You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2015/07/27 09:37:44 UTC
svn commit: r1692826 -
/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
Author: elecharny
Date: Mon Jul 27 07:37:44 2015
New Revision: 1692826
URL: http://svn.apache.org/r1692826
Log:
Moved some code out from the processStandardModify method to a helper method.
Modified:
directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
Modified: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java?rev=1692826&r1=1692825&r2=1692826&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java Mon Jul 27 07:37:44 2015
@@ -1000,48 +1000,9 @@ public class AuthenticationInterceptor e
pwdHistoryAt = new DefaultAttribute( AT_PWD_HISTORY );
}
- List<PasswordHistory> pwdHistLst = new ArrayList<PasswordHistory>();
-
- for ( Value<?> value : pwdHistoryAt )
- {
- PasswordHistory pwdh = new PasswordHistory( Strings.utf8ToString( value.getBytes() ) );
-
- // Admin user is exempt from history check
- // https://issues.apache.org/jira/browse/DIRSERVER-2084
- if ( !modifyContext.getSession().isAnAdministrator() )
- {
- boolean matched = Arrays.equals( newPassword, pwdh.getPassword() );
-
- if ( matched )
- {
- if ( isPPolicyReqCtrlPresent )
- {
- PasswordPolicyDecorator responseControl =
- new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true );
- responseControl.getResponse().setPasswordPolicyError(
- PasswordPolicyErrorEnum.PASSWORD_IN_HISTORY );
- modifyContext.addResponseControl( responseControl );
- }
-
- throw new LdapOperationException( ResultCodeEnum.CONSTRAINT_VIOLATION,
- "invalid reuse of password present in password history" );
- }
- }
-
- pwdHistLst.add( pwdh );
- }
-
- if ( pwdHistLst.size() >= histSize )
- {
- // see the javadoc of PasswordHistory
- Collections.sort( pwdHistLst );
-
- // remove the oldest value
- PasswordHistory remPwdHist = ( PasswordHistory ) pwdHistLst.toArray()[histSize - 1];
- Attribute tempAt = new DefaultAttribute( AT_PWD_HISTORY );
- tempAt.add( remPwdHist.getHistoryValue() );
- pwdRemHistMod = new DefaultModification( REMOVE_ATTRIBUTE, tempAt );
- }
+ // Build the Modification containing the password history
+ pwdRemHistMod = buildPwdHistory( modifyContext, pwdHistoryAt, histSize,
+ newPassword, isPPolicyReqCtrlPresent );
PasswordHistory newPwdHist = new PasswordHistory( pwdChangedTime, newPassword );
pwdHistoryAt.add( newPwdHist.getHistoryValue() );
@@ -1117,6 +1078,61 @@ public class AuthenticationInterceptor e
}
+ /**
+ * Build the list of passwordHistory
+ */
+ Modification buildPwdHistory( ModifyOperationContext modifyContext, Attribute pwdHistoryAt,
+ int histSize, byte[] newPassword, boolean isPPolicyReqCtrlPresent ) throws LdapOperationException
+ {
+ List<PasswordHistory> pwdHistLst = new ArrayList<PasswordHistory>();
+
+ for ( Value<?> value : pwdHistoryAt )
+ {
+ PasswordHistory pwdh = new PasswordHistory( Strings.utf8ToString( value.getBytes() ) );
+
+ // Admin user is exempt from history check
+ // https://issues.apache.org/jira/browse/DIRSERVER-2084
+ if ( !modifyContext.getSession().isAnAdministrator() )
+ {
+ boolean matched = Arrays.equals( newPassword, pwdh.getPassword() );
+
+ if ( matched )
+ {
+ if ( isPPolicyReqCtrlPresent )
+ {
+ PasswordPolicyDecorator responseControl =
+ new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true );
+ responseControl.getResponse().setPasswordPolicyError(
+ PasswordPolicyErrorEnum.PASSWORD_IN_HISTORY );
+ modifyContext.addResponseControl( responseControl );
+ }
+
+ throw new LdapOperationException( ResultCodeEnum.CONSTRAINT_VIOLATION,
+ "invalid reuse of password present in password history" );
+ }
+ }
+
+ pwdHistLst.add( pwdh );
+ }
+
+ Modification pwdRemHistMod = null;
+
+ if ( pwdHistLst.size() >= histSize )
+ {
+ // see the javadoc of PasswordHistory
+ Collections.sort( pwdHistLst );
+
+ // remove the oldest value
+ PasswordHistory remPwdHist = ( PasswordHistory ) pwdHistLst.toArray()[histSize - 1];
+ Attribute tempAt = new DefaultAttribute( AT_PWD_HISTORY );
+ tempAt.add( remPwdHist.getHistoryValue() );
+ pwdRemHistMod = new DefaultModification( REMOVE_ATTRIBUTE, tempAt );
+ }
+
+ return pwdRemHistMod;
+ }
+
+
/**
* Add the passwordPolicy related Attributes from the modified entry
*/