svn commit: r1707311 - in /sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core: impl/SlingAuthenticator.java spi/AuthenticationHandler.java

Wed, 07 Oct 2015 07:10:23 -0700 

Author: asanso
Date: Wed Oct  7 14:09:46 2015
New Revision: 1707311

URL: http://svn.apache.org/viewvc?rev=1707311&view=rev
Log:
SLING-5116 - Communicate Password Change Failure Reason During Password Expiry

Modified:
    
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
    
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationHandler.java

Modified: 
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
URL: 
http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java?rev=1707311&r1=1707310&r2=1707311&view=diff
==============================================================================
--- 
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
 (original)
+++ 
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
 Wed Oct  7 14:09:46 2015
@@ -28,6 +28,7 @@ import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
 
+import javax.jcr.SimpleCredentials;
 import javax.security.auth.login.CredentialExpiredException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletRequestEvent;
@@ -464,7 +465,7 @@ public class SlingAuthenticator implemen
         try {
             postProcess(authInfo, request, response);
         } catch (LoginException e) {
-            handleLoginFailure(request, response, authInfo.getUser(), e);
+            handleLoginFailure(request, response, authInfo, e);
             return false;
         }
 
@@ -818,7 +819,7 @@ public class SlingAuthenticator implemen
             // now find a way to get credentials unless the feedback handler
             // has committed a response to the client already
             if (!response.isCommitted()) {
-                return handleLoginFailure(request, response, 
authInfo.getUser(), re);
+                return handleLoginFailure(request, response, authInfo, re);
             }
 
         }
@@ -871,7 +872,7 @@ public class SlingAuthenticator implemen
             } catch (LoginException re) {
 
                 // cannot login > fail login, do not try to authenticate
-                handleLoginFailure(request, response, "anonymous user", re);
+                handleLoginFailure(request, response, new 
AuthenticationInfo(null, "anonymous user"), re);
                 return false;
 
             }
@@ -928,9 +929,10 @@ public class SlingAuthenticator implemen
     }
 
     private boolean handleLoginFailure(final HttpServletRequest request,
-            final HttpServletResponse response, final String user,
+            final HttpServletResponse response, final AuthenticationInfo 
authInfo,
             final Exception reason) {
 
+        String user = authInfo.getUser();
         boolean processRequest = false;
         if (reason.getClass().getName().contains("TooManySessionsException")) {
 
@@ -959,10 +961,19 @@ public class SlingAuthenticator implemen
                 if (reason.getCause() instanceof CredentialExpiredException) {
                     // force failure attribute to be set so handlers can
                     // react to this special circumstance
-                    
request.setAttribute(AuthenticationHandler.FAILURE_REASON_CODE,
-                            
AuthenticationHandler.FAILURE_REASON_CODES.PASSWORD_EXPIRED);
-                    ensureAttribute(request, 
AuthenticationHandler.FAILURE_REASON,
-                            "Password expired");
+
+                    AuthenticationHandler.FAILURE_REASON_CODES code = 
AuthenticationHandler.FAILURE_REASON_CODES.PASSWORD_EXPIRED;
+                    String message = "Password expired";
+
+                    Object creds = authInfo.get("user.jcr.credentials");
+                    if (creds instanceof SimpleCredentials && 
((SimpleCredentials) creds).getAttribute("PasswordHistoryException") != null) {
+                        code = 
AuthenticationHandler.FAILURE_REASON_CODES.PASSWORD_EXPIRED_AND_NEW_PASSWORD_IN_HISTORY;
+                        message = "Password expired and new password found in 
password history";
+                    }
+
+                    
request.setAttribute(AuthenticationHandler.FAILURE_REASON_CODE, code);
+                    ensureAttribute(request, 
AuthenticationHandler.FAILURE_REASON, message);
+
                 } else {
                     // preset a reason for the login failure (if not done 
already)
                     
request.setAttribute(AuthenticationHandler.FAILURE_REASON_CODE,

Modified: 
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationHandler.java
URL: 
http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationHandler.java?rev=1707311&r1=1707310&r2=1707311&view=diff
==============================================================================
--- 
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationHandler.java
 (original)
+++ 
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationHandler.java
 Wed Oct  7 14:09:46 2015
@@ -119,6 +119,7 @@ public interface AuthenticationHandler {
     static enum FAILURE_REASON_CODES {
         INVALID_LOGIN,
         PASSWORD_EXPIRED,
+        PASSWORD_EXPIRED_AND_NEW_PASSWORD_IN_HISTORY,
         UNKNOWN;
 
         @Override

Reply via email to