AMAccountLockout.java revision b3b3b7da0bb140cb1fe4613cc2e322683dc034d5
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: AMAccountLockout.java,v 1.10 2009/03/06 22:09:20 hengming Exp $
*
* Portions Copyrighted 2013-2015 ForgeRock AS.
*/
/**
* <code>AMAccountLockout</code> contains the utility methods to retrieve and set account lockout related information
* for the users and also facilitates the enforcement of the user account lockout.
*/
class AMAccountLockout {
private boolean loginFailureLockoutMode = false;
private boolean loginFailureLockoutStoreInDS = true;
private int loginFailureLockoutCount = 5;
private int loginLockoutUserWarning = 3;
private int loginFailureLockoutMultiplier = 0;
private int warnUser = -1;
private long loginFailureLockoutTime = 300;
private long loginFailureLockoutDuration = 0;
private final LoginState loginState;
private final ISAccountLockout isAccountLockout;
/**
* Creates <code>AMAccountLockout</code> by retrieving account locking specific attribute values from
* <code>LoginState</code>.
*
* @param loginState Login State object.
*/
this.loginState = loginState;
}
/**
* Checks the number of times user failed authentication update the account hash with the user information and count
* of failed authentications.
*
* @param username User name.
*/
try {
if (DEBUG.messageEnabled()) {
}
if (!isAccountLockout.isLockoutEnabled()) {
} else {
} else {
}
}
}
if (DEBUG.messageEnabled()) {
}
}
}
/**
* Checks if user account is expired.
*
* @return <code>true</code> if account has expired.
*/
public boolean isAccountExpired() {
if (accountLife == null) {
if (DEBUG.messageEnabled()) {
}
return false;
}
if (DEBUG.messageEnabled()) {
}
}
return false;
}
/**
* Returns the warning count.
*
* @return the warning count.
*/
public int getWarnUserCount() {
return warnUser;
}
/**
* Sends the lockout notice.
*
* @param userDN The distinguished name of the user.
*/
}
/**
* Resets the account if passed authentication after a failure.
*
* @param token User name.
* @param resetDuration boolean
*/
try {
// remove the hash entry for login failure for tokenID
} else {
}
}
warnUser = 0;
}
if (DEBUG.messageEnabled()) {
}
}
}
/**
* Checks if the account lockout is enabled.
*
* @return <code>true</code> if enabled.
*/
public boolean isLockoutEnabled() {
return isAccountLockout.isLockoutEnabled();
}
/**
* Checks if the account is locked out and needs to be unlocked. this is for memory locking. If duration has passed
* then the user is removed from the <code>loginFailHash</code> Map.
*
* @return <code>true</code> if account is locked.
*/
public boolean isLockedOut() {
// has this user been locked out.
return isLockedOut(userDN);
}
/**
* Checks if the account is locked out and needs to be unlocked. this is for memory locking. If duration has passed
* then the user is removed from the <code>loginFailHash</code> Map.
*
* @param userName is the user name.
* @return <code>true</code> if account is locked.
*/
// has this user been locked out.
boolean locked = false;
try {
if (isAccountLockout.isMemoryLocking()) {
}
} catch (Exception e) {
if (DEBUG.messageEnabled()) {
}
}
return locked;
}
boolean locked = false;
try {
} else {
}
}
if (DEBUG.messageEnabled()) {
}
resetPasswdLockout(aUserName, false);
}
}
if (DEBUG.messageEnabled()) {
}
} catch (Exception e) {
if (DEBUG.messageEnabled()) {
}
}
return locked;
}
/**
* Checks if the account is locked out for a user.
*
* @param aUserName the user name.
* @return <code>true</code> if account is locked.
*/
// has this user been locked out.
boolean locked = false;
try {
}
}
if (DEBUG.messageEnabled()) {
}
} else {
if (isAccountValid(amIdentity)) {
if (locked) {
resetPasswdLockout(aUserName, false);
}
} else {
locked = true;
resetPasswdLockout(aUserName, false);
}
}
if (DEBUG.messageEnabled()) {
}
} catch (Exception e) {
if (DEBUG.messageEnabled()) {
}
}
return locked;
}
/**
* Checks if the account is active.
*
* @param amIdentity AMIdentity object.
* @return <code>true</code> if active.
*/
boolean userEnabled = true;
try {
Map<String, Set<String>> attrs = amIdentity.getAttributes(asSet(LOGIN_STATUS_ATTR, NSACCOUNTLOCK_ATTR));
// Check "login_status"
}
// Check "nsaccountlock"
}
if (DEBUG.messageEnabled()) {
}
} catch (Exception e) {
if (DEBUG.messageEnabled()) {
}
}
if (DEBUG.messageEnabled()) {
}
return userEnabled;
}
}
if (DEBUG.messageEnabled()) {
}
return normalizedDN;
}
}