Search in sources :

Example 6 with LockoutStatusType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType in project midpoint by Evolveum.

the class ConnectorInstanceConnIdImpl method convertFromActivation.

private void convertFromActivation(Set<Attribute> updateAttributes, Collection<PropertyDelta<?>> activationDeltas) throws SchemaException {
    for (PropertyDelta<?> propDelta : activationDeltas) {
        if (propDelta.getElementName().equals(ActivationType.F_ADMINISTRATIVE_STATUS)) {
            ActivationStatusType status = getPropertyNewValue(propDelta, ActivationStatusType.class);
            if (status == null) {
                updateAttributes.add(AttributeBuilder.build(OperationalAttributes.ENABLE_NAME));
            } else {
                updateAttributes.add(AttributeBuilder.build(OperationalAttributes.ENABLE_NAME, status == ActivationStatusType.ENABLED));
            }
        } else if (propDelta.getElementName().equals(ActivationType.F_VALID_FROM)) {
            //propDelta.getPropertyNew().getValue(XMLGregorianCalendar.class).getValue();
            XMLGregorianCalendar xmlCal = getPropertyNewValue(propDelta, XMLGregorianCalendar.class);
            updateAttributes.add(AttributeBuilder.build(OperationalAttributes.ENABLE_DATE_NAME, xmlCal != null ? XmlTypeConverter.toMillis(xmlCal) : null));
        } else if (propDelta.getElementName().equals(ActivationType.F_VALID_TO)) {
            //propDelta.getPropertyNew().getValue(XMLGregorianCalendar.class).getValue();
            XMLGregorianCalendar xmlCal = getPropertyNewValue(propDelta, XMLGregorianCalendar.class);
            updateAttributes.add(AttributeBuilder.build(OperationalAttributes.DISABLE_DATE_NAME, xmlCal != null ? XmlTypeConverter.toMillis(xmlCal) : null));
        } else if (propDelta.getElementName().equals(ActivationType.F_LOCKOUT_STATUS)) {
            //propDelta.getPropertyNew().getValue(LockoutStatusType.class).getValue();
            LockoutStatusType status = getPropertyNewValue(propDelta, LockoutStatusType.class);
            updateAttributes.add(AttributeBuilder.build(OperationalAttributes.LOCK_OUT_NAME, status != LockoutStatusType.NORMAL));
        } else {
            throw new SchemaException("Got unknown activation attribute delta " + propDelta.getElementName());
        }
    }
}
Also used : XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar) SchemaException(com.evolveum.midpoint.util.exception.SchemaException) ActivationStatusType(com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType) LockoutStatusType(com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType)

Example 7 with LockoutStatusType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType in project midpoint by Evolveum.

the class TestOpenLdap method test700CheckBarbossaLockoutStatus.

@Test
public void test700CheckBarbossaLockoutStatus() throws Exception {
    final String TEST_NAME = "test700CheckBarbossaLockoutStatus";
    TestUtil.displayTestTile(this, TEST_NAME);
    // WHEN
    TestUtil.displayWhen(TEST_NAME);
    PrismObject<ShadowType> shadow = getShadowModel(accountBarbossaOid);
    // THEN
    TestUtil.displayThen(TEST_NAME);
    display("Shadow (model)", shadow);
    ActivationType activation = shadow.asObjectable().getActivation();
    if (activation != null) {
        LockoutStatusType lockoutStatus = shadow.asObjectable().getActivation().getLockoutStatus();
        if (lockoutStatus != null && lockoutStatus != LockoutStatusType.NORMAL) {
            AssertJUnit.fail("Barbossa is locked!");
        }
    }
    assertLdapPassword(USER_BARBOSSA_USERNAME, USER_BARBOSSA_PASSWORD_2);
}
Also used : ShadowType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType) ActivationType(com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType) LockoutStatusType(com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType) AbstractIntegrationTest(com.evolveum.midpoint.test.AbstractIntegrationTest) Test(org.testng.annotations.Test)

Example 8 with LockoutStatusType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType in project midpoint by Evolveum.

the class TestOpenLdap method test702LockOutBarbossa.

