From c9da9e4bd4a115a646dfb846972126ca8eef1158 Mon Sep 17 00:00:00 2001
From: Matthew Swift <matthew.swift@forgerock.com>
Date: Thu, 18 Aug 2011 17:43:22 +0000
Subject: [PATCH] Initial checkpoint of work for OPENDJ-262: Implement pass through authentication (PTA)
---
opends/src/server/org/opends/server/core/PasswordPolicyState.java | 110 +++++++++++++++++++++++--------------------------------
1 files changed, 46 insertions(+), 64 deletions(-)
diff --git a/opends/src/server/org/opends/server/core/PasswordPolicyState.java b/opends/src/server/org/opends/server/core/PasswordPolicyState.java
index 118fb3a..441445d 100644
--- a/opends/src/server/org/opends/server/core/PasswordPolicyState.java
+++ b/opends/src/server/org/opends/server/core/PasswordPolicyState.java
@@ -46,7 +46,6 @@
import org.opends.messages.Message;
import org.opends.messages.MessageBuilder;
import org.opends.server.admin.std.meta.PasswordPolicyCfgDefn;
-import org.opends.server.admin.std.server.PasswordValidatorCfg;
import org.opends.server.api.AccountStatusNotificationHandler;
import org.opends.server.api.PasswordGenerator;
import org.opends.server.api.PasswordStorageScheme;
@@ -73,7 +72,7 @@
* This class provides a data structure for holding password policy state
* information for a user account.
*/
-public class PasswordPolicyState
+public final class PasswordPolicyState
{
/**
* The tracer object for the debug logger.
@@ -318,7 +317,8 @@
}
}
- PasswordPolicy policy = DirectoryServer.getPasswordPolicy(subentryDN);
+ PasswordPolicy policy = (PasswordPolicy) DirectoryServer
+ .getAuthenticationPolicy(subentryDN);
if (policy == null)
{
if (debugEnabled())
@@ -364,8 +364,8 @@
{
if (subentry.getEntry().isPasswordPolicySubentry())
{
- PasswordPolicy policy = DirectoryServer.getPasswordPolicy(
- subentry.getDN());
+ PasswordPolicy policy = (PasswordPolicy) DirectoryServer
+ .getAuthenticationPolicy(subentry.getDN());
if (policy == null)
{
// This shouldnt happen but if it does debug log
@@ -2093,9 +2093,9 @@
// FIXME: the only getter responsible for a state attribute (pwdReset) that
// considers the policy before checking the entry for the presence of the
// attribute.
- if (! (passwordPolicy.allowUserPasswordChanges()
- && (passwordPolicy.forceChangeOnAdd()
- || passwordPolicy.forceChangeOnReset())))
+ if (! (passwordPolicy.isAllowUserPasswordChanges()
+ && (passwordPolicy.isForceChangeOnAdd()
+ || passwordPolicy.isForceChangeOnReset())))
{
mustChangePassword = ConditionResult.FALSE;
if (debugEnabled())
@@ -2235,7 +2235,7 @@
{
// This feature is reponsible for neither a state field nor an entry state
// attribute.
