From 12823021edd6b9c4262466ddbfbce6aa8d36d0b5 Mon Sep 17 00:00:00 2001
From: Matthew Swift <matthew.swift@forgerock.com>
Date: Thu, 25 Aug 2011 16:27:28 +0000
Subject: [PATCH] Final refactoring work for OPENDJ-262: Implement pass through authentication (PTA)
---
opendj-sdk/opends/src/server/org/opends/server/controls/ProxiedAuthV2Control.java | 56 +++++++++++++++++++++++++++++---------------------------
1 files changed, 29 insertions(+), 27 deletions(-)
diff --git a/opendj-sdk/opends/src/server/org/opends/server/controls/ProxiedAuthV2Control.java b/opendj-sdk/opends/src/server/org/opends/server/controls/ProxiedAuthV2Control.java
index d5f576d..079bceb 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/controls/ProxiedAuthV2Control.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/controls/ProxiedAuthV2Control.java
@@ -23,6 +23,7 @@
*
*
* Copyright 2006-2008 Sun Microsystems, Inc.
+ * Portions copyright 2011 ForgeRock AS.
*/
package org.opends.server.controls;
import org.opends.messages.Message;
@@ -32,6 +33,7 @@
import java.util.concurrent.locks.Lock;
import java.io.IOException;
+import org.opends.server.api.AuthenticationPolicy;
import org.opends.server.api.IdentityMapper;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.PasswordPolicyState;
@@ -274,20 +276,7 @@
// FIXME -- We should provide some mechanism for enabling debug
// processing.
- PasswordPolicyState pwpState =
- new PasswordPolicyState(userEntry, false);
- if (pwpState.isDisabled() || pwpState.isAccountExpired() ||
- pwpState.lockedDueToFailures() ||
- pwpState.lockedDueToIdleInterval() ||
- pwpState.lockedDueToMaximumResetAge() ||
- pwpState.isPasswordExpired())
- {
- Message message =
- ERR_PROXYAUTH2_UNUSABLE_ACCOUNT.get(String.valueOf(authzDN));
- throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED,
- message);
- }
-
+ checkAccountIsUsable(userEntry);
// If we've made it here, then the user is acceptable.
return userEntry;
@@ -327,19 +316,7 @@
{
// FIXME -- We should provide some mechanism for enabling debug
// processing.
- PasswordPolicyState pwpState =
- new PasswordPolicyState(userEntry, false);
- if (pwpState.isDisabled() || pwpState.isAccountExpired() ||
- pwpState.lockedDueToFailures() ||
- pwpState.lockedDueToIdleInterval() ||
- pwpState.lockedDueToMaximumResetAge() ||
- pwpState.isPasswordExpired())
- {
- Message message = ERR_PROXYAUTH2_UNUSABLE_ACCOUNT.get(
- String.valueOf(userEntry.getDN()));
- throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED,
- message);
- }
+ checkAccountIsUsable(userEntry);
return userEntry;
}
@@ -353,6 +330,31 @@
+ private void checkAccountIsUsable(Entry userEntry)
+ throws DirectoryException
+ {
+ AuthenticationPolicy policy = AuthenticationPolicy.forUser(userEntry,
+ false);
+ if (policy.isPasswordPolicy())
+ {
+ PasswordPolicyState pwpState = (PasswordPolicyState) policy
+ .createAuthenticationPolicyState(userEntry);
+ if (pwpState.isDisabled() || pwpState.isAccountExpired() ||
+ pwpState.lockedDueToFailures() ||
+ pwpState.lockedDueToIdleInterval() ||
+ pwpState.lockedDueToMaximumResetAge() ||
+ pwpState.isPasswordExpired())
+ {
+ Message message = ERR_PROXYAUTH2_UNUSABLE_ACCOUNT.get(String
+ .valueOf(userEntry.getDN()));
+ throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED,
+ message);
+ }
+ }
+ }
+
+
+
/**
* Appends a string representation of this proxied auth v2 control to the
* provided buffer.
--
Gitblit v1.10.0