001: /*
002: * Copyright 2001 Sun Microsystems, Inc. All rights reserved.
003: * PROPRIETARY/CONFIDENTIAL. Use of this product is subject to license terms.
004: */
005:
006: package com.sun.portal.providers.userinfo;
007:
008: import javax.servlet.http.HttpServletRequest;
009:
010: import java.util.Set;
011: import java.util.Iterator;
012:
013: import com.iplanet.sso.SSOToken;
014: import com.iplanet.sso.SSOException;
015: import com.iplanet.sso.SSOTokenManager;
016: import com.iplanet.am.sdk.AMStoreConnection;
017: import com.iplanet.am.sdk.AMUser;
018: import com.iplanet.am.sdk.AMOrganization;
019: import com.iplanet.am.sdk.AMTemplate;
020: import com.iplanet.am.sdk.AMException;
021:
022: import com.sun.portal.providers.userinfo.tag.AttributeTag;
023: import com.sun.portal.providers.userinfo.tag.WriteTag;
024: import com.sun.portal.providers.userinfo.tag.TagException;
025: import com.sun.portal.providers.userinfo.tag.TagWrapperException;
026: import com.sun.portal.providers.userinfo.tag.UnhandledTagException;
027: import com.sun.portal.providers.context.ProviderContext;
028: import com.sun.portal.util.SSOUtil;
029:
030: /**
031: * this module handles SETTING ONLY of tags: <br>
032: * membershipOriginalPassword<br>
033: * membershipNewPassword<br>
034: * membershipConfirmPassword<br>
035: * it does not handle any getting ...
036: * <p>
037: * the set() method of this class can throw special subclasses of
038: * TagException that the UserInfoProvider knows about. This is to
039: * relay non-fatal error information like "original password incorrect"
040: * or "passwords did not match". UserInfoProvider watches for these and
041: * uses them to send an error message back to the user.
042: */
043:
044: public class MembershipPWTag implements WriteTag {
045: private static String PASSWORD_ATTR_KEY = "userpassword";
046: private static String AUTH_MEMBERSHIP_SERVICENAME = "iPlanetAMAuthMembershipService";
047: private static String PASSWORD_LENGTH_ATTR_KEY = "iplanet-am-auth-membership-min-password-length";
048: private static AMStoreConnection adminConnection = null;
049:
050: private String originalPassword = null;
051: private String confirmPassword = null;
052: private String newPassword = null;
053:
054: private boolean confirmSet = false;
055: private boolean newSet = false;
056: private boolean origSet = false;
057: private SSOToken token = null;
058: private SSOTokenManager tokenManager = null;
059:
060: //
061: // this module hasA AttributeTag
062: //
063: AttributeTag attributeTag = null;
064:
065: public void init(String channel, ProviderContext context,
066: HttpServletRequest req) throws TagException {
067: //
068: // hasA
069: //
070: attributeTag = new AttributeTag();
071: attributeTag.init(channel, context, req);
072:
073: //
074: // get SSOToken & SSOTokenManager
075: //
076: try {
077: tokenManager = SSOTokenManager.getInstance();
078:
079: if (tokenManager == null) {
080: throw new TagException("MembershipPWTag.init(): "
081: + "Failed to getSSOTokenmanager.");
082: }
083:
084: token = tokenManager.createSSOToken(req);
085:
086: } catch (SSOException ssoe) {
087: throw new TagWrapperException("MembershipPWTag.init():",
088: ssoe);
089: }
090:
091: }
092:
093: private void reset() {
094: newSet = false;
095: origSet = false;
096: confirmSet = false;
097: }
098:
099: private boolean initialized() {
100: return (newSet && origSet && confirmSet);
101: }
102:
103: public void set(String key, String newValue) throws TagException {
104: //
105: // this method requires all tyhe tags to be set before it will
106: // actually write to the profile store
