use of com.unboundid.ldap.sdk.experimental.DraftBeheraLDAPPasswordPolicy10ResponseControl in project ldapsdk by pingidentity.
the class PasswordExpirationLDAPConnectionPoolHealthCheck method ensureConnectionValidAfterAuthentication.
/**
* {@inheritDoc}
*/
@Override()
public void ensureConnectionValidAfterAuthentication(@NotNull final LDAPConnection connection, @NotNull final BindResult bindResult) throws LDAPException {
// See if the bind result includes a password expired control. This will
// always result in an exception.
final PasswordExpiredControl expiredControl = PasswordExpiredControl.get(bindResult);
if (expiredControl != null) {
// situation.
if (bindResult.getResultCode() == ResultCode.SUCCESS) {
throw new LDAPException(ResultCode.ADMIN_LIMIT_EXCEEDED, ERR_PW_EXP_WITH_SUCCESS.get());
} else {
if (bindResult.getDiagnosticMessage() == null) {
throw new LDAPException(bindResult.getResultCode(), ERR_PW_EXP_WITH_FAILURE_NO_MSG.get());
} else {
throw new LDAPException(bindResult.getResultCode(), ERR_PW_EXP_WITH_FAILURE_WITH_MSG.get(bindResult.getDiagnosticMessage()));
}
}
}
// See if the bind result includes a password policy response control that
// indicates an error condition. If so, then we will always throw an
// exception as a result of that.
final DraftBeheraLDAPPasswordPolicy10ResponseControl pwPolicyControl = DraftBeheraLDAPPasswordPolicy10ResponseControl.get(bindResult);
if ((pwPolicyControl != null) && (pwPolicyControl.getErrorType() != null)) {
final ResultCode resultCode;
if (bindResult.getResultCode() == ResultCode.SUCCESS) {
resultCode = ResultCode.ADMIN_LIMIT_EXCEEDED;
} else {
resultCode = bindResult.getResultCode();
}
final String message;
if (bindResult.getDiagnosticMessage() == null) {
message = ERR_PW_POLICY_ERROR_NO_MSG.get(pwPolicyControl.getErrorType().toString());
} else {
message = ERR_PW_POLICY_ERROR_WITH_MSG.get(pwPolicyControl.getErrorType().toString(), bindResult.getDiagnosticMessage());
}
throw new LDAPException(resultCode, message);
}
// warning, then there's no point in continuing.
if (millisBetweenRepeatWarnings == null) {
if (!lastWarningTime.compareAndSet(0L, System.currentTimeMillis())) {
return;
}
} else if (millisBetweenRepeatWarnings > 0L) {
final long millisSinceLastWarning = System.currentTimeMillis() - lastWarningTime.get();
if (millisSinceLastWarning < millisBetweenRepeatWarnings) {
return;
}
}
// If there was a password policy response control that didn't have an
// error condition but did have a warning condition, then handle that.
String message = null;
if ((pwPolicyControl != null) && (pwPolicyControl.getWarningType() != null)) {
switch(pwPolicyControl.getWarningType()) {
case TIME_BEFORE_EXPIRATION:
message = WARN_PW_EXPIRING.get(StaticUtils.secondsToHumanReadableDuration(pwPolicyControl.getWarningValue()));
break;
case GRACE_LOGINS_REMAINING:
message = WARN_PW_POLICY_GRACE_LOGIN.get(pwPolicyControl.getWarningValue());
break;
}
}
// See if the bind result includes a password expiring control.
final PasswordExpiringControl expiringControl = PasswordExpiringControl.get(bindResult);
if ((message == null) && (expiringControl != null)) {
message = WARN_PW_EXPIRING.get(StaticUtils.secondsToHumanReadableDuration(expiringControl.getSecondsUntilExpiration()));
}
if (message != null) {
warn(message);
}
}
Aggregations