Skip to content
Permalink
Browse files
FC-238 - Migrate to LDAP API 2.0
  • Loading branch information
shawnmckinney committed Jun 22, 2021
1 parent d168a3c commit 3c1ac81d77138e9a963d1a07bdc59b6d5e308e7e
Show file tree
Hide file tree
Showing 29 changed files with 127 additions and 52 deletions.
28 pom.xml
@@ -212,6 +212,19 @@
<version>${version.javax.ws.rs-api}</version>
</dependency>

<dependency>
<groupId>org.apache.directory.api</groupId>
<artifactId>api-all</artifactId>
<version>2.0.2</version>
</dependency>

<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-collections4</artifactId>
<version>4.4</version>
</dependency>

<!--
<dependency>
<groupId>org.apache.directory.api</groupId>
<artifactId>api-all</artifactId>
@@ -222,13 +235,14 @@
<groupId>xml-apis</groupId>
<artifactId>xml-apis</artifactId>
</exclusion>
<!-- CVE-2018-1000632 -->
&lt;!&ndash; CVE-2018-1000632 &ndash;&gt;
<exclusion>
<groupId>org.apache.servicemix.bundles</groupId>
<artifactId>org.apache.servicemix.bundles.dom4j</artifactId>
</exclusion>
</exclusions>
</dependency>
-->

<dependency>
<groupId>org.apache.ant</groupId>
@@ -493,6 +507,18 @@
<version>${version.log4j}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-collections4</artifactId>
<version>4.4</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
<version>3.2.2</version>
<scope>compile</scope>
</dependency>

</dependencies>

@@ -26,7 +26,7 @@
import java.util.Properties;
import java.util.StringTokenizer;

import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.directory.fortress.core.AdminMgr;
import org.apache.directory.fortress.core.AdminMgrFactory;
@@ -31,7 +31,7 @@
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.directory.fortress.core.*;
@@ -23,7 +23,7 @@
import java.util.ArrayList;
import java.util.List;

import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.message.ResultCodeEnum;
@@ -24,7 +24,7 @@
import java.util.List;
import java.util.Set;

import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.directory.fortress.annotation.AdminPermissionOperation;
import org.apache.directory.fortress.core.AccessMgr;
import org.apache.directory.fortress.core.GlobalErrIds;
@@ -25,7 +25,7 @@
import java.util.Properties;
import java.util.Set;

import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.directory.fortress.annotation.AdminPermissionOperation;
import org.apache.directory.fortress.core.AdminMgr;
import org.apache.directory.fortress.core.FinderException;
@@ -23,7 +23,7 @@
import java.util.ArrayList;
import java.util.List;

import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.directory.api.ldap.model.constants.SchemaConstants;
import org.apache.directory.api.ldap.model.cursor.CursorException;
@@ -23,7 +23,7 @@
import java.util.List;
import java.util.Set;

import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.directory.fortress.core.FinderException;
import org.apache.directory.fortress.core.GlobalErrIds;
@@ -24,7 +24,7 @@
import java.util.Set;
import java.util.TreeSet;

import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.directory.fortress.core.GlobalIds;
import org.apache.directory.fortress.core.SecurityException;
@@ -24,7 +24,7 @@
import java.util.Set;
import java.util.TreeSet;

import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.directory.fortress.annotation.AdminPermissionOperation;
import org.apache.directory.fortress.core.DelAccessMgr;
import org.apache.directory.fortress.core.GlobalErrIds;
@@ -23,7 +23,7 @@
import java.util.List;
import java.util.Set;

import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.directory.fortress.annotation.AdminPermissionOperation;
import org.apache.directory.fortress.core.AdminMgr;
import org.apache.directory.fortress.core.AdminMgrFactory;
@@ -23,7 +23,7 @@
import java.util.ArrayList;
import java.util.List;

import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.directory.fortress.annotation.AdminPermissionOperation;
import org.apache.directory.fortress.core.GlobalErrIds;
import org.apache.directory.fortress.core.GroupMgr;
@@ -23,7 +23,7 @@
import java.util.ArrayList;
import java.util.List;

import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.directory.api.util.Strings;
import org.apache.directory.fortress.core.GlobalErrIds;
import org.apache.directory.fortress.core.GlobalIds;
@@ -28,7 +28,7 @@
import java.util.TreeSet;
import java.util.concurrent.locks.ReadWriteLock;

import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.directory.fortress.core.model.Graphable;
import org.apache.directory.fortress.core.model.Hier;
import org.apache.directory.fortress.core.model.Relationship;
@@ -26,7 +26,7 @@
import java.util.List;
import java.util.Set;

import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.directory.api.ldap.model.constants.SchemaConstants;
import org.apache.directory.api.ldap.model.cursor.CursorException;
@@ -23,7 +23,7 @@
import java.util.List;
import java.util.Set;

import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.directory.fortress.core.FinderException;
import org.apache.directory.fortress.core.GlobalErrIds;
@@ -24,7 +24,7 @@
import java.util.Set;
import java.util.TreeSet;

import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.directory.fortress.core.GlobalIds;
import org.apache.directory.fortress.core.SecurityException;
@@ -27,7 +27,7 @@
import java.util.Map;
import java.util.Set;

import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.directory.fortress.annotation.AdminPermissionOperation;
import org.apache.directory.fortress.core.GlobalErrIds;
import org.apache.directory.fortress.core.ReviewMgr;
@@ -23,7 +23,7 @@
import java.util.ArrayList;
import java.util.List;

