Example 1 with LockoutStatusType
use of com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType in project midpoint by Evolveum.
the class ResourceObjectConverter method convertToSimulatedActivationLockoutStatusAttribute.
private PropertyModificationOperation convertToSimulatedActivationLockoutStatusAttribute(ProvisioningContext ctx, PropertyDelta activationDelta, ShadowType shadow, LockoutStatusType status, ActivationCapabilityType activationCapability, OperationResult result) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
ActivationLockoutStatusCapabilityType capActStatus = getActivationLockoutStatusFromSimulatedActivation(ctx, activationCapability, shadow, result);
if (capActStatus == null) {
throw new SchemaException("Attempt to modify lockout on " + ctx.getResource() + " which does not have activation lockout capability");
}
ResourceAttribute<?> activationAttribute = getSimulatedActivationLockoutStatusAttribute(ctx, shadow, capActStatus, result);
if (activationAttribute == null) {
return null;
}
PropertyDelta<?> lockoutAttributeDelta = null;
if (status == null && activationDelta.isDelete()) {
LOGGER.trace("deleting activation property.");
lockoutAttributeDelta = PropertyDelta.createModificationDeleteProperty(new ItemPath(ShadowType.F_ATTRIBUTES, activationAttribute.getElementName()), activationAttribute.getDefinition(), activationAttribute.getRealValue());
} else if (status == LockoutStatusType.NORMAL) {
String normalValue = getLockoutNormalValue(capActStatus);
lockoutAttributeDelta = createActivationPropDelta(activationAttribute.getElementName(), activationAttribute.getDefinition(), normalValue);
} else {
String lockedValue = getLockoutLockedValue(capActStatus);
lockoutAttributeDelta = createActivationPropDelta(activationAttribute.getElementName(), activationAttribute.getDefinition(), lockedValue);
}
PropertyModificationOperation attributeChange = new PropertyModificationOperation(lockoutAttributeDelta);
return attributeChange;
}
Also used :
ActivationLockoutStatusCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationLockoutStatusCapabilityType)
ItemPath(com.evolveum.midpoint.prism.path.ItemPath)
Example 2 with LockoutStatusType
use of com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType in project midpoint by Evolveum.
the class ResourceObjectConverter method transformActivationAttributesAdd.
private void transformActivationAttributesAdd(ProvisioningContext ctx, ShadowType shadow, OperationResult result) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
final ActivationType activation = shadow.getActivation();
if (activation == null) {
return;
}
PrismContainer attributesContainer = shadow.asPrismObject().findContainer(ShadowType.F_ATTRIBUTES);
CapabilitiesType connectorCapabilities = ctx.getConnectorCapabilities(CreateCapabilityType.class);
ActivationCapabilityType activationCapability = CapabilityUtil.getEffectiveCapability(connectorCapabilities, ActivationCapabilityType.class);
if (activation.getAdministrativeStatus() != null) {
if (!CapabilityUtil.hasNativeCapability(connectorCapabilities, ActivationCapabilityType.class)) {
ActivationStatusCapabilityType capActStatus = getActivationAdministrativeStatusFromSimulatedActivation(ctx, activationCapability, shadow, result);
if (capActStatus == null) {
throw new SchemaException("Attempt to change activation/administrativeStatus on " + ctx.getResource() + " that has neither native" + " nor simulated activation capability");
}
ResourceAttribute<?> newSimulatedAttr = getSimulatedActivationAdministrativeStatusAttribute(ctx, shadow, capActStatus, result);
if (newSimulatedAttr != null) {
Class<?> simulatedAttrValueClass = getAttributeValueClass(ctx, shadow, newSimulatedAttr, capActStatus);
Object newSimulatedAttrRealValue;
if (activation.getAdministrativeStatus() == ActivationStatusType.ENABLED) {
newSimulatedAttrRealValue = getEnableValue(capActStatus, simulatedAttrValueClass);
} else {
newSimulatedAttrRealValue = getDisableValue(capActStatus, simulatedAttrValueClass);
}
Item existingSimulatedAttr = attributesContainer.findItem(newSimulatedAttr.getElementName());
if (!isBlank(newSimulatedAttrRealValue)) {
PrismPropertyValue newSimulatedAttrValue = new PrismPropertyValue(newSimulatedAttrRealValue);
if (existingSimulatedAttr == null) {
newSimulatedAttr.add(newSimulatedAttrValue);
attributesContainer.add(newSimulatedAttr);
} else {
existingSimulatedAttr.replace(newSimulatedAttrValue);
}
} else if (existingSimulatedAttr != null) {
attributesContainer.remove(existingSimulatedAttr);
}
activation.setAdministrativeStatus(null);
}
}
}
// TODO enable non-string lockout values (MID-3374)
