You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2015/04/22 01:34:24 UTC

svn commit: r1675211 - /directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java

Author: elecharny
Date: Tue Apr 21 23:34:23 2015
New Revision: 1675211

URL: http://svn.apache.org/r1675211
Log:
The authenticator may return a null Principal, just check that

Modified:
    directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java

Modified: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java?rev=1675211&r1=1675210&r2=1675211&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java Tue Apr 21 23:34:23 2015
@@ -142,7 +142,7 @@ public class AuthenticationInterceptor e
     private AttributeType AT_PWD_LAST_SUCCESS;
 
     private AttributeType AT_PWD_GRACE_USE_TIME;
-    
+
     private AttributeType AT_CREATE_TIMESTAMP;
 
     /** a container to hold all the ppolicies */
@@ -383,7 +383,7 @@ public class AuthenticationInterceptor e
             {
                 // https://issues.apache.org/jira/browse/DIRSERVER-1978
                 if ( !addContext.getSession().isAnAdministrator()
-                        || entry.get( AT_PWD_CHANGED_TIME ) == null ) 
+                    || entry.get( AT_PWD_CHANGED_TIME ) == null )
                 {
                     Attribute pwdChangedTimeAt = new DefaultAttribute( AT_PWD_CHANGED_TIME );
                     pwdChangedTimeAt.add( pwdChangedTime );
@@ -464,20 +464,23 @@ public class AuthenticationInterceptor e
                     // perform the authentication
                     LdapPrincipal principal = authenticator.authenticate( bindContext );
 
-                    LdapPrincipal clonedPrincipal = ( LdapPrincipal ) ( principal.clone() );
+                    if ( principal != null )
+                    {
+                        LdapPrincipal clonedPrincipal = ( LdapPrincipal ) ( principal.clone() );
 
-                    // remove creds so there is no security risk
-                    bindContext.setCredentials( null );
-                    clonedPrincipal.setUserPassword( StringConstants.EMPTY_BYTES );
+                        // remove creds so there is no security risk
+                        bindContext.setCredentials( null );
+                        clonedPrincipal.setUserPassword( StringConstants.EMPTY_BYTES );
 
-                    // authentication was successful
-                    CoreSession session = new DefaultCoreSession( clonedPrincipal, directoryService );
-                    bindContext.setSession( session );
+                        // authentication was successful
+                        CoreSession session = new DefaultCoreSession( clonedPrincipal, directoryService );
+                        bindContext.setSession( session );
 
-                    authenticated = true;
+                        authenticated = true;
 
-                    // break out of the loop if the authentication succeeded
-                    break;
+                        // break out of the loop if the authentication succeeded
+                        break;
+                    }
                 }
                 catch ( PasswordPolicyException e )
                 {
@@ -1265,14 +1268,14 @@ public class AuthenticationInterceptor e
 
 
     // ---------- private methods ----------------
-    private void check( OperationContext operationContext, Entry entry, 
+    private void check( OperationContext operationContext, Entry entry,
         byte[] password, PasswordPolicyConfiguration policyConfig )
         throws LdapException
     {
         // https://issues.apache.org/jira/browse/DIRSERVER-1928
-        if ( operationContext.getSession().isAnAdministrator() ) 
+        if ( operationContext.getSession().isAnAdministrator() )
         {
-            return;    
+            return;
         }
         final CheckQualityEnum qualityVal = policyConfig.getPwdCheckQuality();
 
@@ -1338,9 +1341,9 @@ public class AuthenticationInterceptor e
     }
 
 
-    private AttributeType getCreateTimestampAttributeType() throws LdapException 
+    private AttributeType getCreateTimestampAttributeType() throws LdapException
     {
-        if ( AT_CREATE_TIMESTAMP == null ) 
+        if ( AT_CREATE_TIMESTAMP == null )
         {
             AT_CREATE_TIMESTAMP = schemaManager.lookupAttributeTypeRegistry( SchemaConstants.CREATE_TIMESTAMP_AT );
         }
@@ -1364,7 +1367,7 @@ public class AuthenticationInterceptor e
         }
 
         Attribute pwdChangedTimeAt = userEntry.get( AT_PWD_CHANGED_TIME );
-        if ( pwdChangedTimeAt == null ) 
+        if ( pwdChangedTimeAt == null )
         {
             pwdChangedTimeAt = userEntry.get( getCreateTimestampAttributeType() );
         }
@@ -1383,12 +1386,12 @@ public class AuthenticationInterceptor e
         if ( pwdAge >= warningAge )
         {
             long timeBeforeExpiration = ( ( long ) policyConfig.getPwdMaxAge() ) - pwdAge;
-            
+
             if ( timeBeforeExpiration > Integer.MAX_VALUE )
             {
                 timeBeforeExpiration = Integer.MAX_VALUE;
             }
-            
+
             return ( int ) timeBeforeExpiration;
         }
 
@@ -1403,25 +1406,25 @@ public class AuthenticationInterceptor e
      * @return true if the password is young, false otherwise
      * @throws LdapException
      */
-    private boolean isPwdTooYoung( OperationContext operationContext, 
+    private boolean isPwdTooYoung( OperationContext operationContext,
         Entry userEntry, PasswordPolicyConfiguration policyConfig ) throws LdapException
     {
-       // https://issues.apache.org/jira/browse/DIRSERVER-1928
-       if ( operationContext.getSession().isAnAdministrator() ) 
-       {
-           return false;    
-       }
-       if ( policyConfig.getPwdMinAge() == 0 )
+        // https://issues.apache.org/jira/browse/DIRSERVER-1928
+        if ( operationContext.getSession().isAnAdministrator() )
+        {
+            return false;
+        }
+        if ( policyConfig.getPwdMinAge() == 0 )
         {
             return false;
         }
 
         // see sections 7.8 and 7.2 of the ppolicy draft
-        if ( policyConfig.isPwdMustChange() && pwdResetSet.contains( userEntry.getDn().getNormName() ) ) 
+        if ( policyConfig.isPwdMustChange() && pwdResetSet.contains( userEntry.getDn().getNormName() ) )
         {
             return false;
         }
-        
+
         Attribute pwdChangedTimeAt = userEntry.get( AT_PWD_CHANGED_TIME );
 
         if ( pwdChangedTimeAt != null )
@@ -1627,7 +1630,7 @@ public class AuthenticationInterceptor e
         {
             return pwdPolicyContainer.getDefaultPolicy();
         }
-        
+
         if ( pwdPolicyContainer.hasCustomConfigs() )
         {
             Attribute pwdPolicySubentry = userEntry.get( pwdPolicySubentryAT );
@@ -1643,7 +1646,9 @@ public class AuthenticationInterceptor e
                 }
                 else
                 {
-                    LOG.warn( "The custom password policy for the user entry {} is not found, returning default policy configuration", userEntry.getDn() );
+                    LOG.warn(
+                        "The custom password policy for the user entry {} is not found, returning default policy configuration",
+                        userEntry.getDn() );
                 }
             }
         }