Search in sources :

Example 1 with DraftBeheraLDAPPasswordPolicy10ResponseControl

use of com.unboundid.ldap.sdk.experimental.DraftBeheraLDAPPasswordPolicy10ResponseControl in project ldapsdk by pingidentity.

the class PasswordExpirationLDAPConnectionPoolHealthCheck method ensureConnectionValidAfterAuthentication.

/**
 * {@inheritDoc}
 */
@Override()
public void ensureConnectionValidAfterAuthentication(@NotNull final LDAPConnection connection, @NotNull final BindResult bindResult) throws LDAPException {
    // See if the bind result includes a password expired control.  This will
    // always result in an exception.
    final PasswordExpiredControl expiredControl = PasswordExpiredControl.get(bindResult);
    if (expiredControl != null) {
        // situation.
        if (bindResult.getResultCode() == ResultCode.SUCCESS) {
            throw new LDAPException(ResultCode.ADMIN_LIMIT_EXCEEDED, ERR_PW_EXP_WITH_SUCCESS.get());
        } else {
            if (bindResult.getDiagnosticMessage() == null) {
                throw new LDAPException(bindResult.getResultCode(), ERR_PW_EXP_WITH_FAILURE_NO_MSG.get());
            } else {
                throw new LDAPException(bindResult.getResultCode(), ERR_PW_EXP_WITH_FAILURE_WITH_MSG.get(bindResult.getDiagnosticMessage()));
            }
        }
    }
    // See if the bind result includes a password policy response control that
    // indicates an error condition.  If so, then we will always throw an
    // exception as a result of that.
    final DraftBeheraLDAPPasswordPolicy10ResponseControl pwPolicyControl = DraftBeheraLDAPPasswordPolicy10ResponseControl.get(bindResult);
    if ((pwPolicyControl != null) && (pwPolicyControl.getErrorType() != null)) {
        final ResultCode resultCode;
        if (bindResult.getResultCode() == ResultCode.SUCCESS) {
            resultCode = ResultCode.ADMIN_LIMIT_EXCEEDED;
        } else {
            resultCode = bindResult.getResultCode();
        }
        final String message;
        if (bindResult.getDiagnosticMessage() == null) {
            message = ERR_PW_POLICY_ERROR_NO_MSG.get(pwPolicyControl.getErrorType().toString());
        } else {
            message = ERR_PW_POLICY_ERROR_WITH_MSG.get(pwPolicyControl.getErrorType().toString(), bindResult.getDiagnosticMessage());
        }
        throw new LDAPException(resultCode, message);
    }
    // warning, then there's no point in continuing.
    if (millisBetweenRepeatWarnings == null) {
        if (!lastWarningTime.compareAndSet(0L, System.currentTimeMillis())) {
            return;
        }
    } else if (millisBetweenRepeatWarnings > 0L) {
        final long millisSinceLastWarning = System.currentTimeMillis() - lastWarningTime.get();
        if (millisSinceLastWarning < millisBetweenRepeatWarnings) {
            return;
        }
    }
    // If there was a password policy response control that didn't have an
    // error condition but did have a warning condition, then handle that.
    String message = null;
    if ((pwPolicyControl != null) && (pwPolicyControl.getWarningType() != null)) {
        switch(pwPolicyControl.getWarningType()) {
            case TIME_BEFORE_EXPIRATION:
                message = WARN_PW_EXPIRING.get(StaticUtils.secondsToHumanReadableDuration(pwPolicyControl.getWarningValue()));
                break;
            case GRACE_LOGINS_REMAINING:
                message = WARN_PW_POLICY_GRACE_LOGIN.get(pwPolicyControl.getWarningValue());
                break;
        }
    }
    // See if the bind result includes a password expiring control.
    final PasswordExpiringControl expiringControl = PasswordExpiringControl.get(bindResult);
    if ((message == null) && (expiringControl != null)) {
        message = WARN_PW_EXPIRING.get(StaticUtils.secondsToHumanReadableDuration(expiringControl.getSecondsUntilExpiration()));
    }
    if (message != null) {
        warn(message);
    }
}
Also used : PasswordExpiredControl(com.unboundid.ldap.sdk.controls.PasswordExpiredControl) PasswordExpiringControl(com.unboundid.ldap.sdk.controls.PasswordExpiringControl) DraftBeheraLDAPPasswordPolicy10ResponseControl(com.unboundid.ldap.sdk.experimental.DraftBeheraLDAPPasswordPolicy10ResponseControl)

Aggregations

PasswordExpiredControl (com.unboundid.ldap.sdk.controls.PasswordExpiredControl)1 PasswordExpiringControl (com.unboundid.ldap.sdk.controls.PasswordExpiringControl)1 DraftBeheraLDAPPasswordPolicy10ResponseControl (com.unboundid.ldap.sdk.experimental.DraftBeheraLDAPPasswordPolicy10ResponseControl)1