...
The bitwise flags are defined as such:
| Code Block |
|---|
private enum ActiveDirectoryUserAccountControlFlags { UAC_FLAG_ACCOUNT_DISABLED(2), UAC_FLAG_LOCKOUT(16), UAC_FLAG_PASSWD_NOTREQD(32), UAC_FLAG_DONT_EXPIRE_PASSWD(65536), UAC_FLAG_PASSWORD_EXPIRED(8388608); private int value; ActiveDirectoryUserAccountControlFlags(final int id) { this.value = id; } public final int getValue() { return this.value; } } |
Internalization of Pre-Authentication Ldap Error Codes
...
Support for Custom WebFlow States
TODOThe Current LPPE implementation exposes a custom webflow action that execute LPPE functions after the authentication has taken place. Its job is to examine the account state for password expiration warnings and redirect the flow as is appropriate. The authentication process, for ldap error definitions, also relied on the error "type" of a given error definition to redirect the flow, which was/is initiated by AuthenticationViaFormAction. This method involves two webflow actions and unnecessarily augments the AuthentivationViaFormAction logic and purposes even if LPPE is not implemented.
To separate the concerns, an extension of AuthentivationViaFormAction is developed. This new component, LdapPasswordPolicyAwareAuthenticationViaFormAction, is responsible for invoking account examiners and to handle the redirects in the webflow that are specific to LPPE. Each examine, such as LdapPasswordExpirationPolicyExaminer, upon a successful authentication is invoked to evaluate the account state.
LdapPasswordPolicyAwareAuthenticationViaFormAction will also refactor and extract out the detection of ldap error codes and their appropriate custom webflow state from the previous webflow action.Of course, this method relies on the fact that AuthenticationViaFormAction becomes extensible and allows subclasses to pass on a given state id to which it should redirect on success/error/etc.
Full Spring Configuration
...