You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2022/10/14 12:31:41 UTC
[directory-server] branch master updated: Added the placeholder for the PPolicy interceptor
This is an automated email from the ASF dual-hosted git repository.
elecharny pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/directory-server.git
The following commit(s) were added to refs/heads/master by this push:
new 3cbb9e8656 Added the placeholder for the PPolicy interceptor
3cbb9e8656 is described below
commit 3cbb9e86560ce1f118c7d9fc0351a4497c3594e1
Author: emmanuel lecharny <el...@apache.org>
AuthorDate: Fri Oct 14 14:31:22 2022 +0200
Added the placeholder for the PPolicy interceptor
---
interceptors/pom.xml | 19 ++-
interceptors/ppolicy/pom.xml | 174 +++++++++++++++++++++
.../server/core/ppolicy/PPolicyInterceptor.java | 158 +++++++++++++++++++
.../server/core/ppolicy/package-info.java | 1 +
4 files changed, 342 insertions(+), 10 deletions(-)
diff --git a/interceptors/pom.xml b/interceptors/pom.xml
index 3532d91053..6a0782ba86 100644
--- a/interceptors/pom.xml
+++ b/interceptors/pom.xml
@@ -36,23 +36,22 @@
</description>
<modules>
- <module>normalization</module>
- <module>event</module>
- <module>subtree</module>
- <module>authz</module>
<module>admin</module>
<module>authn</module>
+ <module>authz</module>
<module>changelog</module>
- <module>journal</module>
- <module>referral</module>
- <module>operational</module>
<module>collective</module>
+ <module>event</module>
+ <module>journal</module>
<module>logger</module>
- <module>exception</module>
- <module>hash</module>
+ <module>normalization</module>
+ <module>number</module>
+ <module>operational</module>
+ <module>ppolicy</module>
+ <module>referral</module>
<module>schema</module>
+ <module>subtree</module>
<module>trigger</module>
- <module>number</module>
</modules>
</project>
diff --git a/interceptors/ppolicy/pom.xml b/interceptors/ppolicy/pom.xml
new file mode 100644
index 0000000000..ef0da47f9f
--- /dev/null
+++ b/interceptors/ppolicy/pom.xml
@@ -0,0 +1,174 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.directory.server</groupId>
+ <artifactId>apacheds-interceptors</artifactId>
+ <version>2.0.0.AM27-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>apacheds-interceptors-ppolicy</artifactId>
+ <name>ApacheDS Password Policy Interceptor</name>
+ <packaging>bundle</packaging>
+
+ <description>
+ Password Policy interceptor
+ </description>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.junit.jupiter</groupId>
+ <artifactId>junit-jupiter-api</artifactId>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>apacheds-i18n</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>apacheds-core-api</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>apacheds-core-shared</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-collections4</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.directory.api</groupId>
+ <artifactId>api-ldap-client-api</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.directory.api</groupId>
+ <artifactId>api-ldap-extras-codec</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.directory.api</groupId>
+ <artifactId>api-ldap-extras-codec-api</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.directory.api</groupId>
+ <artifactId>api-ldap-model</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.directory.api</groupId>
+ <artifactId>api-ldap-schema-data</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.directory.api</groupId>
+ <artifactId>api-util</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.mina</groupId>
+ <artifactId>mina-core</artifactId>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <systemPropertyVariables>
+ <workingDirectory>${basedir}/target/server-work</workingDirectory>
+ </systemPropertyVariables>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-source-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>attach-sources</id>
+ <phase>verify</phase>
+ <goals>
+ <goal>jar-no-fork</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <configuration>
+ <archive>
+ <manifestFile>META-INF/MANIFEST.MF</manifestFile>
+ <addMavenDescriptor>false</addMavenDescriptor>
+ </archive>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <inherited>true</inherited>
