You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ka...@apache.org on 2011/04/19 23:42:18 UTC
svn commit: r1095220 - in /directory/apacheds/trunk: core-api/
core-api/src/main/java/org/apache/directory/server/core/ppolicy/
core/src/main/java/org/apache/directory/server/core/authn/
Author: kayyagari
Date: Tue Apr 19 21:42:18 2011
New Revision: 1095220
URL: http://svn.apache.org/viewvc?rev=1095220&view=rev
Log:
o removed the dependency on codec-extra module
o fixed the ppolicy exception class to use numeric values instead of ppolicy error enum, updated the dependent code
Modified:
directory/apacheds/trunk/core-api/pom.xml
directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/ppolicy/DefaultPasswordValidator.java
directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/ppolicy/PasswordPolicyException.java
directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java
directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
Modified: directory/apacheds/trunk/core-api/pom.xml
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-api/pom.xml?rev=1095220&r1=1095219&r2=1095220&view=diff
==============================================================================
--- directory/apacheds/trunk/core-api/pom.xml (original)
+++ directory/apacheds/trunk/core-api/pom.xml Tue Apr 19 21:42:18 2011
@@ -118,17 +118,6 @@
<artifactId>ehcache-core</artifactId>
</dependency>
- <dependency>
- <groupId>org.apache.directory.shared</groupId>
- <artifactId>shared-ldap-extras-codec</artifactId>
- <scope>provided</scope>
- </dependency>
-
- <dependency>
- <groupId>org.apache.directory.shared</groupId>
- <artifactId>shared-ldap-extras-codec</artifactId>
- <scope>provided</scope>
- </dependency>
</dependencies>
<build>
Modified: directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/ppolicy/DefaultPasswordValidator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/ppolicy/DefaultPasswordValidator.java?rev=1095220&r1=1095219&r2=1095220&view=diff
==============================================================================
--- directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/ppolicy/DefaultPasswordValidator.java (original)
+++ directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/ppolicy/DefaultPasswordValidator.java Tue Apr 19 21:42:18 2011
@@ -21,9 +21,6 @@
package org.apache.directory.server.core.ppolicy;
-import static org.apache.directory.shared.ldap.extras.controls.ppolicy.PasswordPolicyErrorEnum.INSUFFICIENT_PASSWORD_QUALITY;
-
-
/**
* The default password validator.
*
@@ -79,8 +76,7 @@ public class DefaultPasswordValidator im
{
if ( password.matches( "(?i).*" + tokens[ii] + ".*" ) )
{
- throw new PasswordPolicyException( "Password shouldn't contain parts of the username",
- INSUFFICIENT_PASSWORD_QUALITY );
+ throw new PasswordPolicyException( "Password shouldn't contain parts of the username", 5 );// 5 == PasswordPolicyErrorEnum.INSUFFICIENT_PASSWORD_QUALITY
}
}
}
Modified: directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/ppolicy/PasswordPolicyException.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/ppolicy/PasswordPolicyException.java?rev=1095220&r1=1095219&r2=1095220&view=diff
==============================================================================
--- directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/ppolicy/PasswordPolicyException.java (original)
+++ directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/ppolicy/PasswordPolicyException.java Tue Apr 19 21:42:18 2011
@@ -20,7 +20,6 @@
package org.apache.directory.server.core.ppolicy;
-import org.apache.directory.shared.ldap.extras.controls.ppolicy.PasswordPolicyErrorEnum;
import org.apache.directory.shared.ldap.model.exception.LdapException;
@@ -34,8 +33,10 @@ public class PasswordPolicyException ext
private static final long serialVersionUID = -9158126177779964262L;
/** password policy error code */
- private PasswordPolicyErrorEnum errorCode;
+ private int errorCode;
+ /** the array of valid error codes representing password policy errors */
+ private static final int[] VALID_CODES = {0, 1, 2, 3, 4, 5, 6, 7, 8};
public PasswordPolicyException( Throwable cause )
{
@@ -49,21 +50,44 @@ public class PasswordPolicyException ext
}
- public PasswordPolicyException( String message, PasswordPolicyErrorEnum errorCode )
+ public PasswordPolicyException( String message, int errorCode )
{
super( message );
+ validateErrorCode( errorCode );
this.errorCode = errorCode;
}
- public PasswordPolicyException( PasswordPolicyErrorEnum errorCode )
+ public PasswordPolicyException( int errorCode )
{
+ validateErrorCode( errorCode );
this.errorCode = errorCode;
}
- public PasswordPolicyErrorEnum getErrorCode()
+ public int getErrorCode()
{
return errorCode;
}
+
+
+ /**
+ * this method checks if the given error code is valid or not.
