Search in sources :

Example 1 with LockoutStatusType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType in project midpoint by Evolveum.

the class ResourceObjectConverter method convertToSimulatedActivationLockoutStatusAttribute.

private PropertyModificationOperation convertToSimulatedActivationLockoutStatusAttribute(ProvisioningContext ctx, PropertyDelta activationDelta, ShadowType shadow, LockoutStatusType status, ActivationCapabilityType activationCapability, OperationResult result) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
    ActivationLockoutStatusCapabilityType capActStatus = getActivationLockoutStatusFromSimulatedActivation(ctx, activationCapability, shadow, result);
    if (capActStatus == null) {
        throw new SchemaException("Attempt to modify lockout on " + ctx.getResource() + " which does not have activation lockout capability");
    }
    ResourceAttribute<?> activationAttribute = getSimulatedActivationLockoutStatusAttribute(ctx, shadow, capActStatus, result);
    if (activationAttribute == null) {
        return null;
    }
    PropertyDelta<?> lockoutAttributeDelta = null;
    if (status == null && activationDelta.isDelete()) {
        LOGGER.trace("deleting activation property.");
        lockoutAttributeDelta = PropertyDelta.createModificationDeleteProperty(new ItemPath(ShadowType.F_ATTRIBUTES, activationAttribute.getElementName()), activationAttribute.getDefinition(), activationAttribute.getRealValue());
    } else if (status == LockoutStatusType.NORMAL) {
        String normalValue = getLockoutNormalValue(capActStatus);
        lockoutAttributeDelta = createActivationPropDelta(activationAttribute.getElementName(), activationAttribute.getDefinition(), normalValue);
    } else {
        String lockedValue = getLockoutLockedValue(capActStatus);
        lockoutAttributeDelta = createActivationPropDelta(activationAttribute.getElementName(), activationAttribute.getDefinition(), lockedValue);
    }
    PropertyModificationOperation attributeChange = new PropertyModificationOperation(lockoutAttributeDelta);
    return attributeChange;
}
Also used : ActivationLockoutStatusCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationLockoutStatusCapabilityType) ItemPath(com.evolveum.midpoint.prism.path.ItemPath)

Example 2 with LockoutStatusType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType in project midpoint by Evolveum.

the class ResourceObjectConverter method transformActivationAttributesAdd.

private void transformActivationAttributesAdd(ProvisioningContext ctx, ShadowType shadow, OperationResult result) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
    final ActivationType activation = shadow.getActivation();
    if (activation == null) {
        return;
    }
    PrismContainer attributesContainer = shadow.asPrismObject().findContainer(ShadowType.F_ATTRIBUTES);
    CapabilitiesType connectorCapabilities = ctx.getConnectorCapabilities(CreateCapabilityType.class);
    ActivationCapabilityType activationCapability = CapabilityUtil.getEffectiveCapability(connectorCapabilities, ActivationCapabilityType.class);
    if (activation.getAdministrativeStatus() != null) {
        if (!CapabilityUtil.hasNativeCapability(connectorCapabilities, ActivationCapabilityType.class)) {
            ActivationStatusCapabilityType capActStatus = getActivationAdministrativeStatusFromSimulatedActivation(ctx, activationCapability, shadow, result);
            if (capActStatus == null) {
                throw new SchemaException("Attempt to change activation/administrativeStatus on " + ctx.getResource() + " that has neither native" + " nor simulated activation capability");
            }
            ResourceAttribute<?> newSimulatedAttr = getSimulatedActivationAdministrativeStatusAttribute(ctx, shadow, capActStatus, result);
