From 87a32e534959a6ffaf12c6d69ce98197f7bee596 Mon Sep 17 00:00:00 2001
From: Matthew Swift <matthew.swift@forgerock.com>
Date: Tue, 20 Sep 2011 11:29:12 +0000
Subject: [PATCH] Issue OPENDJ-262: Implement pass through authentication (PTA)

---
 opends/src/server/org/opends/server/core/SearchOperationBasis.java |   40 +++++++++++++++++++++++-----------------
 1 files changed, 23 insertions(+), 17 deletions(-)

diff --git a/opends/src/server/org/opends/server/core/SearchOperationBasis.java b/opends/src/server/org/opends/server/core/SearchOperationBasis.java
index f2e46de..ef5b606 100644
--- a/opends/src/server/org/opends/server/core/SearchOperationBasis.java
+++ b/opends/src/server/org/opends/server/core/SearchOperationBasis.java
@@ -37,7 +37,7 @@
 import java.util.Map;
 import java.util.concurrent.atomic.AtomicBoolean;
 
-import org.opends.server.api.AuthenticationPolicy;
+import org.opends.server.api.AuthenticationPolicyState;
 import org.opends.server.api.ClientConnection;
 import org.opends.server.api.plugin.PluginResult;
 import org.opends.server.controls.AccountUsableResponseControl;
@@ -645,15 +645,19 @@
     // create it now.
     if (isIncludeUsableControl())
     {
+      if (controls == null)
+      {
+        controls = new ArrayList<Control>(1);
+      }
+
       try
       {
         // FIXME -- Need a way to enable PWP debugging.
-        AuthenticationPolicy policy = AuthenticationPolicy
-            .forUser(entry, false);
-        if (policy.isPasswordPolicy())
+        AuthenticationPolicyState state = AuthenticationPolicyState.forUser(
+            entry, false);
+        if (state.isPasswordPolicy())
         {
-          PasswordPolicyState pwpState = (PasswordPolicyState) policy
-              .createAuthenticationPolicyState(entry);
+          PasswordPolicyState pwpState = (PasswordPolicyState) state;
 
           boolean isInactive = pwpState.isDisabled()
               || pwpState.isAccountExpired();
@@ -667,12 +671,6 @@
           {
             int secondsBeforeUnlock = pwpState.getSecondsUntilUnlock();
             int remainingGraceLogins = pwpState.getGraceLoginsRemaining();
-
-            if (controls == null)
-            {
-              controls = new ArrayList<Control>(1);
-            }
-
             controls
                 .add(new AccountUsableResponseControl(isInactive, isReset,
                     isExpired, remainingGraceLogins, isLocked,
@@ -680,16 +678,24 @@
           }
           else
           {
-            if (controls == null)
-            {
-              controls = new ArrayList<Control>(1);
-            }
-
             int secondsBeforeExpiration = pwpState.getSecondsUntilExpiration();
             controls.add(new AccountUsableResponseControl(
                 secondsBeforeExpiration));
           }
         }
+        else
+        {
+          // Another type of authentication policy (e.g. PTA).
+          if (state.isDisabled())
+          {
+            controls.add(new AccountUsableResponseControl(false, false, false,
+                -1, true, -1));
+          }
+          else
+          {
+            controls.add(new AccountUsableResponseControl(-1));
+          }
+        }
       }
       catch (Exception e)
       {

--
Gitblit v1.10.0