if (activation.getLockoutStatus() != null) {
if (!CapabilityUtil.hasNativeCapability(connectorCapabilities, ActivationCapabilityType.class)) {
ActivationLockoutStatusCapabilityType capActStatus = getActivationLockoutStatusFromSimulatedActivation(ctx, activationCapability, shadow, result);
if (capActStatus == null) {
throw new SchemaException("Attempt to change activation/lockout on " + ctx.getResource() + " that has neither native" + " nor simulated activation capability");
}
ResourceAttribute<?> activationSimulateAttribute = getSimulatedActivationLockoutStatusAttribute(ctx, shadow, capActStatus, result);
if (activationSimulateAttribute != null) {
LockoutStatusType status = activation.getLockoutStatus();
String activationRealValue = null;
if (status == LockoutStatusType.NORMAL) {
activationRealValue = getLockoutNormalValue(capActStatus);
} else {
activationRealValue = getLockoutLockedValue(capActStatus);
}
Item existingAttribute = attributesContainer.findItem(activationSimulateAttribute.getElementName());
if (!StringUtils.isBlank(activationRealValue)) {
activationSimulateAttribute.add(new PrismPropertyValue(activationRealValue));
if (attributesContainer.findItem(activationSimulateAttribute.getElementName()) == null) {
attributesContainer.add(activationSimulateAttribute);
} else {
attributesContainer.findItem(activationSimulateAttribute.getElementName()).replace(activationSimulateAttribute.getValue());
}
} else if (existingAttribute != null) {
attributesContainer.remove(existingAttribute);
}
activation.setLockoutStatus(null);
}
}
}
}
Also used :
ActivationLockoutStatusCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationLockoutStatusCapabilityType)
ActivationCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationCapabilityType)
ActivationStatusCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationStatusCapabilityType)
Example 3 with LockoutStatusType
use of com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType in project midpoint by Evolveum.
the class ConnIdConvertor method convertToResourceObject.
/**
* Converts ICF ConnectorObject to the midPoint ResourceObject.
* <p/>
* All the attributes are mapped using the same way as they are mapped in
* the schema (which is actually no mapping at all now).
* <p/>
* If an optional ResourceObjectDefinition was provided, the resulting
* ResourceObject is schema-aware (getDefinition() method works). If no
* ResourceObjectDefinition was provided, the object is schema-less. TODO:
* this still needs to be implemented.
*
* @param co
* ICF ConnectorObject to convert
* @param def
* ResourceObjectDefinition (from the schema) or null
* @param full
* if true it describes if the returned resource object should
* contain all of the attributes defined in the schema, if false
* the returned resource object will contain only attributed with
* the non-null values.
* @return new mapped ResourceObject instance.
* @throws SchemaException
*/
<T extends ShadowType> PrismObject<T> convertToResourceObject(ConnectorObject co, PrismObjectDefinition<T> objectDefinition, boolean full, boolean caseIgnoreAttributeNames, boolean legacySchema) throws SchemaException {
PrismObject<T> shadowPrism = null;
if (objectDefinition != null) {
shadowPrism = objectDefinition.instantiate();
} else {
throw new SchemaException("No definition");
}
// LOGGER.trace("Instantiated prism object {} from connector object.",
// shadowPrism.debugDump());
T shadow = shadowPrism.asObjectable();
ResourceAttributeContainer attributesContainer = (ResourceAttributeContainer) shadowPrism.findOrCreateContainer(ShadowType.F_ATTRIBUTES);
ResourceAttributeContainerDefinition attributesContainerDefinition = attributesContainer.getDefinition();
shadow.setObjectClass(attributesContainerDefinition.getTypeName());
List<ObjectClassComplexTypeDefinition> auxiliaryObjectClassDefinitions = new ArrayList<>();
for (Attribute icfAttr : co.getAttributes()) {
if (icfAttr.is(PredefinedAttributes.AUXILIARY_OBJECT_CLASS_NAME)) {
List<QName> auxiliaryObjectClasses = shadow.getAuxiliaryObjectClass();
for (Object auxiliaryIcfObjectClass : icfAttr.getValue()) {
QName auxiliaryObjectClassQname = icfNameMapper.objectClassToQname(new ObjectClass((String) auxiliaryIcfObjectClass), resourceSchemaNamespace, legacySchema);
auxiliaryObjectClasses.add(auxiliaryObjectClassQname);
ObjectClassComplexTypeDefinition auxiliaryObjectClassDefinition = icfNameMapper.getResourceSchema().findObjectClassDefinition(auxiliaryObjectClassQname);
if (auxiliaryObjectClassDefinition == null) {
throw new SchemaException("Resource object " + co + " refers to auxiliary object class " + auxiliaryObjectClassQname + " which is not in the schema");
