Examples with AdminMgr org.apache.directory.fortress.core.AdminMgr used on opensource projects

Example 81 with AdminMgr

use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.

the class PswdPolicyMgrImplTest method minLength.

/**
 * PT4
 * 5.2.6  pwdMinLength
 * <p>
 * When quality checking is enabled, this attribute holds the minimum
 * number of characters that must be used in a password.  If this
 * attribute is not present, no minimum password length will be
 * enforced.  If the server is unable to check the length (due to a
 * hashed password or otherwise), the server will, depending on the
 * value of the pwdCheckQuality attribute, either accept the password
 * without checking it ('0' or '1') or refuse it ('2').
 *
 * @param msg
 * @param usr
 * @param plcy
 */
public void minLength(String msg, String[] usr, String[] plcy) {
    LogUtil.logIt(msg);
    try {
        PwPolicyMgr policyMgr = getManagedPswdMgr();
        AdminMgr adminMgr = AdminMgrImplTest.getManagedAdminMgr();
        User user = UserTestData.getUser(usr);
        policyMgr.updateUserPolicy(user.getUserId(), PolicyTestData.getName(plcy));
        try {
            int min = PolicyTestData.getMinLength(plcy);
            LOG.debug("testMinLength min=" + min + " len pw=" + user.getPassword().length());
            String newPassword = new String(user.getPassword()).substring(0, min - 1);
            adminMgr.changePassword(user, newPassword);
            fail(CLS_NM + ".minLength name [" + PolicyTestData.getName(plcy) + "] user [" + UserTestData.getUserId(usr) + "] failed length test");
        } catch (SecurityException ex) {
            assertTrue(CLS_NM + ".minLength invalid error message userId [" + UserTestData.getUserId(usr) + "]", ex.getErrorId() == GlobalErrIds.PSWD_CONST_VIOLATION);
        // still good
        }
    } catch (SecurityException ex) {
        LOG.error("minLength caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 82 with AdminMgr

use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.

the class PswdPolicyMgrImplTest method inHistory.

/**
 * PT3
 * 5.2.4  pwdInHistory
 * <p>
 * This attribute specifies the maximum number of used passwords stored
 * in the pwdHistory attribute.
 * <p>
 * If this attribute is not present, or if the value is 0, used
 * passwords are not stored in the pwdHistory attribute and thus may be
 * reused.
 *
 * @param msg
 * @param usr
 * @param plcy
 */
public void inHistory(String msg, String[] usr, String[] plcy) {
    LogUtil.logIt(msg);
    try {
        PwPolicyMgr policyMgr = getManagedPswdMgr();
        AdminMgr adminMgr = AdminMgrImplTest.getManagedAdminMgr();
        User user = UserTestData.getUser(usr);
        policyMgr.updateUserPolicy(user.getUserId(), PolicyTestData.getName(plcy));
        int numHistory = PolicyTestData.getInHistory(plcy);
        for (int i = 0; i < numHistory + 1; i++) {
            String newPassword = UserTestData.getPassword(usr) + Integer.toString(i);
            LOG.debug("inHistory change pw=" + user.getPassword());
            adminMgr.changePassword(user, newPassword);
            user.setPassword(newPassword);
            try {
                LOG.debug("inHistory change pw2=" + user.getPassword());
                adminMgr.changePassword(user, newPassword);
            } catch (SecurityException ex) {
                assertTrue(CLS_NM + ".inHistory invalid error message userId [" + user.getUserId() + "]", ex.getErrorId() == GlobalErrIds.PSWD_CONST_VIOLATION);
            // still good
            }
        }
        try {
            // now try to change back to original password, this should pass
            adminMgr.changePassword(user, UserTestData.getPassword(usr));
        } catch (SecurityException ex) {
            String error = "inHistory caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage();
            LOG.error(error);
            fail(error);
        }
    } catch (SecurityException ex) {
        LOG.error("inHistory caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 83 with AdminMgr

use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.

the class PswdPolicyMgrImplTest method maxAge.

/**
 * PT2
 * 5.2.3  pwdMaxAge
 * <p>
 * This attribute holds the number of seconds after which a modified
 * password will expire.
 * <p>
 * If this attribute is not present, or if the value is 0 the password
 * does not expire.  If not 0, the value must be greater than or equal
 * to the value of the pwdMinAge.*
 *
 * @param msg
 * @param oldusr
 * @param newusr
 * @param plcy
 */
public void maxAge(String msg, String[] oldusr, String[] newusr, String[] plcy) {
    LogUtil.logIt(msg);
    try {
        AdminMgr adminMgr = AdminMgrImplTest.getManagedAdminMgr();
        AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
        User oldUser = UserTestData.getUser(oldusr);
        User newUser = UserTestData.getUser(newusr);
        oldUser.setPwPolicy(PolicyTestData.getName(plcy));
        adminMgr.updateUser(oldUser);
        String newPassword = newUser.getPassword();
        adminMgr.changePassword(oldUser, newPassword);
        oldUser.setPassword(newPassword);
        for (int i = 0; i < 3; i++) {
            TestUtils.sleep(PolicyTestData.getMaxAge(plcy));
            TestUtils.sleep(1);
            try {
                accessMgr.createSession(oldUser, false);
                fail(CLS_NM + ".maxAge name [" + PolicyTestData.getName(plcy) + "] user [" + UserTestData.getUserId(oldusr) + "] failed age test");
            } catch (SecurityException ex) {
                assertTrue(CLS_NM + ".maxAge invalid error message userId [" + UserTestData.getUserId(oldusr) + "]", ex.getErrorId() == GlobalErrIds.USER_PW_EXPIRED);
            // still good
            }
            newPassword = "changedabc";
            oldUser = new User(oldUser.getUserId());
            oldUser.setPassword(newPassword);
            // since this password is now expired we have to call update rather than changePassword:
            adminMgr.updateUser(oldUser);
            accessMgr.createSession(oldUser, false);
        }
    } catch (SecurityException ex) {
        LOG.error("maxAge caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 84 with AdminMgr

use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.

