Examples with PwPolicyMgr org.apache.directory.fortress.core.PwPolicyMgr used on opensource projects

Example 11 with PwPolicyMgr

use of org.apache.directory.fortress.core.PwPolicyMgr in project directory-fortress-core by apache.

the class PswdPolicyMgrImplTest method lockoutDuration.

/**
 * PT8
 * 5.2.10  pwdLockoutDuration
 * <p>
 * This attribute holds the number of seconds that the password cannot
 * be used to authenticate due to too many failed bind attempts.  If
 * this attribute is not present, or if the value is 0 the password
 * cannot be used to authenticate until reset by a password
 * administrator.
 *
 * @param msg
 * @param usr
 * @param plcy
 */
public void lockoutDuration(String msg, String[] usr, String[] plcy) {
    LogUtil.logIt(msg);
    try {
        PwPolicyMgr policyMgr = getManagedPswdMgr();
        AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
        User user = UserTestData.getUser(usr);
        policyMgr.updateUserPolicy(user.getUserId(), PolicyTestData.getName(plcy));
        int maxFailures = PolicyTestData.getMaxFailure(plcy);
        int lockoutDuration = PolicyTestData.getLockoutDuration(plcy);
        for (int i = 0; i < maxFailures; i++) {
            try {
                User badUser = new User(user.getUserId(), "wrongpw");
                accessMgr.createSession(badUser, false);
                fail(CLS_NM + ".lockoutDuration name [" + PolicyTestData.getName(plcy) + "] user [" + UserTestData.getUserId(usr) + "] failed lockout duration test=" + maxFailures + " iteration=" + i);
            } catch (SecurityException ex) {
                assertTrue(CLS_NM + ".lockoutDuration invalid error message userId [" + UserTestData.getUserId(usr) + "]", ex.getErrorId() == GlobalErrIds.USER_PW_INVLD);
                // still good
                TestUtils.sleep(1);
            }
        }
        try {
            // now try with valid password - better be locked out...
            accessMgr.createSession(user, false);
            fail(CLS_NM + ".lockoutDuration name [" + PolicyTestData.getName(plcy) + "] user [" + UserTestData.getUserId(usr) + "] failed lockout duration test 2");
        } catch (SecurityException ex) {
            assertTrue(CLS_NM + ".lockoutDuration invalid error message userId [" + UserTestData.getUserId(usr) + "]", ex.getErrorId() == GlobalErrIds.USER_PW_LOCKED);
        // still good
        }
        // now sleep for lockout duration - password should unlock automatically:
        TestUtils.sleep(lockoutDuration);
        // sleep one more second for good measure.
        TestUtils.sleep(1);
        // now try with valid password - better work this time...
        accessMgr.createSession(user, false);
    } catch (SecurityException ex) {
        LOG.error("lockoutDuration caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 12 with PwPolicyMgr

use of org.apache.directory.fortress.core.PwPolicyMgr in project directory-fortress-core by apache.

the class PswdPolicyMgrImplTest method updatePasswordPolicy.

/**
 * @param msg
 * @param uArray
 * @param pArray
 */
public void updatePasswordPolicy(String msg, String[][] uArray, String[][] pArray) {
    LogUtil.logIt(msg);
    try {
        PwPolicyMgr policyMgr = getManagedPswdMgr();
        int i = 0;
        for (String[] plcy : pArray) {
            policyMgr.updateUserPolicy(UserTestData.getUserId(uArray[i++]), PolicyTestData.getName(plcy));
        }
    } catch (SecurityException ex) {
        LOG.error("updateUserPolicy caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 13 with PwPolicyMgr

use of org.apache.directory.fortress.core.PwPolicyMgr in project directory-fortress-core by apache.

the class PswdPolicyMgrImplTest method minLength.