import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.directory.api.ldap.model.constants.SchemaConstants;
import org.apache.directory.api.ldap.model.cursor.CursorException;
@@ -22,7 +22,7 @@

import java.util.List;

import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.directory.fortress.core.FinderException;
import org.apache.directory.fortress.core.GlobalErrIds;
@@ -24,7 +24,7 @@
import java.util.Set;
import java.util.TreeSet;

import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.directory.fortress.core.GlobalIds;
import org.apache.directory.fortress.core.SecurityException;
@@ -28,7 +28,7 @@
import net.sf.ehcache.search.Result;
import net.sf.ehcache.search.Results;

import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.directory.api.ldap.model.constants.SchemaConstants;
import org.apache.directory.fortress.core.*;
@@ -25,7 +25,7 @@
import java.util.List;
import java.util.Set;

import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.directory.api.ldap.model.constants.SchemaConstants;
import org.apache.directory.api.ldap.model.cursor.CursorException;
@@ -27,10 +27,11 @@
import java.util.Set;
import java.util.TreeMap;

import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicy;
import org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicyResponse;
//import org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicy;
import org.apache.directory.api.ldap.model.constants.SchemaConstants;
import org.apache.directory.api.ldap.model.cursor.CursorException;
import org.apache.directory.api.ldap.model.cursor.SearchCursor;
@@ -50,6 +51,7 @@
import org.apache.directory.api.ldap.model.exception.LdapNoSuchAttributeException;
import org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException;
import org.apache.directory.api.ldap.model.message.BindResponse;
import org.apache.directory.api.ldap.model.message.Control;
import org.apache.directory.api.ldap.model.message.ResultCodeEnum;
import org.apache.directory.api.ldap.model.message.SearchScope;
import org.apache.directory.fortress.core.CfgException;
@@ -71,6 +73,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import static org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicyErrorEnum.*;
import static org.apache.directory.fortress.core.impl.RoleDAO.IS_RFC2307;


@@ -834,13 +837,16 @@ Session checkPassword( User user ) throws FinderException, PasswordException
session.setErrorId( GlobalErrIds.USER_PW_INVLD );
}

PasswordPolicy respCtrl = getPwdRespCtrl( bindResponse );
//PasswordPolicy respCtrl = getPwdRespCtrl( bindResponse );
/*
PasswordPolicyResponse respCtrl = getPwdRespCtrl( bindResponse );
if ( respCtrl != null )
{
// check IETF password policies here
checkPwPolicies( session, respCtrl );
}
*/

if ( session.getErrorId() == 0 )
{
@@ -871,36 +877,38 @@ Session checkPassword( User user ) throws FinderException, PasswordException
}


private void checkPwPolicies( PwMessage pwMsg, PasswordPolicy respCtrl )
private void checkPwPolicies( PwMessage pwMsg, PasswordPolicyResponse respCtrl )
{
int rc = 0;
boolean result = false;
String msgHdr = "checkPwPolicies for userId [" + pwMsg.getUserId() + "] ";
if ( respCtrl != null )
{
// LDAP has notified of password violation:
if ( respCtrl.hasResponse() )
// if ( respCtrl.hasResponse() )
if ( true )
{
String errMsg = null;
if ( respCtrl.getResponse() != null )
/* if ( respCtrl.getResponse() != null )*/
if ( true )
{
if ( respCtrl.getResponse().getTimeBeforeExpiration() > 0 )
if ( respCtrl.getTimeBeforeExpiration() > 0 )
{
pwMsg.setExpirationSeconds( respCtrl.getResponse().getTimeBeforeExpiration() );
pwMsg.setExpirationSeconds( respCtrl.getTimeBeforeExpiration() );
pwMsg.setWarning( new ObjectFactory().createWarning( GlobalPwMsgIds
.PASSWORD_EXPIRATION_WARNING, "PASSWORD WILL EXPIRE", Warning.Type.PASSWORD ) );
}
if ( respCtrl.getResponse().getGraceAuthNRemaining() > 0 )
if ( respCtrl.getGraceAuthNRemaining() > 0 )
{
pwMsg.setGraceLogins( respCtrl.getResponse().getGraceAuthNRemaining() );
pwMsg.setGraceLogins( respCtrl.getGraceAuthNRemaining() );
pwMsg.setWarning( new ObjectFactory().createWarning( GlobalPwMsgIds.PASSWORD_GRACE_WARNING,
"PASSWORD IN GRACE", Warning.Type.PASSWORD ) );
}

if ( respCtrl.getResponse().getPasswordPolicyError() != null )
if ( respCtrl.getPasswordPolicyError() != null )
{

switch ( respCtrl.getResponse().getPasswordPolicyError() )
switch ( respCtrl.getPasswordPolicyError() )
{

case CHANGE_AFTER_RESET:
@@ -25,7 +25,7 @@
import java.util.Properties;
import java.util.Set;

import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.directory.fortress.core.GlobalErrIds;
import org.apache.directory.fortress.core.GlobalIds;
@@ -24,7 +24,8 @@
import java.util.Set;
import java.util.TreeSet;

import org.apache.commons.collections.CollectionUtils;
//import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.collections4.*;
import org.apache.commons.lang.StringUtils;
import org.apache.directory.fortress.core.GlobalIds;
import org.apache.directory.fortress.core.SecurityException;

0 comments on commit 3c1ac81

Please sign in to comment.