directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kayyag...@apache.org
Subject svn commit: r964358 - in /directory/apacheds/trunk: core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
Date Thu, 15 Jul 2010 09:57:50 GMT
Author: kayyagari
Date: Thu Jul 15 09:57:50 2010
New Revision: 964358

URL: http://svn.apache.org/viewvc?rev=964358&view=rev
Log:
o removed many redundant AT lookups
o fixed some NPE bugs
o used the ModifyOperationContext to bypass the interceptor chain when the pwdpolicy state
information needs to be updated
o removed the @CreateDS to use a default DS instance with changelog enabled
o @Ignored a test 

Modified:
    directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java

Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java?rev=964358&r1=964357&r2=964358&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java
(original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java
Thu Jul 15 09:57:50 2010
@@ -39,7 +39,6 @@ import org.apache.directory.ldap.client.
 import org.apache.directory.ldap.client.api.message.ModifyResponse;
 import org.apache.directory.server.annotations.CreateLdapServer;
 import org.apache.directory.server.annotations.CreateTransport;
-import org.apache.directory.server.core.annotations.CreateDS;
 import org.apache.directory.server.core.authn.AuthenticationInterceptor;
 import org.apache.directory.server.core.authn.PasswordPolicyConfiguration;
 import org.apache.directory.server.core.authn.PasswordUtil;
@@ -54,12 +53,14 @@ import org.apache.directory.shared.ldap.
 import org.apache.directory.shared.ldap.entry.DefaultEntry;
 import org.apache.directory.shared.ldap.entry.Entry;
 import org.apache.directory.shared.ldap.entry.EntryAttribute;
+import org.apache.directory.shared.ldap.exception.LdapException;
 import org.apache.directory.shared.ldap.message.ResultCodeEnum;
 import org.apache.directory.shared.ldap.message.control.Control;
 import org.apache.directory.shared.ldap.name.DN;
 import org.apache.directory.shared.ldap.util.StringTools;
 import org.junit.After;
 import org.junit.Before;
+import org.junit.Ignore;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 
@@ -75,7 +76,6 @@ import org.junit.runner.RunWith;
         @CreateTransport( protocol = "LDAP" ), 
         @CreateTransport( protocol = "LDAPS" ) 
     })
-@CreateDS( enableChangeLog=false )
 public class PasswordPolicyTest extends AbstractLdapTestUnit
 {
     private PasswordPolicyConfiguration policyConfig;
@@ -86,7 +86,7 @@ public class PasswordPolicyTest extends 
 
 
     @Before
-    public void setPwdPolicy()
+    public void setPwdPolicy() throws LdapException
     {
         policyConfig = new PasswordPolicyConfiguration();
         
@@ -104,6 +104,8 @@ public class PasswordPolicyTest extends 
         AuthenticationInterceptor authInterceptor = ( AuthenticationInterceptor ) service
             .getInterceptor( AuthenticationInterceptor.class.getName() );
         authInterceptor.setPwdPolicyConfig( policyConfig );
+        
+        authInterceptor.loadPwdPolicyStateAtributeTypes();
     }
 
 
@@ -191,7 +193,7 @@ public class PasswordPolicyTest extends 
         assertNotNull( userConnection );
         assertTrue( userConnection.isAuthenticated() );
     }
-    
+
     
     @Test
     public void testPwdMinAge() throws Exception
@@ -200,11 +202,11 @@ public class PasswordPolicyTest extends 
         
         LdapConnection connection = getAdminNetworkConnection( ldapServer );
         
-        DN userDn = new DN( "cn=user,ou=system" );
+        DN userDn = new DN( "cn=userMinAge,ou=system" );
         Entry userEntry = new DefaultEntry( userDn );
         userEntry.add( SchemaConstants.OBJECT_CLASS, SchemaConstants.PERSON_OC );
-        userEntry.add( SchemaConstants.CN_AT, "user" );
-        userEntry.add( SchemaConstants.SN_AT, "user_sn" );
+        userEntry.add( SchemaConstants.CN_AT, "userMinAge" );
+        userEntry.add( SchemaConstants.SN_AT, "userMinAge_sn" );
         userEntry.add( SchemaConstants.USER_PASSWORD_AT, "12345".getBytes() );
 
