Example 1 with MappingOutputProcessor
use of com.evolveum.midpoint.model.impl.lens.projector.MappingOutputProcessor in project midpoint by Evolveum.
the class ProjectionCredentialsProcessor method processProjectionPasswordMapping.
private <F extends FocusType> void processProjectionPasswordMapping(LensContext<F> context, final LensProjectionContext projCtx, final ValuePolicyType passwordPolicy, XMLGregorianCalendar now, Task task, OperationResult result) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException {
LensFocusContext<F> focusContext = context.getFocusContext();
PrismObject<F> userNew = focusContext.getObjectNew();
if (userNew == null) {
// This must be a user delete or something similar. No point in proceeding
LOGGER.trace("userNew is null, skipping credentials processing");
return;
}
PrismObjectDefinition<ShadowType> accountDefinition = prismContext.getSchemaRegistry().findObjectDefinitionByCompileTimeClass(ShadowType.class);
PrismPropertyDefinition<ProtectedStringType> projPasswordPropertyDefinition = accountDefinition.findPropertyDefinition(SchemaConstants.PATH_PASSWORD_VALUE);
ResourceShadowDiscriminator rsd = projCtx.getResourceShadowDiscriminator();
RefinedObjectClassDefinition refinedProjDef = projCtx.getStructuralObjectClassDefinition();
if (refinedProjDef == null) {
LOGGER.trace("No RefinedObjectClassDefinition, therefore also no password outbound definition, skipping credentials processing for projection {}", rsd);
return;
}
List<MappingType> outboundMappingTypes = refinedProjDef.getPasswordOutbound();
if (outboundMappingTypes == null || outboundMappingTypes.isEmpty()) {
LOGGER.trace("No outbound password mapping for {}, skipping credentials processing", rsd);
return;
}
// HACK
if (!projCtx.isDoReconciliation() && !projCtx.isAdd() && !isActivated(outboundMappingTypes, focusContext.getDelta())) {
LOGGER.trace("Outbound password mappings not activated for type {}, skipping credentials processing", rsd);
return;
}
final ObjectDelta<ShadowType> projDelta = projCtx.getDelta();
final PropertyDelta<ProtectedStringType> projPasswordDelta;
if (projDelta != null && projDelta.getChangeType() == MODIFY) {
projPasswordDelta = projDelta.findPropertyDelta(SchemaConstants.PATH_PASSWORD_VALUE);
} else {
projPasswordDelta = null;
}
checkExistingDeltaSanity(projCtx, projPasswordDelta);
boolean evaluateWeak = getEvaluateWeak(projCtx);
final ItemDeltaItem<PrismPropertyValue<PasswordType>, PrismPropertyDefinition<ProtectedStringType>> userPasswordIdi = focusContext.getObjectDeltaObject().findIdi(SchemaConstants.PATH_PASSWORD_VALUE);
StringPolicyResolver stringPolicyResolver = new StringPolicyResolver() {
@Override
public void setOutputPath(ItemPath outputPath) {
}
@Override
public void setOutputDefinition(ItemDefinition outputDefinition) {
}
@Override
public StringPolicyType resolve() {
if (passwordPolicy == null) {
return null;
}
return passwordPolicy.getStringPolicy();
}
};
MappingInitializer<PrismPropertyValue<ProtectedStringType>, PrismPropertyDefinition<ProtectedStringType>> initializer = (builder) -> {
builder.defaultTargetDefinition(projPasswordPropertyDefinition);
builder.defaultSource(new Source<>(userPasswordIdi, ExpressionConstants.VAR_INPUT));
builder.stringPolicyResolver(stringPolicyResolver);
return builder;
};
MappingOutputProcessor<PrismPropertyValue<ProtectedStringType>> processor = (mappingOutputPath, outputStruct) -> {
PrismValueDeltaSetTriple<PrismPropertyValue<ProtectedStringType>> outputTriple = outputStruct.getOutputTriple();
if (outputTriple == null) {
LOGGER.trace("Credentials 'password' expression resulted in null output triple, skipping credentials processing for {}", rsd);
return false;
}
boolean projectionIsNew = projDelta != null && (projDelta.getChangeType() == ChangeType.ADD || projCtx.getSynchronizationPolicyDecision() == SynchronizationPolicyDecision.ADD);
Collection<PrismPropertyValue<ProtectedStringType>> newValues = outputTriple.getPlusSet();
if (projectionIsNew) {
newValues = outputTriple.getNonNegativeValues();
} else {
newValues = outputTriple.getPlusSet();
}
if (!canGetCleartext(newValues)) {
ObjectDelta<ShadowType> projectionPrimaryDelta = projCtx.getPrimaryDelta();
if (projectionPrimaryDelta != null) {
PropertyDelta<ProtectedStringType> passwordPrimaryDelta = projectionPrimaryDelta.findPropertyDelta(SchemaConstants.PATH_PASSWORD_VALUE);
if (passwordPrimaryDelta != null) {
// We have only hashed value coming from the mapping. There are not very useful
// for provisioning. But we have primary projection delta - and that is very likely
// to be better.