}
auxiliaryObjectClassDefinitions.add(auxiliaryObjectClassDefinition);
}
break;
}
}
for (Attribute icfAttr : co.getAttributes()) {
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("Reading ICF attribute {}: {}", icfAttr.getName(), icfAttr.getValue());
}
if (icfAttr.getName().equals(Uid.NAME)) {
// UID is handled specially (see above)
continue;
}
if (icfAttr.is(PredefinedAttributes.AUXILIARY_OBJECT_CLASS_NAME)) {
// Already processed
continue;
}
if (icfAttr.getName().equals(OperationalAttributes.PASSWORD_NAME)) {
// password has to go to the credentials section
ProtectedStringType password = getSingleValue(icfAttr, ProtectedStringType.class);
if (password == null) {
// equals() instead of == is needed. The AttributeValueCompleteness enum may be loaded by different classloader
if (!AttributeValueCompleteness.INCOMPLETE.equals(icfAttr.getAttributeValueCompleteness())) {
continue;
}
// There is no password value in the ConnId attribute. But it was indicated that
// that attribute is incomplete. Therefore we can assume that there in fact is a value.
// We just do not know it.
ShadowUtil.setPasswordIncomplete(shadow);
LOGGER.trace("Converted password: (incomplete)");
} else {
ShadowUtil.setPassword(shadow, password);
LOGGER.trace("Converted password: {}", password);
}
continue;
}
if (icfAttr.getName().equals(OperationalAttributes.ENABLE_NAME)) {
Boolean enabled = getSingleValue(icfAttr, Boolean.class);
if (enabled == null) {
continue;
}
ActivationType activationType = ShadowUtil.getOrCreateActivation(shadow);
ActivationStatusType activationStatusType;
if (enabled) {
activationStatusType = ActivationStatusType.ENABLED;
} else {
activationStatusType = ActivationStatusType.DISABLED;
}
activationType.setAdministrativeStatus(activationStatusType);
activationType.setEffectiveStatus(activationStatusType);
LOGGER.trace("Converted activation administrativeStatus: {}", activationStatusType);
continue;
}
if (icfAttr.getName().equals(OperationalAttributes.ENABLE_DATE_NAME)) {
Long millis = getSingleValue(icfAttr, Long.class);
if (millis == null) {
continue;
}
ActivationType activationType = ShadowUtil.getOrCreateActivation(shadow);
activationType.setValidFrom(XmlTypeConverter.createXMLGregorianCalendar(millis));
continue;
}
if (icfAttr.getName().equals(OperationalAttributes.DISABLE_DATE_NAME)) {
Long millis = getSingleValue(icfAttr, Long.class);
if (millis == null) {
continue;
}
ActivationType activationType = ShadowUtil.getOrCreateActivation(shadow);
activationType.setValidTo(XmlTypeConverter.createXMLGregorianCalendar(millis));
continue;
}
if (icfAttr.getName().equals(OperationalAttributes.LOCK_OUT_NAME)) {
Boolean lockOut = getSingleValue(icfAttr, Boolean.class);
if (lockOut == null) {
continue;
}
ActivationType activationType = ShadowUtil.getOrCreateActivation(shadow);
LockoutStatusType lockoutStatusType;
if (lockOut) {
lockoutStatusType = LockoutStatusType.LOCKED;
} else {
lockoutStatusType = LockoutStatusType.NORMAL;
}
activationType.setLockoutStatus(lockoutStatusType);
LOGGER.trace("Converted activation lockoutStatus: {}", lockoutStatusType);
continue;
}
QName qname = icfNameMapper.convertAttributeNameToQName(icfAttr.getName(), attributesContainerDefinition);
ResourceAttributeDefinition attributeDefinition = attributesContainerDefinition.findAttributeDefinition(qname, caseIgnoreAttributeNames);
if (attributeDefinition == null) {
// Try to locate definition in auxiliary object classes
for (ObjectClassComplexTypeDefinition auxiliaryObjectClassDefinition : auxiliaryObjectClassDefinitions) {
attributeDefinition = auxiliaryObjectClassDefinition.findAttributeDefinition(qname, caseIgnoreAttributeNames);
if (attributeDefinition != null) {
break;
}
}
if (attributeDefinition == null) {
throw new SchemaException("Unknown attribute " + qname + " in definition of object class " + attributesContainerDefinition.getTypeName() + ". Original ICF name: " + icfAttr.getName(), qname);
}
}
if (caseIgnoreAttributeNames) {
// normalized version
qname = attributeDefinition.getName();
}
ResourceAttribute<Object> resourceAttribute = attributeDefinition.instantiate(qname);
// resource object also with the null-values attributes
if (full) {
if (icfAttr.getValue() != null) {
// of them may need it (e.g. GuardedString)
for (Object icfValue : icfAttr.getValue()) {
Object value = convertValueFromIcf(icfValue, qname);
resourceAttribute.add(new PrismPropertyValue<>(value));
}
}
LOGGER.trace("Converted attribute {}", resourceAttribute);
attributesContainer.getValue().add(resourceAttribute);
// in this case when false, we need only the attributes with the
// non-null values.
