diff --git a/sandbox/src/main/java/org/acegisecurity/providers/ldap/authenticator/OracleIDBindAuthenticator.java b/sandbox/src/main/java/org/acegisecurity/providers/ldap/authenticator/OracleIDBindAuthenticator.java new file mode 100644 index 0000000000..44c0875268 --- /dev/null +++ b/sandbox/src/main/java/org/acegisecurity/providers/ldap/authenticator/OracleIDBindAuthenticator.java @@ -0,0 +1,78 @@ +package org.acegisecurity.providers.ldap.authenticator; + +import org.acegisecurity.ldap.InitialDirContextFactory; +import org.acegisecurity.ldap.DefaultInitialDirContextFactory; +import org.acegisecurity.ldap.ppolicy.PasswordExpiredException; +import org.acegisecurity.ldap.ppolicy.AccountLockedException; +import org.acegisecurity.ldap.ppolicy.PasswordPolicyException; +import org.acegisecurity.ldap.ppolicy.PasswordInHistoryException; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import java.util.regex.Pattern; +import java.util.regex.Matcher; + + +/** + * @author Luke + * @version $Id$ + */ +public class OracleIDBindAuthenticator extends BindAuthenticator { + //~ Static fields/initializers ===================================================================================== + + private static final Log logger = LogFactory.getLog(OracleIDBindAuthenticator.class); + + private static final Pattern oidErrorMsgPattern = Pattern.compile("^\\[LDAP: error code ([0-9]+) - .*:([0-9]{4}):.*"); + + //~ Constructors =================================================================================================== + + protected OracleIDBindAuthenticator(InitialDirContextFactory initialDirContextFactory) { + super(initialDirContextFactory); + } + +/** + 9000 GSL_PWDEXPIRED_EXCP Your Password has expired. Please contact the Administrator to change your password. + 9001 GSL_ACCOUNTLOCKED_EXCP Your account is locked. Please contact the Administrator. + 9002 GSL_EXPIREWARNING_EXCP Your Password will expire in pwdexpirewarning seconds. Please change your password now. + 9003 GSL_PWDMINLENGTH_EXCP Your Password must be at least pwdminlength characters long. + 9004 GSL_PWDNUMERIC_EXCP Your Password must contain at least orclpwdalphanumeric numeric characters. + 9005 GSL_PWDNULL_EXCP Your Password cannot be a Null Password. + 9006 GSL_PWDINHISTORY_EXCP Your New Password cannot be the same as your Old Password. + 9007 GSL_PWDILLEGALVALUE_EXCP Your Password cannot be the same as your orclpwdillegalvalues. + 9008 GSL_GRACELOGIN_EXCP Your Password has expired. You have pwdgraceloginlimit Grace logins left. + 9050 GSL_ACCTDISABLED_EXCP Your Account has been disabled. Please contact the administrator. +*/ + protected void handleBindException(String userDn, String username, Throwable exception) { + int errorCode = parseOracleErrorCode(exception.getMessage()); + + if(errorCode > 0) { + switch (errorCode) { + case 9000: + throw new PasswordExpiredException("Password has expired. Please contact an administrator."); + case 9001: + throw new AccountLockedException("Account is locked. Please contact an administrator."); +// case 9006: +// throw new PasswordInHistoryException("Password must not match previous password"); + } + throw new PasswordPolicyException("OID exception: " + exception.getMessage()); + } + + // Just debug log the exception + super.handleBindException(userDn, username, exception); + } + + /** + * Attempts to parse the error code from the exception message returned by OID. + */ + private int parseOracleErrorCode(String msg) { + Matcher matcher = oidErrorMsgPattern.matcher(msg); + + if(matcher.matches()) { + String code = matcher.group(2); + + return Integer.parseInt(code); + } + + return -1; + } +}