107: //
108: if (key.equals("membershipOriginalPassword")) {
109: originalPassword = newValue;
110: origSet = true;
111: } else if (key.equals("membershipConfirmPassword")) {
112: confirmPassword = newValue;
113: confirmSet = true;
114: } else if (key.equals("membershipNewPassword")) {
115: newPassword = newValue;
116: newSet = true;
117: } else {
118: throw new UnhandledTagException("unhandled set tag=" + key);
119: }
120:
121: if (initialized()) {
122: //
123: // this is trigger to actually store the pw
124: //
125:
126: //
127: // once we get in here, set everyone to false so
128: // everything must be re-entered
129: //
130: reset();
131:
132: // do err checking
133:
134: //
135: // setup so we don't have to check for null everywhere
136: //
137: if (newPassword == null) {
138: key = "";
139: }
140: if (confirmPassword == null) {
141: confirmPassword = "";
142: }
143: if (originalPassword == null) {
144: originalPassword = "";
145: }
146:
147: if ((newPassword.length() == 0)
148: && (confirmPassword.length() == 0)) {
149: //
150: // user didn't set anything, just throw benign exception
151: //
152: throw new PasswordException("password not set");
153: }
154:
155: //
156: // get passwordLength
157: //
158: int passwordLength = 0;
159: String orgDN = null;
160: try {
161: AMStoreConnection connection = new AMStoreConnection(
162: token);
163: AMUser user = connection.getUser(token.getPrincipal()
164: .getName());
165: orgDN = user.getOrganizationDN();
166: AMOrganization org = getAdminConnection()
167: .getOrganization(orgDN);
168: if (org != null) {
169: AMTemplate template = org.getTemplate(
170: AUTH_MEMBERSHIP_SERVICENAME,
171: AMTemplate.ORGANIZATION_TEMPLATE);
172:
173: if (template != null) {
174: Set pwSet = template
175: .getAttribute(PASSWORD_LENGTH_ATTR_KEY);
176: Iterator iter = pwSet.iterator();
177: String pwLen = (String) iter.next();
178: passwordLength = Integer.parseInt(pwLen);
179: } else {
180: throw new TagException(
181: "MembershipPWTag.init(): "
182: + "Reading passwordLength, failed to getTemplate.");
183: }
184: } else {
185: throw new TagException(
186: "MembershipPWTag.init(): "
187: + "Reading passwordLength, failed to getOrganization.");
188: }
189: } catch (SSOException ssoe) {
190: throw new TagWrapperException(
191: "MembershipPWTag.init():", ssoe);
192: } catch (AMException ame) {
193: throw new TagWrapperException(
194: "MembershipPWTag.init():", ame);
195: } catch (NumberFormatException nfe) {
196: throw new TagWrapperException(
197: "MembershipPWTag.init():", nfe);
198: }
199:
200: if (!(newPassword.length() >= passwordLength)) {
201: throw new PasswordTooShortException(
202: "password too short", passwordLength);
203: }
204:
205: try {
206: SSOToken verify = SSOUtil.createSSOToken(token
207: .getPrincipal().getName(), originalPassword,
208: orgDN);
209: } catch (SSOException ssoe) {
210: throw new OriginalPasswordDidntMatchException(
211: "original password was incorrect");
212: }
213:
214: if (!newPassword.equals(confirmPassword)) {
215: throw new PasswordsDontMatchException(
216: "confirm and new passwords did not match");
217: }
218:
219: // everything's cool
220:
221: attributeTag.set(PASSWORD_ATTR_KEY, newPassword);
222: }
223: }
224:
225: private AMStoreConnection getAdminConnection()
226: throws TagWrapperException {
227: if (adminConnection == null) {
228: try {
229: adminConnection = new AMStoreConnection(SSOUtil
230: .getAdminSSOToken());
231: } catch (SSOException se) {
232: throw new TagWrapperException(
233: "MembershipPWTag.getAdminConnection():", se);
234: }
235: }
236: return adminConnection;
237: }
238: }
|