/**
 * PT4
 * 5.2.6  pwdMinLength
 * <p>
 * When quality checking is enabled, this attribute holds the minimum
 * number of characters that must be used in a password.  If this
 * attribute is not present, no minimum password length will be
 * enforced.  If the server is unable to check the length (due to a
 * hashed password or otherwise), the server will, depending on the
 * value of the pwdCheckQuality attribute, either accept the password
 * without checking it ('0' or '1') or refuse it ('2').
 *
 * @param msg
 * @param usr
 * @param plcy
 */
public void minLength(String msg, String[] usr, String[] plcy) {
    LogUtil.logIt(msg);
    try {
        PwPolicyMgr policyMgr = getManagedPswdMgr();
        AdminMgr adminMgr = AdminMgrImplTest.getManagedAdminMgr();
        User user = UserTestData.getUser(usr);
        policyMgr.updateUserPolicy(user.getUserId(), PolicyTestData.getName(plcy));
        try {
            int min = PolicyTestData.getMinLength(plcy);
            LOG.debug("testMinLength min=" + min + " len pw=" + user.getPassword().length());
            String newPassword = new String(user.getPassword()).substring(0, min - 1);
            adminMgr.changePassword(user, newPassword);
            fail(CLS_NM + ".minLength name [" + PolicyTestData.getName(plcy) + "] user [" + UserTestData.getUserId(usr) + "] failed length test");
        } catch (SecurityException ex) {
            assertTrue(CLS_NM + ".minLength invalid error message userId [" + UserTestData.getUserId(usr) + "]", ex.getErrorId() == GlobalErrIds.PSWD_CONST_VIOLATION);
        // still good
        }
    } catch (SecurityException ex) {
        LOG.error("minLength caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 14 with PwPolicyMgr

use of org.apache.directory.fortress.core.PwPolicyMgr in project directory-fortress-core by apache.

the class PswdPolicyMgrImplTest method inHistory.

/**
 * PT3
 * 5.2.4  pwdInHistory
 * <p>
 * This attribute specifies the maximum number of used passwords stored
 * in the pwdHistory attribute.
 * <p>
 * If this attribute is not present, or if the value is 0, used
 * passwords are not stored in the pwdHistory attribute and thus may be
 * reused.
 *
 * @param msg
 * @param usr
 * @param plcy
 */
public void inHistory(String msg, String[] usr, String[] plcy) {
    LogUtil.logIt(msg);
    try {
        PwPolicyMgr policyMgr = getManagedPswdMgr();
        AdminMgr adminMgr = AdminMgrImplTest.getManagedAdminMgr();
        User user = UserTestData.getUser(usr);
        policyMgr.updateUserPolicy(user.getUserId(), PolicyTestData.getName(plcy));
        int numHistory = PolicyTestData.getInHistory(plcy);
        for (int i = 0; i < numHistory + 1; i++) {
            String newPassword = UserTestData.getPassword(usr) + Integer.toString(i);
            LOG.debug("inHistory change pw=" + user.getPassword());
            adminMgr.changePassword(user, newPassword);
            user.setPassword(newPassword);
            try {
                LOG.debug("inHistory change pw2=" + user.getPassword());
                adminMgr.changePassword(user, newPassword);
            } catch (SecurityException ex) {
                assertTrue(CLS_NM + ".inHistory invalid error message userId [" + user.getUserId() + "]", ex.getErrorId() == GlobalErrIds.PSWD_CONST_VIOLATION);
            // still good
            }
        }
        try {
            // now try to change back to original password, this should pass
            adminMgr.changePassword(user, UserTestData.getPassword(usr));
        } catch (SecurityException ex) {
            String error = "inHistory caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage();
            LOG.error(error);
            fail(error);
        }
    } catch (SecurityException ex) {
        LOG.error("inHistory caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 15 with PwPolicyMgr

use of org.apache.directory.fortress.core.PwPolicyMgr in project directory-fortress-core by apache.

the class PswdPolicyMgrImplTest method read.

/**
 * @param msg
 * @param pArray
 */
public void read(String msg, String[][] pArray) {
    LogUtil.logIt(msg);
    try {
        PwPolicyMgr policyMgr = PwPolicyMgrFactory.createInstance(TestUtils.getContext());
        for (String[] plcy : pArray) {
            PwPolicy entity = policyMgr.read(PolicyTestData.getName(plcy));
            PolicyTestData.assertEquals(entity, plcy);
        }
    } catch (SecurityException ex) {
        LOG.error("read caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}