From 22edc79860908bed7d8dfa0f40227b29badb6ed2 Mon Sep 17 00:00:00 2001
From: Jean-Noel Rouvignac <jean-noel.rouvignac@forgerock.com>
Date: Fri, 14 Aug 2015 09:18:15 +0000
Subject: [PATCH] Code cleanup
---
opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendBindOperation.java | 178 +++++++++++++++-------------------------------------------
1 files changed, 47 insertions(+), 131 deletions(-)
diff --git a/opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendBindOperation.java b/opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendBindOperation.java
index 01c9022..b3fe472 100644
--- a/opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendBindOperation.java
+++ b/opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendBindOperation.java
@@ -27,9 +27,13 @@
package org.opends.server.workflowelement.localbackend;
import java.util.List;
+
import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.LocalizableMessageDescriptor.Arg1;
import org.forgerock.i18n.LocalizableMessageDescriptor.Arg2;
+import org.forgerock.i18n.slf4j.LocalizedLogger;
+import org.forgerock.opendj.ldap.ByteString;
+import org.forgerock.opendj.ldap.ResultCode;
import org.opends.server.admin.std.meta.PasswordPolicyCfgDefn;
import org.opends.server.api.AuthenticationPolicyState;
import org.opends.server.api.Backend;
@@ -38,10 +42,7 @@
import org.opends.server.api.plugin.PluginResult;
import org.opends.server.controls.*;
import org.opends.server.core.*;
-import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.opends.server.types.*;
-import org.forgerock.opendj.ldap.ResultCode;
-import org.forgerock.opendj.ldap.ByteString;
import org.opends.server.types.operation.PostOperationBindOperation;
import org.opends.server.types.operation.PostResponseBindOperation;
import org.opends.server.types.operation.PreOperationBindOperation;
@@ -63,26 +64,18 @@
{
private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
- /**
- * The backend in which the bind operation should be processed.
- */
- protected Backend<?> backend;
+ /** The backend in which the bind operation should be processed. */
+ private Backend<?> backend;
/**
* Indicates whether the bind response should include the first warning
* for an upcoming password expiration.
*/
- protected boolean isFirstWarning;
+ private boolean isFirstWarning;
+ /** Indicates whether this bind is using a grace login for the user. */
+ private boolean isGraceLogin;
- /**
- * Indicates whether this bind is using a grace login for the user.
- */
- protected boolean isGraceLogin;
-
- /**
- * Indicates whether the user must change his/her password before doing
- * anything else.
- */
+ /** Indicates whether the user must change his/her password before doing anything else. */
private boolean mustChangePassword;
/** Indicates whether the user requested the password policy control. */
@@ -94,31 +87,23 @@
*/
private boolean returnAuthzID;
- /**
- * Indicates whether to execute post-operation plugins.
- */
- protected boolean executePostOpPlugins;
+ /** Indicates whether to execute post-operation plugins. */
+ private boolean executePostOpPlugins;
/** The client connection associated with this bind operation. */
private ClientConnection clientConnection;
- /**
- * The bind DN provided by the client.
- */
- protected DN bindDN;
-
- /** The lookthrough limit that should be enforced for the user. */
- private int lookthroughLimit;
+ /** The bind DN provided by the client. */
+ private DN bindDN;
/** The value to use for the password policy warning. */
private int pwPolicyWarningValue;
-
+ /** The lookthrough limit that should be enforced for the user. */
+ private int lookthroughLimit;
/** The size limit that should be enforced for the user. */
private int sizeLimit;
-
/** The time limit that should be enforced for the user. */
private int timeLimit;
-
/** The idle time limit that should be enforced for the user. */
private long idleTimeLimit;
@@ -127,40 +112,32 @@
/** The password policy error type for this bind operation. */
private PasswordPolicyErrorType pwPolicyErrorType;
-
/** The password policy warning type for this bind operation. */
private PasswordPolicyWarningType pwPolicyWarningType;
- /**
- * The plugin config manager for the Directory Server.