            if (newSimulatedAttr != null) {
                Class<?> simulatedAttrValueClass = getAttributeValueClass(ctx, shadow, newSimulatedAttr, capActStatus);
                Object newSimulatedAttrRealValue;
                if (activation.getAdministrativeStatus() == ActivationStatusType.ENABLED) {
                    newSimulatedAttrRealValue = getEnableValue(capActStatus, simulatedAttrValueClass);
                } else {
                    newSimulatedAttrRealValue = getDisableValue(capActStatus, simulatedAttrValueClass);
                }
                Item existingSimulatedAttr = attributesContainer.findItem(newSimulatedAttr.getElementName());
                if (!isBlank(newSimulatedAttrRealValue)) {
                    PrismPropertyValue newSimulatedAttrValue = new PrismPropertyValue(newSimulatedAttrRealValue);
                    if (existingSimulatedAttr == null) {
                        newSimulatedAttr.add(newSimulatedAttrValue);
                        attributesContainer.add(newSimulatedAttr);
                    } else {
                        existingSimulatedAttr.replace(newSimulatedAttrValue);
                    }
                } else if (existingSimulatedAttr != null) {
                    attributesContainer.remove(existingSimulatedAttr);
                }
                activation.setAdministrativeStatus(null);
            }
        }
    }
    // TODO enable non-string lockout values (MID-3374)
    if (activation.getLockoutStatus() != null) {
        if (!CapabilityUtil.hasNativeCapability(connectorCapabilities, ActivationCapabilityType.class)) {
            ActivationLockoutStatusCapabilityType capActStatus = getActivationLockoutStatusFromSimulatedActivation(ctx, activationCapability, shadow, result);
            if (capActStatus == null) {
                throw new SchemaException("Attempt to change activation/lockout on " + ctx.getResource() + " that has neither native" + " nor simulated activation capability");
            }
            ResourceAttribute<?> activationSimulateAttribute = getSimulatedActivationLockoutStatusAttribute(ctx, shadow, capActStatus, result);
            if (activationSimulateAttribute != null) {
                LockoutStatusType status = activation.getLockoutStatus();
                String activationRealValue = null;
                if (status == LockoutStatusType.NORMAL) {
                    activationRealValue = getLockoutNormalValue(capActStatus);
                } else {
                    activationRealValue = getLockoutLockedValue(capActStatus);
                }
                Item existingAttribute = attributesContainer.findItem(activationSimulateAttribute.getElementName());
                if (!StringUtils.isBlank(activationRealValue)) {
                    activationSimulateAttribute.add(new PrismPropertyValue(activationRealValue));
                    if (attributesContainer.findItem(activationSimulateAttribute.getElementName()) == null) {
                        attributesContainer.add(activationSimulateAttribute);
                    } else {
                        attributesContainer.findItem(activationSimulateAttribute.getElementName()).replace(activationSimulateAttribute.getValue());
                    }
                } else if (existingAttribute != null) {
                    attributesContainer.remove(existingAttribute);
                }
                activation.setLockoutStatus(null);
            }
        }
    }
}
Also used : ActivationLockoutStatusCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationLockoutStatusCapabilityType) ActivationCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationCapabilityType) ActivationStatusCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationStatusCapabilityType)

