use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class BasicDB method syncUser.
/* (non-Javadoc)
* @see com.tremolosecurity.provisioning.core.providers.BasicDB#syncUser(com.tremolosecurity.provisioning.core.User, boolean, java.util.Set, java.util.Map)
*/
@Override
public void syncUser(User user, boolean addOnly, Set<String> attributes, Map<String, Object> wfrequest) throws ProvisioningException {
User foundUser = null;
int approvalID = 0;
if (wfrequest.containsKey("APPROVAL_ID")) {
approvalID = (Integer) wfrequest.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) wfrequest.get("WORKFLOW");
Set<String> attributesForSearch = new HashSet<String>();
attributesForSearch.addAll(attributes);
if (!attributesForSearch.contains(this.userPrimaryKey)) {
attributesForSearch.add(this.userPrimaryKey);
}
try {
// logger.info("Lookin up user : " + user.getUserID());
foundUser = this.findUser(user.getUserID(), attributesForSearch, wfrequest);
if (foundUser == null) {
this.createUser(user, attributes, wfrequest);
return;
}
} catch (Exception e) {
// logger.info("Creating new user",e);
if (logger.isDebugEnabled()) {
logger.debug("Could not create user", e);
}
this.createUser(user, attributes, wfrequest);
return;
}
String userID = foundUser.getAttribs().get(this.userPrimaryKey).getValues().get(0);
int userIDnum = -1;
try {
userIDnum = Integer.parseInt(userID);
} catch (Throwable t) {
// do nothing
}
Connection con;
try {
con = this.ds.getConnection();
} catch (SQLException e) {
throw new ProvisioningException("Could not obtain connection", e);
}
try {
con.setAutoCommit(false);
Map<String, Object> request = new HashMap<String, Object>();
if (this.customDBProvider != null) {
this.customDBProvider.beginUpdate(con, userIDnum, request);
}
StringBuffer b = new StringBuffer();
for (String attrName : attributes) {
if (user.getAttribs().containsKey(attrName) && foundUser.getAttribs().containsKey(attrName) && !user.getAttribs().get(attrName).getValues().get(0).equals(foundUser.getAttribs().get(attrName).getValues().get(0))) {
if (this.customDBProvider != null) {
this.customDBProvider.updateField(con, userIDnum, request, attrName, foundUser.getAttribs().get(attrName).getValues().get(0), user.getAttribs().get(attrName).getValues().get(0));
} else {
PreparedStatement ps = updateField(user, con, b, attrName, userID, userIDnum);
}
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Replace, approvalID, workflow, attrName, user.getAttribs().get(attrName).getValues().get(0));
} else if (user.getAttribs().containsKey(attrName) && !foundUser.getAttribs().containsKey(attrName)) {
if (this.customDBProvider != null) {
this.customDBProvider.updateField(con, userIDnum, request, attrName, null, user.getAttribs().get(attrName).getValues().get(0));
} else {
PreparedStatement ps = updateField(user, con, b, attrName, userID, userIDnum);
}
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, attrName, user.getAttribs().get(attrName).getValues().get(0));
} else if (!user.getAttribs().containsKey(attrName) && foundUser.getAttribs().containsKey(attrName) && !addOnly) {
if (this.customDBProvider != null) {
this.customDBProvider.clearField(con, userIDnum, request, attrName, foundUser.getAttribs().get(attrName).getValues().get(0));
} else {
PreparedStatement ps = clearField(user, con, b, attrName, userID, userIDnum);
}
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Delete, approvalID, workflow, attrName, foundUser.getAttribs().get(attrName).getValues().get(0));
}
}
if (this.customDBProvider != null) {
this.customDBProvider.completeUpdate(con, userIDnum, wfrequest);
}
switch(this.groupMode) {
case None:
break;
case One2Many:
b.setLength(0);
b.append("INSERT INTO ").append(this.groupTable).append(" (");
this.getFieldName(this.groupName, b).append(",");
this.getFieldName(this.groupUserKey, b).append(") VALUES (?,?)");
PreparedStatement ps = con.prepareStatement(b.toString());
for (String groupName : user.getGroups()) {
if (!foundUser.getGroups().contains(groupName)) {
ps.setString(1, groupName);
ps.setInt(2, userIDnum);
ps.executeUpdate();
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "group", groupName);
}
}
b.setLength(0);
b.append("DELETE FROM ").append(this.groupTable).append(" WHERE ");
this.getFieldName(this.groupUserKey, b).append("=? AND ");
this.getFieldName(this.groupName, b).append("=?");
ps = con.prepareStatement(b.toString());
if (!addOnly) {
for (String groupName : foundUser.getGroups()) {
if (!user.getGroups().contains(groupName)) {
ps.setInt(1, userIDnum);
ps.setString(2, groupName);
ps.executeUpdate();
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Delete, approvalID, workflow, "group", groupName);
}
}
}
break;
case Many2Many:
many2manySyncGroups(user, addOnly, foundUser, userIDnum, con, b, wfrequest);
break;
case Custom:
for (String groupName : user.getGroups()) {
if (!foundUser.getGroups().contains(groupName)) {
this.customDBProvider.addGroup(con, userIDnum, groupName, wfrequest);
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "group", groupName);
}
}
if (!addOnly) {
for (String groupName : foundUser.getGroups()) {
if (!user.getGroups().contains(groupName)) {
this.customDBProvider.deleteGroup(con, userIDnum, groupName, wfrequest);
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Delete, approvalID, workflow, "group", groupName);
}
}
}
}
con.commit();
} catch (Throwable t) {
if (con != null) {
try {
con.rollback();
} catch (SQLException e1) {
// do nothing
}
}
throw new ProvisioningException("Could noy sync user", t);
} finally {
if (con != null) {
try {
con.close();
} catch (SQLException e) {
// do nothing
}
}
}
}
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class LDAPProvider method doFindUser.