- if (passwordPolicy.getMaximumPasswordResetAge() <= 0)
+ if (passwordPolicy.getMaxPasswordResetAge() <= 0L)
{
if (debugEnabled())
{
@@ -2258,7 +2258,7 @@
}
long maxResetTime = passwordChangedTime +
- (1000L * passwordPolicy.getMaximumPasswordResetAge());
+ (1000L * passwordPolicy.getMaxPasswordResetAge());
boolean locked = (maxResetTime < currentTime);
if (debugEnabled())
@@ -2292,8 +2292,8 @@
boolean checkWarning = false;
- int maxAge = passwordPolicy.getMaximumPasswordAge();
- if (maxAge > 0)
+ long maxAge = passwordPolicy.getMaxPasswordAge();
+ if (maxAge > 0L)
{
long expTime = passwordChangedTime + (1000L*maxAge);
if (expTime < passwordExpirationTime)
@@ -2303,8 +2303,8 @@
}
}
- int maxResetAge = passwordPolicy.getMaximumPasswordResetAge();
- if (mustChangePassword() && (maxResetAge > 0))
+ long maxResetAge = passwordPolicy.getMaxPasswordResetAge();
+ if (mustChangePassword() && (maxResetAge > 0L))
{
long expTime = passwordChangedTime + (1000L*maxResetAge);
if (expTime < passwordExpirationTime)
@@ -2338,8 +2338,9 @@
{
mayUseGraceLogin = ConditionResult.TRUE;
- int warningInterval = passwordPolicy.getWarningInterval();
- if (warningInterval > 0)
+ long warningInterval = passwordPolicy
+ .getPasswordExpirationWarningInterval();
+ if (warningInterval > 0L)
{
long shouldWarnTime =
passwordExpirationTime - (warningInterval*1000L);
@@ -2368,7 +2369,7 @@
isFirstWarning = ConditionResult.TRUE;
setWarnedTime();
- if (! passwordPolicy.expirePasswordsWithoutWarning())
+ if (! passwordPolicy.isExpirePasswordsWithoutWarning())
{
passwordExpirationTime =
currentTime + (warningInterval*1000L);
@@ -2378,7 +2379,7 @@
{
isFirstWarning = ConditionResult.FALSE;
- if (! passwordPolicy.expirePasswordsWithoutWarning())
+ if (! passwordPolicy.isExpirePasswordsWithoutWarning())
{
passwordExpirationTime = warnedTime + (warningInterval*1000L);
}
@@ -2388,7 +2389,7 @@
{
// The expiration time has passed, but we may not actually be
// expired if the user has not yet seen a warning.
- if (passwordPolicy.expirePasswordsWithoutWarning())
+ if (passwordPolicy.isExpirePasswordsWithoutWarning())
{
shouldWarn = ConditionResult.FALSE;
isFirstWarning = ConditionResult.FALSE;
@@ -2496,8 +2497,8 @@
{
// This feature is reponsible for neither a state field nor entry state
// attribute.
- int minAge = passwordPolicy.getMinimumPasswordAge();
- if (minAge <= 0)
+ long minAge = passwordPolicy.getMinPasswordAge();
+ if (minAge <= 0L)
{
// There is no minimum age, so the user isn't in it.
if (debugEnabled())
@@ -3167,7 +3168,7 @@
for (Attribute a : attrList)
{
- boolean usesAuthPasswordSyntax = passwordPolicy.usesAuthPasswordSyntax();
+ boolean usesAuthPasswordSyntax = passwordPolicy.isAuthPasswordSyntax();
for (AttributeValue v : a)
{
@@ -3265,7 +3266,7 @@
for (Attribute a : attrList)
{
- boolean usesAuthPasswordSyntax = passwordPolicy.usesAuthPasswordSyntax();
+ boolean usesAuthPasswordSyntax = passwordPolicy.isAuthPasswordSyntax();
for (AttributeValue v : a)
{
@@ -3362,7 +3363,7 @@
*/
public boolean passwordIsPreEncoded(ByteString passwordValue)
{
- if (passwordPolicy.usesAuthPasswordSyntax())
+ if (passwordPolicy.isAuthPasswordSyntax())
{
return AuthPasswordSyntax.isEncoded(passwordValue);
}
@@ -3389,11 +3390,11 @@
throws DirectoryException
{
List<PasswordStorageScheme<?>> schemes =
- passwordPolicy.getDefaultStorageSchemes();
+ passwordPolicy.getDefaultPasswordStorageSchemes();
List<ByteString> encodedPasswords =
new ArrayList<ByteString>(schemes.size());
- if (passwordPolicy.usesAuthPasswordSyntax())
+ if (passwordPolicy.isAuthPasswordSyntax())
{
for (PasswordStorageScheme<?> s : schemes)
{
@@ -3431,38 +3432,23 @@
* <CODE>false</CODE> if it is not.
