Example 1 with ModuleState
use of org.forgerock.openam.ldap.ModuleState in project OpenAM by OpenRock.
the class LDAP method process.
public int process(Callback[] callbacks, int state) throws AuthLoginException {
currentState = state;
ModuleState newState;
LoginScreen loginScreen = LoginScreen.get(state);
try {
if (loginScreen.equals(LoginScreen.LOGIN_START)) {
if (callbacks == null || callbacks.length == 0) {
userName = (String) sharedState.get(getUserKey());
userPassword = (String) sharedState.get(getPwdKey());
if (userName == null || userPassword == null) {
return LoginScreen.LOGIN_START.intValue();
}
getCredentialsFromSharedState = true;
} else {
//callbacks is not null
userName = ((NameCallback) callbacks[0]).getName();
userPassword = charToString(((PasswordCallback) callbacks[1]).getPassword(), callbacks[1]);
}
if (userPassword == null || userPassword.length() == 0) {
if (debug.messageEnabled()) {
debug.message("LDAP.process: Password is null/empty");
}
throw new InvalidPasswordException("amAuth", "invalidPasswd", null);
}
//store username password both in success and failure case
storeUsernamePasswd(userName, userPassword);
if (initializeLDAP()) {
//validate username
validateUserName(userName, regEx);
ldapUtil.authenticateUser(userName, userPassword);
newState = ldapUtil.getState();
} else {
newState = ModuleState.SERVER_DOWN;
}
boolean passwordValidationSuccessFlag = true;
// information entered is correct
if (newState == ModuleState.SUCCESS) {
try {
validatePassword(userPassword);
} catch (UserNamePasswordValidationException upve) {
if (debug.messageEnabled()) {
debug.message("Password does not satisfy " + "password policy rules specified" + " in OpenAM");
}
isReset = true;
String invalidMsg = bundle.getString("PasswordInvalid");
replaceHeader(LoginScreen.PASSWORD_CHANGE.intValue(), invalidMsg);
currentState = LoginScreen.PASSWORD_CHANGE.intValue();
passwordValidationSuccessFlag = false;
}
}
if (passwordValidationSuccessFlag) {
processLoginScreen(newState);
}
return currentState;
} else if (loginScreen.equals(LoginScreen.PASSWORD_CHANGE)) {
if (debug.messageEnabled()) {
debug.message("you are in Password Screen:" + currentState);
}
// callbacks[3] is a user selected button index
// PwdAction == 0 is a Submit button
int pwdAction = ((ConfirmationCallback) callbacks[3]).getSelectedIndex();
if (pwdAction == 0) {
String oldPassword = charToString(((PasswordCallback) callbacks[0]).getPassword(), callbacks[0]);
String newPassword = charToString(((PasswordCallback) callbacks[1]).getPassword(), callbacks[1]);
String confirmPassword = charToString(((PasswordCallback) callbacks[2]).getPassword(), callbacks[2]);
try {
validatePassword(newPassword);
// check minimal password length requirement
int newPasswordLength = 0;
if (newPassword != null) {
newPasswordLength = newPassword.length();
}
if (newPasswordLength < requiredPasswordLength) {
if (debug.messageEnabled()) {
debug.message("LDAP.process: new password less" + " than the minimal length of " + requiredPasswordLength);
}
newState = ModuleState.PASSWORD_MIN_CHARACTERS;
// add log
getLoginState("LDAP").logFailed(newState.name(), "CHANGE_USER_PASSWORD_FAILED", false, null);
} else {
ldapUtil.changePassword(oldPassword, newPassword, confirmPassword);
newState = ldapUtil.getState();
if (newState == ModuleState.PASSWORD_UPDATED_SUCCESSFULLY) {
// log change password success
getLoginState("LDAP").logSuccess("changePasswdSucceeded", "CHANGE_USER_PASSWORD_SUCCEEDED");