private User doFindUser(String userID, Set<String> attributes, StringBuffer filter, LDAPConnection con) throws LDAPException {
LDAPEntry ldapUser = null;
boolean isExternal = false;
LDAPSearchResults res = con.search(searchBase, 2, filter.toString(), this.toStringArray(attributes), false);
if (!res.hasMore()) {
if (this.allowExternalUsers) {
res = searchExternalUser(userID);
if (!res.hasMore()) {
return null;
}
isExternal = true;
} else {
return null;
}
}
try {
ldapUser = res.next();
while (res.hasMore()) res.next();
} catch (LDAPReferralException e) {
}
if (ldapUser == null) {
return null;
}
User user = new User(userID);
Iterator<LDAPAttribute> it = ldapUser.getAttributeSet().iterator();
while (it.hasNext()) {
LDAPAttribute attr = it.next();
Attribute userAttr = new Attribute(attr.getName());
String[] vals = attr.getStringValueArray();
for (int i = 0; i < vals.length; i++) {
userAttr.getValues().add(vals[i]);
}
user.getAttribs().put(userAttr.getName(), userAttr);
}
StringBuffer b = new StringBuffer();
// b.append("(uniqueMember=").append(ldapUser.getDN()).append(")");
String userDN = ldapUser.getDN();
if (isExternal) {
userDN = this.mapUnison2Dir(userDN);
}
res = con.search(searchBase, 2, equal(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute(), userDN).toString(), new String[] { "cn" }, false);
while (res.hasMore()) {
LDAPEntry group = res.next();
user.getGroups().add(group.getAttribute("cn").getStringValue());
}
return user;
}
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class UpdateApprovalAZListener method sendNotification.
private void sendNotification(String emailTemplate, ConfigManager cfg, Session session, String userKey) throws ProvisioningException {
try {
ArrayList<String> attrs = new ArrayList<String>();
// attrs.add("mail");
// attrs.add(cfg.getProvisioningEngine().getUserIDAttribute());
LDAPSearchResults res = cfg.getMyVD().search(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getLdapRoot(), 2, equal(cfg.getProvisioningEngine().getUserIDAttribute(), userKey).toString(), attrs);
if (!res.hasMore()) {
if (logger.isDebugEnabled()) {
logger.debug("Can not find '" + userKey + "'");
}
return;
}
LDAPEntry entry = res.next();
if (logger.isDebugEnabled()) {
logger.debug("Approver DN - " + entry.getDN());
LDAPAttributeSet attrsx = entry.getAttributeSet();
for (Object o : attrsx) {
LDAPAttribute attrx = (LDAPAttribute) o;
for (String val : attrx.getStringValueArray()) {
logger.debug("Approver Attribute '" + attrx.getName() + "'='" + val + "'");
}
}
}
String userID = entry.getAttribute(cfg.getProvisioningEngine().getUserIDAttribute()).getStringValue();
if (entry.getAttribute("mail") == null) {
StringBuffer b = new StringBuffer();
b.append("No email address for ").append(userKey);
logger.warn(b.toString());
} else {
String mail = entry.getAttribute("mail").getStringValue();
logger.debug("Sedning notification to '" + mail + "'");
cfg.getProvisioningEngine().sendNotification(mail, emailTemplate, new User(entry));
}
} catch (LDAPReferralException le) {
StringBuffer b = new StringBuffer();
b.append("User : '").append(userKey).append("' not found");
logger.warn(b.toString());
} catch (LDAPException le) {
if (le.getResultCode() == 32) {
StringBuffer b = new StringBuffer();
b.append("User : '").append(userKey).append("' not found");
logger.warn(b.toString());
} else {
throw new ProvisioningException("could not create approver", le);
}
} catch (Exception e) {
throw new ProvisioningException("Could not create approver", e);
}
}
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class MongoDBTarget method findUser.
