search

grealish / pwm

Automatically exported from code.google.com/p/pwm
0 stars 0 forks source link

[Enhancement] Extend interface password.pwm.ExternalRuleMethod with userAttrs #384

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
This is an enhancement request to extend the interface 
password.pwm.ExternalRuleMethod. Currently only the Password policy and the 
password is provided as params.

It would be very handy if an external Java class has access to all the 
userAttrs of the userInfoBean. In that way an external class could determine 
rule violations of a given password against those attributes.

My use case is that I have eDirectory with connected IDM AD drivers. I would 
like to check the password against the AD complexity rules, but on attributes 
of an Aux Class that my IDM AD drivers use for the sAMAccountName and 
displayName.

Therefore I need to code an ExternalRuleMethod Java Class to test those 
attributes on AD complexity rules. This is currently not possible, because the 
interface does not pass the necessary User Attributes.

Original issue reported on code.google.com by sebastia...@gmail.com on 5 May 2013 at 10:04

GoogleCodeExporter commented 9 years ago 
Attached the proposed enhancement in code.

Original comment by sebastia...@gmail.com on 6 May 2013 at 6:01

Attachments:

GoogleCodeExporter commented 9 years ago 
Thanks for the enhancement (and code).  Unfortunately this won't work well due 
to an upcoming patch that removes allUserAttributes from the UserInterfaceBean. 
 The best bet is to use the pwmSession.getSessionManager().getActor() to get a 
chai user of the actor to read the attributes.

Also, Changing the interface of the External methods is undesirable.  And 
lastly, an ideal substitute would be to replace the External methods with 
outbound webservice/rest calls.  The code for PWM is really to volatile to 
offer Java interfaces.

Original comment by jrivard on 6 May 2013 at 6:09

GoogleCodeExporter commented 9 years ago 
Ah that is a pity, but understandable. I guess the UserInterfaceBean gets 
adjusted to make the fetching of LDAP attributes more dynamically? You are 
right that Interfaces shouldn't normally change, but I chose the easy way out 
;) REST is indeed a more modular approach and I'll have a look at it, but takes 
significantly more time to code than the proposed patch to ExternalRuleMethod 
interface.

Original comment by sebastia...@gmail.com on 6 May 2013 at 6:32

GoogleCodeExporter commented 9 years ago 
I had a look at pwmSession.getSessionManager().getActor(). Seems like a viable 
solution. However, in the External Class I don't see any way to get the 
pwmSession of that user, which is required for the getActor method. Could you 
give an example how I would accomplish that? Thanks!

Original comment by sebastia...@gmail.com on 8 May 2013 at 5:59