directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kayyag...@apache.org
Subject svn commit: r1027930 - in /directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn: AbstractAuthenticator.java AuthenticationInterceptor.java Authenticator.java SimpleAuthenticator.java
Date Wed, 27 Oct 2010 12:16:35 GMT
Author: kayyagari
Date: Wed Oct 27 12:16:35 2010
New Revision: 1027930

URL: http://svn.apache.org/viewvc?rev=1027930&view=rev
Log:
o removed the set/get methods for ppolicy from the Authenticator interface
o updated the auth interceptor to use ppolicy based on the changes made to support more than
one policy as configured in the server

Modified:
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java?rev=1027930&r1=1027929&r2=1027930&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java
Wed Oct 27 12:16:35 2010
@@ -33,6 +33,7 @@ import java.util.Collections;
 import java.util.Date;
 
 import org.apache.directory.server.core.DirectoryService;
+import org.apache.directory.server.core.PasswordPolicyConfiguration;
 import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
 import org.apache.directory.shared.ldap.entry.DefaultModification;
 import org.apache.directory.shared.ldap.entry.Entry;
@@ -60,8 +61,6 @@ public abstract class AbstractAuthentica
     
     /** authenticator type */
     private final AuthenticationLevel authenticatorType;
-
-    private PasswordPolicyConfiguration pPolicyConfig;
     
     /**
      * Creates a new instance.
@@ -153,11 +152,13 @@ public abstract class AbstractAuthentica
      */
     public void checkPwdPolicy( Entry userEntry ) throws LdapException
     {
-        if( pPolicyConfig == null )
+        if( !directoryService.isPwdPolicyEnabled() )
         {
             return;
         }
 
+        PasswordPolicyConfiguration pPolicyConfig = directoryService.getPwdPolicy( userEntry
);
+        
         // check for locked out account
         if( pPolicyConfig.isPwdLockout() )
         {
@@ -255,22 +256,4 @@ public abstract class AbstractAuthentica
             }
         }
     }
-    
-    
-    /**
-     * {@inheritDoc}
-     */
-    public void setPwdPolicyConfig( PasswordPolicyConfiguration pPolicyConfig )
-    {
-        this.pPolicyConfig = pPolicyConfig;
-    }
-
-
-    /**
-     * {@inheritDoc}
-     */
-    public PasswordPolicyConfiguration getPwdPolicyConfig()
-    {
-        return pPolicyConfig;
-    }
 }

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java?rev=1027930&r1=1027929&r2=1027930&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
Wed Oct 27 12:16:35 2010
@@ -51,6 +51,8 @@ import org.apache.directory.server.core.
 import org.apache.directory.server.core.DefaultCoreSession;
 import org.apache.directory.server.core.DirectoryService;
 import org.apache.directory.server.core.LdapPrincipal;
+import org.apache.directory.server.core.PasswordPolicyConfiguration;
+import org.apache.directory.server.core.PpolicyConfigContainer;
 import org.apache.directory.server.core.admin.AdministrativePointInterceptor;
 import org.apache.directory.server.core.authz.AciAuthorizationInterceptor;
 import org.apache.directory.server.core.authz.DefaultAuthorizationInterceptor;
@@ -132,7 +134,7 @@ public class AuthenticationInterceptor e
     /** A reference to the DirectoryService instance */
     private DirectoryService directoryService;
 
-    private PasswordPolicyConfiguration policyConfig;
+    //private PasswordPolicyConfiguration policyConfig;
 
     /** A reference to the SchemaManager instance */
     private SchemaManager schemaManager;
@@ -156,6 +158,8 @@ public class AuthenticationInterceptor e
 
     private AttributeType AT_PWD_GRACE_USE_TIME;
 
+    
+    
     /**
      * the set of interceptors we should *not* go through when pwdpolicy state information
is being updated
      */
@@ -309,18 +313,21 @@ public class AuthenticationInterceptor e
 
         checkAuthenticated( addContext );
 
-        if ( policyConfig == null )
+        Entry entry = addContext.getEntry();
+        
+        
+        if ( !directoryService.isPwdPolicyEnabled() )
         {
             next.add( addContext );
             return;
         }
+        
+        PasswordPolicyConfiguration policyConfig = directoryService.getPwdPolicy( entry );
 
         boolean isPPolicyReqCtrlPresent = addContext.hasRequestControl( PasswordPolicyRequestControl.CONTROL_OID
);
 
         checkPwdReset( addContext );
 
-        Entry entry = addContext.getEntry();
-
         if ( entry.get( SchemaConstants.USER_PASSWORD_AT ) != null )
         {
             String username = null;
@@ -335,7 +342,7 @@ public class AuthenticationInterceptor e
 
             try
             {
-                check( username, userPassword.get() );
+                check( username, userPassword.get(), policyConfig );
             }
             catch ( PasswordPolicyException e )
             {
@@ -468,20 +475,24 @@ public class AuthenticationInterceptor e
 
         checkAuthenticated( modifyContext );
 