Example 3 with LockoutStatusType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType in project midpoint by Evolveum.

the class ConnIdConvertor method convertToResourceObject.

/**
	 * Converts ICF ConnectorObject to the midPoint ResourceObject.
	 * <p/>
	 * All the attributes are mapped using the same way as they are mapped in
	 * the schema (which is actually no mapping at all now).
	 * <p/>
	 * If an optional ResourceObjectDefinition was provided, the resulting
	 * ResourceObject is schema-aware (getDefinition() method works). If no
	 * ResourceObjectDefinition was provided, the object is schema-less. TODO:
	 * this still needs to be implemented.
	 * 
	 * @param co
	 *            ICF ConnectorObject to convert
	 * @param def
	 *            ResourceObjectDefinition (from the schema) or null
	 * @param full
	 *            if true it describes if the returned resource object should
	 *            contain all of the attributes defined in the schema, if false
	 *            the returned resource object will contain only attributed with
	 *            the non-null values.
	 * @return new mapped ResourceObject instance.
	 * @throws SchemaException
	 */
<T extends ShadowType> PrismObject<T> convertToResourceObject(ConnectorObject co, PrismObjectDefinition<T> objectDefinition, boolean full, boolean caseIgnoreAttributeNames, boolean legacySchema) throws SchemaException {
    PrismObject<T> shadowPrism = null;
    if (objectDefinition != null) {
        shadowPrism = objectDefinition.instantiate();
    } else {
        throw new SchemaException("No definition");
    }
    // LOGGER.trace("Instantiated prism object {} from connector object.",
    // shadowPrism.debugDump());
    T shadow = shadowPrism.asObjectable();
    ResourceAttributeContainer attributesContainer = (ResourceAttributeContainer) shadowPrism.findOrCreateContainer(ShadowType.F_ATTRIBUTES);
    ResourceAttributeContainerDefinition attributesContainerDefinition = attributesContainer.getDefinition();
    shadow.setObjectClass(attributesContainerDefinition.getTypeName());
    List<ObjectClassComplexTypeDefinition> auxiliaryObjectClassDefinitions = new ArrayList<>();
    for (Attribute icfAttr : co.getAttributes()) {
        if (icfAttr.is(PredefinedAttributes.AUXILIARY_OBJECT_CLASS_NAME)) {
            List<QName> auxiliaryObjectClasses = shadow.getAuxiliaryObjectClass();
            for (Object auxiliaryIcfObjectClass : icfAttr.getValue()) {
                QName auxiliaryObjectClassQname = icfNameMapper.objectClassToQname(new ObjectClass((String) auxiliaryIcfObjectClass), resourceSchemaNamespace, legacySchema);
                auxiliaryObjectClasses.add(auxiliaryObjectClassQname);
                ObjectClassComplexTypeDefinition auxiliaryObjectClassDefinition = icfNameMapper.getResourceSchema().findObjectClassDefinition(auxiliaryObjectClassQname);
                if (auxiliaryObjectClassDefinition == null) {
                    throw new SchemaException("Resource object " + co + " refers to auxiliary object class " + auxiliaryObjectClassQname + " which is not in the schema");
                }
                auxiliaryObjectClassDefinitions.add(auxiliaryObjectClassDefinition);
            }
            break;
        }
    }
    for (Attribute icfAttr : co.getAttributes()) {
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("Reading ICF attribute {}: {}", icfAttr.getName(), icfAttr.getValue());
        }
        if (icfAttr.getName().equals(Uid.NAME)) {
            // UID is handled specially (see above)
            continue;
        }
        if (icfAttr.is(PredefinedAttributes.AUXILIARY_OBJECT_CLASS_NAME)) {
            // Already processed
            continue;
        }
        if (icfAttr.getName().equals(OperationalAttributes.PASSWORD_NAME)) {
            // password has to go to the credentials section
            ProtectedStringType password = getSingleValue(icfAttr, ProtectedStringType.class);
            if (password == null) {
                // equals() instead of == is needed. The AttributeValueCompleteness enum may be loaded by different classloader
                if (!AttributeValueCompleteness.INCOMPLETE.equals(icfAttr.getAttributeValueCompleteness())) {
                    continue;
                }
                // There is no password value in the ConnId attribute. But it was indicated that
                // that attribute is incomplete. Therefore we can assume that there in fact is a value.
                // We just do not know it.
                ShadowUtil.setPasswordIncomplete(shadow);
                LOGGER.trace("Converted password: (incomplete)");
            } else {
                ShadowUtil.setPassword(shadow, password);
                LOGGER.trace("Converted password: {}", password);
            }
            continue;
        }
        if (icfAttr.getName().equals(OperationalAttributes.ENABLE_NAME)) {
            Boolean enabled = getSingleValue(icfAttr, Boolean.class);
            if (enabled == null) {
                continue;
            }
            ActivationType activationType = ShadowUtil.getOrCreateActivation(shadow);
            ActivationStatusType activationStatusType;
            if (enabled) {
                activationStatusType = ActivationStatusType.ENABLED;
            } else {
                activationStatusType = ActivationStatusType.DISABLED;
            }
            activationType.setAdministrativeStatus(activationStatusType);
            activationType.setEffectiveStatus(activationStatusType);
            LOGGER.trace("Converted activation administrativeStatus: {}", activationStatusType);
            continue;
        }
        if (icfAttr.getName().equals(OperationalAttributes.ENABLE_DATE_NAME)) {
            Long millis = getSingleValue(icfAttr, Long.class);
            if (millis == null) {
                continue;
            }
            ActivationType activationType = ShadowUtil.getOrCreateActivation(shadow);
            activationType.setValidFrom(XmlTypeConverter.createXMLGregorianCalendar(millis));
            continue;
        }