public User findUser(String userID, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
MongoIterable<String> colNames = mongo.getDatabase(this.database).listCollectionNames();
for (String col : colNames) {
FindIterable<Document> searchRes = mongo.getDatabase(this.database).getCollection(col).find(and(eq("objectClass", this.userObjectClass), eq(this.userIdAttribute, userID)));
Document doc = searchRes.first();
if (doc != null) {
User user = new User(userID);
for (String attrName : attributes) {
Object o = doc.get(attrName);
if (o != null) {
if (o instanceof List) {
List l = (List) o;
Attribute attr = new Attribute(attrName);
attr.getValues().addAll(l);
user.getAttribs().put(attrName, attr);
} else {
Attribute attr = new Attribute(attrName);
attr.getValues().add(o.toString());
user.getAttribs().put(attrName, attr);
}
}
}
MongoIterable<String> colNamesG = mongo.getDatabase(this.database).listCollectionNames();
for (String colG : colNamesG) {
FindIterable<Document> searchResG = mongo.getDatabase(this.database).getCollection(colG).find(and(eq("objectClass", this.groupObjectClass), eq(this.groupMemberAttribute, doc.getString(this.groupUserIdAttribute))));
for (Document g : searchResG) {
user.getGroups().add(g.getString(this.groupIdAttribute));
}
}
user.getAttribs().put(this.collectionAttributeName, new Attribute(this.collectionAttributeName, col));
user.getAttribs().put("_id", new Attribute("_id", doc.getObjectId("_id").toString()));
return user;
}
}
// if we're here, there's no entry in the mongo
if (this.supportExternalUsers) {
try {
LDAPSearchResults res = this.searchExternalUser(userID);
if (!res.hasMore()) {
return null;
} else {
LDAPEntry ldap = res.next();
LDAPAttribute attr = ldap.getAttribute(this.groupUserIdAttribute);
if (attr == null) {
return null;
}
String groupMemberID = attr.getStringValue();
User user = new User(userID);
user.getAttribs().put(this.userIdAttribute, new Attribute(this.userIdAttribute, userID));
MongoIterable<String> colNamesG = mongo.getDatabase(this.database).listCollectionNames();
for (String colG : colNamesG) {
FindIterable<Document> searchResG = mongo.getDatabase(this.database).getCollection(colG).find(and(eq("objectClass", this.groupObjectClass), eq(this.groupMemberAttribute, groupMemberID)));
for (Document g : searchResG) {
user.getGroups().add(g.getString(this.groupIdAttribute));
}
}
return user;
}
} catch (LDAPException e) {
throw new ProvisioningException("Error searching for external user", e);
}
} else {
return null;
}
}
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class KeystoneProvisioningTarget method setUserPassword.
@Override
public void setUserPassword(User user, Map<String, Object> request) throws ProvisioningException {
if (rolesOnly) {
throw new ProvisioningException("Unsupported");
}
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
HttpCon con = null;
String id;
if (user.getAttribs().get("id") != null) {
id = user.getAttribs().get("id").getValues().get(0);
} else {
HashSet<String> attrs = new HashSet<String>();
attrs.add("id");
User userFromKS = this.findUser(user.getUserID(), attrs, request);
id = userFromKS.getAttribs().get("id").getValues().get(0);
}
UserHolder holder = new UserHolder();
holder.setUser(new KSUser());
holder.getUser().setPassword(user.getPassword());
Gson gson = new Gson();
KSUser fromKS = null;
try {
con = this.createClient();
KSToken token = this.getToken(con);
String json = gson.toJson(holder);
StringBuffer b = new StringBuffer();
b.append(this.url).append("/users/").append(id);
json = this.callWSPotch(token.getAuthToken(), con, b.toString(), json);
this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Replace, approvalID, workflow, "password", "***********");
} catch (Exception e) {
throw new ProvisioningException("Could not work with keystone", e);
} finally {
if (con != null) {
con.getBcm().shutdown();
}
}
}
Aggregations