You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by sm...@apache.org on 2015/03/19 23:20:23 UTC
directory-fortress-core git commit: FC-57 - fixed regression that
broke openldap pw policy
Repository: directory-fortress-core
Updated Branches:
refs/heads/master 8fc5dd152 -> 77c52ff3c
FC-57 - fixed regression that broke openldap pw policy
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/77c52ff3
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/77c52ff3
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/77c52ff3
Branch: refs/heads/master
Commit: 77c52ff3ca0a85cd9953f5dcfdf5e982bde4b441
Parents: 8fc5dd1
Author: Shawn McKinney <sm...@apache.org>
Authored: Thu Mar 19 17:20:05 2015 -0500
Committer: Shawn McKinney <sm...@apache.org>
Committed: Thu Mar 19 17:20:05 2015 -0500
----------------------------------------------------------------------
ldap/setup/refreshLDAPData-src.xml | 19 +++++++++++++++++++
.../directory/fortress/core/rbac/UserDAO.java | 18 ++++++++++--------
2 files changed, 29 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/77c52ff3/ldap/setup/refreshLDAPData-src.xml
----------------------------------------------------------------------
diff --git a/ldap/setup/refreshLDAPData-src.xml b/ldap/setup/refreshLDAPData-src.xml
index 30af233..23ca257 100755
--- a/ldap/setup/refreshLDAPData-src.xml
+++ b/ldap/setup/refreshLDAPData-src.xml
@@ -29,6 +29,25 @@
<suffix name="@SUFFIX_NAME@" dc="@SUFFIX_DC@" dc2="@SUFFIX_DC2@" description="Apache Fortress DIT Suffix"/>
</addsuffix>
+ <delcontainer>
+ <container name="Client123" description="Client 123 test context"/>
+ <container name="Client456" description="Client 456 test context"/>
+ <container name="Client789" description="Client 789 test context"/>
+ <container name="Config" description="Fortress Configuration Realms"/>
+ <container name="People" description="Fortress People"/>
+ <container name="Policies" description="Fortress Policies"/>
+ <container name="Groups" description="LDAP Groups"/>
+ <container name="RBAC" description="Fortress RBAC Policies"/>
+ <container name="Roles" parent="RBAC" description="Fortress Roles"/>
+ <container name="Permissions" parent="RBAC" description="Fortress Permissions"/>
+ <container name="Constraints" parent="RBAC" description="Fortress Separation of Duty Constraints"/>
+ <container name="ARBAC" description="Fortress Administrative RBAC Policies"/>
+ <container name="OS-U" parent="ARBAC" description="Fortress User Organizational Units"/>
+ <container name="OS-P" parent="ARBAC" description="Fortress Perm Organizational Units"/>
+ <container name="AdminRoles" parent="ARBAC" description="Fortress AdminRoles"/>
+ <container name="AdminPerms" parent="ARBAC" description="Fortress Admin Permissions"/>
+ </delcontainer>
+
<addcontainer>
<container name="Client123" description="Client 123 test context"/>
<container name="Client456" description="Client 456 test context"/>
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/77c52ff3/src/main/java/org/apache/directory/fortress/core/rbac/UserDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/UserDAO.java b/src/main/java/org/apache/directory/fortress/core/rbac/UserDAO.java
index 0619fb3..5e049b7 100755
--- a/src/main/java/org/apache/directory/fortress/core/rbac/UserDAO.java
+++ b/src/main/java/org/apache/directory/fortress/core/rbac/UserDAO.java
@@ -868,7 +868,6 @@ final class UserDAO extends ApacheDsDataProvider
* @param user
* @return
* @throws org.apache.directory.fortress.core.FinderException, org.apache.directory.fortress.core.PasswordException
- * @throws org.apache.directory.fortress.core.SecurityException
*/
final Session checkPassword(User user) throws FinderException, PasswordException
{
@@ -882,26 +881,29 @@ final class UserDAO extends ApacheDsDataProvider
session.setUserId( user.getUserId() );
ld = getUserConnection();
BindResponse bindResponse = bind( ld, userDn, user.getPassword() );
+ String info = null;
if ( bindResponse.getLdapResult().getResultCode() != ResultCodeEnum.SUCCESS )
{
- String info = "checkPassword INVALID PASSWORD for userId [" + user.getUserId() + "], resultCode [" +
+ info = "PASSWORD INVALID for userId [" + user.getUserId() + "], resultCode [" +
bindResponse.getLdapResult().getResultCode() + "]";
- throw new PasswordException( GlobalErrIds.USER_PW_INVLD, info );
+ session.setMsg( info );
+ session.setErrorId( GlobalErrIds.USER_PW_INVLD );
}
PasswordPolicy respCtrl = getPwdRespCtrl( bindResponse );
if ( respCtrl != null )
{
// check IETF password policies here
checkPwPolicies( session, respCtrl );
- if ( session.getErrorId() == 0 )
- {
- session.setAuthenticated( true );
- }
}
- else
+ if ( session.getErrorId() == 0 )
{
session.setAuthenticated( true );
}
+ else
+ {
+ // pw invalid or pw policy violation:
+ throw new PasswordException( session.getErrorId(), session.getMsg() );
+ }
}
catch ( LdapAuthenticationException e )
{