- */
- protected PluginConfigManager pluginConfigManager;
+ /** The plugin config manager for the Directory Server. */
+ private PluginConfigManager pluginConfigManager;
/** The SASL mechanism used for this bind operation. */
private String saslMechanism;
-
-
/**
* Creates a new operation that may be used to bind where
* the bound user entry is stored in a local backend of the Directory Server.
*
* @param bind The operation to enhance.
*/
- public LocalBackendBindOperation(BindOperation bind)
+ LocalBackendBindOperation(BindOperation bind)
{
super(bind);
LocalBackendWorkflowElement.attachLocalOperation (bind, this);
}
-
-
/**
* Process this bind operation in a local backend.
*
* @param wfe
* The local backend work-flow element.
- *
*/
public void processLocalBind(LocalBackendWorkflowElement wfe)
{
@@ -204,7 +181,6 @@
setResponseData(de);
}
-
// Invoke the post-operation bind plugins.
if (executePostOpPlugins)
{
@@ -219,7 +195,6 @@
}
}
-
// Update the authentication information for the user.
AuthenticationInfo authInfo = getAuthenticationInfo();
if (getResultCode() == ResultCode.SUCCESS && authInfo != null)
@@ -238,27 +213,22 @@
}
}
-
// See if we need to send a password policy control to the client. If so,
// then add it to the response.
- if (getResultCode() == ResultCode.SUCCESS)
+ if (pwPolicyControlRequested)
{
- if (pwPolicyControlRequested)
- {
- PasswordPolicyResponseControl pwpControl =
- new PasswordPolicyResponseControl(pwPolicyWarningType,
- pwPolicyWarningValue,
- pwPolicyErrorType);
- addResponseControl(pwpControl);
- }
- else
+ addResponseControl(new PasswordPolicyResponseControl(
+ pwPolicyWarningType, pwPolicyWarningValue, pwPolicyErrorType));
+ }
+ else
+ {
+ if (getResultCode() == ResultCode.SUCCESS)
{
if (pwPolicyErrorType == PasswordPolicyErrorType.PASSWORD_EXPIRED)
{
addResponseControl(new PasswordExpiredControl());
}
- else if (pwPolicyWarningType ==
- PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION)
+ else if (pwPolicyWarningType == PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION)
{
addResponseControl(new PasswordExpiringControl(pwPolicyWarningValue));
}
@@ -267,17 +237,6 @@
addResponseControl(new PasswordExpiredControl());
}
}
- }
- else
- {
- if (pwPolicyControlRequested)
- {
- PasswordPolicyResponseControl pwpControl =
- new PasswordPolicyResponseControl(pwPolicyWarningType,
- pwPolicyWarningValue,
- pwPolicyErrorType);
- addResponseControl(pwpControl);
- }
else
{
if (pwPolicyErrorType == PasswordPolicyErrorType.PASSWORD_EXPIRED)
@@ -288,23 +247,19 @@
}
}
-
/**
* Performs the checks and processing necessary for the current bind operation
* (simple or SASL).
*/
private void processBind()
{
- // Check to see if the client has permission to perform the
- // bind.
+ // Check to see if the client has permission to perform the bind.
// FIXME: for now assume that this will check all permission
- // pertinent to the operation. This includes any controls
- // specified.
+ // pertinent to the operation. This includes any controls specified.
try
{
- if (!AccessControlConfigManager.getInstance().getAccessControlHandler()
- .isAllowed(this))
+ if (!AccessControlConfigManager.getInstance().getAccessControlHandler().isAllowed(this))
{
setResultCode(ResultCode.INVALID_CREDENTIALS);
setAuthFailureReason(ERR_BIND_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS.get());
@@ -405,8 +360,6 @@
}
}
-
-
/**
* Performs the processing necessary for a simple bind operation.
*
@@ -416,8 +369,7 @@
* @throws DirectoryException If a problem occurs that should cause the bind
* operation to fail.
*/
- protected boolean processSimpleBind()
- throws DirectoryException
+ private boolean processSimpleBind() throws DirectoryException
{
// See if this is an anonymous bind. If so, then determine whether
// to allow it.