         AddRequest addReq = new AddRequest( userEntry );

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java?rev=964358&r1=964357&r2=964358&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
Thu Jul 15 09:57:50 2010
@@ -30,6 +30,9 @@ import static org.apache.directory.share
 import static org.apache.directory.shared.ldap.constants.PasswordPolicySchemaConstants.PWD_HISTORY_AT;
 import static org.apache.directory.shared.ldap.constants.PasswordPolicySchemaConstants.PWD_LAST_SUCCESS_AT;
 import static org.apache.directory.shared.ldap.constants.PasswordPolicySchemaConstants.PWD_RESET_AT;
+import static org.apache.directory.shared.ldap.entry.ModificationOperation.ADD_ATTRIBUTE;
+import static org.apache.directory.shared.ldap.entry.ModificationOperation.REMOVE_ATTRIBUTE;
+import static org.apache.directory.shared.ldap.entry.ModificationOperation.REPLACE_ATTRIBUTE;
 
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -48,6 +51,11 @@ import org.apache.directory.server.core.
 import org.apache.directory.server.core.DefaultCoreSession;
 import org.apache.directory.server.core.DirectoryService;
 import org.apache.directory.server.core.LdapPrincipal;
+import org.apache.directory.server.core.authz.AciAuthorizationInterceptor;
+import org.apache.directory.server.core.authz.DefaultAuthorizationInterceptor;
+import org.apache.directory.server.core.collective.CollectiveAttributeInterceptor;
+import org.apache.directory.server.core.event.EventInterceptor;
+import org.apache.directory.server.core.exception.ExceptionInterceptor;
 import org.apache.directory.server.core.filtering.EntryFilteringCursor;
 import org.apache.directory.server.core.interceptor.BaseInterceptor;
 import org.apache.directory.server.core.interceptor.Interceptor;
@@ -67,6 +75,11 @@ import org.apache.directory.server.core.
 import org.apache.directory.server.core.interceptor.context.RenameOperationContext;
 import org.apache.directory.server.core.interceptor.context.SearchOperationContext;
 import org.apache.directory.server.core.interceptor.context.UnbindOperationContext;
+import org.apache.directory.server.core.normalization.NormalizationInterceptor;
+import org.apache.directory.server.core.operational.OperationalAttributeInterceptor;
+import org.apache.directory.server.core.schema.SchemaInterceptor;
+import org.apache.directory.server.core.subtree.SubentryInterceptor;
+import org.apache.directory.server.core.trigger.TriggerInterceptor;
 import org.apache.directory.server.i18n.I18n;
 import org.apache.directory.shared.ldap.codec.controls.ppolicy.PasswordPolicyErrorEnum;
 import org.apache.directory.shared.ldap.codec.controls.ppolicy.PasswordPolicyRequestControl;
@@ -90,13 +103,13 @@ import org.apache.directory.shared.ldap.
 import org.apache.directory.shared.ldap.exception.LdapUnwillingToPerformException;
 import org.apache.directory.shared.ldap.message.ResultCodeEnum;
 import org.apache.directory.shared.ldap.name.DN;
+import org.apache.directory.shared.ldap.schema.AttributeType;
 import org.apache.directory.shared.ldap.schema.SchemaManager;
 import org.apache.directory.shared.ldap.util.DateUtils;
 import org.apache.directory.shared.ldap.util.StringTools;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-
 /**
  * An {@link Interceptor} that authenticates users.
  *
@@ -122,11 +135,46 @@ public class AuthenticationInterceptor e
 
     private CoreSession adminSession;
 
-    private boolean pwdPolicyEnabled = false;
-
     private Set<DN> pwdResetSet = new HashSet<DN>();
 
