You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2011/10/15 09:43:27 UTC
svn commit: r1183592 - in
/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn:
AuthenticationInterceptor.java PasswordHistory.java PasswordUtil.java
Author: elecharny
Date: Sat Oct 15 07:43:27 2011
New Revision: 1183592
URL: http://svn.apache.org/viewvc?rev=1183592&view=rev
Log:
Applied Kiran's changes
Modified:
directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/PasswordHistory.java
directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java
Modified: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java?rev=1183592&r1=1183591&r2=1183592&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java Sat Oct 15 07:43:27 2011
@@ -608,12 +608,13 @@ public class AuthenticationInterceptor e
if ( histSize > 0 )
{
Attribute pwdHistoryAt = entry.get( PWD_HISTORY_AT );
+
if ( pwdHistoryAt == null )
{
- pwdHistoryAt = new DefaultAttribute( AT_PWD_HISTORY );
+ pwdHistoryAt = new DefaultAttribute( AT_PWD_HISTORY );
}
- Set<PasswordHistory> pwdHistSet = new TreeSet<PasswordHistory>();
+ List<PasswordHistory> pwdHistLst = new ArrayList<PasswordHistory>();
for ( Value<?> value : pwdHistoryAt )
{
@@ -635,22 +636,26 @@ public class AuthenticationInterceptor e
"invalid reuse of password present in password history" );
}
- pwdHistSet.add( pwdh );
+ pwdHistLst.add( pwdh );
}
+ if ( pwdHistLst.size() >= histSize )
+ {
+ // see the javadoc of PasswordHistory
+ Collections.sort( pwdHistLst );
+
+ // remove the oldest value
+ PasswordHistory remPwdHist = ( PasswordHistory ) pwdHistLst.toArray()[histSize - 1];
+ Attribute tempAt = new DefaultAttribute( AT_PWD_HISTORY );
+ tempAt.add( remPwdHist.getHistoryValue() );
+ pwdRemHistMod = new DefaultModification( REMOVE_ATTRIBUTE, tempAt );
+ }
+
+ pwdHistoryAt.clear();
PasswordHistory newPwdHist = new PasswordHistory( pwdChangedTime, newPassword );
- pwdHistSet.add( newPwdHist );
-
pwdHistoryAt.clear();
pwdHistoryAt.add( newPwdHist.getHistoryValue() );
pwdAddHistMod = new DefaultModification( ADD_ATTRIBUTE, pwdHistoryAt );
-
- if ( pwdHistSet.size() > histSize )
- {
- PasswordHistory remPwdHist = ( PasswordHistory ) pwdHistSet.toArray()[histSize - 1];
- pwdHistoryAt.add( remPwdHist.getHistoryValue() );
- pwdRemHistMod = new DefaultModification( REMOVE_ATTRIBUTE, pwdHistoryAt );
- }
}
next.modify( modifyContext );
@@ -1057,22 +1062,28 @@ public class AuthenticationInterceptor e
if ( ( policyConfig.getPwdMaxAge() > 0 ) && ( policyConfig.getPwdGraceAuthNLimit() > 0 ) )
{
Attribute pwdChangeTimeAttr = userEntry.get( PWD_CHANGED_TIME_AT );
+
if ( pwdChangeTimeAttr != null )
{
boolean expired = PasswordUtil.isPwdExpired( pwdChangeTimeAttr.getString(),
policyConfig.getPwdMaxAge() );
+
if ( expired )
{
Attribute pwdGraceUseAttr = userEntry.get( PWD_GRACE_USE_TIME_AT );
+ int numGraceAuth = 0;
+
if ( pwdGraceUseAttr != null )
{
- pwdRespCtrl.getResponse().setGraceAuthNsRemaining( policyConfig.getPwdGraceAuthNLimit()
- - ( pwdGraceUseAttr.size() + 1 ) );
+ numGraceAuth = policyConfig.getPwdGraceAuthNLimit() - ( pwdGraceUseAttr.size() + 1 );
}
else
{
pwdGraceUseAttr = new DefaultAttribute( AT_PWD_GRACE_USE_TIME );
+ numGraceAuth = policyConfig.getPwdGraceAuthNLimit() - 1;
}
+
+ pwdRespCtrl.getResponse().setGraceAuthNsRemaining( numGraceAuth );
pwdGraceUseAttr.add( DateUtils.getGeneralizedTime() );
Modification pwdGraceUseMod = new DefaultModification( ADD_ATTRIBUTE, pwdGraceUseAttr );
@@ -1094,6 +1105,7 @@ public class AuthenticationInterceptor e
if ( isPPolicyReqCtrlPresent )
{
int expiryWarnTime = getPwdTimeBeforeExpiry( userEntry, policyConfig );
+
if ( expiryWarnTime > 0 )
{
pwdRespCtrl.getResponse().setTimeBeforeExpiration( expiryWarnTime );
@@ -1233,8 +1245,9 @@ public class AuthenticationInterceptor e
return 0;
}
- Attribute pwdExpireWarningAt = userEntry.get( PWD_EXPIRE_WARNING_AT );
- if ( pwdExpireWarningAt == null )
+ int warningAge = policyConfig.getPwdExpireWarning();
+
+ if ( warningAge <= 0 )
{
return 0;
}
@@ -1242,15 +1255,16 @@ public class AuthenticationInterceptor e