@@ -449,16 +401,13 @@
if (de.getResultCode() == ResultCode.REFERRAL)
{
- // Re-throw referral exceptions - these should be passed back
- // to the client.
+ // Re-throw referral exceptions - these should be passed back to the client.
throw de;
}
else
{
- // Replace other exceptions in case they expose any sensitive
- // information.
- throw new DirectoryException(ResultCode.INVALID_CREDENTIALS,
- de.getMessageObject());
+ // Replace other exceptions in case they expose any sensitive information.
+ throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, de.getMessageObject());
}
}
@@ -467,11 +416,7 @@
throw new DirectoryException(ResultCode.INVALID_CREDENTIALS,
ERR_BIND_OPERATION_UNKNOWN_USER.get());
}
- else
- {
- setUserEntryDN(userEntry.getName());
- }
-
+ setUserEntryDN(userEntry.getName());
// Check to see if the user has a password. If not, then fail.
// FIXME -- We need to have a way to enable/disable debugging.
@@ -479,8 +424,7 @@
if (authPolicyState.isPasswordPolicy())
{
// Account is managed locally.
- PasswordPolicyState pwPolicyState =
- (PasswordPolicyState) authPolicyState;
+ PasswordPolicyState pwPolicyState = (PasswordPolicyState) authPolicyState;
PasswordPolicy policy = pwPolicyState.getAuthenticationPolicy();
AttributeType pwType = policy.getPasswordAttribute();
@@ -600,8 +544,6 @@
return true;
}
-
-
/**
* Performs the processing necessary for an anonymous simple bind.
*
@@ -610,7 +552,7 @@
* @throws DirectoryException If a problem occurs that should cause the bind
* operation to fail.
*/
- protected boolean processAnonymousSimpleBind() throws DirectoryException
+ private boolean processAnonymousSimpleBind() throws DirectoryException
{
// If the server is in lockdown mode, then fail.
if (DirectoryServer.lockdownMode())
@@ -627,7 +569,6 @@
ERR_BIND_DN_BUT_NO_PASSWORD.get());
}
-
// Invoke pre-operation plugins.
if (!invokePreOpPlugins())
{
@@ -639,8 +580,6 @@
return true;
}
-
-
/**
* Performs the processing necessary for a SASL bind operation.
*
@@ -663,11 +602,9 @@
saslMechanism));
}
-
// Check to see if the client has sufficient permission to perform the bind.
// NYI
-
// Invoke pre-operation plugins.
if (!invokePreOpPlugins())
{
@@ -677,7 +614,6 @@
// Actually process the SASL bind.
saslHandler.processSASLBind(this);
-
// If the server is operating in lockdown mode, then we will need to
// ensure that the authentication was successful and performed as a
// root user to continue.
@@ -711,7 +647,6 @@
}
}
-
// Determine whether the authentication was successful and perform
// any remaining password policy processing accordingly.
ResultCode resultCode = getResultCode();
@@ -769,8 +704,7 @@
{
if (authPolicyState != null && authPolicyState.isPasswordPolicy())
{
- PasswordPolicyState pwPolicyState =
- (PasswordPolicyState) authPolicyState;
+ PasswordPolicyState pwPolicyState = (PasswordPolicyState) authPolicyState;
if (saslHandler.isPasswordBased(saslMechanism)
&& pwPolicyState.getAuthenticationPolicy().getLockoutFailureCount() > 0)
@@ -784,8 +718,6 @@
return true;
}
-
-
private void generateAccountStatusNotificationForLockedBindAccount(
Entry userEntry, PasswordPolicyState pwPolicyState)
{
@@ -799,8 +731,7 @@
int lockoutDuration = pwPolicyState.getSecondsUntilUnlock();
if (lockoutDuration > -1)
{
- notificationType =
- AccountStatusNotificationType.ACCOUNT_TEMPORARILY_LOCKED;
+ notificationType = AccountStatusNotificationType.ACCOUNT_TEMPORARILY_LOCKED;
tempLocked = true;
m =
ERR_BIND_ACCOUNT_TEMPORARILY_LOCKED
@@ -808,8 +739,7 @@
}
else
{
- notificationType =
- AccountStatusNotificationType.ACCOUNT_PERMANENTLY_LOCKED;
+ notificationType = AccountStatusNotificationType.ACCOUNT_PERMANENTLY_LOCKED;
tempLocked = false;
m = ERR_BIND_ACCOUNT_PERMANENTLY_LOCKED.get();
}
@@ -820,7 +750,6 @@
}
}
-
private boolean invokePreOpPlugins()
{
executePostOpPlugins = true;
@@ -834,14 +763,9 @@
setReferralURLs(preOpResult.getReferralURLs());
return false;
}
- else
- {
- return true;
- }
+ return true;
}
-
-
/**
* Validates a number of password policy state constraints for the user. This
* will be called before the offered credentials are checked.