+    // pwdpolicy state attribute types
+    private AttributeType AT_PWD_RESET;
+    
+    private AttributeType AT_PWD_CHANGED_TIME;
+    
+    private AttributeType AT_PWD_HISTORY;
+
+    private AttributeType AT_PWD_FAILURE_TIME;
+    
+    private AttributeType AT_PWD_ACCOUNT_LOCKED_TIME;
+    
+    private AttributeType AT_PWD_LAST_SUCCESS;
+    
+    private AttributeType AT_PWD_GRACE_USE_TIME;
+
+    /**
+     * the set of interceptors we should *not* go through when pwdpolicy state information
is being updated
+     */
+    private static final Collection<String> BYPASS_INTERCEPTORS;
+
+    static
+    {
+        Set<String> c = new HashSet<String>();
+        c.add( NormalizationInterceptor.class.getName() );
+        c.add( AuthenticationInterceptor.class.getName() );
+        c.add( AciAuthorizationInterceptor.class.getName() );
+        c.add( DefaultAuthorizationInterceptor.class.getName() );
+        c.add( ExceptionInterceptor.class.getName() );
+        c.add( OperationalAttributeInterceptor.class.getName() );
+        c.add( SchemaInterceptor.class.getName() );
+        c.add( SubentryInterceptor.class.getName() );
+        c.add( CollectiveAttributeInterceptor.class.getName() );
+        c.add( EventInterceptor.class.getName() );
+        c.add( TriggerInterceptor.class.getName() );
+        BYPASS_INTERCEPTORS = Collections.unmodifiableCollection( c );
+    }
 
+    
     /**
      * Creates an authentication service interceptor.
      */
@@ -146,11 +194,8 @@ public class AuthenticationInterceptor e
 
         adminSession = directoryService.getAdminSession();
 
-        if ( policyConfig != null )
-        {
-            pwdPolicyEnabled = true;
-        }
-
+        loadPwdPolicyStateAtributeTypes();
+        
         if ( authenticators == null )
         {
             setDefaultAuthenticators();
@@ -215,7 +260,6 @@ public class AuthenticationInterceptor e
     private void register( Authenticator authenticator, DirectoryService directoryService
) throws LdapException
     {
         authenticator.init( directoryService );
-        authenticator.setPwdPolicyConfig( policyConfig );
 
         Collection<Authenticator> authenticatorList = getAuthenticators( authenticator.getAuthenticatorType()
);
 
@@ -303,24 +347,21 @@ public class AuthenticationInterceptor e
             String pwdChangedTime = DateUtils.getGeneralizedTime();
             if( ( policyConfig.getPwdMinAge() > 0 ) || ( policyConfig.getPwdMaxAge() >
0 ) )
             {
-                EntryAttribute pwdChangedTimeAt = new DefaultEntryAttribute(
-                    schemaManager.lookupAttributeTypeRegistry( PWD_CHANGED_TIME_AT ) );
+                EntryAttribute pwdChangedTimeAt = new DefaultEntryAttribute( AT_PWD_CHANGED_TIME
);
                 pwdChangedTimeAt.add( pwdChangedTime );
                 entry.add( pwdChangedTimeAt );
             }
 
             if ( policyConfig.isPwdMustChange() && addContext.getSession().isAnAdministrator()
)
             {
-                EntryAttribute pwdMustChangeAt = new DefaultEntryAttribute(
-                    schemaManager.lookupAttributeTypeRegistry( PWD_RESET_AT ) );
-                pwdMustChangeAt.add( "TRUE" );
-                entry.add( pwdMustChangeAt );
+                EntryAttribute pwdResetAt = new DefaultEntryAttribute( AT_PWD_RESET );
+                pwdResetAt.add( "TRUE" );
+                entry.add( pwdResetAt );
             }
 
             if ( policyConfig.getPwdInHistory() > 0 )
             {
-                EntryAttribute pwdHistoryAt = new DefaultEntryAttribute(
-                    schemaManager.lookupAttributeTypeRegistry( PWD_HISTORY_AT ) );
+                EntryAttribute pwdHistoryAt = new DefaultEntryAttribute( AT_PWD_HISTORY );
                 byte[] pwdHistoryVal = new PasswordHistory( pwdChangedTime, userPassword.get()
).getHistoryValue();
                 pwdHistoryAt.add( pwdHistoryVal );
                 entry.add( pwdHistoryAt );
@@ -567,14 +608,14 @@ public class AuthenticationInterceptor e
 