} else {
if (icfAttr.getValue() != null && !icfAttr.getValue().isEmpty()) {
// Convert the values. While most values do not need
// conversions, some of them may need it (e.g. GuardedString)
boolean empty = true;
for (Object icfValue : icfAttr.getValue()) {
if (icfValue != null) {
Object value = convertValueFromIcf(icfValue, qname);
empty = false;
resourceAttribute.add(new PrismPropertyValue<>(value));
}
}
if (!empty) {
LOGGER.trace("Converted attribute {}", resourceAttribute);
attributesContainer.getValue().add(resourceAttribute);
}
}
}
}
// Add Uid if it is not there already. It can be already present,
// e.g. if Uid and Name represent the same attribute
Uid uid = co.getUid();
ObjectClassComplexTypeDefinition ocDef = attributesContainerDefinition.getComplexTypeDefinition();
ResourceAttributeDefinition<String> uidDefinition = ConnIdUtil.getUidDefinition(ocDef);
if (uidDefinition == null) {
throw new SchemaException("No definition for ConnId UID attribute found in definition " + ocDef);
}
if (attributesContainer.getValue().findItem(uidDefinition.getName()) == null) {
ResourceAttribute<String> uidRoa = uidDefinition.instantiate();
uidRoa.setValue(new PrismPropertyValue<String>(uid.getUidValue()));
attributesContainer.getValue().add(uidRoa);
}
return shadowPrism;
}
Also used :
ResourceAttribute(com.evolveum.midpoint.schema.processor.ResourceAttribute)
Attribute(org.identityconnectors.framework.common.objects.Attribute)
ArrayList(java.util.ArrayList)
ResourceAttributeContainer(com.evolveum.midpoint.schema.processor.ResourceAttributeContainer)
ObjectClassComplexTypeDefinition(com.evolveum.midpoint.schema.processor.ObjectClassComplexTypeDefinition)
GuardedString(org.identityconnectors.common.security.GuardedString)
ResourceAttributeContainerDefinition(com.evolveum.midpoint.schema.processor.ResourceAttributeContainerDefinition)
SchemaException(com.evolveum.midpoint.util.exception.SchemaException)
ObjectClass(org.identityconnectors.framework.common.objects.ObjectClass)
QName(javax.xml.namespace.QName)
ActivationStatusType(com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType)
Uid(org.identityconnectors.framework.common.objects.Uid)
ResourceAttributeDefinition(com.evolveum.midpoint.schema.processor.ResourceAttributeDefinition)
ActivationType(com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType)
LockoutStatusType(com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType)
PrismObject(com.evolveum.midpoint.prism.PrismObject)
ConnectorObject(org.identityconnectors.framework.common.objects.ConnectorObject)
ProtectedStringType(com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType)
Example 4 with LockoutStatusType
use of com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType in project midpoint by Evolveum.
the class TestOpenLdap method test705UnlockBarbossaAccount.