@Test
public void test702LockOutBarbossa() throws Exception {
    final String TEST_NAME = "test702LockOutBarbossa";
    TestUtil.displayTestTile(this, TEST_NAME);
    Entry entry = getLdapAccountByUid(USER_BARBOSSA_USERNAME);
    display("LDAP Entry before", entry);
    // WHEN
    TestUtil.displayWhen(TEST_NAME);
    for (int i = 0; i < 10; i++) {
        LdapNetworkConnection conn;
        try {
            conn = ldapConnect(null, entry.getDn().toString(), "this password is wrong");
        } catch (SecurityException e) {
            // Good bad attempt
            continue;
        }
        assertNotReached();
    }
    // THEN
    TestUtil.displayThen(TEST_NAME);
    entry = assertLdapAccount(USER_BARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME);
    display("LDAP Entry after", entry);
    PrismObject<ShadowType> shadow = getShadowModel(accountBarbossaOid);
    display("Shadow (model)", shadow);
    ActivationType activation = shadow.asObjectable().getActivation();
    assertNotNull("No activation", activation);
    LockoutStatusType lockoutStatus = shadow.asObjectable().getActivation().getLockoutStatus();
    assertEquals("Wrong lockout status", LockoutStatusType.LOCKED, lockoutStatus);
}
Also used : Entry(org.apache.directory.api.ldap.model.entry.Entry) ShadowType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType) ActivationType(com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType) LockoutStatusType(com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType) LdapNetworkConnection(org.apache.directory.ldap.client.api.LdapNetworkConnection) AbstractIntegrationTest(com.evolveum.midpoint.test.AbstractIntegrationTest) Test(org.testng.annotations.Test)

Example 9 with LockoutStatusType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType in project midpoint by Evolveum.

the class ResourceObjectConverter method checkSimulatedActivationLockoutStatus.

private void checkSimulatedActivationLockoutStatus(ProvisioningContext ctx, Collection<? extends ItemDelta> objectChange, LockoutStatusType status, ActivationCapabilityType activationCapability, ShadowType shadow, OperationResult result) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
    ActivationLockoutStatusCapabilityType capActStatus = getActivationLockoutStatusFromSimulatedActivation(ctx, activationCapability, shadow, result);
    ResourceAttribute<?> activationAttribute = getSimulatedActivationLockoutStatusAttribute(ctx, shadow, capActStatus, result);
    if (activationAttribute == null) {
        return;
    }
    PropertyDelta simulatedActivationDelta = PropertyDelta.findPropertyDelta(objectChange, activationAttribute.getPath());
    PrismProperty simulatedActivationProperty = simulatedActivationDelta.getPropertyNewMatchingPath();
    Collection realValues = simulatedActivationProperty.getRealValues();
    if (realValues.isEmpty()) {
        //nothing to do, no value for simulatedActivation
        return;
    }
    if (realValues.size() > 1) {
        throw new SchemaException("Found more than one value for simulated lockout.");
    }
    Object simulatedActivationValue = realValues.iterator().next();
    // TODO this is strange; evaluating lockout but looking at status! [med]
    boolean transformedValue = getTransformedValue(ctx, activationCapability, shadow, simulatedActivationValue, result);
    if (transformedValue && status == LockoutStatusType.NORMAL) {
    //this is ok, simulated value and also value for native capability resulted to the same vale
    } else {
        throw new SchemaException("Found conflicting change for activation lockout. Simulated lockout resulted to " + transformedValue + ", but native activation resulted to " + status);
    }
}
Also used : ActivationLockoutStatusCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationLockoutStatusCapabilityType) PropertyDelta(com.evolveum.midpoint.prism.delta.PropertyDelta)

Example 10 with LockoutStatusType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType in project midpoint by Evolveum.

the class ResourceObjectConverter method determineActivationChange.