} else {
// add log
getLoginState("LDAP").logFailed(newState.name(), "CHANGE_USER_PASSWORD_FAILED", false, null);
}
}
processPasswordScreen(newState);
if (debug.messageEnabled()) {
debug.message("Password change state :" + newState);
}
} catch (UserNamePasswordValidationException upve) {
if (debug.messageEnabled()) {
debug.message("Password could not be validated, " + "need a different password");
}
String invalidMsg = bundle.getString("NewPasswordInvalid");
replaceHeader(LoginScreen.PASSWORD_CHANGE.intValue(), invalidMsg);
currentState = LoginScreen.PASSWORD_CHANGE.intValue();
}
return currentState;
} else {
if (isReset) {
isReset = false;
return LoginScreen.LOGIN_START.intValue();
}
validatedUserID = ldapUtil.getUserId();
return ISAuthConstants.LOGIN_SUCCEED;
}
} else {
setFailureID(ldapUtil.getUserId(userName));
throw new AuthLoginException(AM_AUTH, "LDAPex", null);
}
} catch (LDAPUtilException ex) {
if (getCredentialsFromSharedState && !isUseFirstPassEnabled()) {
getCredentialsFromSharedState = false;
return LoginScreen.LOGIN_START.intValue();
}
setFailureID((ldapUtil != null) ? ldapUtil.getUserId(userName) : userName);
if (ex.getResultCode().equals(ResultCode.NO_SUCH_OBJECT)) {
if (debug.messageEnabled()) {
debug.message("The specified user does not exist.");
}
throw new AuthLoginException(AM_AUTH, "NoUser", null);
} else if (ex.getResultCode().equals(ResultCode.INVALID_CREDENTIALS)) {
if (debug.messageEnabled()) {
debug.message("Invalid password.");
}
String failureUserID = ldapUtil.getUserId();
throw new InvalidPasswordException(AM_AUTH, "InvalidUP", null, failureUserID, null);
} else if (ex.getResultCode().equals(ResultCode.UNWILLING_TO_PERFORM)) {
if (debug.messageEnabled()) {
debug.message("Unwilling to perform. Account inactivated.");
}
currentState = LoginScreen.USER_INACTIVE.intValue();
return currentState;
} else if (ex.getResultCode().equals(ResultCode.INAPPROPRIATE_AUTHENTICATION)) {
if (debug.messageEnabled()) {
debug.message("Inappropriate authentication.");
}
throw new AuthLoginException(AM_AUTH, "InappAuth", null);
} else if (ex.getResultCode().equals(ResultCode.CONSTRAINT_VIOLATION)) {
if (debug.messageEnabled()) {
debug.message("Exceed password retry limit.");
}
throw new AuthLoginException(amAuthLDAP, ISAuthConstants.EXCEED_RETRY_LIMIT, null);
} else {
throw new AuthLoginException(AM_AUTH, "LDAPex", null);
}
} catch (UserNamePasswordValidationException upve) {
// Note: Do not set failure Id for this exception
if (debug.messageEnabled()) {
debug.message("Invalid Characters detected");
}
throw new AuthLoginException(upve);
}
}
Also used :
UserNamePasswordValidationException(com.sun.identity.authentication.spi.UserNamePasswordValidationException)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
InvalidPasswordException(com.sun.identity.authentication.spi.InvalidPasswordException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
LDAPUtilException(org.forgerock.openam.ldap.LDAPUtilException)
ModuleState(org.forgerock.openam.ldap.ModuleState)
Aggregations
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)1
InvalidPasswordException (com.sun.identity.authentication.spi.InvalidPasswordException)1
UserNamePasswordValidationException (com.sun.identity.authentication.spi.UserNamePasswordValidationException)1
PasswordCallback (javax.security.auth.callback.PasswordCallback)1
LDAPUtilException (org.forgerock.openam.ldap.LDAPUtilException)1
ModuleState (org.forgerock.openam.ldap.ModuleState)1