+ * This method was created cause using PasswordPolicyErrorEnum class creates some
+ * unwanted dependency issues on core-api
+ *
+ * @param errorCode the error code of password policy
+ */
+ private void validateErrorCode( int errorCode )
+ {
+ for ( int i : VALID_CODES )
+ {
+ if ( i == errorCode )
+ {
+ return;
+ }
+ }
+
+ throw new IllegalArgumentException( "Unknown password policy response error code " + errorCode );
+ }
}
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java?rev=1095220&r1=1095219&r2=1095220&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java Tue Apr 19 21:42:18 2011
@@ -171,7 +171,7 @@ public abstract class AbstractAuthentica
String lockedTime = accountLockAttr.getString();
if( lockedTime.equals( "000001010000Z" ) )
{
- throw new PasswordPolicyException( "account was permanently locked", ACCOUNT_LOCKED );
+ throw new PasswordPolicyException( "account was permanently locked", ACCOUNT_LOCKED.getValue() );
}
else
{
@@ -182,7 +182,7 @@ public abstract class AbstractAuthentica
Date unlockedDate = new Date( time );
if( lockedDate.before( unlockedDate ) )
{
- throw new PasswordPolicyException( "account will remain locked till " + unlockedDate, ACCOUNT_LOCKED );
+ throw new PasswordPolicyException( "account will remain locked till " + unlockedDate, ACCOUNT_LOCKED.getValue() );
}
else
{
@@ -203,7 +203,7 @@ public abstract class AbstractAuthentica
if( System.currentTimeMillis() < pwdStartTime.getTime() )
{
- throw new PasswordPolicyException( "account is locked, will be activated after " + pwdStartTime, ACCOUNT_LOCKED );
+ throw new PasswordPolicyException( "account is locked, will be activated after " + pwdStartTime, ACCOUNT_LOCKED.getValue() );
}
}
@@ -214,7 +214,7 @@ public abstract class AbstractAuthentica
if( System.currentTimeMillis() >= pwdEndTime.getTime() )
{
- throw new PasswordPolicyException( "password end time reached, will be locked till administrator activates it", ACCOUNT_LOCKED );
+ throw new PasswordPolicyException( "password end time reached, will be locked till administrator activates it", ACCOUNT_LOCKED.getValue() );
}
}
@@ -226,7 +226,7 @@ public abstract class AbstractAuthentica
if( System.currentTimeMillis() >= time )
{
- throw new PasswordPolicyException( "account locked due to the max idle time of the password was exceeded", ACCOUNT_LOCKED );
+ throw new PasswordPolicyException( "account locked due to the max idle time of the password was exceeded", ACCOUNT_LOCKED.getValue() );
}
}
@@ -241,7 +241,7 @@ public abstract class AbstractAuthentica
{
if( pwdGraceUseAttr.size() >= pPolicyConfig.getPwdGraceAuthNLimit() )
{
- throw new PasswordPolicyException( "paasword expired and max grace logins were used", PASSWORD_EXPIRED );
+ throw new PasswordPolicyException( "paasword expired and max grace logins were used", PASSWORD_EXPIRED.getValue() );
}
}
}
@@ -252,7 +252,7 @@ public abstract class AbstractAuthentica
if( expired )
{
- throw new PasswordPolicyException( "paasword expired", PASSWORD_EXPIRED );
+ throw new PasswordPolicyException( "paasword expired", PASSWORD_EXPIRED.getValue() );
}
}
}
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java?rev=1095220&r1=1095219&r2=1095220&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java Tue Apr 19 21:42:18 2011
