use of com.evolveum.midpoint.xml.ns._public.common.common_3.ValuePolicyType in project midpoint by Evolveum.
the class SecurityHelper method setDeprecatedPasswordPolicyProperties.
private void setDeprecatedPasswordPolicyProperties(ValuePolicyType passwordPolicyType, PasswordCredentialsPolicyType passwd) {
PasswordLifeTimeType lifetime = passwordPolicyType.getLifetime();
if (lifetime != null) {
Integer expiration = lifetime.getExpiration();
if (expiration != null && expiration != 0 && passwd.getMaxAge() == null) {
passwd.setMaxAge(daysToDuration(expiration));
}
Integer minPasswordAge = lifetime.getMinPasswordAge();
if (minPasswordAge != null && minPasswordAge != 0 && passwd.getMinAge() == null) {
passwd.setMinAge(daysToDuration(minPasswordAge));
}
Integer passwordHistoryLength = lifetime.getPasswordHistoryLength();
if (passwordHistoryLength != null && passwd.getHistoryLength() == null) {
passwd.setHistoryLength(passwordHistoryLength);
}
}
String minOccurs = passwordPolicyType.getMinOccurs();
if (minOccurs != null && passwd.getMinOccurs() == null) {
passwd.setMinOccurs(minOccurs);
}
}
use of com.evolveum.midpoint.xml.ns._public.common.common_3.ValuePolicyType in project midpoint by Evolveum.
the class SecurityHelper method postProcessPasswordCredentialPolicy.
private void postProcessPasswordCredentialPolicy(SecurityPolicyType securityPolicyType, PasswordCredentialsPolicyType passwd, Task task, OperationResult result) {
// Deprecated settings
Integer passwordHistoryLength = passwd.getPasswordHistoryLength();
if (passwordHistoryLength != null && passwd.getHistoryLength() == null) {
passwd.setHistoryLength(passwordHistoryLength);
}
ObjectReferenceType passwordPolicyRef = passwd.getPasswordPolicyRef();
if (passwordPolicyRef != null && passwd.getValuePolicyRef() == null) {
passwd.setValuePolicyRef(passwordPolicyRef.clone());
}
ValuePolicyType valuePolicyType = postProcessCredentialPolicy(securityPolicyType, passwd, "password credential policy", task, result);
if (valuePolicyType != null) {
setDeprecatedPasswordPolicyProperties(valuePolicyType, passwd);
}
}
use of com.evolveum.midpoint.xml.ns._public.common.common_3.ValuePolicyType in project midpoint by Evolveum.
the class ProjectionCredentialsProcessor method determinePasswordPolicy.
private <F extends FocusType> ValuePolicyType determinePasswordPolicy(LensContext<F> context, final LensProjectionContext projCtx, XMLGregorianCalendar now, Task task, OperationResult result) {
ValuePolicyType passwordPolicy = projCtx.getAccountPasswordPolicy();
if (passwordPolicy != null) {
return passwordPolicy;
}
LensFocusContext<F> focusContext = context.getFocusContext();
if (focusContext == null) {
return null;
}
return SecurityUtil.getPasswordPolicy(focusContext.getSecurityPolicy());
}
use of com.evolveum.midpoint.xml.ns._public.common.common_3.ValuePolicyType in project midpoint by Evolveum.
the class ProjectionCredentialsProcessor method processProjectionCredentialsFocus.
public <F extends FocusType> void processProjectionCredentialsFocus(LensContext<F> context, LensProjectionContext projectionContext, XMLGregorianCalendar now, Task task, OperationResult result) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, PolicyViolationException, CommunicationException, ConfigurationException, SecurityViolationException {
ValuePolicyType passwordPolicy = determinePasswordPolicy(context, projectionContext, now, task, result);
processProjectionPasswordMapping(context, projectionContext, passwordPolicy, now, task, result);
validateProjectionPassword(context, projectionContext, passwordPolicy, now, task, result);
applyMetadata(context, projectionContext, now, task, result);
}
use of com.evolveum.midpoint.xml.ns._public.common.common_3.ValuePolicyType in project midpoint by Evolveum.
the class TestProjector method test451GuybrushInboundFromAbsolute.
@Test
public void test451GuybrushInboundFromAbsolute() throws Exception {
final String TEST_NAME = "test451GuybrushInboundFromAbsolute";
TestUtil.displayTestTile(this, TEST_NAME);
// GIVEN
Task task = taskManager.createTaskInstance(TestProjector.class.getName() + "." + TEST_NAME);
OperationResult result = task.getResult();
assumeAssignmentPolicy(AssignmentPolicyEnforcementType.POSITIVE);
PrismObject<ValuePolicyType> passPolicy = PrismTestUtil.parseObject(PASSWORD_POLICY_GLOBAL_FILE);
ObjectDelta delta = ObjectDelta.createAddDelta(passPolicy);
Collection<ObjectDelta<? extends ObjectType>> deltas = new ArrayList<ObjectDelta<? extends ObjectType>>();
deltas.add(delta);
modelService.executeChanges(deltas, null, task, result);
deltas = new ArrayList<ObjectDelta<? extends ObjectType>>();
ObjectDelta refDelta = ObjectDelta.createModificationAddReference(SystemConfigurationType.class, SYSTEM_CONFIGURATION_OID, SystemConfigurationType.F_GLOBAL_PASSWORD_POLICY_REF, prismContext, passPolicy);
// We need to execute this using repo. Otherwise logging config will be ruined
repositoryService.modifyObject(SystemConfigurationType.class, SYSTEM_CONFIGURATION_OID, refDelta.getModifications(), result);
PrismObject<ValuePolicyType> passPol = modelService.getObject(ValuePolicyType.class, PASSWORD_POLICY_GLOBAL_OID, null, task, result);
assertNotNull(passPol);
PrismObject<SystemConfigurationType> sysConfig = modelService.getObject(SystemConfigurationType.class, SYSTEM_CONFIGURATION_OID, null, task, result);
assertNotNull("No global password policy", sysConfig.asObjectable().getGlobalPasswordPolicyRef());
assertEquals(PASSWORD_POLICY_GLOBAL_OID, sysConfig.asObjectable().getGlobalPasswordPolicyRef().getOid());
// GIVEN
LensContext<UserType> context = createUserLensContext();
fillContextWithUser(context, USER_GUYBRUSH_OID, result);
fillContextWithAccountFromFile(context, ACCOUNT_GUYBRUSH_DUMMY_FILE, task, result);
LensProjectionContext guybrushAccountContext = context.findProjectionContextByOid(ACCOUNT_SHADOW_GUYBRUSH_OID);
guybrushAccountContext.setFullShadow(true);
guybrushAccountContext.setDoReconciliation(true);
context.recompute();
display("Input context", context);
assertFocusModificationSanity(context);
// WHEN
projector.project(context, "test", task, result);
// THEN
display("Output context", context);
assertNoUserPrimaryDelta(context);
assertUserSecondaryDelta(context);
ObjectDelta<UserType> userSecondaryDelta = context.getFocusContext().getSecondaryDelta();
assertTrue(userSecondaryDelta.getChangeType() == ChangeType.MODIFY);
PrismAsserts.assertPropertyAdd(userSecondaryDelta, UserType.F_ORGANIZATIONAL_UNIT, PrismTestUtil.createPolyString("The crew of The Sea Monkey"));
assertOriginWithSideEffectChanges(userSecondaryDelta, OriginType.INBOUND);
}
Aggregations