// Skip all password mappings in this case. Primary delta trumps everything.
// No weak, normal or even strong mapping can change that.
// We need to disregard even strong mapping in this case. If we would heed the strong
// mapping then account initialization won't be possible.
LOGGER.trace("We have primary password delta in projection, skipping credentials processing");
return false;
}
}
}
return true;
};
mappingEvaluator.evaluateOutboundMapping(context, projCtx, outboundMappingTypes, SchemaConstants.PATH_PASSWORD_VALUE, SchemaConstants.PATH_PASSWORD_VALUE, initializer, processor, now, true, evaluateWeak, "password mapping", task, result);
}
Also used :
MappingType(com.evolveum.midpoint.xml.ns._public.common.common_3.MappingType)
ObjectType(com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType)
ChangeType(com.evolveum.midpoint.prism.delta.ChangeType)
Autowired(org.springframework.beans.factory.annotation.Autowired)
ConfigurationException(com.evolveum.midpoint.util.exception.ConfigurationException)
SchemaException(com.evolveum.midpoint.util.exception.SchemaException)
PrismPropertyValue(com.evolveum.midpoint.prism.PrismPropertyValue)
ExpressionConstants(com.evolveum.midpoint.schema.constants.ExpressionConstants)
MappingInitializer(com.evolveum.midpoint.model.impl.lens.projector.MappingInitializer)
MappingFactory(com.evolveum.midpoint.model.common.mapping.MappingFactory)
LensContext(com.evolveum.midpoint.model.impl.lens.LensContext)
PrismValueDeltaSetTriple(com.evolveum.midpoint.prism.delta.PrismValueDeltaSetTriple)
OriginType(com.evolveum.midpoint.prism.OriginType)
PasswordCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.PasswordCapabilityType)
ObjectDelta(com.evolveum.midpoint.prism.delta.ObjectDelta)
PrismProperty(com.evolveum.midpoint.prism.PrismProperty)
ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException)
Collection(java.util.Collection)
StringPolicyType(com.evolveum.midpoint.xml.ns._public.common.common_3.StringPolicyType)
MappingEvaluator(com.evolveum.midpoint.model.impl.lens.projector.MappingEvaluator)
ResourceTypeUtil(com.evolveum.midpoint.schema.util.ResourceTypeUtil)
VariableBindingDefinitionType(com.evolveum.midpoint.xml.ns._public.common.common_3.VariableBindingDefinitionType)
Task(com.evolveum.midpoint.task.api.Task)
ResourceShadowDiscriminator(com.evolveum.midpoint.schema.ResourceShadowDiscriminator)
MetadataType(com.evolveum.midpoint.xml.ns._public.common.common_3.MetadataType)
List(java.util.List)
ValuePolicyProcessor(com.evolveum.midpoint.model.common.stringpolicy.ValuePolicyProcessor)
SystemException(com.evolveum.midpoint.util.exception.SystemException)
FocusType(com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType)
PropertyDelta(com.evolveum.midpoint.prism.delta.PropertyDelta)
CommunicationException(com.evolveum.midpoint.util.exception.CommunicationException)
ProtectedStringType(com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType)
ContextLoader(com.evolveum.midpoint.model.impl.lens.projector.ContextLoader)
ShadowType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)
PolicyViolationException(com.evolveum.midpoint.util.exception.PolicyViolationException)
MappingType(com.evolveum.midpoint.xml.ns._public.common.common_3.MappingType)
PasswordType(com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordType)
MappingOutputProcessor(com.evolveum.midpoint.model.impl.lens.projector.MappingOutputProcessor)
SchemaConstants(com.evolveum.midpoint.schema.constants.SchemaConstants)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
ItemDefinition(com.evolveum.midpoint.prism.ItemDefinition)
Trace(com.evolveum.midpoint.util.logging.Trace)
ExpressionEvaluationException(com.evolveum.midpoint.util.exception.ExpressionEvaluationException)
ValuePolicyType(com.evolveum.midpoint.xml.ns._public.common.common_3.ValuePolicyType)
EncryptionException(com.evolveum.midpoint.prism.crypto.EncryptionException)
PrismObjectDefinition(com.evolveum.midpoint.prism.PrismObjectDefinition)
ItemDelta(com.evolveum.midpoint.prism.delta.ItemDelta)
CredentialsCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.CredentialsCapabilityType)