@@ -367,7 +367,7 @@ public class AuthenticationInterceptor e
{
PasswordPolicyDecorator responseControl =
new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true );
- responseControl.getResponse().setPasswordPolicyError( e.getErrorCode() );
+ responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.get( e.getErrorCode() ) );
addContext.addResponseControl( responseControl );
}
@@ -595,7 +595,7 @@ public class AuthenticationInterceptor e
{
PasswordPolicyDecorator responseControl =
new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true );
- responseControl.getResponse().setPasswordPolicyError( e.getErrorCode() );
+ responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.get( e.getErrorCode() ) );
modifyContext.addResponseControl( responseControl );
}
@@ -921,7 +921,7 @@ public class AuthenticationInterceptor e
{
if ( isPPolicyReqCtrlPresent )
{
- pwdRespCtrl.getResponse().setPasswordPolicyError( ppe.getErrorCode() );
+ pwdRespCtrl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.get( ppe.getErrorCode() ) );
bindContext.addResponseControl( pwdRespCtrl );
}
@@ -1175,7 +1175,7 @@ public class AuthenticationInterceptor e
else
{
throw new PasswordPolicyException( "cannot verify the quality of the non-cleartext passwords",
- INSUFFICIENT_PASSWORD_QUALITY );
+ INSUFFICIENT_PASSWORD_QUALITY.getValue() );
}
}
@@ -1203,7 +1203,7 @@ public class AuthenticationInterceptor e
if ( pwdLen > maxLen )
{
throw new PasswordPolicyException( "Password should not have more than " + maxLen + " characters",
- INSUFFICIENT_PASSWORD_QUALITY );
+ INSUFFICIENT_PASSWORD_QUALITY.getValue() );
}
}
@@ -1212,7 +1212,7 @@ public class AuthenticationInterceptor e
if ( pwdLen < minLen )
{
throw new PasswordPolicyException( "Password should have a minmum of " + minLen + " characters",
- PASSWORD_TOO_SHORT );
+ PASSWORD_TOO_SHORT.getValue() );
}
}
}
Re: svn commit: r1095220 - in /directory/apacheds/trunk: core-api/
core-api/src/main/java/org/apache/directory/server/core/ppolicy/ core/src/main/java/org/apache/directory/server/core/authn/
Posted by Emmanuel Lecharny <el...@gmail.com>.
On 4/19/11 11:42 PM, kayyagari@apache.org wrote:
> Author: kayyagari
> Date: Tue Apr 19 21:42:18 2011
> New Revision: 1095220
>
> URL: http://svn.apache.org/viewvc?rev=1095220&view=rev
> Log:
> o removed the dependency on codec-extra module
> o fixed the ppolicy exception class to use numeric values instead of ppolicy error enum, updated the dependent code
I had something more drastic in mind : make all the PPolicy classes
depend on the Authenticator interceptor.
The idea is to create a package under this interceptor, and have all the
classes moved there. The DS would expose a getter to know if the ppolicy
is set :
boolean isPwdPolicyEnabled();
but the implementation will ask the authentication interceptor about it.
For the configuration, I also think that the ppolicy config shoul dbe
part of the Authn interceptor config, instead of being a part of the DS
config.
I have started to see what kind of impact it has on the server, it's not
that big.
I will play around this idea tomorrow, as I have to take a train to go
visit my client, and it's a 45 mins trip.
thoughts ?
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com