        if (icfAttr.getName().equals(OperationalAttributes.DISABLE_DATE_NAME)) {
            Long millis = getSingleValue(icfAttr, Long.class);
            if (millis == null) {
                continue;
            }
            ActivationType activationType = ShadowUtil.getOrCreateActivation(shadow);
            activationType.setValidTo(XmlTypeConverter.createXMLGregorianCalendar(millis));
            continue;
        }
        if (icfAttr.getName().equals(OperationalAttributes.LOCK_OUT_NAME)) {
            Boolean lockOut = getSingleValue(icfAttr, Boolean.class);
            if (lockOut == null) {
                continue;
            }
            ActivationType activationType = ShadowUtil.getOrCreateActivation(shadow);
            LockoutStatusType lockoutStatusType;
            if (lockOut) {
                lockoutStatusType = LockoutStatusType.LOCKED;
            } else {
                lockoutStatusType = LockoutStatusType.NORMAL;
            }
            activationType.setLockoutStatus(lockoutStatusType);
            LOGGER.trace("Converted activation lockoutStatus: {}", lockoutStatusType);
            continue;
        }
        QName qname = icfNameMapper.convertAttributeNameToQName(icfAttr.getName(), attributesContainerDefinition);
        ResourceAttributeDefinition attributeDefinition = attributesContainerDefinition.findAttributeDefinition(qname, caseIgnoreAttributeNames);
        if (attributeDefinition == null) {
            // Try to locate definition in auxiliary object classes
            for (ObjectClassComplexTypeDefinition auxiliaryObjectClassDefinition : auxiliaryObjectClassDefinitions) {
                attributeDefinition = auxiliaryObjectClassDefinition.findAttributeDefinition(qname, caseIgnoreAttributeNames);
                if (attributeDefinition != null) {
                    break;
                }
            }
            if (attributeDefinition == null) {
                throw new SchemaException("Unknown attribute " + qname + " in definition of object class " + attributesContainerDefinition.getTypeName() + ". Original ICF name: " + icfAttr.getName(), qname);
            }
        }
        if (caseIgnoreAttributeNames) {
            // normalized version
            qname = attributeDefinition.getName();
        }
        ResourceAttribute<Object> resourceAttribute = attributeDefinition.instantiate(qname);
        // resource object also with the null-values attributes
        if (full) {
            if (icfAttr.getValue() != null) {
                // of them may need it (e.g. GuardedString)
                for (Object icfValue : icfAttr.getValue()) {
                    Object value = convertValueFromIcf(icfValue, qname);
                    resourceAttribute.add(new PrismPropertyValue<>(value));
                }
            }
            LOGGER.trace("Converted attribute {}", resourceAttribute);
            attributesContainer.getValue().add(resourceAttribute);
        // in this case when false, we need only the attributes with the
        // non-null values.
        } else {
            if (icfAttr.getValue() != null && !icfAttr.getValue().isEmpty()) {
                // Convert the values. While most values do not need
                // conversions, some of them may need it (e.g. GuardedString)
                boolean empty = true;
                for (Object icfValue : icfAttr.getValue()) {
                    if (icfValue != null) {
                        Object value = convertValueFromIcf(icfValue, qname);
                        empty = false;
                        resourceAttribute.add(new PrismPropertyValue<>(value));
                    }
                }
                if (!empty) {
                    LOGGER.trace("Converted attribute {}", resourceAttribute);
                    attributesContainer.getValue().add(resourceAttribute);
                }
            }
        }
    }
    // Add Uid if it is not there already. It can be already present, 
    // e.g. if Uid and Name represent the same attribute
    Uid uid = co.getUid();
    ObjectClassComplexTypeDefinition ocDef = attributesContainerDefinition.getComplexTypeDefinition();
    ResourceAttributeDefinition<String> uidDefinition = ConnIdUtil.getUidDefinition(ocDef);
    if (uidDefinition == null) {
        throw new SchemaException("No definition for ConnId UID attribute found in definition " + ocDef);
    }
    if (attributesContainer.getValue().findItem(uidDefinition.getName()) == null) {
        ResourceAttribute<String> uidRoa = uidDefinition.instantiate();
        uidRoa.setValue(new PrismPropertyValue<String>(uid.getUidValue()));
        attributesContainer.getValue().add(uidRoa);
    }
    return shadowPrism;
}
Also used : ResourceAttribute(com.evolveum.midpoint.schema.processor.ResourceAttribute) Attribute(org.identityconnectors.framework.common.objects.Attribute) ArrayList(java.util.ArrayList) ResourceAttributeContainer(com.evolveum.midpoint.schema.processor.ResourceAttributeContainer) ObjectClassComplexTypeDefinition(com.evolveum.midpoint.schema.processor.ObjectClassComplexTypeDefinition) GuardedString(org.identityconnectors.common.security.GuardedString) ResourceAttributeContainerDefinition(com.evolveum.midpoint.schema.processor.ResourceAttributeContainerDefinition) SchemaException(com.evolveum.midpoint.util.exception.SchemaException) ObjectClass(org.identityconnectors.framework.common.objects.ObjectClass) QName(javax.xml.namespace.QName) ActivationStatusType(com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType) Uid(org.identityconnectors.framework.common.objects.Uid) ResourceAttributeDefinition(com.evolveum.midpoint.schema.processor.ResourceAttributeDefinition) ActivationType(com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType) LockoutStatusType(com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType) PrismObject(com.evolveum.midpoint.prism.PrismObject) ConnectorObject(org.identityconnectors.framework.common.objects.ConnectorObject) ProtectedStringType(com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType)

