use of com.evolveum.midpoint.xml.ns._public.common.common_3.MappingType in project midpoint by Evolveum.
the class MappingColumnPanel method initLayout.
private void initLayout() {
ListView<PrismContainerValueWrapper<MappingType>> mappings = new ListView<>(ID_MAPPINGS, new PropertyModel<>(getModel(), "values")) {
@Override
protected void populateItem(ListItem<PrismContainerValueWrapper<MappingType>> item) {
Label label = new Label(ID_MAPPING, WebComponentUtil.createMappingDescription(item.getModel()));
label.add(AttributeAppender.append("class", createEnabledDisabledStyles(item.getModelObject())));
item.add(label);
}
};
add(mappings);
}
use of com.evolveum.midpoint.xml.ns._public.common.common_3.MappingType in project midpoint by Evolveum.
the class ObjectTemplateItemPanel method createAdditionalColumns.
@Override
protected List<IColumn<PrismContainerValueWrapper<ObjectTemplateItemDefinitionType>, String>> createAdditionalColumns() {
List<IColumn<PrismContainerValueWrapper<ObjectTemplateItemDefinitionType>, String>> columns = new ArrayList<>();
columns.add(new AbstractColumn<>(createStringResource("ObjectTemplateItemDefinitionType.mapping")) {
@Override
public void populateItem(Item<ICellPopulator<PrismContainerValueWrapper<ObjectTemplateItemDefinitionType>>> cellItem, String componentId, IModel<PrismContainerValueWrapper<ObjectTemplateItemDefinitionType>> rowModel) {
IModel<PrismContainerWrapper<MappingType>> mappingModel = PrismContainerWrapperModel.fromContainerValueWrapper(rowModel, ObjectTemplateItemDefinitionType.F_MAPPING);
cellItem.add(new MappingColumnPanel(componentId, mappingModel));
}
});
List<InlineMenuItem> items = new ArrayList<>();
InlineMenuItem item = new InlineMenuItem(createStringResource("pageAdminFocus.button.delete")) {
private static final long serialVersionUID = 1L;
@Override
public InlineMenuItemAction initAction() {
return new ColumnMenuAction() {
private static final long serialVersionUID = 1L;
@Override
public void onClick(AjaxRequestTarget target) {
getMultivalueContainerListPanel().deleteItemPerformed(target, getMultivalueContainerListPanel().getPerformedSelectedItems(getRowModel()));
}
};
}
};
items.add(item);
item = new ButtonInlineMenuItem(createStringResource("PageBase.button.edit")) {
private static final long serialVersionUID = 1L;
@Override
public CompositedIconBuilder getIconCompositedBuilder() {
return getDefaultCompositedIconBuilder(GuiStyleConstants.CLASS_EDIT_MENU_ITEM);
}
@Override
public InlineMenuItemAction initAction() {
return new ColumnMenuAction() {
private static final long serialVersionUID = 1L;
@Override
public void onClick(AjaxRequestTarget target) {
getMultivalueContainerListPanel().editItemPerformed(target, getRowModel(), getMultivalueContainerListPanel().getSelectedItems());
target.add(getMultivalueContainerListPanel().getFeedbackPanel());
}
};
}
};
items.add(item);
columns.add(new InlineMenuButtonColumn(items, getPageBase()) {
@Override
public String getCssClass() {
return "col-xs-1";
}
});
return columns;
}
use of com.evolveum.midpoint.xml.ns._public.common.common_3.MappingType in project midpoint by Evolveum.
the class WizardUtil method createEmptyMapping.
public static MappingType createEmptyMapping() {
MappingType mapping = new MappingType();
mapping.setAuthoritative(true);
return mapping;
}
use of com.evolveum.midpoint.xml.ns._public.common.common_3.MappingType in project midpoint by Evolveum.
the class ProjectionCredentialsProcessor method processProjectionPasswordMapping.
