From 87a32e534959a6ffaf12c6d69ce98197f7bee596 Mon Sep 17 00:00:00 2001
From: Matthew Swift <matthew.swift@forgerock.com>
Date: Tue, 20 Sep 2011 11:29:12 +0000
Subject: [PATCH] Issue OPENDJ-262: Implement pass through authentication (PTA)
---
opends/src/server/org/opends/server/controls/ProxiedAuthV1Control.java | 21 ++++++++++++++-------
1 files changed, 14 insertions(+), 7 deletions(-)
diff --git a/opends/src/server/org/opends/server/controls/ProxiedAuthV1Control.java b/opends/src/server/org/opends/server/controls/ProxiedAuthV1Control.java
index dd4103a..f7e83d0 100644
--- a/opends/src/server/org/opends/server/controls/ProxiedAuthV1Control.java
+++ b/opends/src/server/org/opends/server/controls/ProxiedAuthV1Control.java
@@ -32,7 +32,7 @@
import java.util.concurrent.locks.Lock;
import java.io.IOException;
-import org.opends.server.api.AuthenticationPolicy;
+import org.opends.server.api.AuthenticationPolicyState;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.PasswordPolicyState;
import org.opends.server.protocols.asn1.*;
@@ -325,13 +325,20 @@
// FIXME -- We should provide some mechanism for enabling debug
// processing.
- AuthenticationPolicy policy = AuthenticationPolicy.forUser(userEntry,
- false);
- if (policy.isPasswordPolicy())
+ AuthenticationPolicyState state = AuthenticationPolicyState.forUser(
+ userEntry, false);
+
+ if (state.isDisabled())
{
- PasswordPolicyState pwpState = (PasswordPolicyState) policy
- .createAuthenticationPolicyState(userEntry);
- if (pwpState.isDisabled() || pwpState.isAccountExpired() ||
+ Message message = ERR_PROXYAUTH1_UNUSABLE_ACCOUNT.get(String
+ .valueOf(userEntry.getDN()));
+ throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, message);
+ }
+
+ if (state.isPasswordPolicy())
+ {
+ PasswordPolicyState pwpState = (PasswordPolicyState) state;
+ if (pwpState.isAccountExpired() ||
pwpState.lockedDueToFailures() ||
pwpState.lockedDueToIdleInterval() ||
pwpState.lockedDueToMaximumResetAge() ||
--
Gitblit v1.10.0