-        if ( policyConfig == null )
+        
+        if ( ! directoryService.isPwdPolicyEnabled() )
         {
             next.modify( modifyContext );
             invalidateAuthenticatorCaches( modifyContext.getDn() );
             return;
         }
 
+        // handle the case where pwdPolicySubentry AT is about to be deleted in thid modify()
+        PasswordPolicyConfiguration policyConfig = directoryService.getPwdPolicy( modifyContext.getOriginalEntry()
);
+        
         boolean isPPolicyReqCtrlPresent = modifyContext.hasRequestControl( PasswordPolicyRequestControl.CONTROL_OID
);
         DN userDn = modifyContext.getSession().getAuthenticatedPrincipal().getDN();
 
         PwdModDetailsHolder pwdModDetails = null;
         if ( policyConfig.isPwdSafeModify() || pwdResetSet.contains( userDn ) || ( policyConfig.getPwdMinAge()
> 0 ) )
         {
-            pwdModDetails = getPwdModDetails( modifyContext );
+            pwdModDetails = getPwdModDetails( modifyContext, policyConfig );
         }
 
         if ( ( pwdModDetails != null ) && pwdModDetails.isPwdModPresent() )
@@ -532,7 +543,7 @@ public class AuthenticationInterceptor e
 
             Entry entry = modifyContext.getEntry();
 
-            if ( isPwdTooYoung( entry ) )
+            if ( isPwdTooYoung( entry, policyConfig ) )
             {
                 if ( isPPolicyReqCtrlPresent )
                 {
@@ -558,7 +569,7 @@ public class AuthenticationInterceptor e
                 newPassword = pwdModDetails.getNewPwd();
                 try
                 {
-                    check( userName, newPassword );
+                    check( userName, newPassword, policyConfig );
                 }
                 catch ( PasswordPolicyException e )
                 {
@@ -849,8 +860,6 @@ public class AuthenticationInterceptor e
         {
             try
             {
-                authenticator.setPwdPolicyConfig( policyConfig );
-
                 // perform the authentication
                 LdapPrincipal principal = authenticator.authenticate( bindContext );
 
@@ -903,6 +912,8 @@ public class AuthenticationInterceptor e
         DN dn = bindContext.getDn();
         Entry userEntry = bindContext.getEntry();
         
+        PasswordPolicyConfiguration policyConfig = directoryService.getPwdPolicy( userEntry
);
+        
         // check if the user entry is null, it will be null
         // in cases of anonymous bind
         if ( authenticated && ( userEntry == null ) && directoryService.isAllowAnonymousAccess()
) 
@@ -1045,7 +1056,7 @@ public class AuthenticationInterceptor e
 
             if ( isPPolicyReqCtrlPresent )
             {
-                int expiryWarnTime = getPwdTimeBeforeExpiry( userEntry );
+                int expiryWarnTime = getPwdTimeBeforeExpiry( userEntry, policyConfig );
                 if ( expiryWarnTime > 0 )
                 {
                     pwdRespCtrl.setTimeBeforeExpiration( expiryWarnTime );
@@ -1069,22 +1080,30 @@ public class AuthenticationInterceptor e
         super.unbind( next, unbindContext );
 
         // remove the DN from the password reset Set
-        if ( ( policyConfig != null ) && ( policyConfig.isPwdMustChange() ) )
+        // we do not perform a check to see if the reset flag in the associated ppolicy is
enabled
+        // cause that requires fetching the ppolicy first, which requires a lookup for user
entry
+        if ( !directoryService.isPwdPolicyEnabled() )
         {
             pwdResetSet.remove( unbindContext.getDn() );
         }
     }
 
 
+    /**
+     * a temporary hack to set the ppolicies in the DS
+     * @deprecated this method will be removed after the config branch gets merged in trunk
+     */
     public void setPwdPolicyConfig( PasswordPolicyConfiguration policyConfig )
     {
-        this.policyConfig = policyConfig;
+        PpolicyConfigContainer policyContainer = new PpolicyConfigContainer();
+        policyContainer.setDefaultPolicy( policyConfig );
+        directoryService.setPwdPolicies( policyContainer );
     }
 
 
     public void loadPwdPolicyStateAtributeTypes() throws LdapException
     {
-        if ( policyConfig != null )
+        if ( directoryService.isPwdPolicyEnabled() )
         {
             AT_PWD_RESET = schemaManager.lookupAttributeTypeRegistry( PWD_RESET_AT );
             PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_RESET );
@@ -1112,7 +1131,7 @@ public class AuthenticationInterceptor e
 
     // ---------- private methods ----------------
 
-    private void check( String username, byte[] password ) throws LdapException
+    private void check( String username, byte[] password, PasswordPolicyConfiguration policyConfig
) throws LdapException
     {
         final int qualityVal = policyConfig.getPwdCheckQuality();
 