@@ -854,14 +778,13 @@
* @throws DirectoryException
* If a problem occurs that should cause the bind to fail.
*/
- protected void checkUnverifiedPasswordPolicyState(
+ private void checkUnverifiedPasswordPolicyState(
Entry userEntry, SASLMechanismHandler<?> saslHandler)
throws DirectoryException
{
PasswordPolicyState pwPolicyState = (PasswordPolicyState) authPolicyState;
PasswordPolicy policy = pwPolicyState.getAuthenticationPolicy();
- boolean isSASLBind = saslHandler != null;
// If the password policy is configured to track authentication failures or
// keep the last login time and the associated backend is disabled, then we
@@ -883,12 +806,12 @@
}
}
-
// Check to see if the authentication must be done in a secure
// manner. If so, then the client connection must be secure.
if (policy.isRequireSecureAuthentication()
&& !clientConnection.isSecure())
{
+ boolean isSASLBind = saslHandler != null;
if (isSASLBind)
{
if (! saslHandler.isSecure(saslMechanism))
@@ -916,15 +839,13 @@
* @throws DirectoryException
* If a problem occurs that should cause the bind to fail.
*/
- protected void checkVerifiedPasswordPolicyState(
+ private void checkVerifiedPasswordPolicyState(
Entry userEntry, SASLMechanismHandler<?> saslHandler)
throws DirectoryException
{
PasswordPolicyState pwPolicyState = (PasswordPolicyState) authPolicyState;
PasswordPolicy policy = pwPolicyState.getAuthenticationPolicy();
- boolean isSASLBind = saslHandler != null;
-
// Check to see if the user is administratively disabled or locked.
if (pwPolicyState.isDisabled())
{
@@ -967,9 +888,9 @@
throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, m);
}
-
// If it's a simple bind, or if it's a password-based SASL bind, then
// perform a number of password-based checks.
+ boolean isSASLBind = saslHandler != null;
if (!isSASLBind || saslHandler.isPasswordBased(saslMechanism))
{
// Check to see if the account is locked due to the maximum reset age.
@@ -989,7 +910,6 @@
throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, m);
}
-
// Determine whether the password is expired, or whether the user
// should be warned about an upcoming expiration.
if (pwPolicyState.isPasswordExpired())
@@ -1048,15 +968,13 @@
if (pwPolicyWarningType == null)
{
- pwPolicyWarningType =
- PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION;
+ pwPolicyWarningType = PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION;
pwPolicyWarningValue = numSeconds;
}
isFirstWarning = pwPolicyState.isFirstWarning();
}
-
// Check to see if the user's password has been reset.
if (pwPolicyState.mustChangePassword())
{
@@ -1070,14 +988,12 @@
}
}
-
-
/**
* Sets resource limits for the authenticated user.
*
* @param userEntry The entry for the authenticated user.
*/
- protected void setResourceLimits(Entry userEntry)
+ private void setResourceLimits(Entry userEntry)
{
// See if the user's entry contains a custom size limit.
Integer customSizeLimit =
--
Gitblit v1.10.0