use of com.sun.identity.idm.PasswordPolicyException in project OpenAM by OpenRock.
the class IdentityResourceExceptionMappingHandler method handleError.
@Override
public ResourceException handleError(IdRepoException idRepoException) {
int code = Integer.valueOf(idRepoException.getErrorCode());
ResultCode ldapResultCode = ResultCode.valueOf(idRepoException.getLdapErrorIntCode());
if (idRepoException instanceof PasswordPolicyException) {
//Convert the error code for the LDAP code
if (ldapResultCode == ResultCode.INVALID_CREDENTIALS) {
idRepoException = new PasswordPolicyException(ldapResultCode, IdRepoErrorCode.OLD_PASSWORD_INCORRECT, idRepoException.getMessageArgs());
}
if (ldapResultCode == ResultCode.INSUFFICIENT_ACCESS_RIGHTS) {
return new ForbiddenException(idRepoException);
}
if (ldapResultCode == ResultCode.CONSTRAINT_VIOLATION) {
idRepoException = new PasswordPolicyException(idRepoException.getConstraintViolationDetails());
}
return new BadRequestException(idRepoException.getMessage());
}
//compute LDAP error
if (ldapResultCode == ResultCode.NO_SUCH_OBJECT) {
return new NotFoundException(idRepoException);
}
if (ldapResultCode == ResultCode.NOT_ALLOWED_ON_RDN) {
return new ForbiddenException(idRepoException);
}
// Compute error code
switch(code) {
case GENERAL_OBJECT_NOT_FOUND:
return new NotFoundException(idRepoException);
case GENERAL_ACCESS_DENIED:
return new ForbiddenException(idRepoException);
default:
return new InternalServerErrorException(idRepoException);
}
}
use of com.sun.identity.idm.PasswordPolicyException in project OpenAM by OpenRock.
the class DJLDAPv3Repo method changePassword.
/**
* Changes password for the given identity by binding as the user first (i.e. this is not password reset). In case
* of Active Directory the password will be encoded first. This will issue a DELETE for the old password and an ADD
* for the new password value.
*
* @param token Not used.
* @param type The type of the identity, this should be always USER.
* @param name The name of the identity.
* @param attrName The name of the password attribute, usually "userpassword" or "unicodepwd".
* @param oldPassword The current password of the identity.
* @param newPassword The new password of the idenity.
* @throws IdRepoException If the identity type is invalid, or the entry cannot be found, or some other LDAP error
* occurs while changing the password (like password policy related errors).
*/
@Override
public void changePassword(SSOToken token, IdType type, String name, String attrName, String oldPassword, String newPassword) throws IdRepoException {
if (DEBUG.messageEnabled()) {
DEBUG.message("changePassword invoked");
}
if (!type.equals(IdType.USER)) {
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.CHANGE_PASSWORD_ONLY_FOR_USER, new Object[] { CLASS_NAME });
}
String dn = getDN(type, name);
BindRequest bindRequest = LDAPRequests.newSimpleBindRequest(dn, oldPassword.toCharArray());
ModifyRequest modifyRequest = LDAPRequests.newModifyRequest(dn);
byte[] encodedOldPwd = helper.encodePassword(oldPassword);
byte[] encodedNewPwd = helper.encodePassword(newPassword);
modifyRequest.addModification(ModificationType.DELETE, attrName, encodedOldPwd);
modifyRequest.addModification(ModificationType.ADD, attrName, encodedNewPwd);
Connection conn = null;
try {
conn = bindConnectionFactory.getConnection();
conn.bind(bindRequest);
conn.modify(modifyRequest);
} catch (LdapException ere) {
DEBUG.error("An error occurred while trying to change password for identity: " + name, ere);
try {
handleErrorResult(ere);
} catch (IdRepoException e) {
throw new PasswordPolicyException(e);
}
} finally {
IOUtils.closeIfNotNull(conn);
}
}
Aggregations