Example 4 with LockoutStatusType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType in project midpoint by Evolveum.

the class TestOpenLdap method test705UnlockBarbossaAccount.

@Test
public void test705UnlockBarbossaAccount() throws Exception {
    // GIVEN
    Task task = getTestTask();
    OperationResult result = task.getResult();
    ObjectDelta<ShadowType> accountDelta = createModifyAccountShadowReplaceDelta(accountBarbossaOid, null, SchemaConstants.PATH_ACTIVATION_LOCKOUT_STATUS, LockoutStatusType.NORMAL);
    // WHEN
    when();
    executeChanges(accountDelta, null, task, result);
    // THEN
    then();
    result.computeStatus();
    TestUtil.assertSuccess(result);
    PrismObject<ShadowType> shadow = getShadowModel(accountBarbossaOid);
    display("Shadow (model)", shadow);
    ActivationType activation = shadow.asObjectable().getActivation();
    if (activation != null) {
        LockoutStatusType lockoutStatus = shadow.asObjectable().getActivation().getLockoutStatus();
        if (lockoutStatus != null && lockoutStatus != LockoutStatusType.NORMAL) {
            AssertJUnit.fail("Barbossa is locked!");
        }
    }
    Entry entry = assertLdapAccount(USER_BARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME);
    displayValue("LDAP Entry", entry);
    assertNoAttribute(entry, "pwdAccountLockedTime");
    assertLdapPassword(USER_BARBOSSA_USERNAME, USER_BARBOSSA_PASSWORD_2);
}
Also used : Task(com.evolveum.midpoint.task.api.Task) Entry(org.apache.directory.api.ldap.model.entry.Entry) ShadowType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType) ActivationType(com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType) LockoutStatusType(com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) Test(org.testng.annotations.Test)

Example 5 with LockoutStatusType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType in project midpoint by Evolveum.

the class ActivationConverter method completeActivation.

// region Resource object -> midPoint (simulating/native -> activation)
/**
 * Completes activation for fetched object by determining simulated values if necessary.
 */
void completeActivation(PrismObject<ShadowType> resourceObject, OperationResult result) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
    ShadowType resourceObjectBean = resourceObject.asObjectable();
    ActivationCapabilityType activationCapability = ctx.getEffectiveCapability(ActivationCapabilityType.class);
    if (!CapabilityUtil.isCapabilityEnabled(activationCapability) && resourceObjectBean.getActivation() == null) {
        LOGGER.trace("No activation capability and also no activation information in the resource object.");
        return;
    }
    ActivationStatusType activationStatus = determineActivationStatus(resourceObject, activationCapability, result);
    LockoutStatusType lockoutStatus = determineLockoutStatus(resourceObject, activationCapability, result);
    if (activationStatus != null || lockoutStatus != null) {
        if (resourceObjectBean.getActivation() == null) {
            resourceObjectBean.setActivation(new ActivationType(beans.prismContext));
        }
        resourceObjectBean.getActivation().setAdministrativeStatus(activationStatus);
        resourceObjectBean.getActivation().setLockoutStatus(lockoutStatus);
    } else {
        if (resourceObjectBean.getActivation() != null) {
            resourceObjectBean.getActivation().setAdministrativeStatus(null);
            resourceObjectBean.getActivation().setLockoutStatus(null);
        }
    }
}
Also used : ActivationCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationCapabilityType)

Aggregations

LockoutStatusType (com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType)8 ActivationType (com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType)6 ActivationLockoutStatusCapabilityType (com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationLockoutStatusCapabilityType)5 SchemaException (com.evolveum.midpoint.util.exception.SchemaException)3 ShadowType (com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)3 ActivationCapabilityType (com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationCapabilityType)3 XMLGregorianCalendar (javax.xml.datatype.XMLGregorianCalendar)3 Test (org.testng.annotations.Test)3 PrismObject (com.evolveum.midpoint.prism.PrismObject)2 ItemPath (com.evolveum.midpoint.prism.path.ItemPath)2 ActivationStatusType (com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType)2 QName (javax.xml.namespace.QName)2 Entry (org.apache.directory.api.ldap.model.entry.Entry)2 PageBase (com.evolveum.midpoint.gui.api.page.PageBase)1 PrismPropertyValue (com.evolveum.midpoint.prism.PrismPropertyValue)1 PropertyDelta (com.evolveum.midpoint.prism.delta.PropertyDelta)1 ObjectClassComplexTypeDefinition (com.evolveum.midpoint.schema.processor.ObjectClassComplexTypeDefinition)1 ResourceAttribute (com.evolveum.midpoint.schema.processor.ResourceAttribute)1 ResourceAttributeContainer (com.evolveum.midpoint.schema.processor.ResourceAttributeContainer)1 ResourceAttributeContainerDefinition (com.evolveum.midpoint.schema.processor.ResourceAttributeContainerDefinition)1