@Test
public void test705UnlockBarbossaAccount() throws Exception {
// GIVEN
Task task = getTestTask();
OperationResult result = task.getResult();
ObjectDelta<ShadowType> accountDelta = createModifyAccountShadowReplaceDelta(accountBarbossaOid, null, SchemaConstants.PATH_ACTIVATION_LOCKOUT_STATUS, LockoutStatusType.NORMAL);
// WHEN
when();
executeChanges(accountDelta, null, task, result);
// THEN
then();
result.computeStatus();
TestUtil.assertSuccess(result);
PrismObject<ShadowType> shadow = getShadowModel(accountBarbossaOid);
display("Shadow (model)", shadow);
ActivationType activation = shadow.asObjectable().getActivation();
if (activation != null) {
LockoutStatusType lockoutStatus = shadow.asObjectable().getActivation().getLockoutStatus();
if (lockoutStatus != null && lockoutStatus != LockoutStatusType.NORMAL) {
AssertJUnit.fail("Barbossa is locked!");
}
}
Entry entry = assertLdapAccount(USER_BARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME);
displayValue("LDAP Entry", entry);
assertNoAttribute(entry, "pwdAccountLockedTime");
assertLdapPassword(USER_BARBOSSA_USERNAME, USER_BARBOSSA_PASSWORD_2);
}
Also used :
Task(com.evolveum.midpoint.task.api.Task)
Entry(org.apache.directory.api.ldap.model.entry.Entry)
ShadowType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)
ActivationType(com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType)
LockoutStatusType(com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
Test(org.testng.annotations.Test)
Example 5 with LockoutStatusType
use of com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType in project midpoint by Evolveum.
the class ActivationConverter method completeActivation.
// region Resource object -> midPoint (simulating/native -> activation)
/**
* Completes activation for fetched object by determining simulated values if necessary.
*/
void completeActivation(PrismObject<ShadowType> resourceObject, OperationResult result) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
ShadowType resourceObjectBean = resourceObject.asObjectable();
ActivationCapabilityType activationCapability = ctx.getEffectiveCapability(ActivationCapabilityType.class);
if (!CapabilityUtil.isCapabilityEnabled(activationCapability) && resourceObjectBean.getActivation() == null) {
LOGGER.trace("No activation capability and also no activation information in the resource object.");
return;
}
ActivationStatusType activationStatus = determineActivationStatus(resourceObject, activationCapability, result);
LockoutStatusType lockoutStatus = determineLockoutStatus(resourceObject, activationCapability, result);
if (activationStatus != null || lockoutStatus != null) {
if (resourceObjectBean.getActivation() == null) {
resourceObjectBean.setActivation(new ActivationType(beans.prismContext));
}
resourceObjectBean.getActivation().setAdministrativeStatus(activationStatus);
resourceObjectBean.getActivation().setLockoutStatus(lockoutStatus);
} else {
if (resourceObjectBean.getActivation() != null) {
resourceObjectBean.getActivation().setAdministrativeStatus(null);
resourceObjectBean.getActivation().setLockoutStatus(null);
}
}
}
Also used :
ActivationCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationCapabilityType)
Aggregations
LockoutStatusType (com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType)8
ActivationType (com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType)6
ActivationLockoutStatusCapabilityType (com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationLockoutStatusCapabilityType)5
SchemaException (com.evolveum.midpoint.util.exception.SchemaException)3
ShadowType (com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)3
ActivationCapabilityType (com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationCapabilityType)3
XMLGregorianCalendar (javax.xml.datatype.XMLGregorianCalendar)3
Test (org.testng.annotations.Test)3
PrismObject (com.evolveum.midpoint.prism.PrismObject)2
ItemPath (com.evolveum.midpoint.prism.path.ItemPath)2
ActivationStatusType (com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType)2
QName (javax.xml.namespace.QName)2
Entry (org.apache.directory.api.ldap.model.entry.Entry)2
PageBase (com.evolveum.midpoint.gui.api.page.PageBase)1
PrismPropertyValue (com.evolveum.midpoint.prism.PrismPropertyValue)1
PropertyDelta (com.evolveum.midpoint.prism.delta.PropertyDelta)1
ObjectClassComplexTypeDefinition (com.evolveum.midpoint.schema.processor.ObjectClassComplexTypeDefinition)1
ResourceAttribute (com.evolveum.midpoint.schema.processor.ResourceAttribute)1
ResourceAttributeContainer (com.evolveum.midpoint.schema.processor.ResourceAttributeContainer)1
ResourceAttributeContainerDefinition (com.evolveum.midpoint.schema.processor.ResourceAttributeContainerDefinition)1
