Search in sources :

Example 1 with PasswordPolicyException

use of com.sun.identity.idm.PasswordPolicyException in project OpenAM by OpenRock.

the class IdentityResourceExceptionMappingHandler method handleError.

@Override
public ResourceException handleError(IdRepoException idRepoException) {
    int code = Integer.valueOf(idRepoException.getErrorCode());
    ResultCode ldapResultCode = ResultCode.valueOf(idRepoException.getLdapErrorIntCode());
    if (idRepoException instanceof PasswordPolicyException) {
        //Convert the error code for the LDAP code
        if (ldapResultCode == ResultCode.INVALID_CREDENTIALS) {
            idRepoException = new PasswordPolicyException(ldapResultCode, IdRepoErrorCode.OLD_PASSWORD_INCORRECT, idRepoException.getMessageArgs());
        }
        if (ldapResultCode == ResultCode.INSUFFICIENT_ACCESS_RIGHTS) {
            return new ForbiddenException(idRepoException);
        }
        if (ldapResultCode == ResultCode.CONSTRAINT_VIOLATION) {
            idRepoException = new PasswordPolicyException(idRepoException.getConstraintViolationDetails());
        }
        return new BadRequestException(idRepoException.getMessage());
    }
    //compute LDAP error
    if (ldapResultCode == ResultCode.NO_SUCH_OBJECT) {
        return new NotFoundException(idRepoException);
    }
    if (ldapResultCode == ResultCode.NOT_ALLOWED_ON_RDN) {
        return new ForbiddenException(idRepoException);
    }
    // Compute error code
    switch(code) {
        case GENERAL_OBJECT_NOT_FOUND:
            return new NotFoundException(idRepoException);
        case GENERAL_ACCESS_DENIED:
            return new ForbiddenException(idRepoException);
        default:
            return new InternalServerErrorException(idRepoException);
    }
}
Also used : ForbiddenException(org.forgerock.json.resource.ForbiddenException) PasswordPolicyException(com.sun.identity.idm.PasswordPolicyException) BadRequestException(org.forgerock.json.resource.BadRequestException) NotFoundException(org.forgerock.json.resource.NotFoundException) InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException) ResultCode(org.forgerock.opendj.ldap.ResultCode)

Example 2 with PasswordPolicyException

use of com.sun.identity.idm.PasswordPolicyException in project OpenAM by OpenRock.

the class DJLDAPv3Repo method changePassword.

/**
     * Changes password for the given identity by binding as the user first (i.e. this is not password reset). In case
     * of Active Directory the password will be encoded first. This will issue a DELETE for the old password and an ADD
     * for the new password value.
     *
     * @param token Not used.
     * @param type The type of the identity, this should be always USER.
     * @param name The name of the identity.
     * @param attrName The name of the password attribute, usually "userpassword" or "unicodepwd".
     * @param oldPassword The current password of the identity.
     * @param newPassword The new password of the idenity.
     * @throws IdRepoException If the identity type is invalid, or the entry cannot be found, or some other LDAP error
     * occurs while changing the password (like password policy related errors).
     */
@Override
public void changePassword(SSOToken token, IdType type, String name, String attrName, String oldPassword, String newPassword) throws IdRepoException {
    if (DEBUG.messageEnabled()) {
        DEBUG.message("changePassword invoked");
    }
    if (!type.equals(IdType.USER)) {
        throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.CHANGE_PASSWORD_ONLY_FOR_USER, new Object[] { CLASS_NAME });
    }
    String dn = getDN(type, name);
    BindRequest bindRequest = LDAPRequests.newSimpleBindRequest(dn, oldPassword.toCharArray());
    ModifyRequest modifyRequest = LDAPRequests.newModifyRequest(dn);
    byte[] encodedOldPwd = helper.encodePassword(oldPassword);
    byte[] encodedNewPwd = helper.encodePassword(newPassword);
    modifyRequest.addModification(ModificationType.DELETE, attrName, encodedOldPwd);
    modifyRequest.addModification(ModificationType.ADD, attrName, encodedNewPwd);
    Connection conn = null;
    try {
        conn = bindConnectionFactory.getConnection();
        conn.bind(bindRequest);
        conn.modify(modifyRequest);
    } catch (LdapException ere) {
        DEBUG.error("An error occurred while trying to change password for identity: " + name, ere);
        try {
            handleErrorResult(ere);
        } catch (IdRepoException e) {
            throw new PasswordPolicyException(e);
        }
    } finally {
        IOUtils.closeIfNotNull(conn);
    }
}
Also used : IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException) PasswordPolicyException(com.sun.identity.idm.PasswordPolicyException) BindRequest(org.forgerock.opendj.ldap.requests.BindRequest) Connection(org.forgerock.opendj.ldap.Connection) IdRepoException(com.sun.identity.idm.IdRepoException) ByteString(org.forgerock.opendj.ldap.ByteString) ModifyRequest(org.forgerock.opendj.ldap.requests.ModifyRequest) LdapException(org.forgerock.opendj.ldap.LdapException)

Aggregations

PasswordPolicyException (com.sun.identity.idm.PasswordPolicyException)2 IdRepoException (com.sun.identity.idm.IdRepoException)1 IdRepoUnsupportedOpException (com.sun.identity.idm.IdRepoUnsupportedOpException)1 BadRequestException (org.forgerock.json.resource.BadRequestException)1 ForbiddenException (org.forgerock.json.resource.ForbiddenException)1 InternalServerErrorException (org.forgerock.json.resource.InternalServerErrorException)1 NotFoundException (org.forgerock.json.resource.NotFoundException)1 ByteString (org.forgerock.opendj.ldap.ByteString)1 Connection (org.forgerock.opendj.ldap.Connection)1 LdapException (org.forgerock.opendj.ldap.LdapException)1 ResultCode (org.forgerock.opendj.ldap.ResultCode)1 BindRequest (org.forgerock.opendj.ldap.requests.BindRequest)1 ModifyRequest (org.forgerock.opendj.ldap.requests.ModifyRequest)1