use of com.sun.identity.authentication.spi.AMAuthCallBackException in project OpenAM by OpenRock.
the class ISAccountLockout method invalidPasswd.
/**
* Determines the number of times user failed authentication
* updates the accountInfo object with the user information and count of
* failed authentication attempts.
*
* @param userDN DN of the user
* @param userName name of the user
* @param amIdentity AMidentity object
* @param acInfo AccountLockoutInfo
* @return updated user lockout information
*/
public int invalidPasswd(String userDN, String userName, AMIdentity amIdentity, AccountLockoutInfo acInfo) {
if (acInfo == null) {
acInfo = new AccountLockoutInfo();
acInfo.setActualLockoutDuration(failureLockoutDuration);
loginFailHash.put(userDN, acInfo);
}
if (debug.messageEnabled()) {
debug.message("ISAccountLockout.invalidPasswd with userDN, AMIdentity");
debug.message("userDN : " + userDN);
}
long now = System.currentTimeMillis();
int fail_count = acInfo.getFailCount();
long lastFailTime = acInfo.getLastFailTime();
long lockedAt = acInfo.getLockoutAt();
if ((lastFailTime + failureLockoutTime) > now) {
fail_count = fail_count + 1;
} else {
fail_count = 1;
}
if (((lastFailTime + failureLockoutTime) > now) && (fail_count == failureLockoutCount)) {
lockedAt = now;
}
if (debug.messageEnabled()) {
debug.message("ISAccountLockout.invalidPasswd:fail_count:" + fail_count);
}
if (storeInvalidAttemptsInDS) {
Map attrMap = new HashMap();
Set invalidAttempts = new HashSet();
String invalidXML = createInvalidAttemptsXML(fail_count, now, lockedAt, acInfo.getActualLockoutDuration());
invalidAttempts.add(invalidXML);
if (debug.messageEnabled()) {
debug.message("ISAccountLockout.invalidPasswd: " + "Invalid Attempt XML being inserted= " + invalidXML);
}
attrMap.put(invalidAttemptsDataAttrName, invalidAttempts);
try {
setLockoutObjectClass(amIdentity);
amIdentity.setAttributes(attrMap);
amIdentity.store();
debug.message("ISAccountLockout.invalidPasswd: Stored Invalid Attempt XML");
} catch (Exception e) {
debug.error("ISAccountLockout.invalidPasswd", e);
return -1;
}
}
acInfo.setLastFailTime(now);
acInfo.setFailCount(fail_count);
acInfo.setLockoutAt(lockedAt);
if (lockedAt > 0) {
acInfo.setLockout(true);
}
acInfo.setUserToken(userName);
if (fail_count == failureLockoutCount) {
if (!memoryLocking) {
inactivateUserAccount(amIdentity);
}
try {
sendLockOutNotice(userName);
/*
* The callback implementation instance is retrieved for
* the user's organization. This will be used to notify the
* custom plug-ins that a certain event occured on an account.
*/
callbackImpl = AMAuthCallBackImpl.getInstance(amIdentity.getRealm());
// Requesting callback to plugin for account lockout event.
callbackImpl.processedAccounttLockout(new Long(now), userName);
} catch (AMAuthCallBackException e) {
if (debug.getState() >= IDebug.ERROR) {
debug.error("ISAccountLockout invalidPasswd : " + "error getting callback implementation " + "instance or error from callback module", e);
}
} catch (Exception ex) {
debug.message("Error activating account/sending" + "notification ", ex);
}
}
setWarningCount(fail_count, failureLockoutCount);
return userWarningCount;
}
Aggregations