+ <extensions>true</extensions>
+ <configuration>
+ <manifestLocation>META-INF</manifestLocation>
+ <instructions>
+ <Bundle-SymbolicName>${project.groupId}.interceptors.authn</Bundle-SymbolicName>
+ <Export-Package>
+ org.apache.directory.server.core.ppolicy;version=${project.version}
+ </Export-Package>
+ <Import-Package>
+ org.apache.directory.api.ldap.model.constants;version=${org.apache.directory.api.version},
+ org.apache.directory.api.ldap.model.exception;version=${org.apache.directory.api.version},
+ org.apache.directory.api.ldap.model.schema;version=${org.apache.directory.api.version},
+ org.apache.directory.server.core.api;version=${project.version},
+ org.apache.directory.server.core.api.interceptor;version=${project.version},
+ org.apache.directory.server.core.api.interceptor.context;version=${project.version},
+ org.slf4j;version=${slf4j.api.bundleversion}
+ </Import-Package>
+ </instructions>
+ </configuration>
+ </plugin>
+ </plugins>
+
+ <resources>
+ <resource>
+ <directory>src/main/resources</directory>
+ <filtering>true</filtering>
+ <excludes>
+ <exclude>**/*.gif</exclude>
+ </excludes>
+ </resource>
+ </resources>
+ </build>
+</project>
diff --git a/interceptors/ppolicy/src/main/java/org/apache/directory/server/core/ppolicy/PPolicyInterceptor.java b/interceptors/ppolicy/src/main/java/org/apache/directory/server/core/ppolicy/PPolicyInterceptor.java
new file mode 100644
index 0000000000..06635569a7
--- /dev/null
+++ b/interceptors/ppolicy/src/main/java/org/apache/directory/server/core/ppolicy/PPolicyInterceptor.java
@@ -0,0 +1,158 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.core.ppolicy;
+
+import static org.apache.directory.api.ldap.model.constants.PasswordPolicySchemaConstants.PWD_ACCOUNT_LOCKED_TIME_AT;
+import static org.apache.directory.api.ldap.model.constants.PasswordPolicySchemaConstants.PWD_CHANGED_TIME_AT;
+import static org.apache.directory.api.ldap.model.constants.PasswordPolicySchemaConstants.PWD_END_TIME_AT;
+import static org.apache.directory.api.ldap.model.constants.PasswordPolicySchemaConstants.PWD_FAILURE_TIME_AT;
+import static org.apache.directory.api.ldap.model.constants.PasswordPolicySchemaConstants.PWD_GRACE_USE_TIME_AT;
+import static org.apache.directory.api.ldap.model.constants.PasswordPolicySchemaConstants.PWD_HISTORY_AT;
+import static org.apache.directory.api.ldap.model.constants.PasswordPolicySchemaConstants.PWD_LAST_SUCCESS_AT;
+import static org.apache.directory.api.ldap.model.constants.PasswordPolicySchemaConstants.PWD_POLICY_SUBENTRY_AT;
+import static org.apache.directory.api.ldap.model.constants.PasswordPolicySchemaConstants.PWD_RESET_AT;
+import static org.apache.directory.api.ldap.model.constants.PasswordPolicySchemaConstants.PWD_START_TIME_AT;
+
+import org.apache.directory.api.ldap.model.exception.LdapException;
+import org.apache.directory.api.ldap.model.schema.AttributeType;
+import org.apache.directory.server.core.api.DirectoryService;
+import org.apache.directory.server.core.api.InterceptorEnum;
+import org.apache.directory.server.core.api.interceptor.BaseInterceptor;
+import org.apache.directory.server.core.api.interceptor.Interceptor;
+import org.apache.directory.server.core.api.interceptor.context.DeleteOperationContext;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * An {@link Interceptor} that manage the PasswordPlicies.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class PPolicyInterceptor extends BaseInterceptor
+{
+ private static final Logger LOG = LoggerFactory.getLogger( PPolicyInterceptor.class );
+
+ /**
+ * Speedup for logs
+ */
+ private static final boolean IS_DEBUG = LOG.isDebugEnabled();
+
+ // pwdpolicy state attribute types
+ private AttributeType pwdResetAT;
+
+ private AttributeType pwdChangedTimeAT;
+
+ private AttributeType pwdHistoryAT;
+
+ private AttributeType pwdFailureTimeAT;
+
+ private AttributeType pwdAccountLockedTimeAT;
+
+ private AttributeType pwdLastSuccessAT;
+
+ private AttributeType pwdGraceUseTimeAT;
+
+ private AttributeType pwdPolicySubentryAT;
+
+ private AttributeType pwdStartTimeAT;
+
+ private AttributeType pwdEndTimeAT;
+
+
+ /**
+ * Creates a new instance of DefaultAuthorizationInterceptor.
