use of com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType in project midpoint by Evolveum.
the class ConnectorInstanceConnIdImpl method convertFromActivation.
private void convertFromActivation(Set<Attribute> updateAttributes, Collection<PropertyDelta<?>> activationDeltas) throws SchemaException {
for (PropertyDelta<?> propDelta : activationDeltas) {
if (propDelta.getElementName().equals(ActivationType.F_ADMINISTRATIVE_STATUS)) {
ActivationStatusType status = getPropertyNewValue(propDelta, ActivationStatusType.class);
if (status == null) {
updateAttributes.add(AttributeBuilder.build(OperationalAttributes.ENABLE_NAME));
} else {
updateAttributes.add(AttributeBuilder.build(OperationalAttributes.ENABLE_NAME, status == ActivationStatusType.ENABLED));
}
} else if (propDelta.getElementName().equals(ActivationType.F_VALID_FROM)) {
//propDelta.getPropertyNew().getValue(XMLGregorianCalendar.class).getValue();
XMLGregorianCalendar xmlCal = getPropertyNewValue(propDelta, XMLGregorianCalendar.class);
updateAttributes.add(AttributeBuilder.build(OperationalAttributes.ENABLE_DATE_NAME, xmlCal != null ? XmlTypeConverter.toMillis(xmlCal) : null));
} else if (propDelta.getElementName().equals(ActivationType.F_VALID_TO)) {
//propDelta.getPropertyNew().getValue(XMLGregorianCalendar.class).getValue();
XMLGregorianCalendar xmlCal = getPropertyNewValue(propDelta, XMLGregorianCalendar.class);
updateAttributes.add(AttributeBuilder.build(OperationalAttributes.DISABLE_DATE_NAME, xmlCal != null ? XmlTypeConverter.toMillis(xmlCal) : null));
} else if (propDelta.getElementName().equals(ActivationType.F_LOCKOUT_STATUS)) {
//propDelta.getPropertyNew().getValue(LockoutStatusType.class).getValue();
LockoutStatusType status = getPropertyNewValue(propDelta, LockoutStatusType.class);
updateAttributes.add(AttributeBuilder.build(OperationalAttributes.LOCK_OUT_NAME, status != LockoutStatusType.NORMAL));
} else {
throw new SchemaException("Got unknown activation attribute delta " + propDelta.getElementName());
}
}
}
use of com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType in project midpoint by Evolveum.
the class TestOpenLdap method test700CheckBarbossaLockoutStatus.
@Test
public void test700CheckBarbossaLockoutStatus() throws Exception {
final String TEST_NAME = "test700CheckBarbossaLockoutStatus";
TestUtil.displayTestTile(this, TEST_NAME);
// WHEN
TestUtil.displayWhen(TEST_NAME);
PrismObject<ShadowType> shadow = getShadowModel(accountBarbossaOid);
// THEN
TestUtil.displayThen(TEST_NAME);
display("Shadow (model)", shadow);
ActivationType activation = shadow.asObjectable().getActivation();
if (activation != null) {
LockoutStatusType lockoutStatus = shadow.asObjectable().getActivation().getLockoutStatus();
if (lockoutStatus != null && lockoutStatus != LockoutStatusType.NORMAL) {
AssertJUnit.fail("Barbossa is locked!");
}
}
assertLdapPassword(USER_BARBOSSA_USERNAME, USER_BARBOSSA_PASSWORD_2);
}
use of com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType in project midpoint by Evolveum.
the class TestOpenLdap method test702LockOutBarbossa.
@Test
public void test702LockOutBarbossa() throws Exception {
final String TEST_NAME = "test702LockOutBarbossa";
TestUtil.displayTestTile(this, TEST_NAME);
Entry entry = getLdapAccountByUid(USER_BARBOSSA_USERNAME);
display("LDAP Entry before", entry);
// WHEN
TestUtil.displayWhen(TEST_NAME);
for (int i = 0; i < 10; i++) {
LdapNetworkConnection conn;
try {
conn = ldapConnect(null, entry.getDn().toString(), "this password is wrong");
} catch (SecurityException e) {
// Good bad attempt
continue;
}
assertNotReached();
}
// THEN
TestUtil.displayThen(TEST_NAME);
entry = assertLdapAccount(USER_BARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME);
display("LDAP Entry after", entry);
PrismObject<ShadowType> shadow = getShadowModel(accountBarbossaOid);
display("Shadow (model)", shadow);
ActivationType activation = shadow.asObjectable().getActivation();
assertNotNull("No activation", activation);
LockoutStatusType lockoutStatus = shadow.asObjectable().getActivation().getLockoutStatus();
assertEquals("Wrong lockout status", LockoutStatusType.LOCKED, lockoutStatus);
}
use of com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType in project midpoint by Evolveum.
the class ResourceObjectConverter method checkSimulatedActivationLockoutStatus.
