Examples with PwPolicyMgr org.apache.directory.fortress.core.PwPolicyMgr used on opensource projects

Example 6 with PwPolicyMgr

use of org.apache.directory.fortress.core.PwPolicyMgr in project directory-fortress-core by apache.

the class PswdPolicyMgrImplTest method maxFailure.

/**
 * PT7
 * 5.2.11  pwdMaxFailure
 * <p>
 * This attribute specifies the number of consecutive failed bind
 * attempts after which the password may not be used to authenticate.
 * If this attribute is not present, or if the value is 0, this policy
 * is not checked, and the value of pwdLockout will be ignored.
 *
 * @param msg
 * @param usr
 * @param plcy
 */
public void maxFailure(String msg, String[] usr, String[] plcy) {
    LogUtil.logIt(msg);
    try {
        PwPolicyMgr policyMgr = getManagedPswdMgr();
        AdminMgr adminMgr = AdminMgrImplTest.getManagedAdminMgr();
        AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
        User user = UserTestData.getUser(usr);
        policyMgr.updateUserPolicy(user.getUserId(), PolicyTestData.getName(plcy));
        int maxFailures = PolicyTestData.getMaxFailure(plcy);
        for (int i = 0; i < maxFailures; i++) {
            try {
                User badUser = new User(user.getUserId(), "wrongpw");
                accessMgr.createSession(badUser, false);
                fail(CLS_NM + ".maxFailure name [" + PolicyTestData.getName(plcy) + "] user [" + UserTestData.getUserId(usr) + "] failed max failure test=" + maxFailures + " iteration=" + i);
            } catch (SecurityException ex) {
                assertTrue(CLS_NM + ".maxFailure invalid error message userId [" + UserTestData.getUserId(usr) + "]", ex.getErrorId() == GlobalErrIds.USER_PW_INVLD);
                // still good
                TestUtils.sleep(1);
            }
        }
        try {
            // now try with valid password - better be locked out...
            accessMgr.createSession(user, false);
            fail(CLS_NM + ".maxFailure name [" + PolicyTestData.getName(plcy) + "] user [" + UserTestData.getUserId(usr) + "] failed max failure test 2");
        } catch (SecurityException ex) {
            assertTrue(CLS_NM + ".maxFailure invalid error message userId [" + UserTestData.getUserId(usr) + "]", ex.getErrorId() == GlobalErrIds.USER_PW_LOCKED);
        // still good
        }
        adminMgr.unlockUserAccount(user);
        // now try with valid password - better work this time...
        accessMgr.createSession(user, false);
    } catch (SecurityException ex) {
        LOG.error("maxFailure caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 7 with PwPolicyMgr

use of org.apache.directory.fortress.core.PwPolicyMgr in project directory-fortress-core by apache.

the class PswdPolicyMgrImplTest method safeModify.

/**
 * PT13
 * 5.2.15  pwdSafeModify
 * <p>
 * This attribute specifies whether or not the existing password must be
 * sent along with the new password when being changed.  If this
 * attribute is not present, a "FALSE" value is assumed.
 *
 * @param msg
 * @param usr
 * @param plcy
 */
public void safeModify(String msg, String[] usr, String[] plcy) {
    LogUtil.logIt(msg);
    try {
        PwPolicyMgr policyMgr = getManagedPswdMgr();
        AdminMgr adminMgr = AdminMgrImplTest.getManagedAdminMgr();
        User user = UserTestData.getUser(usr);
        policyMgr.updateUserPolicy(user.getUserId(), PolicyTestData.getName(plcy));
        boolean safeModify = PolicyTestData.getSafeModify(plcy);
        if (safeModify) {
            try {
                // because safe modify flag is true, this better fail:
                adminMgr.changePassword(user, "newPassword");
                fail(CLS_NM + ".safeModify name [" + PolicyTestData.getName(plcy) + "] user [" + UserTestData.getUserId(usr) + "] failed safe modify test flag=" + safeModify);
            } catch (SecurityException ex) {
                assertTrue(CLS_NM + ".safeModify invalid error message userId [" + UserTestData.getUserId(usr) + "]", ex.getErrorId() == GlobalErrIds.USER_PW_MOD_NOT_ALLOWED);
                // still good
                TestUtils.sleep(1);
            }
        } else {
            // this better work:
            adminMgr.changePassword(user, "newPassword");
        }
    } catch (SecurityException ex) {
        LOG.error("safeModify policy [" + PolicyTestData.getName(plcy) + "] caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 8 with PwPolicyMgr

use of org.apache.directory.fortress.core.PwPolicyMgr in project directory-fortress-core by apache.

the class PswdPolicyMgrImplTest method checkQuality.