private <F extends FocusType> void processProjectionPasswordMapping(LensContext<F> context, final LensProjectionContext projCtx, final SecurityPolicyType securityPolicy, XMLGregorianCalendar now, Task task, OperationResult result) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException {
LensFocusContext<F> focusContext = context.getFocusContext();
PrismObject<F> focusNew = focusContext.getObjectNew();
if (focusNew == null) {
// This must be a focus delete or something similar. No point in proceeding
LOGGER.trace("focusNew is null, skipping credentials processing");
return;
}
PrismObjectDefinition<ShadowType> accountDefinition = prismContext.getSchemaRegistry().findObjectDefinitionByCompileTimeClass(ShadowType.class);
PrismPropertyDefinition<ProtectedStringType> projPasswordPropertyDefinition = accountDefinition.findPropertyDefinition(SchemaConstants.PATH_PASSWORD_VALUE);
ResourceShadowDiscriminator rsd = projCtx.getResourceShadowDiscriminator();
ResourceObjectDefinition objectDefinition = projCtx.getStructuralObjectDefinition();
if (objectDefinition == null) {
LOGGER.trace("No ResourceObjectTypeDefinition, therefore also no password outbound definition," + " skipping credentials processing for projection {}", rsd);
return;
}
List<MappingType> outboundMappingBeans = objectDefinition.getPasswordOutbound();
if (outboundMappingBeans.isEmpty()) {
LOGGER.trace("No outbound password mapping for {}, skipping credentials processing", rsd);
return;
}
ObjectDeltaObject<F> objectDeltaObject = focusContext.getObjectDeltaObjectAbsolute();
// HACK
if (!projCtx.isDoReconciliation() && !projCtx.isAdd() && !isActivated(outboundMappingBeans, objectDeltaObject.getObjectDelta())) {
LOGGER.trace("Outbound password mappings not activated for type {}, skipping credentials processing", rsd);
return;
}
ObjectDelta<ShadowType> projDelta = projCtx.getCurrentDelta();
PropertyDelta<ProtectedStringType> projPasswordDelta;
if (projDelta != null && projDelta.getChangeType() == MODIFY) {
projPasswordDelta = projDelta.findPropertyDelta(SchemaConstants.PATH_PASSWORD_VALUE);
} else {
projPasswordDelta = null;
}
checkExistingDeltaSanity(projCtx, projPasswordDelta);
boolean evaluateWeak = getEvaluateWeak(projCtx);
// TODO wave
ItemDeltaItem<PrismPropertyValue<ProtectedStringType>, PrismPropertyDefinition<ProtectedStringType>> focusPasswordIdi = objectDeltaObject.findIdi(SchemaConstants.PATH_PASSWORD_VALUE);
ConfigurableValuePolicySupplier valuePolicySupplier = (result1) -> SecurityUtil.getPasswordPolicy(securityPolicy);
MappingInitializer<PrismPropertyValue<ProtectedStringType>, PrismPropertyDefinition<ProtectedStringType>> initializer = (builder) -> {
builder.mappingKind(MappingKindType.OUTBOUND).implicitSourcePath(SchemaConstants.PATH_PASSWORD_VALUE).implicitTargetPath(SchemaConstants.PATH_PASSWORD_VALUE);
builder.defaultTargetDefinition(projPasswordPropertyDefinition);
builder.defaultSource(new Source<>(focusPasswordIdi, ExpressionConstants.VAR_INPUT_QNAME));
builder.valuePolicySupplier(valuePolicySupplier);
return builder;
};
MappingOutputProcessor<PrismPropertyValue<ProtectedStringType>> processor = (mappingOutputPath, outputStruct) -> {
PrismValueDeltaSetTriple<PrismPropertyValue<ProtectedStringType>> outputTriple = outputStruct.getOutputTriple();
if (outputTriple == null) {
LOGGER.trace("Credentials 'password' expression resulted in null output triple, skipping credentials processing for {}", rsd);
return false;
}
boolean projectionIsNew = projDelta != null && (projDelta.getChangeType() == ChangeType.ADD || projCtx.getSynchronizationPolicyDecision() == SynchronizationPolicyDecision.ADD);
Collection<PrismPropertyValue<ProtectedStringType>> newValues;
if (projectionIsNew) {
newValues = outputTriple.getNonNegativeValues();
} else {
newValues = outputTriple.getPlusSet();
}
if (!canGetCleartext(newValues)) {
ObjectDelta<ShadowType> projectionPrimaryDelta = projCtx.getPrimaryDelta();
if (projectionPrimaryDelta != null) {
PropertyDelta<ProtectedStringType> passwordPrimaryDelta = projectionPrimaryDelta.findPropertyDelta(SchemaConstants.PATH_PASSWORD_VALUE);
if (passwordPrimaryDelta != null) {
// We have only hashed value coming from the mapping. There are not very useful
// for provisioning. But we have primary projection delta - and that is very likely
// to be better.
// Skip all password mappings in this case. Primary delta trumps everything.
// No weak, normal or even strong mapping can change that.
// We need to disregard even strong mapping in this case. If we would heed the strong
// mapping then account initialization won't be possible.