private void checkSimulatedActivationLockoutStatus(ProvisioningContext ctx, Collection<? extends ItemDelta> objectChange, LockoutStatusType status, ActivationCapabilityType activationCapability, ShadowType shadow, OperationResult result) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
ActivationLockoutStatusCapabilityType capActStatus = getActivationLockoutStatusFromSimulatedActivation(ctx, activationCapability, shadow, result);
ResourceAttribute<?> activationAttribute = getSimulatedActivationLockoutStatusAttribute(ctx, shadow, capActStatus, result);
if (activationAttribute == null) {
return;
}
PropertyDelta simulatedActivationDelta = PropertyDelta.findPropertyDelta(objectChange, activationAttribute.getPath());
PrismProperty simulatedActivationProperty = simulatedActivationDelta.getPropertyNewMatchingPath();
Collection realValues = simulatedActivationProperty.getRealValues();
if (realValues.isEmpty()) {
//nothing to do, no value for simulatedActivation
return;
}
if (realValues.size() > 1) {
throw new SchemaException("Found more than one value for simulated lockout.");
}
Object simulatedActivationValue = realValues.iterator().next();
// TODO this is strange; evaluating lockout but looking at status! [med]
boolean transformedValue = getTransformedValue(ctx, activationCapability, shadow, simulatedActivationValue, result);
if (transformedValue && status == LockoutStatusType.NORMAL) {
//this is ok, simulated value and also value for native capability resulted to the same vale
} else {
throw new SchemaException("Found conflicting change for activation lockout. Simulated lockout resulted to " + transformedValue + ", but native activation resulted to " + status);
}
}
use of com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType in project midpoint by Evolveum.
the class ResourceObjectConverter method determineActivationChange.
private Collection<Operation> determineActivationChange(ProvisioningContext ctx, ShadowType shadow, Collection<? extends ItemDelta> objectChange, OperationResult result) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
ResourceType resource = ctx.getResource();
Collection<Operation> operations = new ArrayList<>();
CapabilitiesType connectorCapabilities = ctx.getConnectorCapabilities(UpdateCapabilityType.class);
ActivationCapabilityType activationCapability = CapabilityUtil.getEffectiveCapability(connectorCapabilities, ActivationCapabilityType.class);
// administrativeStatus
PropertyDelta<ActivationStatusType> enabledPropertyDelta = PropertyDelta.findPropertyDelta(objectChange, SchemaConstants.PATH_ACTIVATION_ADMINISTRATIVE_STATUS);
if (enabledPropertyDelta != null) {
if (activationCapability == null) {
SchemaException e = new SchemaException("Attempt to change activation administrativeStatus on " + resource + " which does not have the capability");
result.recordFatalError(e);
throw e;
}
ActivationStatusType status = enabledPropertyDelta.getPropertyNewMatchingPath().getRealValue();
LOGGER.trace("Found activation administrativeStatus change to: {}", status);
if (CapabilityUtil.hasNativeCapability(connectorCapabilities, ActivationCapabilityType.class)) {
// Native activation, need to check if there is not also change to simulated activation which may be in conflict
checkSimulatedActivationAdministrativeStatus(ctx, objectChange, status, activationCapability, shadow, result);
operations.add(new PropertyModificationOperation(enabledPropertyDelta));
} else {
// Try to simulate activation capability
PropertyModificationOperation activationAttribute = convertToSimulatedActivationAdministrativeStatusAttribute(ctx, enabledPropertyDelta, shadow, status, activationCapability, result);
if (activationAttribute != null) {
operations.add(activationAttribute);
}
}
}
// validFrom
PropertyDelta<XMLGregorianCalendar> validFromPropertyDelta = PropertyDelta.findPropertyDelta(objectChange, SchemaConstants.PATH_ACTIVATION_VALID_FROM);
if (validFromPropertyDelta != null) {
if (CapabilityUtil.getEffectiveActivationValidFrom(activationCapability) == null) {
SchemaException e = new SchemaException("Attempt to change activation validFrom on " + resource + " which does not have the capability");
result.recordFatalError(e);
throw e;
}
XMLGregorianCalendar xmlCal = validFromPropertyDelta.getPropertyNewMatchingPath().getRealValue();
LOGGER.trace("Found activation validFrom change to: {}", xmlCal);
operations.add(new PropertyModificationOperation(validFromPropertyDelta));
}
// validTo
PropertyDelta<XMLGregorianCalendar> validToPropertyDelta = PropertyDelta.findPropertyDelta(objectChange, SchemaConstants.PATH_ACTIVATION_VALID_TO);
if (validToPropertyDelta != null) {
if (CapabilityUtil.getEffectiveActivationValidTo(activationCapability) == null) {
SchemaException e = new SchemaException("Attempt to change activation validTo on " + resource + " which does not have the capability");
result.recordFatalError(e);
throw e;
}
XMLGregorianCalendar xmlCal = validToPropertyDelta.getPropertyNewMatchingPath().getRealValue();
LOGGER.trace("Found activation validTo change to: {}", xmlCal);
operations.add(new PropertyModificationOperation(validToPropertyDelta));
}
PropertyDelta<LockoutStatusType> lockoutPropertyDelta = PropertyDelta.findPropertyDelta(objectChange, SchemaConstants.PATH_ACTIVATION_LOCKOUT_STATUS);
if (lockoutPropertyDelta != null) {
if (activationCapability == null) {
SchemaException e = new SchemaException("Attempt to change activation lockoutStatus on " + resource + " which does not have the capability");
result.recordFatalError(e);
throw e;
}
LockoutStatusType status = lockoutPropertyDelta.getPropertyNewMatchingPath().getRealValue();
LOGGER.trace("Found activation lockoutStatus change to: {}", status);
if (CapabilityUtil.hasNativeCapability(connectorCapabilities, ActivationCapabilityType.class)) {
// Native lockout, need to check if there is not also change to simulated activation which may be in conflict
checkSimulatedActivationLockoutStatus(ctx, objectChange, status, activationCapability, shadow, result);
operations.add(new PropertyModificationOperation(lockoutPropertyDelta));
} else {
// Try to simulate lockout capability
PropertyModificationOperation activationAttribute = convertToSimulatedActivationLockoutStatusAttribute(ctx, lockoutPropertyDelta, shadow, status, activationCapability, result);
operations.add(activationAttribute);
}
}
return operations;
}
Aggregations