in src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java [870:967]
private void checkPwPolicies( PwMessage pwMsg, BindResponse bindResponse )
{
int rc = 0;
boolean result = false;
String msgHdr = "checkPwPolicies for userId [" + pwMsg.getUserId() + "] ";
PasswordPolicyResponse respCtrl = getPwdRespCtrl( bindResponse );
if ( respCtrl != null )
{
String errMsg = null;
if ( respCtrl.getTimeBeforeExpiration() > 0 )
{
pwMsg.setExpirationSeconds( respCtrl.getTimeBeforeExpiration() );
pwMsg.setWarning( new ObjectFactory().createWarning( GlobalPwMsgIds
.PASSWORD_EXPIRATION_WARNING, "PASSWORD WILL EXPIRE", Warning.Type.PASSWORD ) );
}
if ( respCtrl.getGraceAuthNRemaining() > 0 )
{
pwMsg.setGraceLogins( respCtrl.getGraceAuthNRemaining() );
pwMsg.setWarning( new ObjectFactory().createWarning( GlobalPwMsgIds.PASSWORD_GRACE_WARNING,
"PASSWORD IN GRACE", Warning.Type.PASSWORD ) );
}
if ( respCtrl.getPasswordPolicyError() != null )
{
switch ( respCtrl.getPasswordPolicyError() )
{
case CHANGE_AFTER_RESET:
// Don't throw exception if authenticating in J2EE Realm - The Web application must
// give user a chance to modify their password.
if ( !Config.getInstance().isRealm() )
{
errMsg = msgHdr + "PASSWORD HAS BEEN RESET BY LDAP_ADMIN_POOL_UID";
rc = GlobalErrIds.USER_PW_RESET;
}
else
{
errMsg = msgHdr + "PASSWORD HAS BEEN RESET BY LDAP_ADMIN_POOL_UID BUT ALLOWING TO" +
" CONTINUE DUE TO REALM";
result = true;
pwMsg.setWarning( new ObjectFactory().createWarning( GlobalErrIds.USER_PW_RESET,
errMsg, Warning.Type.PASSWORD ) );
}
break;
case ACCOUNT_LOCKED:
errMsg = msgHdr + "ACCOUNT HAS BEEN LOCKED";
rc = GlobalErrIds.USER_PW_LOCKED;
break;
case PASSWORD_EXPIRED:
errMsg = msgHdr + "PASSWORD HAS EXPIRED";
rc = GlobalErrIds.USER_PW_EXPIRED;
break;
case PASSWORD_MOD_NOT_ALLOWED:
errMsg = msgHdr + "PASSWORD MOD NOT ALLOWED";
rc = GlobalErrIds.USER_PW_MOD_NOT_ALLOWED;
break;
case MUST_SUPPLY_OLD_PASSWORD:
errMsg = msgHdr + "MUST SUPPLY OLD PASSWORD";
rc = GlobalErrIds.USER_PW_MUST_SUPPLY_OLD;
break;
case INSUFFICIENT_PASSWORD_QUALITY:
errMsg = msgHdr + "PASSWORD QUALITY VIOLATION";
rc = GlobalErrIds.USER_PW_NSF_QUALITY;
break;
case PASSWORD_TOO_SHORT:
errMsg = msgHdr + "PASSWORD TOO SHORT";
rc = GlobalErrIds.USER_PW_TOO_SHORT;
break;
case PASSWORD_TOO_YOUNG:
errMsg = msgHdr + "PASSWORD TOO YOUNG";
rc = GlobalErrIds.USER_PW_TOO_YOUNG;
break;
case PASSWORD_IN_HISTORY:
errMsg = msgHdr + "PASSWORD IN HISTORY VIOLATION";
rc = GlobalErrIds.USER_PW_IN_HISTORY;
break;
default:
errMsg = msgHdr + "PASSWORD CHECK FAILED";
rc = GlobalErrIds.USER_PW_CHK_FAILED;
break;
}
}
if ( rc != 0 )
{
pwMsg.setMsg( errMsg );
pwMsg.setErrorId( rc );
pwMsg.setAuthenticated( result );
LOG.debug( errMsg );
}
}
}