the class PswdPolicyMgrImplTest method expireWarning.

/**
 * PT5
 * 5.2.7  pwdExpireWarning
 * <p>
 * This attribute specifies the maximum number of seconds before a
 * password is due to expire that expiration warning messages will be
 * returned to an authenticating user.
 * <p>
 * If this attribute is not present, or if the value is 0 no warnings
 * will be returned.  If not 0, the value must be smaller than the value
 * of the pwdMaxAge attribute.
 *
 * @param msg
 * @param usr
 * @param plcy
 */
public void expireWarning(String msg, String[] usr, String[] plcy) {
    LogUtil.logIt(msg);
    try {
        AdminMgr adminMgr = AdminMgrImplTest.getManagedAdminMgr();
        AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
        User user = UserTestData.getUser(usr);
        long expireSecs = PolicyTestData.getExpireWarning(plcy);
        long maxSecs = PolicyTestData.getMaxAge(plcy);
        long elapsedWait = maxSecs - expireSecs;
        String newPassword = UserTestData.getPassword(usr) + "a";
        user.setPassword(newPassword);
        user.setPwPolicy(PolicyTestData.getName(plcy));
        // because the password max age is so short, need to set new password, otherwise it will have already expired:
        adminMgr.updateUser(user);
        // now do the password change to start the clock ticking:
        newPassword = UserTestData.getPassword(usr) + "b";
        adminMgr.changePassword(user, newPassword);
        user.setPassword(newPassword);
        Session s1 = accessMgr.createSession(user, false);
        assertTrue(CLS_NM + ".expireWarning invalid error message userId [" + UserTestData.getUserId(usr) + "]", s1.getExpirationSeconds() == 0);
        TestUtils.sleep(elapsedWait);
        // add one second for good measure:
        TestUtils.sleep(1);
        s1 = accessMgr.createSession(user, false);
        assertTrue(CLS_NM + ".expireWarning invalid error message 2 userId [" + UserTestData.getUserId(usr) + "]", (0 < s1.getExpirationSeconds()) && (s1.getExpirationSeconds() < maxSecs));
        TestUtils.sleep(elapsedWait);
        try {
            accessMgr.createSession(user, false);
            fail(CLS_NM + ".expireWarning name [" + PolicyTestData.getName(plcy) + "] user [" + UserTestData.getUserId(usr) + "] failed expired pw test");
        } catch (SecurityException ex) {
            assertTrue(CLS_NM + ".expireWarning invalid error message 3 userId [" + UserTestData.getUserId(usr) + "]", ex.getErrorId() == GlobalErrIds.USER_PW_EXPIRED);
        // still good
        }
    } catch (SecurityException ex) {
        LOG.error("expireWarning caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 85 with AdminMgr

use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.

the class PswdPolicyMgrImplTest method allowUserChange.

/**
 * PT12
 * This attribute indicates whether users can change their own
 * passwords, although the change operation is still subject to access
 * control.  If this attribute is not present, a value of "TRUE" is
 * assumed.  This attribute is intended to be used in the absense of an
 * access control mechanism.
 *
 * @param msg
 * @param usr
 * @param plcy
 */
public void allowUserChange(String msg, String[] usr, String[] plcy) {
    LogUtil.logIt(msg);
    try {
        PwPolicyMgr policyMgr = getManagedPswdMgr();
        AdminMgr adminMgr = AdminMgrImplTest.getManagedAdminMgr();
        User user = UserTestData.getUser(usr);
        policyMgr.updateUserPolicy(user.getUserId(), PolicyTestData.getName(plcy));
        boolean allowChange = PolicyTestData.getAllowUserChange(plcy);
        if (!allowChange) {
            try {
                // because allowchange flag is false, this better fail:
                adminMgr.changePassword(user, "newPassword");
                fail(CLS_NM + ".allowUserChange name [" + PolicyTestData.getName(plcy) + "] user [" + UserTestData.getUserId(usr) + "] failed allow change test flag=" + allowChange);
            } catch (SecurityException ex) {
                assertTrue(CLS_NM + ".allowUserChange invalid error message userId [" + UserTestData.getUserId(usr) + "]", ex.getErrorId() == GlobalErrIds.USER_PW_MOD_NOT_ALLOWED);
                // still good
                TestUtils.sleep(1);
            }
        } else {
            // this better work:
            adminMgr.changePassword(user, "newPassword");
        }
    } catch (SecurityException ex) {
        LOG.error("allowUserChange policy [" + PolicyTestData.getName(plcy) + "] caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}