private Collection<Operation> determineActivationChange(ProvisioningContext ctx, ShadowType shadow, Collection<? extends ItemDelta> objectChange, OperationResult result) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
    ResourceType resource = ctx.getResource();
    Collection<Operation> operations = new ArrayList<>();
    CapabilitiesType connectorCapabilities = ctx.getConnectorCapabilities(UpdateCapabilityType.class);
    ActivationCapabilityType activationCapability = CapabilityUtil.getEffectiveCapability(connectorCapabilities, ActivationCapabilityType.class);
    // administrativeStatus
    PropertyDelta<ActivationStatusType> enabledPropertyDelta = PropertyDelta.findPropertyDelta(objectChange, SchemaConstants.PATH_ACTIVATION_ADMINISTRATIVE_STATUS);
    if (enabledPropertyDelta != null) {
        if (activationCapability == null) {
            SchemaException e = new SchemaException("Attempt to change activation administrativeStatus on " + resource + " which does not have the capability");
            result.recordFatalError(e);
            throw e;
        }
        ActivationStatusType status = enabledPropertyDelta.getPropertyNewMatchingPath().getRealValue();
        LOGGER.trace("Found activation administrativeStatus change to: {}", status);
        if (CapabilityUtil.hasNativeCapability(connectorCapabilities, ActivationCapabilityType.class)) {
            // Native activation, need to check if there is not also change to simulated activation which may be in conflict
            checkSimulatedActivationAdministrativeStatus(ctx, objectChange, status, activationCapability, shadow, result);
            operations.add(new PropertyModificationOperation(enabledPropertyDelta));
        } else {
            // Try to simulate activation capability
            PropertyModificationOperation activationAttribute = convertToSimulatedActivationAdministrativeStatusAttribute(ctx, enabledPropertyDelta, shadow, status, activationCapability, result);
            if (activationAttribute != null) {
                operations.add(activationAttribute);
            }
        }
    }
    // validFrom
    PropertyDelta<XMLGregorianCalendar> validFromPropertyDelta = PropertyDelta.findPropertyDelta(objectChange, SchemaConstants.PATH_ACTIVATION_VALID_FROM);
    if (validFromPropertyDelta != null) {
        if (CapabilityUtil.getEffectiveActivationValidFrom(activationCapability) == null) {
            SchemaException e = new SchemaException("Attempt to change activation validFrom on " + resource + " which does not have the capability");
            result.recordFatalError(e);
            throw e;
        }
        XMLGregorianCalendar xmlCal = validFromPropertyDelta.getPropertyNewMatchingPath().getRealValue();
        LOGGER.trace("Found activation validFrom change to: {}", xmlCal);
        operations.add(new PropertyModificationOperation(validFromPropertyDelta));
    }
    // validTo
    PropertyDelta<XMLGregorianCalendar> validToPropertyDelta = PropertyDelta.findPropertyDelta(objectChange, SchemaConstants.PATH_ACTIVATION_VALID_TO);
    if (validToPropertyDelta != null) {
        if (CapabilityUtil.getEffectiveActivationValidTo(activationCapability) == null) {
            SchemaException e = new SchemaException("Attempt to change activation validTo on " + resource + " which does not have the capability");
            result.recordFatalError(e);
            throw e;
        }
        XMLGregorianCalendar xmlCal = validToPropertyDelta.getPropertyNewMatchingPath().getRealValue();
        LOGGER.trace("Found activation validTo change to: {}", xmlCal);
        operations.add(new PropertyModificationOperation(validToPropertyDelta));
    }
    PropertyDelta<LockoutStatusType> lockoutPropertyDelta = PropertyDelta.findPropertyDelta(objectChange, SchemaConstants.PATH_ACTIVATION_LOCKOUT_STATUS);
    if (lockoutPropertyDelta != null) {
        if (activationCapability == null) {
            SchemaException e = new SchemaException("Attempt to change activation lockoutStatus on " + resource + " which does not have the capability");
            result.recordFatalError(e);
            throw e;
        }
        LockoutStatusType status = lockoutPropertyDelta.getPropertyNewMatchingPath().getRealValue();
        LOGGER.trace("Found activation lockoutStatus change to: {}", status);
        if (CapabilityUtil.hasNativeCapability(connectorCapabilities, ActivationCapabilityType.class)) {
            // Native lockout, need to check if there is not also change to simulated activation which may be in conflict
            checkSimulatedActivationLockoutStatus(ctx, objectChange, status, activationCapability, shadow, result);
            operations.add(new PropertyModificationOperation(lockoutPropertyDelta));
        } else {
            // Try to simulate lockout capability
            PropertyModificationOperation activationAttribute = convertToSimulatedActivationLockoutStatusAttribute(ctx, lockoutPropertyDelta, shadow, status, activationCapability, result);
            operations.add(activationAttribute);
        }
    }
    return operations;
}
Also used : ActivationCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationCapabilityType) XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar)

Aggregations

LockoutStatusType (com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType)7 ActivationType (com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType)5 AbstractIntegrationTest (com.evolveum.midpoint.test.AbstractIntegrationTest)3 SchemaException (com.evolveum.midpoint.util.exception.SchemaException)3 ShadowType (com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)3 ActivationLockoutStatusCapabilityType (com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationLockoutStatusCapabilityType)3 XMLGregorianCalendar (javax.xml.datatype.XMLGregorianCalendar)3 Test (org.testng.annotations.Test)3 PrismPropertyValue (com.evolveum.midpoint.prism.PrismPropertyValue)2 ItemPath (com.evolveum.midpoint.prism.path.ItemPath)2 ActivationStatusType (com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType)2 ActivationCapabilityType (com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationCapabilityType)2 Entry (org.apache.directory.api.ldap.model.entry.Entry)2 PageBase (com.evolveum.midpoint.gui.api.page.PageBase)1 PrismObject (com.evolveum.midpoint.prism.PrismObject)1 PropertyDelta (com.evolveum.midpoint.prism.delta.PropertyDelta)1 ObjectClassComplexTypeDefinition (com.evolveum.midpoint.schema.processor.ObjectClassComplexTypeDefinition)1 ResourceAttribute (com.evolveum.midpoint.schema.processor.ResourceAttribute)1 ResourceAttributeContainer (com.evolveum.midpoint.schema.processor.ResourceAttributeContainer)1 ResourceAttributeContainerDefinition (com.evolveum.midpoint.schema.processor.ResourceAttributeContainerDefinition)1