             pwdHistoryAt = new DefaultEntryAttribute( pwdHistoryAt.getAttributeType() );
             pwdHistoryAt.add( newPwdHist.getHistoryValue() );
-            pwdAddHistMod = new DefaultModification( ModificationOperation.ADD_ATTRIBUTE,
pwdHistoryAt );
+            pwdAddHistMod = new DefaultModification( ADD_ATTRIBUTE, pwdHistoryAt );
 
             if ( pwdHistSet.size() > histSize )
             {
                 pwdHistoryAt = new DefaultEntryAttribute( pwdHistoryAt.getAttributeType()
);
                 PasswordHistory remPwdHist = ( PasswordHistory ) pwdHistSet.toArray()[histSize
- 1];
                 pwdHistoryAt.add( remPwdHist.getHistoryValue() );
-                pwdRemHistMod = new DefaultModification( ModificationOperation.REMOVE_ATTRIBUTE,
pwdHistoryAt );
+                pwdRemHistMod = new DefaultModification( REMOVE_ATTRIBUTE, pwdHistoryAt );
             }
         }
 
@@ -586,11 +627,9 @@ public class AuthenticationInterceptor e
             List<Modification> mods = new ArrayList<Modification>();
             if ( ( policyConfig.getPwdMinAge() > 0 ) || ( policyConfig.getPwdMaxAge()
> 0 ) )
             {
-                EntryAttribute pwdChangedTimeAt = new DefaultEntryAttribute(
-                    schemaManager.lookupAttributeTypeRegistry( PWD_CHANGED_TIME_AT ) );
+                EntryAttribute pwdChangedTimeAt = new DefaultEntryAttribute( AT_PWD_CHANGED_TIME
);
                 pwdChangedTimeAt.add( pwdChangedTime );
-                Modification pwdChangedTimeMod = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
-                    pwdChangedTimeAt );
+                Modification pwdChangedTimeMod = new DefaultModification( REPLACE_ATTRIBUTE,
pwdChangedTimeAt );
                 mods.add( pwdChangedTimeMod );
             }
 
@@ -607,19 +646,17 @@ public class AuthenticationInterceptor e
             boolean removeFromPwdResetSet = false;
             if ( policyConfig.isPwdMustChange() )
             {
-                EntryAttribute pwdMustChangeAt = new DefaultEntryAttribute(
-                    schemaManager.lookupAttributeTypeRegistry( PWD_RESET_AT ) );
+                EntryAttribute pwdMustChangeAt = new DefaultEntryAttribute( AT_PWD_RESET
);
                 Modification pwdMustChangeMod = null;
 
                 if ( modifyContext.getSession().isAnAdministrator() )
                 {
                     pwdMustChangeAt.add( "TRUE" );
-                    pwdMustChangeMod = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
-                        pwdMustChangeAt );
+                    pwdMustChangeMod = new DefaultModification( REPLACE_ATTRIBUTE, pwdMustChangeAt
);
                 }
                 else
                 {
-                    pwdMustChangeMod = new DefaultModification( ModificationOperation.REMOVE_ATTRIBUTE,
pwdMustChangeAt );
+                    pwdMustChangeMod = new DefaultModification( REMOVE_ATTRIBUTE, pwdMustChangeAt
);
                     removeFromPwdResetSet = true;
                 }
 
@@ -629,17 +666,17 @@ public class AuthenticationInterceptor e
             EntryAttribute pwdFailureTimeAt = entry.get( PWD_FAILURE_TIME_AT );
             if ( pwdFailureTimeAt != null )
             {
-                mods.add( new DefaultModification( ModificationOperation.REMOVE_ATTRIBUTE,
pwdFailureTimeAt ) );
+                mods.add( new DefaultModification( REMOVE_ATTRIBUTE, pwdFailureTimeAt ) );
             }
 
             EntryAttribute pwdGraceUseTimeAt = entry.get( PWD_GRACE_USE_TIME_AT );
             if ( pwdGraceUseTimeAt != null )
             {
-                mods.add( new DefaultModification( ModificationOperation.REMOVE_ATTRIBUTE,
pwdGraceUseTimeAt ) );
+                mods.add( new DefaultModification( REMOVE_ATTRIBUTE, pwdGraceUseTimeAt )
);
             }
 