LOGGER.trace("We have primary password delta in projection, skipping credentials processing");
return false;
}
}
}
Collection<PrismPropertyValue<ProtectedStringType>> minusSet = outputTriple.getMinusSet();
if (!minusSet.isEmpty()) {
if (!canGetCleartext(minusSet)) {
// We have hashed values in minus set. That is not great, we won't be able to get
// cleartext from that if we need it (e.g. for runAs in provisioning).
// Therefore try to get old value from focus password delta. If that matches with
// hashed value then we have the cleartext.
ProtectedStringType oldProjectionPassword = minusSet.iterator().next().getRealValue();
PropertyDelta<ProtectedStringType> focusPasswordDelta = (PropertyDelta<ProtectedStringType>) focusPasswordIdi.getDelta();
Collection<PrismPropertyValue<ProtectedStringType>> focusPasswordDeltaOldValues = focusPasswordDelta.getEstimatedOldValues();
if (focusPasswordDeltaOldValues != null && !focusPasswordDeltaOldValues.isEmpty()) {
ProtectedStringType oldFocusPassword = requireNonNull(focusPasswordDeltaOldValues.iterator().next().getRealValue());
try {
if (oldFocusPassword.canGetCleartext() && protector.compareCleartext(oldFocusPassword, oldProjectionPassword)) {
outputTriple.clearMinusSet();
outputTriple.addToMinusSet(prismContext.itemFactory().createPropertyValue(oldFocusPassword));
}
} catch (EncryptionException e) {
throw new SystemException(e.getMessage(), e);
}
}
}
}
return true;
};
String projCtxDesc = projCtx.toHumanReadableString();
PrismObject<ShadowType> shadowNew = projCtx.getObjectNew();
MappingInitializer<PrismPropertyValue<ProtectedStringType>, PrismPropertyDefinition<ProtectedStringType>> internalInitializer = builder -> {
builder.addVariableDefinitions(ModelImplUtils.getDefaultVariablesMap(context, projCtx, true));
builder.mappingKind(MappingKindType.OUTBOUND);
builder.originType(OriginType.OUTBOUND);
builder.implicitTargetPath(SchemaConstants.PATH_PASSWORD_VALUE);
builder.originObject(projCtx.getResource());
initializer.initialize(builder);
return builder;
};
MappingEvaluatorParams<PrismPropertyValue<ProtectedStringType>, PrismPropertyDefinition<ProtectedStringType>, ShadowType, F> params = new MappingEvaluatorParams<>();
params.setMappingTypes(outboundMappingBeans);
params.setMappingDesc("password mapping" + " in projection " + projCtxDesc);
params.setNow(now);
params.setInitializer(internalInitializer);
params.setProcessor(processor);
params.setTargetLoader(new ProjectionMappingLoader<>(projCtx, contextLoader));
params.setAPrioriTargetObject(shadowNew);
params.setAPrioriTargetDelta(LensUtil.findAPrioriDelta(context, projCtx));
params.setTargetContext(projCtx);
params.setDefaultTargetItemPath(SchemaConstants.PATH_PASSWORD_VALUE);
if (context.getFocusContext() != null) {
params.setSourceContext(context.getFocusContext().getObjectDeltaObjectAbsolute());
}
params.setEvaluateCurrent(MappingTimeEval.CURRENT);
params.setEvaluateWeak(evaluateWeak);
params.setContext(context);
params.setHasFullTargetObject(projCtx.hasFullShadow());
projectionMappingSetEvaluator.evaluateMappingsToTriples(params, task, result);
}
use of com.evolveum.midpoint.xml.ns._public.common.common_3.MappingType in project midpoint by Evolveum.
the class MappingSorter method dependsOn.
// true if any source of mapping1 is equivalent to the target of mapping2
private boolean dependsOn(FocalMappingEvaluationRequest<?, ?> mappingRequest1, FocalMappingEvaluationRequest<?, ?> mappingRequest2) {
MappingType mapping1 = mappingRequest1.getMapping();
MappingType mapping2 = mappingRequest2.getMapping();
if (mapping2.getTarget() == null || mapping2.getTarget().getPath() == null) {
return false;
}
ItemPath targetPath = mapping2.getTarget().getPath().getItemPath().stripVariableSegment();
for (VariableBindingDefinitionType source : mapping1.getSource()) {
ItemPath sourcePath = beans.prismContext.toPath(source.getPath());
if (sourcePath != null && FocalMappingSetEvaluation.stripFocusVariableSegment(sourcePath).equivalent(targetPath)) {
return true;
}
}
return false;
}
Aggregations