directory-fortress-core git commit: FC-57 - fixed regression that broke openldap pw policy

[sm...@apache.org]

Repository: directory-fortress-core
Updated Branches:
  refs/heads/master 8fc5dd152 -> 77c52ff3c


FC-57 - fixed regression that broke openldap pw policy


Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/77c52ff3
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/77c52ff3
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/77c52ff3

Branch: refs/heads/master
Commit: 77c52ff3ca0a85cd9953f5dcfdf5e982bde4b441
Parents: 8fc5dd1
Author: Shawn McKinney <sm...@apache.org>
Authored: Thu Mar 19 17:20:05 2015 -0500
Committer: Shawn McKinney <sm...@apache.org>
Committed: Thu Mar 19 17:20:05 2015 -0500

----------------------------------------------------------------------
 ldap/setup/refreshLDAPData-src.xml               | 19 +++++++++++++++++++
 .../directory/fortress/core/rbac/UserDAO.java    | 18 ++++++++++--------
 2 files changed, 29 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/77c52ff3/ldap/setup/refreshLDAPData-src.xml
----------------------------------------------------------------------
diff --git a/ldap/setup/refreshLDAPData-src.xml b/ldap/setup/refreshLDAPData-src.xml
index 30af233..23ca257 100755
--- a/ldap/setup/refreshLDAPData-src.xml
+++ b/ldap/setup/refreshLDAPData-src.xml
@@ -29,6 +29,25 @@
                 <suffix name="@SUFFIX_NAME@" dc="@SUFFIX_DC@"  dc2="@SUFFIX_DC2@" description="Apache Fortress DIT Suffix"/>
             </addsuffix>
 
+            <delcontainer>
+                <container name="Client123" description="Client 123 test context"/>
+                <container name="Client456" description="Client 456 test context"/>
+                <container name="Client789" description="Client 789 test context"/>
+                <container name="Config" description="Fortress Configuration Realms"/>
+                <container name="People" description="Fortress People"/>
+                <container name="Policies" description="Fortress Policies"/>
+                <container name="Groups" description="LDAP Groups"/>
+                <container name="RBAC" description="Fortress RBAC Policies"/>
+                <container name="Roles" parent="RBAC" description="Fortress Roles"/>
+                <container name="Permissions" parent="RBAC" description="Fortress Permissions"/>
+                <container name="Constraints" parent="RBAC" description="Fortress Separation of Duty Constraints"/>
+                <container name="ARBAC" description="Fortress Administrative RBAC Policies"/>
+                <container name="OS-U" parent="ARBAC" description="Fortress User Organizational Units"/>
+                <container name="OS-P" parent="ARBAC" description="Fortress Perm Organizational Units"/>
+                <container name="AdminRoles" parent="ARBAC" description="Fortress AdminRoles"/>
+                <container name="AdminPerms" parent="ARBAC" description="Fortress Admin Permissions"/>
+            </delcontainer>
+
             <addcontainer>
                 <container name="Client123" description="Client 123 test context"/>
                 <container name="Client456" description="Client 456 test context"/>

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/77c52ff3/src/main/java/org/apache/directory/fortress/core/rbac/UserDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/UserDAO.java b/src/main/java/org/apache/directory/fortress/core/rbac/UserDAO.java
index 0619fb3..5e049b7 100755
--- a/src/main/java/org/apache/directory/fortress/core/rbac/UserDAO.java
+++ b/src/main/java/org/apache/directory/fortress/core/rbac/UserDAO.java
@@ -868,7 +868,6 @@ final class UserDAO extends ApacheDsDataProvider
      * @param user
      * @return
      * @throws org.apache.directory.fortress.core.FinderException,  org.apache.directory.fortress.core.PasswordException
-     * @throws org.apache.directory.fortress.core.SecurityException
      */
     final Session checkPassword(User user) throws FinderException, PasswordException
     {
@@ -882,26 +881,29 @@ final class UserDAO extends ApacheDsDataProvider
             session.setUserId( user.getUserId() );
             ld = getUserConnection();
             BindResponse bindResponse = bind( ld, userDn, user.getPassword() );
+            String info = null;
             if ( bindResponse.getLdapResult().getResultCode() != ResultCodeEnum.SUCCESS )
             {
-                String info = "checkPassword INVALID PASSWORD for userId [" + user.getUserId() + "], resultCode [" +
+                info = "PASSWORD INVALID for userId [" + user.getUserId() + "], resultCode [" +
                     bindResponse.getLdapResult().getResultCode() + "]";
-                throw new PasswordException( GlobalErrIds.USER_PW_INVLD, info );
+                session.setMsg( info );
+                session.setErrorId( GlobalErrIds.USER_PW_INVLD );
             }
             PasswordPolicy respCtrl = getPwdRespCtrl( bindResponse );
             if ( respCtrl != null )
             {
                 // check IETF password policies here
                 checkPwPolicies( session, respCtrl );
-                if ( session.getErrorId() == 0 )
-                {
-                    session.setAuthenticated( true );
-                }
             }
-            else
+            if ( session.getErrorId() == 0 )
             {
                 session.setAuthenticated( true );
             }
+            else
+            {
+                // pw invalid or pw policy violation:
+                throw new PasswordException( session.getErrorId(), session.getMsg() );
+            }
         }
         catch ( LdapAuthenticationException e )
         {