/**
 * PT14
 * 5.2.5  pwdCheckQuality
 * <p>
 * This attribute indicates how the password quality will be verified
 * while being modified or added.  If this attribute is not present, or
 * if the value is '0', quality checking will not be enforced.  A value
 * of '1' indicates that the server will check the quality, and if the
 * server is unable to check it (due to a hashed password or other
 * reasons) it will be accepted.  A value of '2' indicates that the
 * server will check the quality, and if the server is unable to verify
 * it, it will return an error refusing the password.
 *
 * @param msg
 * @param pArray
 */
public void checkQuality(String msg, String[][] pArray) {
    LogUtil.logIt(msg);
    try {
        PwPolicyMgr policyMgr = getManagedPswdMgr();
        for (String[] plcy : pArray) {
            PwPolicy policy = PolicyTestData.getPolicy(plcy);
            policyMgr.add(policy);
            LOG.debug("checkQuality name [" + policy.getName() + "] successful");
        }
    } catch (SecurityException ex) {
        LOG.error("checkQuality caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 9 with PwPolicyMgr

use of org.apache.directory.fortress.core.PwPolicyMgr in project directory-fortress-core by apache.

the class PswdPolicyMgrImplTest method lockout.

/**
 * PT9
 * 5.2.9  pwdLockout
 * <p>
 * This attribute indicates, when its value is "TRUE", that the password
 * may not be used to authenticate after a specified number of
 * consecutive failed bind attempts.  The maximum number of consecutive
 * failed bind attempts is specified in pwdMaxFailure.
 * <p>
 * If this attribute is not present, or if the value is "FALSE", the
 * password may be used to authenticate when the number of failed bind
 * attempts has been reached.
 *
 * @param msg
 * @param usr
 * @param plcy
 */
public void lockout(String msg, String[] usr, String[] plcy) {
    LogUtil.logIt(msg);
    try {
        PwPolicyMgr policyMgr = getManagedPswdMgr();
        AdminMgr adminMgr = AdminMgrImplTest.getManagedAdminMgr();
        AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
        User user = UserTestData.getUser(usr);
        policyMgr.updateUserPolicy(user.getUserId(), PolicyTestData.getName(plcy));
        for (int i = 0; i < 3; i++) {
            // first lock it:
            adminMgr.lockUserAccount(user);
            try {
                // because account is locked, this better fail:
                accessMgr.createSession(user, false);
                fail(CLS_NM + ".lockout name [" + PolicyTestData.getName(plcy) + "] user [" + UserTestData.getUserId(usr) + "] failed lockout test iteration=" + i);
            } catch (SecurityException ex) {
                assertTrue(CLS_NM + ".lockout invalid error message userId [" + UserTestData.getUserId(usr) + "]", ex.getErrorId() == GlobalErrIds.USER_PW_LOCKED);
                // still good
                TestUtils.sleep(1);
            }
            // now unlock it:
            adminMgr.unlockUserAccount(user);
            // this better work:
            accessMgr.createSession(user, false);
        }
    } catch (SecurityException ex) {
        LOG.error("lockout caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 10 with PwPolicyMgr

use of org.apache.directory.fortress.core.PwPolicyMgr in project directory-fortress-core by apache.

the class PswdPolicyMgrImplTest method add.

/**
 * @param msg
 * @param pArray
 */
public static void add(String msg, String[][] pArray, boolean nofail) {
    LogUtil.logIt(msg);
    try {
        PwPolicyMgr policyMgr = getManagedPswdMgr();
        for (String[] plcy : pArray) {
            PwPolicy policy = PolicyTestData.getPolicy(plcy);
            policyMgr.add(policy);
            LOG.debug("add name [" + policy.getName() + "] successful");
        }
    } catch (SecurityException ex) {
        if (!nofail) {
            LOG.error("add caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
            fail(ex.getMessage());
        }
    }
}