-            directoryService.getAdminSession().modify( modifyContext.getDn(), mods );
-
+//            directoryService.getAdminSession().modify( modifyContext.getDn(), mods );
+            
             if ( removeFromPwdResetSet )
             {
                 pwdResetSet.remove( userDn );
@@ -804,6 +841,8 @@ public class AuthenticationInterceptor e
         {
             try
             {
+                authenticator.setPwdPolicyConfig( policyConfig );
+                
                 // perform the authentication
                 LdapPrincipal principal = authenticator.authenticate( bindContext );
 
@@ -863,13 +902,12 @@ public class AuthenticationInterceptor e
                 LOG.info( "Cannot bind to the server " );
             }
 
-            if ( pwdPolicyEnabled )
+            if ( policyConfig != null )
             {
                 EntryAttribute pwdFailTimeAt = bindContext.getEntry().get( PWD_FAILURE_TIME_AT
);
                 if ( pwdFailTimeAt == null )
                 {
-                    pwdFailTimeAt = new DefaultEntryAttribute(
-                        schemaManager.lookupAttributeTypeRegistry( PWD_FAILURE_TIME_AT )
);
+                    pwdFailTimeAt = new DefaultEntryAttribute( AT_PWD_FAILURE_TIME );
                 }
                 else
                 {
@@ -878,8 +916,7 @@ public class AuthenticationInterceptor e
 
                 String failureTime = DateUtils.getGeneralizedTime();
                 pwdFailTimeAt.add( failureTime );
-                Modification pwdFailTimeMod = new DefaultModification( ModificationOperation.ADD_ATTRIBUTE,
-                    pwdFailTimeAt );
+                Modification pwdFailTimeMod = new DefaultModification( ADD_ATTRIBUTE, pwdFailTimeAt
);
 
                 List<Modification> mods = new ArrayList<Modification>();
                 mods.add( pwdFailTimeMod );
@@ -888,11 +925,9 @@ public class AuthenticationInterceptor e
 
                 if ( policyConfig.isPwdLockout() && ( numFailures >= policyConfig.getPwdMaxFailure()
) )
                 {
-                    EntryAttribute pwdAccountLockedTimeAt = new DefaultEntryAttribute(
-                        schemaManager.lookupAttributeTypeRegistry( PWD_ACCOUNT_LOCKED_TIME_AT
) );
+                    EntryAttribute pwdAccountLockedTimeAt = new DefaultEntryAttribute( AT_PWD_ACCOUNT_LOCKED_TIME
);
                     pwdAccountLockedTimeAt.add( failureTime );
-                    Modification pwdAccountLockedMod = new DefaultModification( ModificationOperation.ADD_ATTRIBUTE,
-                        pwdAccountLockedTimeAt );
+                    Modification pwdAccountLockedMod = new DefaultModification( ADD_ATTRIBUTE,
pwdAccountLockedTimeAt );
                     mods.add( pwdAccountLockedMod );
 
                     pwdRespCtrl.setPasswordPolicyError( PasswordPolicyErrorEnum.ACCOUNT_LOCKED
);
@@ -918,66 +953,80 @@ public class AuthenticationInterceptor e
                     }
                 }
 
-                adminSession.modify( dn, Collections.singletonList( pwdFailTimeMod ) );
+                //adminSession.modify( dn, Collections.singletonList( pwdFailTimeMod ) );
+                ModifyOperationContext bindModCtx = new ModifyOperationContext( adminSession
);
+                bindModCtx.setByPassed( BYPASS_INTERCEPTORS );
+                bindModCtx.setDn( dn );
+                bindModCtx.setModItems( Collections.singletonList( pwdFailTimeMod ) );
+                directoryService.getOperationManager().modify( bindModCtx );
             }
 