Attribute pwdChangedTimeAt = userEntry.get( PWD_CHANGED_TIME_AT );
long changedTime = DateUtils.getDate(pwdChangedTimeAt.getString()).getTime();
- int pwdAge = ( int ) ( System.currentTimeMillis() - changedTime ) / 1000;
-
+ long currentTime = DateUtils.getDate( DateUtils.getGeneralizedTime() ).getTime();
+ int pwdAge = ( int ) ( currentTime - changedTime ) / 1000;
+
if ( pwdAge > policyConfig.getPwdMaxAge() )
{
return 0;
}
- int warningAge = ( int ) ( DateUtils.getDate( pwdExpireWarningAt.getString() ).getTime() ) / 1000;
-
+ warningAge = policyConfig.getPwdMaxAge() - warningAge;
+
if ( pwdAge >= warningAge )
{
return policyConfig.getPwdMaxAge() - pwdAge;
@@ -1275,15 +1289,18 @@ public class AuthenticationInterceptor e
}
Attribute pwdChangedTimeAt = userEntry.get( PWD_CHANGED_TIME_AT );
+
if ( pwdChangedTimeAt != null )
{
- long changedTime = DateUtils.getDate( pwdChangedTimeAt.getString() ).getTime();
- changedTime += policyConfig.getPwdMinAge() * 1000;
-
- if ( changedTime > System.currentTimeMillis() )
- {
- return true;
- }
+ long changedTime = DateUtils.getDate( pwdChangedTimeAt.getString() ).getTime();
+ changedTime += policyConfig.getPwdMinAge() * 1000;
+
+ long currentTime = DateUtils.getDate( DateUtils.getGeneralizedTime() ).getTime();
+
+ if ( changedTime > currentTime )
+ {
+ return true;
+ }
}
return false;
Modified: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/PasswordHistory.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/PasswordHistory.java?rev=1183592&r1=1183591&r2=1183592&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/PasswordHistory.java (original)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/PasswordHistory.java Sat Oct 15 07:43:27 2011
@@ -23,12 +23,14 @@ package org.apache.directory.server.core
import org.apache.directory.shared.ldap.model.constants.SchemaConstants;
import org.apache.directory.shared.util.Base64;
-import org.apache.directory.shared.util.DateUtils;
import org.apache.directory.shared.util.Strings;
/**
* A class to hold the data of historical passwords of a entry.
+ * Note: This class's natural ordering is inconsistent with the equals() method
+ * hence it is advised not to use this in any implementations of sorted sets
+ * Instead use Collections.sort() to sort the collection of PasswordHistory objects.
*
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$, $Date$
@@ -131,7 +133,8 @@ public class PasswordHistory implements
PasswordHistory other = ( PasswordHistory ) o;
- return this.getTime().equals( other.getTime() );
+ return this.getTime().equals( other.getTime() ) &&
+ this.data.equals( other.data );
}
@@ -154,11 +157,4 @@ public class PasswordHistory implements
return "PasswordHistory [time=" + time + ", syntaxOID=" + syntaxOID + ", length=" + length + ", data=" + data
+ "]";
}
-
- public static void main( String[] args )
- {
- byte[] pwdhBytes = new PasswordHistory( DateUtils.getGeneralizedTime(), "secret".getBytes() ).getHistoryValue();
- PasswordHistory pwdHistory = new PasswordHistory( Strings.utf8ToString(pwdhBytes) );
- System.out.println( pwdHistory );
- }
}
Modified: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java?rev=1183592&r1=1183591&r2=1183592&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java (original)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java Sat Oct 15 07:43:27 2011
@@ -498,12 +498,12 @@ public class PasswordUtil
long time = pwdMaxAgeSec * 1000;
time += pwdChangeDate.getTime();
- Date expiryDate = new Date( time );
- Date now = new Date();
+ Date expiryDate = DateUtils.getDate( DateUtils.getGeneralizedTime( time ) );
+ Date now = DateUtils.getDate( DateUtils.getGeneralizedTime() );
boolean expired = false;
- if ( expiryDate.equals( now ) || expiryDate.after( now ) )
+ if ( expiryDate.equals( now ) || expiryDate.before( now ) )
{
expired = true;
}
@@ -527,7 +527,7 @@ public class PasswordUtil
interval *= 1000;
- long currentTime = System.currentTimeMillis();
+ long currentTime = DateUtils.getDate( DateUtils.getGeneralizedTime() ).getTime();
List<Value<?>> valList = new ArrayList<Value<?>>();
for ( Value<?> value : pwdFailTimeAt )