@@ -1139,8 +1158,8 @@ public class AuthenticationInterceptor e
         }
 
         String strPassword = StringTools.utf8ToString( password );
-        validatePasswordLength( strPassword );
-        checkUsernameSubstring( username, strPassword );
+        validatePasswordLength( strPassword, policyConfig );
+        checkUsernameSubstring( username, strPassword, policyConfig );
         //        checkPasswordChars( strPassword );
     }
 
@@ -1148,7 +1167,7 @@ public class AuthenticationInterceptor e
     /**
      * validates the length of the password
      */
-    private void validatePasswordLength( String password ) throws PasswordPolicyException
+    private void validatePasswordLength( String password, PasswordPolicyConfiguration policyConfig
) throws PasswordPolicyException
     {
         int maxLen = policyConfig.getPwdMaxLength();
         int minLen = policyConfig.getPwdMinLength();
@@ -1238,7 +1257,7 @@ public class AuthenticationInterceptor e
      * "first" or "last" as a substring anywhere in the password. All of these checks are
      * case-insensitive.
      */
-    private void checkUsernameSubstring( String username, String password ) throws PasswordPolicyException
+    private void checkUsernameSubstring( String username, String password, PasswordPolicyConfiguration
policyConfig ) throws PasswordPolicyException
     {
         if ( username == null || username.trim().length() == 0 )
         {
@@ -1258,7 +1277,7 @@ public class AuthenticationInterceptor e
     }
 
 
-    private int getPwdTimeBeforeExpiry( Entry userEntry ) throws LdapException
+    private int getPwdTimeBeforeExpiry( Entry userEntry, PasswordPolicyConfiguration policyConfig
) throws LdapException
     {
         if ( policyConfig.getPwdMaxAge() == 0 )
         {
@@ -1299,7 +1318,7 @@ public class AuthenticationInterceptor e
      * @return true if the password is young, false otherwise
      * @throws LdapException
      */
-    private boolean isPwdTooYoung( Entry userEntry ) throws LdapException
+    private boolean isPwdTooYoung( Entry userEntry, PasswordPolicyConfiguration policyConfig
) throws LdapException
     {
         if ( policyConfig.getPwdMinAge() == 0 )
         {
@@ -1340,7 +1359,7 @@ public class AuthenticationInterceptor e
     }
 
 
-    private PwdModDetailsHolder getPwdModDetails( ModifyOperationContext modifyContext )
throws LdapException
+    private PwdModDetailsHolder getPwdModDetails( ModifyOperationContext modifyContext, PasswordPolicyConfiguration
policyConfig ) throws LdapException
     {
         PwdModDetailsHolder pwdModDetails = new PwdModDetailsHolder();
 
@@ -1383,7 +1402,7 @@ public class AuthenticationInterceptor e
      */
     private void checkPwdReset( OperationContext opContext ) throws LdapException
     {
-        if ( policyConfig != null )
+        if ( ! directoryService.isPwdPolicyEnabled() )
         {
             CoreSession session = opContext.getSession();
 
@@ -1405,6 +1424,7 @@ public class AuthenticationInterceptor e
         }
     }
 
+    
     private class PwdModDetailsHolder
     {
         private boolean pwdModPresent = false;

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java?rev=1027930&r1=1027929&r2=1027930&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java
Wed Oct 27 12:16:35 2010
@@ -88,18 +88,6 @@ public interface Authenticator
     
     
     /**
-     * @param pPolicyConfig the password policy configuration to be used while authenticating
-     */
-    void setPwdPolicyConfig( PasswordPolicyConfiguration pPolicyConfig );
-    
-    
-    /**
-     * @return the pwdpolicy configuration, can be null if pwdpolicy wasn't enabled
-     */
-    PasswordPolicyConfiguration getPwdPolicyConfig();
-    
-    
-    /**
      *  performs checks on the given entry based on the specified password policy configuration
      *
      * @param userEntry the user entry to be checked for authentication

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java?rev=1027930&r1=1027929&r2=1027930&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
Wed Oct 27 12:16:35 2010
@@ -157,7 +157,7 @@ public class SimpleAuthenticator extends
         LdapPrincipal principal = null;
 
         // use cache only if pwdpolicy is not enabled
-        if( getPwdPolicyConfig() == null )
+        if( !getDirectoryService().isPwdPolicyEnabled() )
         {
             synchronized ( credentialCache )
             {
@@ -186,7 +186,7 @@ public class SimpleAuthenticator extends
             principal = new LdapPrincipal( bindContext.getDn(), AuthenticationLevel.SIMPLE,
storedPassword );
 
             // Now, update the local cache ONLY if pwdpolicy is not enabled.
-            if( getPwdPolicyConfig() == null )
+            if( !getDirectoryService().isPwdPolicyEnabled() )
             {
                 synchronized ( credentialCache )
                 {



Mime
View raw message