             String upDn = ( dn == null ? "" : dn.getName() );
             throw new LdapAuthenticationException( I18n.err( I18n.ERR_229, upDn ) );
         }
-        else if ( pwdPolicyEnabled )
+        else if ( policyConfig != null )
         {
             List<Modification> mods = new ArrayList<Modification>();
 
             if ( policyConfig.getPwdMaxIdle() > 0 )
             {
-                EntryAttribute pwdLastSuccesTimeAt = new DefaultEntryAttribute(
-                    schemaManager.lookupAttributeTypeRegistry( PWD_LAST_SUCCESS_AT ) );
+                EntryAttribute pwdLastSuccesTimeAt = new DefaultEntryAttribute( AT_PWD_LAST_SUCCESS
);
                 pwdLastSuccesTimeAt.add( DateUtils.getGeneralizedTime() );
-                Modification pwdLastSuccesTimeMod = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
-                    pwdLastSuccesTimeAt );
+                Modification pwdLastSuccesTimeMod = new DefaultModification( REPLACE_ATTRIBUTE,
pwdLastSuccesTimeAt );
                 mods.add( pwdLastSuccesTimeMod );
             }
 
-            EntryAttribute pwdFailTimeAt = new DefaultEntryAttribute(
-                schemaManager.lookupAttributeTypeRegistry( PWD_FAILURE_TIME_AT ) );
-            Modification pwdFailTimeMod = new DefaultModification( ModificationOperation.REMOVE_ATTRIBUTE,
-                pwdFailTimeAt );
-            mods.add( pwdFailTimeMod );
-
-            EntryAttribute pwdAccLockedTimeAt = new DefaultEntryAttribute(
-                schemaManager.lookupAttributeTypeRegistry( PWD_ACCOUNT_LOCKED_TIME_AT ) );
-            Modification pwdAccLockedTimeMod = new DefaultModification( ModificationOperation.REMOVE_ATTRIBUTE,
-                pwdAccLockedTimeAt );
-            mods.add( pwdAccLockedTimeMod );
+            EntryAttribute pwdFailTimeAt = userEntry.get( AT_PWD_FAILURE_TIME );
+            if( pwdFailTimeAt != null )
+            {
+                Modification pwdFailTimeMod = new DefaultModification( REMOVE_ATTRIBUTE,
pwdFailTimeAt );
+                mods.add( pwdFailTimeMod );
+            }
+
+            EntryAttribute pwdAccLockedTimeAt = userEntry.get( AT_PWD_ACCOUNT_LOCKED_TIME
);
+            if( pwdAccLockedTimeAt != null )
+            {
+                Modification pwdAccLockedTimeMod = new DefaultModification( REMOVE_ATTRIBUTE,
pwdAccLockedTimeAt );
+                mods.add( pwdAccLockedTimeMod );
+            }
 
             // checking the expiration time *after* performing authentication, do we need
to care about millisecond precision?
             if ( ( policyConfig.getPwdMaxAge() > 0 ) && ( policyConfig.getPwdGraceAuthNLimit()
> 0 ) )
             {
                 EntryAttribute pwdChangeTimeAttr = userEntry.get( PWD_CHANGED_TIME_AT );
-                boolean expired = PasswordUtil
-                    .isPwdExpired( pwdChangeTimeAttr.getString(), policyConfig.getPwdMaxAge()
);
-                if ( expired )
+                if( pwdChangeTimeAttr != null )
                 {
-                    EntryAttribute pwdGraceUseAttr = userEntry.get( PWD_GRACE_USE_TIME_AT
);
-                    if ( pwdGraceUseAttr != null )
-                    {
-                        pwdRespCtrl.setGraceAuthNsRemaining( policyConfig.getPwdGraceAuthNLimit()
-                            - ( pwdGraceUseAttr.size() + 1 ) );
-                    }
-                    else
+                    boolean expired = PasswordUtil
+                    .isPwdExpired( pwdChangeTimeAttr.getString(), policyConfig.getPwdMaxAge()
);
+                    if ( expired )
                     {
-                        pwdGraceUseAttr = new DefaultEntryAttribute(
-                            schemaManager.lookupAttributeTypeRegistry( PWD_GRACE_USE_TIME_AT
) );
+                        EntryAttribute pwdGraceUseAttr = userEntry.get( PWD_GRACE_USE_TIME_AT
);
+                        if ( pwdGraceUseAttr != null )
+                        {
+                            pwdRespCtrl.setGraceAuthNsRemaining( policyConfig.getPwdGraceAuthNLimit()
+                                - ( pwdGraceUseAttr.size() + 1 ) );
+                        }
+                        else
+                        {
+                            pwdGraceUseAttr = new DefaultEntryAttribute( AT_PWD_GRACE_USE_TIME
);
+                        }
+                        
+                        pwdGraceUseAttr.add( DateUtils.getGeneralizedTime() );
+                        Modification pwdGraceUseMod = new DefaultModification( ADD_ATTRIBUTE,
pwdGraceUseAttr );
+                        mods.add( pwdGraceUseMod );
                     }
-
-                    pwdGraceUseAttr.add( DateUtils.getGeneralizedTime() );
-                    Modification pwdGraceUseMod = new DefaultModification( ModificationOperation.ADD_ATTRIBUTE,
-                        pwdGraceUseAttr );
-                    mods.add( pwdGraceUseMod );
                 }
             }
 
