Search in sources :

Example 1 with PasswordExpiringResponseControl

use of org.forgerock.opendj.ldap.controls.PasswordExpiringResponseControl in project OpenAM by OpenRock.

the class LDAPAuthUtils method processControls.

private List<Control> processControls(Result result) {
    if (result == null) {
        return Collections.EMPTY_LIST;
    }
    List<Control> controls = new ArrayList<Control>();
    DecodeOptions options = new DecodeOptions();
    Control c;
    try {
        c = result.getControl(PasswordExpiredResponseControl.DECODER, options);
        if (c != null) {
            controls.add(c);
        }
    } catch (DecodeException de) {
        if (debug.warningEnabled()) {
            debug.warning("unable to decode PasswordExpiredResponseControl", de);
        }
    }
    try {
        c = result.getControl(PasswordExpiringResponseControl.DECODER, options);
        if (c != null) {
            controls.add(c);
        }
    } catch (DecodeException de) {
        if (debug.warningEnabled()) {
            debug.warning("unable to decode PasswordExpiringResponseControl", de);
        }
    }
    try {
        c = result.getControl(PasswordPolicyResponseControl.DECODER, options);
        if (c != null) {
            controls.add(c);
        }
    } catch (DecodeException de) {
        if (debug.warningEnabled()) {
            debug.warning("unable to decode PasswordPolicyResponseControl", de);
        }
    }
    return controls;
}
Also used : PasswordExpiringResponseControl(org.forgerock.opendj.ldap.controls.PasswordExpiringResponseControl) PasswordExpiredResponseControl(org.forgerock.opendj.ldap.controls.PasswordExpiredResponseControl) PasswordPolicyRequestControl(org.forgerock.opendj.ldap.controls.PasswordPolicyRequestControl) Control(org.forgerock.opendj.ldap.controls.Control) PasswordPolicyResponseControl(org.forgerock.opendj.ldap.controls.PasswordPolicyResponseControl) ArrayList(java.util.ArrayList) DecodeException(org.forgerock.opendj.ldap.DecodeException) DecodeOptions(org.forgerock.opendj.ldap.DecodeOptions)

Example 2 with PasswordExpiringResponseControl

use of org.forgerock.opendj.ldap.controls.PasswordExpiringResponseControl in project OpenAM by OpenRock.

the class LDAPAuthUtils method checkControls.