*/
public boolean passwordIsAcceptable(Operation operation, Entry userEntry,
- ByteString newPassword,
- Set<ByteString> currentPasswords,
- MessageBuilder invalidReason)
+ ByteString newPassword, Set<ByteString> currentPasswords,
+ MessageBuilder invalidReason)
{
- for (DN validatorDN : passwordPolicy.getPasswordValidators().keySet())
+ for (PasswordValidator<?> validator : passwordPolicy
+ .getPasswordValidators())
{
- PasswordValidator<? extends PasswordValidatorCfg> validator =
- passwordPolicy.getPasswordValidators().get(validatorDN);
-
- if (! validator.passwordIsAcceptable(newPassword, currentPasswords,
- operation, userEntry, invalidReason))
+ if (!validator.passwordIsAcceptable(newPassword, currentPasswords,
+ operation, userEntry, invalidReason))
{
if (debugEnabled())
{
- TRACER.debugInfo("The password provided for user %s failed " +
- "the %s password validator.",
- userDNString, validatorDN.toString());
+ TRACER.debugInfo("The password provided for user %s failed "
+ + "validation: %s", userDNString, invalidReason.toString());
}
-
return false;
}
- else
- {
- if (debugEnabled())
- {
- TRACER.debugInfo("The password provided for user %s passed " +
- "the %s password validator.",
- userDNString, validatorDN.toString());
- }
- }
}
-
return true;
}
@@ -3477,7 +3463,7 @@
*/
public void handleDeprecatedStorageSchemes(ByteString password)
{
- if (passwordPolicy.getDefaultStorageSchemes().isEmpty())
+ if (passwordPolicy.getDefaultPasswordStorageSchemes().isEmpty())
{
if (debugEnabled())
{
@@ -3509,7 +3495,7 @@
LinkedHashSet<AttributeValue> updatedValues =
new LinkedHashSet<AttributeValue>();
- boolean usesAuthPasswordSyntax = passwordPolicy.usesAuthPasswordSyntax();
+ boolean usesAuthPasswordSyntax = passwordPolicy.isAuthPasswordSyntax();
for (Attribute a : attrList)
{
@@ -3561,12 +3547,13 @@
ByteString.valueOf(pwComponents[1].toString()));
if (passwordMatches)
{
- if (passwordPolicy.isDefaultStorageScheme(schemeName))
+ if (passwordPolicy.isDefaultPasswordStorageScheme(schemeName))
{
existingDefaultSchemes.add(schemeName);
updatedValues.add(v);
}
- else if (passwordPolicy.isDeprecatedStorageScheme(schemeName))
+ else if (passwordPolicy
+ .isDeprecatedPasswordStorageScheme(schemeName))
{
if (debugEnabled())
{
@@ -3612,7 +3599,7 @@
LinkedHashSet<AttributeValue> addedValues = new
LinkedHashSet<AttributeValue>();
for (PasswordStorageScheme<?> s :
- passwordPolicy.getDefaultStorageSchemes())
+ passwordPolicy.getDefaultPasswordStorageSchemes())
{
if (! existingDefaultSchemes.contains(
toLowerCase(s.getStorageSchemeName())))
@@ -3764,8 +3751,8 @@
}
}
- int historyDuration = passwordPolicy.getPasswordHistoryDuration();
- if (historyDuration > 0)
+ long historyDuration = passwordPolicy.getPasswordHistoryDuration();
+ if (historyDuration > 0L)
{
long retainDate = currentTime - (1000 * historyDuration);
Iterator<Long> iterator = historyMap.keySet().iterator();
@@ -4108,8 +4095,8 @@
// If there is a maximum duration, then get rid of any values that would be
// over the duration.
- int historyDuration = passwordPolicy.getPasswordHistoryDuration();
- if (historyDuration > 0)
+ long historyDuration = passwordPolicy.getPasswordHistoryDuration();
+ if (historyDuration > 0L)
{
long minAgeToKeep = currentTime - (1000L * historyDuration);
Iterator<Long> iterator = historyMap.keySet().iterator();
@@ -4310,12 +4297,7 @@
AccountStatusNotification notification)
{
Collection<AccountStatusNotificationHandler<?>> handlers =
- passwordPolicy.getAccountStatusNotificationHandlers().values();
- if ((handlers == null) || handlers.isEmpty())
- {
- return;
- }
-
+ passwordPolicy.getAccountStatusNotificationHandlers();
for (AccountStatusNotificationHandler<?> handler : handlers)
{
handler.handleStatusNotification(notification);
--
Gitblit v1.10.0