-            adminSession.modify( dn, mods );
+            if( !mods.isEmpty() )
+            {
+                //adminSession.modify( dn, mods );
+                ModifyOperationContext bindModCtx = new ModifyOperationContext( adminSession
);
+                bindModCtx.setByPassed( BYPASS_INTERCEPTORS );
+                bindModCtx.setDn( dn );
+                bindModCtx.setModItems( mods );
+                directoryService.getOperationManager().modify( bindModCtx );
+            }
 
             if ( isPPolicyReqCtrlPresent )
             {
@@ -1017,6 +1066,32 @@ public class AuthenticationInterceptor e
         this.policyConfig = policyConfig;
     }
 
+    public void loadPwdPolicyStateAtributeTypes() throws LdapException
+    {
+        if ( policyConfig != null )
+        {
+            AT_PWD_RESET = schemaManager.lookupAttributeTypeRegistry( PWD_RESET_AT );
+            PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_RESET );
+            
+            AT_PWD_CHANGED_TIME = schemaManager.lookupAttributeTypeRegistry( PWD_CHANGED_TIME_AT
);
+            PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_CHANGED_TIME );
+            
+            AT_PWD_HISTORY = schemaManager.lookupAttributeTypeRegistry( PWD_HISTORY_AT );
+            PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_HISTORY );
+            
+            AT_PWD_FAILURE_TIME = schemaManager.lookupAttributeTypeRegistry( PWD_FAILURE_TIME_AT
);
+            PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_FAILURE_TIME );
+            
+            AT_PWD_ACCOUNT_LOCKED_TIME = schemaManager.lookupAttributeTypeRegistry( PWD_ACCOUNT_LOCKED_TIME_AT
);
+            PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_ACCOUNT_LOCKED_TIME );
+            
+            AT_PWD_LAST_SUCCESS = schemaManager.lookupAttributeTypeRegistry( PWD_LAST_SUCCESS_AT
);
+            PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_LAST_SUCCESS );
+            
+            AT_PWD_GRACE_USE_TIME = schemaManager.lookupAttributeTypeRegistry( PWD_GRACE_USE_TIME_AT
);
+            PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_GRACE_USE_TIME );
+        }
+    }
 
     // ---------- private methods ----------------
 
@@ -1261,11 +1336,11 @@ public class AuthenticationInterceptor e
                 pwdModDetails.setPwdModPresent( true );
                 ModificationOperation op = m.getOperation();
 
-                if ( op == ModificationOperation.REMOVE_ATTRIBUTE )
+                if ( op == REMOVE_ATTRIBUTE )
                 {
                     pwdModDetails.setDelete( true );
                 }
-                else if ( op == ModificationOperation.REPLACE_ATTRIBUTE || op == ModificationOperation.ADD_ATTRIBUTE
)
+                else if ( op == REPLACE_ATTRIBUTE || op == ADD_ATTRIBUTE )
                 {
                     pwdModDetails.setAddOrReplace( true );
                     pwdModDetails.setNewPwd( at.getBytes() );



Mime
View raw message