SecurityViolationException(com.evolveum.midpoint.util.exception.SecurityViolationException)
MODIFY(com.evolveum.midpoint.prism.delta.ChangeType.MODIFY)
PrismContext(com.evolveum.midpoint.prism.PrismContext)
StringPolicyResolver(com.evolveum.midpoint.repo.common.expression.StringPolicyResolver)
ContainerDelta(com.evolveum.midpoint.prism.delta.ContainerDelta)
ItemDeltaItem(com.evolveum.midpoint.repo.common.expression.ItemDeltaItem)
OperationalDataManager(com.evolveum.midpoint.model.impl.lens.OperationalDataManager)
PrismPropertyDefinition(com.evolveum.midpoint.prism.PrismPropertyDefinition)
PrismObject(com.evolveum.midpoint.prism.PrismObject)
XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar)
SynchronizationPolicyDecision(com.evolveum.midpoint.model.api.context.SynchronizationPolicyDecision)
RefinedObjectClassDefinition(com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition)
ItemPath(com.evolveum.midpoint.prism.path.ItemPath)
Component(org.springframework.stereotype.Component)
LensProjectionContext(com.evolveum.midpoint.model.impl.lens.LensProjectionContext)
PrismContainerValue(com.evolveum.midpoint.prism.PrismContainerValue)
Protector(com.evolveum.midpoint.prism.crypto.Protector)
SecurityUtil(com.evolveum.midpoint.security.api.SecurityUtil)
LensFocusContext(com.evolveum.midpoint.model.impl.lens.LensFocusContext)
Source(com.evolveum.midpoint.repo.common.expression.Source)
TraceManager(com.evolveum.midpoint.util.logging.TraceManager)
ItemPathType(com.evolveum.prism.xml.ns._public.types_3.ItemPathType)
PrismPropertyDefinition(com.evolveum.midpoint.prism.PrismPropertyDefinition)
ItemDefinition(com.evolveum.midpoint.prism.ItemDefinition)
StringPolicyResolver(com.evolveum.midpoint.repo.common.expression.StringPolicyResolver)
Source(com.evolveum.midpoint.repo.common.expression.Source)
RefinedObjectClassDefinition(com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition)
PropertyDelta(com.evolveum.midpoint.prism.delta.PropertyDelta)
ObjectDelta(com.evolveum.midpoint.prism.delta.ObjectDelta)
PrismPropertyValue(com.evolveum.midpoint.prism.PrismPropertyValue)
PrismValueDeltaSetTriple(com.evolveum.midpoint.prism.delta.PrismValueDeltaSetTriple)
ShadowType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)
Collection(java.util.Collection)
ResourceShadowDiscriminator(com.evolveum.midpoint.schema.ResourceShadowDiscriminator)
ProtectedStringType(com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType)
ItemPath(com.evolveum.midpoint.prism.path.ItemPath)
Aggregations
RefinedObjectClassDefinition (com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition)1
SynchronizationPolicyDecision (com.evolveum.midpoint.model.api.context.SynchronizationPolicyDecision)1
MappingFactory (com.evolveum.midpoint.model.common.mapping.MappingFactory)1
ValuePolicyProcessor (com.evolveum.midpoint.model.common.stringpolicy.ValuePolicyProcessor)1
LensContext (com.evolveum.midpoint.model.impl.lens.LensContext)1
LensFocusContext (com.evolveum.midpoint.model.impl.lens.LensFocusContext)1
LensProjectionContext (com.evolveum.midpoint.model.impl.lens.LensProjectionContext)1
OperationalDataManager (com.evolveum.midpoint.model.impl.lens.OperationalDataManager)1
ContextLoader (com.evolveum.midpoint.model.impl.lens.projector.ContextLoader)1
MappingEvaluator (com.evolveum.midpoint.model.impl.lens.projector.MappingEvaluator)1
MappingInitializer (com.evolveum.midpoint.model.impl.lens.projector.MappingInitializer)1
MappingOutputProcessor (com.evolveum.midpoint.model.impl.lens.projector.MappingOutputProcessor)1
ItemDefinition (com.evolveum.midpoint.prism.ItemDefinition)1
OriginType (com.evolveum.midpoint.prism.OriginType)1
PrismContainerValue (com.evolveum.midpoint.prism.PrismContainerValue)1
PrismContext (com.evolveum.midpoint.prism.PrismContext)1
PrismObject (com.evolveum.midpoint.prism.PrismObject)1
PrismObjectDefinition (com.evolveum.midpoint.prism.PrismObjectDefinition)1
PrismProperty (com.evolveum.midpoint.prism.PrismProperty)1
PrismPropertyDefinition (com.evolveum.midpoint.prism.PrismPropertyDefinition)1
