLimitInSec;


    }




    // See if the user's entry contains a custom lookthrough limit.


    Integer customLookthroughLimit =


        getIntegerUserAttribute(userEntry, OP_ATTR_USER_LOOKTHROUGH_LIMIT,


            WARN_BIND_MULTIPLE_USER_LOOKTHROUGH_LIMITS,


            WARN_BIND_CANNOT_PROCESS_USER_LOOKTHROUGH_LIMIT);


    if (customLookthroughLimit != null)


    {


      lookthroughLimit = customLookthroughLimit;


    }


  }




  private Integer getIntegerUserAttribute(Entry userEntry,


      String attributeTypeName,


      Arg1<CharSequence> nonUniqueAttributeMessage,


      Arg2<CharSequence, CharSequence> cannotProcessAttributeMessage)


  {


    AttributeType attrType =


         DirectoryServer.getAttributeType(OP_ATTR_USER_SIZE_LIMIT, true);


        DirectoryServer.getAttributeType(attributeTypeName, true);


    List<Attribute> attrList = userEntry.getAttribute(attrType);


    if ((attrList != null) && (attrList.size() == 1))


    {


      Attribute a = attrList.get(0);


      Iterator<AttributeValue> iterator = a.iterator();


      if (iterator.hasNext())


      if (a.size() == 1)


      {


        AttributeValue v = iterator.next();


        if (iterator.hasNext())


        {


          logError(WARN_BIND_MULTIPLE_USER_SIZE_LIMITS.get(


                        String.valueOf(userEntry.getDN())));


        }


        else


        {


        AttributeValue v = a.iterator().next();


          try


          {


            sizeLimit = Integer.parseInt(v.getValue().toString());


          return Integer.valueOf(v.getValue().toString());


          }


          catch (Exception e)


          {


@@ -1189,126 +1208,16 @@


              TRACER.debugCaught(DebugLogLevel.ERROR, e);


            }




            logError(WARN_BIND_CANNOT_PROCESS_USER_SIZE_LIMIT.get(


                          v.getValue().toString(),


          logError(cannotProcessAttributeMessage.get(v.getValue().toString(),


                          String.valueOf(userEntry.getDN())));


          }


        }


      }


    }






    // See if the user's entry contains a custom time limit.


    attrType = DirectoryServer.getAttributeType(OP_ATTR_USER_TIME_LIMIT, true);


    attrList = userEntry.getAttribute(attrType);


    if ((attrList != null) && (attrList.size() == 1))


      else if (a.size() > 1)


    {


      Attribute a = attrList.get(0);


      Iterator<AttributeValue> iterator = a.iterator();


      if (iterator.hasNext())


      {


        AttributeValue v = iterator.next();


        if (iterator.hasNext())


        {


          logError(WARN_BIND_MULTIPLE_USER_TIME_LIMITS.get(


                        String.valueOf(userEntry.getDN())));


        }


        else


        {


          try


          {


            timeLimit = Integer.parseInt(v.getValue().toString());


          }


          catch (Exception e)


          {


            if (debugEnabled())


            {


              TRACER.debugCaught(DebugLogLevel.ERROR, e);


            }




            logError(WARN_BIND_CANNOT_PROCESS_USER_TIME_LIMIT.get(


                          v.getValue().toString(),


                          String.valueOf(userEntry.getDN())));


        logError(nonUniqueAttributeMessage.get(String


            .valueOf(userEntry.getDN())));


          }


        }


    return null;


      }


    }






    // See if the user's entry contains a custom idle time limit.


    attrType = DirectoryServer.getAttributeType(OP_ATTR_USER_IDLE_TIME_LIMIT,


                                                true);


    attrList = userEntry.getAttribute(attrType);


    if ((attrList != null) && (attrList.size() == 1))


    {


      Attribute a = attrList.get(0);


      Iterator<AttributeValue> iterator = a.iterator();


      if (iterator.hasNext())


      {


        AttributeValue v = iterator.next();


        if (iterator.hasNext())


        {


          logError(WARN_BIND_MULTIPLE_USER_IDLE_TIME_LIMITS.get(


                        String.valueOf(userEntry.getDN())));


        }


        else


        {


          try


          {


            idleTimeLimit = 1000L * Long.parseLong(v.getValue().toString());


          }


          catch (Exception e)


          {


            if (debugEnabled())


            {


              TRACER.debugCaught(DebugLogLevel.ERROR, e);


            }




            logError(WARN_BIND_CANNOT_PROCESS_USER_IDLE_TIME_LIMIT.get(


                          v.getValue().toString(),


                          String.valueOf(userEntry.getDN())));


          }


        }


      }


    }






    // See if the user's entry contains a custom lookthrough limit.


    attrType = DirectoryServer.getAttributeType(OP_ATTR_USER_LOOKTHROUGH_LIMIT,


                                                true);


    attrList = userEntry.getAttribute(attrType);


    if ((attrList != null) && (attrList.size() == 1))


    {


      Attribute a = attrList.get(0);


      Iterator<AttributeValue> iterator = a.iterator();


      if (iterator.hasNext())


      {


        AttributeValue v = iterator.next();


        if (iterator.hasNext())


        {


          logError(WARN_BIND_MULTIPLE_USER_LOOKTHROUGH_LIMITS.get(


                        String.valueOf(userEntry.getDN())));


        }


        else


        {


          try


          {


            lookthroughLimit = Integer.parseInt(v.getValue().toString());


          }


          catch (Exception e)


          {


            if (debugEnabled())


            {


              TRACER.debugCaught(DebugLogLevel.ERROR, e);


            }




            logError(WARN_BIND_CANNOT_PROCESS_USER_LOOKTHROUGH_LIMIT.get(


                          v.getValue().toString(),


                          String.valueOf(userEntry.getDN())));


          }


        }


      }


    }


  }


}