From c25504d1f9e2d02afb0f14093a0d16d6b6efb913 Mon Sep 17 00:00:00 2001
From: Matthew Swift <matthew.swift@forgerock.com>
Date: Fri, 10 Apr 2015 16:18:30 +0000
Subject: [PATCH] OPENDJ-1878: remove unnecessary entry read locks.
---
opendj-server-legacy/src/main/java/org/opends/server/controls/ProxiedAuthV1Control.java | 72 ++++++++++++++----------------------
1 files changed, 28 insertions(+), 44 deletions(-)
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/controls/ProxiedAuthV1Control.java b/opendj-server-legacy/src/main/java/org/opends/server/controls/ProxiedAuthV1Control.java
index 539e073..6b8a761 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/controls/ProxiedAuthV1Control.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/controls/ProxiedAuthV1Control.java
@@ -27,8 +27,6 @@
package org.opends.server.controls;
import java.io.IOException;
-import java.util.concurrent.locks.Lock;
-
import org.forgerock.i18n.LocalizableMessage;
import org.opends.server.api.AuthenticationPolicyState;
import org.opends.server.core.DirectoryServer;
@@ -283,56 +281,42 @@
}
- final Lock entryLock = LockManager.lockRead(authzDN);
- if (entryLock == null)
+ Entry userEntry = DirectoryServer.getEntry(authzDN);
+ if (userEntry == null)
{
- throw new DirectoryException(ResultCode.BUSY,
- ERR_PROXYAUTH1_CANNOT_LOCK_USER.get(authzDN));
+ // The requested user does not exist.
+ LocalizableMessage message = ERR_PROXYAUTH1_NO_SUCH_USER.get(authzDN);
+ throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, message);
}
- try
+
+ // FIXME -- We should provide some mechanism for enabling debug
+ // processing.
+ AuthenticationPolicyState state = AuthenticationPolicyState.forUser(
+ userEntry, false);
+
+ if (state.isDisabled())
{
- Entry userEntry = DirectoryServer.getEntry(authzDN);
- if (userEntry == null)
+ LocalizableMessage message = ERR_PROXYAUTH1_UNUSABLE_ACCOUNT.get(userEntry.getName());
+ throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, message);
+ }
+
+ if (state.isPasswordPolicy())
+ {
+ PasswordPolicyState pwpState = (PasswordPolicyState) state;
+ if (pwpState.isAccountExpired() ||
+ pwpState.lockedDueToFailures() ||
+ pwpState.lockedDueToIdleInterval() ||
+ pwpState.lockedDueToMaximumResetAge() ||
+ pwpState.isPasswordExpired())
{
- // The requested user does not exist.
- LocalizableMessage message = ERR_PROXYAUTH1_NO_SUCH_USER.get(authzDN);
+ LocalizableMessage message = ERR_PROXYAUTH1_UNUSABLE_ACCOUNT.get(authzDN);
throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, message);
}
-
-
- // FIXME -- We should provide some mechanism for enabling debug
- // processing.
- AuthenticationPolicyState state = AuthenticationPolicyState.forUser(
- userEntry, false);
-
- if (state.isDisabled())
- {
- LocalizableMessage message = ERR_PROXYAUTH1_UNUSABLE_ACCOUNT.get(userEntry.getName());
- throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, message);
- }
-
- if (state.isPasswordPolicy())
- {
- PasswordPolicyState pwpState = (PasswordPolicyState) state;
- if (pwpState.isAccountExpired() ||
- pwpState.lockedDueToFailures() ||
- pwpState.lockedDueToIdleInterval() ||
- pwpState.lockedDueToMaximumResetAge() ||
- pwpState.isPasswordExpired())
- {
- LocalizableMessage message = ERR_PROXYAUTH1_UNUSABLE_ACCOUNT.get(authzDN);
- throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, message);
- }
- }
-
- // If we've made it here, then the user is acceptable.
- return userEntry;
}
- finally
- {
- LockManager.unlock(authzDN, entryLock);
- }
+
+ // If we've made it here, then the user is acceptable.
+ return userEntry;
}
--
Gitblit v1.10.0