From 3883d2297c3422d8aec2b40530c2d2b0a00ee57d Mon Sep 17 00:00:00 2001
From: Matthew Swift <matthew.swift@forgerock.com>
Date: Thu, 25 Aug 2011 16:27:28 +0000
Subject: [PATCH] Final refactoring work for OPENDJ-262: Implement pass through authentication (PTA)

---
 opends/src/server/org/opends/server/controls/ProxiedAuthV1Control.java |   28 ++++++++++++++++++----------
 1 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/opends/src/server/org/opends/server/controls/ProxiedAuthV1Control.java b/opends/src/server/org/opends/server/controls/ProxiedAuthV1Control.java
index 54ab358..dd4103a 100644
--- a/opends/src/server/org/opends/server/controls/ProxiedAuthV1Control.java
+++ b/opends/src/server/org/opends/server/controls/ProxiedAuthV1Control.java
@@ -23,6 +23,7 @@
  *
  *
  *      Copyright 2006-2008 Sun Microsystems, Inc.
+ *      Portions copyright 2011 ForgeRock AS.
  */
 package org.opends.server.controls;
 import org.opends.messages.Message;
@@ -31,6 +32,7 @@
 import java.util.concurrent.locks.Lock;
 import java.io.IOException;
 
+import org.opends.server.api.AuthenticationPolicy;
 import org.opends.server.core.DirectoryServer;
 import org.opends.server.core.PasswordPolicyState;
 import org.opends.server.protocols.asn1.*;
@@ -323,19 +325,25 @@
 
       // FIXME -- We should provide some mechanism for enabling debug
       // processing.
-      PasswordPolicyState pwpState = new PasswordPolicyState(userEntry, false);
-      if (pwpState.isDisabled() || pwpState.isAccountExpired() ||
-          pwpState.lockedDueToFailures() ||
-          pwpState.lockedDueToIdleInterval() ||
-          pwpState.lockedDueToMaximumResetAge() ||
-          pwpState.isPasswordExpired())
+      AuthenticationPolicy policy = AuthenticationPolicy.forUser(userEntry,
+          false);
+      if (policy.isPasswordPolicy())
       {
-        Message message =
-            ERR_PROXYAUTH1_UNUSABLE_ACCOUNT.get(String.valueOf(authzDN));
-        throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, message);
+        PasswordPolicyState pwpState = (PasswordPolicyState) policy
+            .createAuthenticationPolicyState(userEntry);
+        if (pwpState.isDisabled() || pwpState.isAccountExpired() ||
+            pwpState.lockedDueToFailures() ||
+            pwpState.lockedDueToIdleInterval() ||
+            pwpState.lockedDueToMaximumResetAge() ||
+            pwpState.isPasswordExpired())
+        {
+          Message message = ERR_PROXYAUTH1_UNUSABLE_ACCOUNT.get(String
+              .valueOf(authzDN));
+          throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED,
+              message);
+        }
       }
 
-
       // If we've made it here, then the user is acceptable.
       return userEntry;
     }

--
Gitblit v1.10.0