/**
     * checks for  an LDAP v3 server whether the control has returned
     * if a password has expired or password is expiring and password
     * policy is enabled on the server.
     *
     * @return The PasswordPolicyResult or null if there were no controls
     */
private PasswordPolicyResult checkControls(List<Control> controls) {
    PasswordPolicyResult result = null;
    if ((controls != null) && (!controls.isEmpty())) {
        for (Control control : controls) {
            if (control instanceof PasswordExpiredResponseControl) {
                if (result == null) {
                    result = new PasswordPolicyResult(PasswordPolicyErrorType.PASSWORD_EXPIRED);
                } else {
                    result.setPasswordPolicyErrorType(PasswordPolicyErrorType.PASSWORD_EXPIRED);
                }
            }
            if (control instanceof PasswordPolicyResponseControl) {
                PasswordPolicyErrorType policyErrorType = ((PasswordPolicyResponseControl) control).getErrorType();
                if (policyErrorType != null) {
                    switch(policyErrorType) {
                        case ACCOUNT_LOCKED:
                            if (result == null) {
                                result = new PasswordPolicyResult(PasswordPolicyErrorType.ACCOUNT_LOCKED);
                            } else {
                                result.setPasswordPolicyErrorType(PasswordPolicyErrorType.ACCOUNT_LOCKED);
                            }
                            break;
                        case CHANGE_AFTER_RESET:
                            if (result == null) {
                                result = new PasswordPolicyResult(PasswordPolicyErrorType.CHANGE_AFTER_RESET);
                            } else {
                                result.setPasswordPolicyErrorType(PasswordPolicyErrorType.CHANGE_AFTER_RESET);
                            }
                            break;
                        case INSUFFICIENT_PASSWORD_QUALITY:
                            if (result == null) {
                                result = new PasswordPolicyResult(PasswordPolicyErrorType.INSUFFICIENT_PASSWORD_QUALITY);
                            } else {
                                result.setPasswordPolicyErrorType(PasswordPolicyErrorType.INSUFFICIENT_PASSWORD_QUALITY);
                            }
                            break;
                        case MUST_SUPPLY_OLD_PASSWORD:
                            if (result == null) {
                                result = new PasswordPolicyResult(PasswordPolicyErrorType.MUST_SUPPLY_OLD_PASSWORD);
                            } else {
                                result.setPasswordPolicyErrorType(PasswordPolicyErrorType.MUST_SUPPLY_OLD_PASSWORD);
                            }
                            break;
                        case PASSWORD_EXPIRED:
                            if (result == null) {
                                result = new PasswordPolicyResult(PasswordPolicyErrorType.PASSWORD_EXPIRED);
                            } else {
                                result.setPasswordPolicyErrorType(PasswordPolicyErrorType.PASSWORD_EXPIRED);
                            }
                            break;
                        case PASSWORD_IN_HISTORY:
                            if (result == null) {
                                result = new PasswordPolicyResult(PasswordPolicyErrorType.PASSWORD_IN_HISTORY);
                            } else {
                                result.setPasswordPolicyErrorType(PasswordPolicyErrorType.PASSWORD_IN_HISTORY);
                            }
                            break;
                        case PASSWORD_MOD_NOT_ALLOWED:
                            if (result == null) {
                                result = new PasswordPolicyResult(PasswordPolicyErrorType.PASSWORD_MOD_NOT_ALLOWED);
                            } else {
                                result.setPasswordPolicyErrorType(PasswordPolicyErrorType.PASSWORD_MOD_NOT_ALLOWED);
                            }
                            break;
                        case PASSWORD_TOO_SHORT:
                            if (result == null) {
                                result = new PasswordPolicyResult(PasswordPolicyErrorType.PASSWORD_TOO_SHORT);
                            } else {
                                result.setPasswordPolicyErrorType(PasswordPolicyErrorType.PASSWORD_TOO_SHORT);
                            }
                            break;
                        case PASSWORD_TOO_YOUNG:
                            if (result == null) {
                                result = new PasswordPolicyResult(PasswordPolicyErrorType.PASSWORD_TOO_YOUNG);
                            } else {
                                result.setPasswordPolicyErrorType(PasswordPolicyErrorType.PASSWORD_TOO_YOUNG);
                            }
                            break;
                    }
                }
                PasswordPolicyWarningType policyWarningType = ((PasswordPolicyResponseControl) control).getWarningType();
                if (policyWarningType != null) {
                    switch(policyWarningType) {
                        case GRACE_LOGINS_REMAINING:
                            if (result == null) {
                                result = new PasswordPolicyResult(PasswordPolicyWarningType.GRACE_LOGINS_REMAINING, ((PasswordPolicyResponseControl) control).getWarningValue());
                            } else {
                                result.setPasswordPolicyWarningType(PasswordPolicyWarningType.GRACE_LOGINS_REMAINING, ((PasswordPolicyResponseControl) control).getWarningValue());
                            }
                            break;
                        case TIME_BEFORE_EXPIRATION:
                            if (result == null) {
                                result = new PasswordPolicyResult(PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION, ((PasswordPolicyResponseControl) control).getWarningValue());
                            } else {
                                result.setPasswordPolicyWarningType(PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION, ((PasswordPolicyResponseControl) control).getWarningValue());
                            }
                            break;
                    }
                }
            }
            if (control instanceof PasswordExpiringResponseControl) {
                PasswordExpiringResponseControl expiringControl = (PasswordExpiringResponseControl) control;
                if (control.hasValue()) {
                    if (result == null) {
                        result = new PasswordPolicyResult(PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION, expiringControl.getSecondsUntilExpiration());
                    } else {
                        result.setPasswordPolicyWarningType(PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION, expiringControl.getSecondsUntilExpiration());
                    }
                } else {
                    if (result == null) {
                        result = new PasswordPolicyResult(PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION, NO_EXPIRY_TIME);
                    } else {
                        result.setPasswordPolicyWarningType(PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION, NO_EXPIRY_TIME);
                    }
                }
            }
        }
    }
    return result;
}
Also used : PasswordExpiredResponseControl(org.forgerock.opendj.ldap.controls.PasswordExpiredResponseControl) PasswordPolicyWarningType(org.forgerock.opendj.ldap.controls.PasswordPolicyWarningType) PasswordExpiringResponseControl(org.forgerock.opendj.ldap.controls.PasswordExpiringResponseControl) PasswordExpiringResponseControl(org.forgerock.opendj.ldap.controls.PasswordExpiringResponseControl) PasswordExpiredResponseControl(org.forgerock.opendj.ldap.controls.PasswordExpiredResponseControl) PasswordPolicyRequestControl(org.forgerock.opendj.ldap.controls.PasswordPolicyRequestControl) Control(org.forgerock.opendj.ldap.controls.Control) PasswordPolicyResponseControl(org.forgerock.opendj.ldap.controls.PasswordPolicyResponseControl) PasswordPolicyErrorType(org.forgerock.opendj.ldap.controls.PasswordPolicyErrorType) PasswordPolicyResponseControl(org.forgerock.opendj.ldap.controls.PasswordPolicyResponseControl)

Aggregations

Control (org.forgerock.opendj.ldap.controls.Control)2 PasswordExpiredResponseControl (org.forgerock.opendj.ldap.controls.PasswordExpiredResponseControl)2 PasswordExpiringResponseControl (org.forgerock.opendj.ldap.controls.PasswordExpiringResponseControl)2 PasswordPolicyRequestControl (org.forgerock.opendj.ldap.controls.PasswordPolicyRequestControl)2 PasswordPolicyResponseControl (org.forgerock.opendj.ldap.controls.PasswordPolicyResponseControl)2 ArrayList (java.util.ArrayList)1 DecodeException (org.forgerock.opendj.ldap.DecodeException)1 DecodeOptions (org.forgerock.opendj.ldap.DecodeOptions)1 PasswordPolicyErrorType (org.forgerock.opendj.ldap.controls.PasswordPolicyErrorType)1 PasswordPolicyWarningType (org.forgerock.opendj.ldap.controls.PasswordPolicyWarningType)1