+ */
+ public PPolicyInterceptor()
+ {
+ super( InterceptorEnum.PASSWORD_POLICY_INTERCEPTOR );
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public void init( DirectoryService directoryService ) throws LdapException
+ {
+ super.init( directoryService );
+
+ // we need to check if the passwordPolicy entry is defined in teh configuration
+
+ // Load the PasswordPolicy AttributeTypes
+ loadPwdPolicyStateAttributeTypes();
+ }
+
+
+ /**
+ * Initialize the PasswordPolicy attributeTypes
+ *
+ * @throws LdapException If the initialization failed
+ */
+ public void loadPwdPolicyStateAttributeTypes() throws LdapException
+ {
+ pwdResetAT = schemaManager.lookupAttributeTypeRegistry( PWD_RESET_AT );
+ PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( pwdResetAT );
+
+ pwdChangedTimeAT = schemaManager.lookupAttributeTypeRegistry( PWD_CHANGED_TIME_AT );
+ PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( pwdChangedTimeAT );
+
+ pwdHistoryAT = schemaManager.lookupAttributeTypeRegistry( PWD_HISTORY_AT );
+ PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( pwdHistoryAT );
+
+ pwdFailureTimeAT = schemaManager.lookupAttributeTypeRegistry( PWD_FAILURE_TIME_AT );
+ PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( pwdFailureTimeAT );
+
+ pwdAccountLockedTimeAT = schemaManager.lookupAttributeTypeRegistry( PWD_ACCOUNT_LOCKED_TIME_AT );
+ PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( pwdAccountLockedTimeAT );
+
+ pwdLastSuccessAT = schemaManager.lookupAttributeTypeRegistry( PWD_LAST_SUCCESS_AT );
+ PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( pwdLastSuccessAT );
+
+ pwdGraceUseTimeAT = schemaManager.lookupAttributeTypeRegistry( PWD_GRACE_USE_TIME_AT );
+ PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( pwdGraceUseTimeAT );
+
+ pwdPolicySubentryAT = schemaManager.lookupAttributeTypeRegistry( PWD_POLICY_SUBENTRY_AT );
+ PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( pwdPolicySubentryAT );
+
+ pwdStartTimeAT = schemaManager.lookupAttributeTypeRegistry( PWD_START_TIME_AT );
+ PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( pwdStartTimeAT );
+
+ pwdEndTimeAT = schemaManager.lookupAttributeTypeRegistry( PWD_END_TIME_AT );
+ PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( pwdEndTimeAT );
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public void delete( DeleteOperationContext deleteContext ) throws LdapException
+ {
+ if ( IS_DEBUG )
+ {
+ LOG.debug( "Operation Context: {}", deleteContext );
+ }
+
+ // Check if the delete operation applies to an entry with a password
+
+ // propagate the call to the next interceptor
+ next( deleteContext );
+ }
+}
diff --git a/interceptors/ppolicy/src/main/java/org/apache/directory/server/core/ppolicy/package-info.java b/interceptors/ppolicy/src/main/java/org/apache/directory/server/core/ppolicy/package-info.java
new file mode 100644
index 0000000000..b331871c5a
--- /dev/null
+++ b/interceptors/ppolicy/src/main/java/org/apache/directory/server/core/ppolicy/package-info.java
@@ -0,0 +1 @@
+package org.apache.directory.server.core.ppolicy;
\ No newline at end of file