You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2013/04/19 09:49:31 UTC
svn commit: r1469726 -
/directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/PwdModifyHandler.java
Author: elecharny
Date: Fri Apr 19 07:49:31 2013
New Revision: 1469726
URL: http://svn.apache.org/r1469726
Log:
Committed to avoid compilation failures. It does not work yet but won't harm
Added:
directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/PwdModifyHandler.java
Added: directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/PwdModifyHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/PwdModifyHandler.java?rev=1469726&view=auto
==============================================================================
--- directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/PwdModifyHandler.java (added)
+++ directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/PwdModifyHandler.java Fri Apr 19 07:49:31 2013
@@ -0,0 +1,196 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.ldap.handlers.extended;
+
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import org.apache.directory.api.ldap.extras.extended.PwdModifyRequest;
+import org.apache.directory.api.ldap.extras.extended.PwdModifyResponse;
+import org.apache.directory.api.ldap.extras.extended.PwdModifyResponseImpl;
+import org.apache.directory.api.ldap.model.constants.SchemaConstants;
+import org.apache.directory.api.ldap.model.entry.DefaultModification;
+import org.apache.directory.api.ldap.model.entry.Modification;
+import org.apache.directory.api.ldap.model.entry.ModificationOperation;
+import org.apache.directory.api.ldap.model.exception.LdapException;
+import org.apache.directory.api.ldap.model.exception.LdapInvalidDnException;
+import org.apache.directory.api.ldap.model.message.ResultCodeEnum;
+import org.apache.directory.api.ldap.model.name.Dn;
+import org.apache.directory.api.util.Strings;
+import org.apache.directory.server.core.api.CoreSession;
+import org.apache.directory.server.core.api.DirectoryService;
+import org.apache.directory.server.core.api.interceptor.context.BindOperationContext;
+import org.apache.directory.server.core.api.interceptor.context.ModifyOperationContext;
+import org.apache.directory.server.ldap.ExtendedOperationHandler;
+import org.apache.directory.server.ldap.LdapServer;
+import org.apache.directory.server.ldap.LdapSession;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * An handler to manage PwdModifyRequest. Users can send a pwdModify request
+ * for their own passwords, or for another people password. Only admin can
+ * change someone else password without having to provide the original password.
+ * Here rae the different use cases : <br/>
+ * <ul>
+ * </ul>
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class PwdModifyHandler implements ExtendedOperationHandler<PwdModifyRequest, PwdModifyResponse>
+{
+ private static final Logger LOG = LoggerFactory.getLogger( PwdModifyHandler.class );
+ public static final Set<String> EXTENSION_OIDS;
+
+ static
+ {
+ Set<String> set = new HashSet<String>( 2 );
+ set.add( PwdModifyRequest.EXTENSION_OID );
+ set.add( PwdModifyResponse.EXTENSION_OID );
+ EXTENSION_OIDS = Collections.unmodifiableSet( set );
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public String getOid()
+ {
+ return PwdModifyRequest.EXTENSION_OID;
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public void handleExtendedOperation( LdapSession requestor, PwdModifyRequest req ) throws Exception
+ {
+ // Grab the adminSession, we might need it later
+ DirectoryService service = requestor.getLdapServer().getDirectoryService();
+ CoreSession adminSession = service.getAdminSession();
+
+ // First check if the user is bound or not
+ if ( requestor.isAuthenticated() )
+ {
+
+ }
+ else
+ {
+ // The user is not authenticated : we have to use the provided userIdentity
+ // and the oldPassword to check if the user is present
+ String userIdentity = Strings.utf8ToString( req.getUserIdentity() );
+
+ Dn userDn = null;
+
+ try
+ {
+ userDn = service.getDnFactory().create( userIdentity );
+ }
+ catch ( LdapInvalidDnException lide )
+ {
+ // The userIdentity is not a DN : return with an error code.
+ requestor.getIoSession().write( new PwdModifyResponseImpl(
+ req.getMessageId(), ResultCodeEnum.INVALID_DN_SYNTAX ) );
+
+ return;
+ }
+
+ byte[] oldPassword = req.getOldPassword();
+ byte[] newPassword = req.getNewPassword();
+
+ BindOperationContext bindContext = new BindOperationContext( adminSession );
+ bindContext.setDn( userDn );
+ bindContext.setCredentials( oldPassword );
+
+ try
+ {
+ service.getOperationManager().bind( bindContext );
+ }
+ catch ( LdapException le )
+ {
+ // We can't bind with the provided information : we thus can't
+ // change the password...
+ requestor.getIoSession().write( new PwdModifyResponseImpl(
+ req.getMessageId(), ResultCodeEnum.INVALID_CREDENTIALS ) );
+
+ return;
+ }
+
+ // Ok, we were able to bind using the userIdentity and the password. Let's
+ // modify the password now
+ ModifyOperationContext modifyContext = new ModifyOperationContext( adminSession );
+ modifyContext.setDn( userDn );
+ List<Modification> modifications = new ArrayList<Modification>();
+ Modification modification = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
+ SchemaConstants.USER_PASSWORD_AT, newPassword );
+ modifications.add( modification );
+ modifyContext.setModItems( modifications );
+
+ try
+ {
+ service.getOperationManager().modify( modifyContext );
+
+ // Ok, all done
+ requestor.getIoSession().write( new PwdModifyResponseImpl(
+ req.getMessageId(), ResultCodeEnum.SUCCESS ) );
+ }
+ catch ( LdapException le )
+ {
+ // We can't modify the password
+ requestor.getIoSession().write( new PwdModifyResponseImpl(
+ req.getMessageId(), ResultCodeEnum.INVALID_CREDENTIALS ) );
+
+ return;
+ }
+ }
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public static PwdModifyResponse getPwdModifyResponse()
+ {
+ // build the PwdModifyResponse message with replicationContexts
+ return new PwdModifyResponseImpl();
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public Set<String> getExtensionOids()
+ {
+ return EXTENSION_OIDS;
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public void setLdapServer( LdapServer ldapServer )
+ {
+ }
+}