Example 11 with User
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class BasicDB method syncUser.
/* (non-Javadoc)
* @see com.tremolosecurity.provisioning.core.providers.BasicDB#syncUser(com.tremolosecurity.provisioning.core.User, boolean, java.util.Set, java.util.Map)
*/
@Override
public void syncUser(User user, boolean addOnly, Set<String> attributes, Map<String, Object> wfrequest) throws ProvisioningException {
User foundUser = null;
int approvalID = 0;
if (wfrequest.containsKey("APPROVAL_ID")) {
approvalID = (Integer) wfrequest.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) wfrequest.get("WORKFLOW");
Set<String> attributesForSearch = new HashSet<String>();
attributesForSearch.addAll(attributes);
if (!attributesForSearch.contains(this.userPrimaryKey)) {
attributesForSearch.add(this.userPrimaryKey);
}
try {
// logger.info("Lookin up user : " + user.getUserID());
foundUser = this.findUser(user.getUserID(), attributesForSearch, wfrequest);
if (foundUser == null) {
this.createUser(user, attributes, wfrequest);
return;
}
} catch (Exception e) {
// logger.info("Creating new user",e);
if (logger.isDebugEnabled()) {
logger.debug("Could not create user", e);
}
this.createUser(user, attributes, wfrequest);
return;
}
String userID = foundUser.getAttribs().get(this.userPrimaryKey).getValues().get(0);
int userIDnum = -1;
try {
userIDnum = Integer.parseInt(userID);
} catch (Throwable t) {
// do nothing
}
Connection con;
try {
con = this.ds.getConnection();
} catch (SQLException e) {
throw new ProvisioningException("Could not obtain connection", e);
}
try {
con.setAutoCommit(false);
Map<String, Object> request = new HashMap<String, Object>();
if (this.customDBProvider != null) {
this.customDBProvider.beginUpdate(con, userIDnum, request);
}
StringBuffer b = new StringBuffer();
for (String attrName : attributes) {
if (user.getAttribs().containsKey(attrName) && foundUser.getAttribs().containsKey(attrName) && !user.getAttribs().get(attrName).getValues().get(0).equals(foundUser.getAttribs().get(attrName).getValues().get(0))) {
if (this.customDBProvider != null) {
this.customDBProvider.updateField(con, userIDnum, request, attrName, foundUser.getAttribs().get(attrName).getValues().get(0), user.getAttribs().get(attrName).getValues().get(0));
} else {
PreparedStatement ps = updateField(user, con, b, attrName, userID, userIDnum);
}
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Replace, approvalID, workflow, attrName, user.getAttribs().get(attrName).getValues().get(0));
} else if (user.getAttribs().containsKey(attrName) && !foundUser.getAttribs().containsKey(attrName)) {
if (this.customDBProvider != null) {
this.customDBProvider.updateField(con, userIDnum, request, attrName, null, user.getAttribs().get(attrName).getValues().get(0));
} else {
PreparedStatement ps = updateField(user, con, b, attrName, userID, userIDnum);
}
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, attrName, user.getAttribs().get(attrName).getValues().get(0));
} else if (!user.getAttribs().containsKey(attrName) && foundUser.getAttribs().containsKey(attrName) && !addOnly) {
if (this.customDBProvider != null) {
this.customDBProvider.clearField(con, userIDnum, request, attrName, foundUser.getAttribs().get(attrName).getValues().get(0));
} else {
PreparedStatement ps = clearField(user, con, b, attrName, userID, userIDnum);
}
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Delete, approvalID, workflow, attrName, foundUser.getAttribs().get(attrName).getValues().get(0));
}
}
if (this.customDBProvider != null) {
this.customDBProvider.completeUpdate(con, userIDnum, wfrequest);
}
switch(this.groupMode) {
case None:
break;
case One2Many:
b.setLength(0);
b.append("INSERT INTO ").append(this.groupTable).append(" (");
this.getFieldName(this.groupName, b).append(",");
this.getFieldName(this.groupUserKey, b).append(") VALUES (?,?)");
PreparedStatement ps = con.prepareStatement(b.toString());
for (String groupName : user.getGroups()) {
if (!foundUser.getGroups().contains(groupName)) {
ps.setString(1, groupName);
ps.setInt(2, userIDnum);
ps.executeUpdate();
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "group", groupName);
}
}
b.setLength(0);
b.append("DELETE FROM ").append(this.groupTable).append(" WHERE ");
this.getFieldName(this.groupUserKey, b).append("=? AND ");
this.getFieldName(this.groupName, b).append("=?");
ps = con.prepareStatement(b.toString());
if (!addOnly) {
for (String groupName : foundUser.getGroups()) {
if (!user.getGroups().contains(groupName)) {
ps.setInt(1, userIDnum);
ps.setString(2, groupName);
ps.executeUpdate();
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Delete, approvalID, workflow, "group", groupName);
}
}
}
break;
case Many2Many:
many2manySyncGroups(user, addOnly, foundUser, userIDnum, con, b, wfrequest);
break;
case Custom:
for (String groupName : user.getGroups()) {
if (!foundUser.getGroups().contains(groupName)) {
this.customDBProvider.addGroup(con, userIDnum, groupName, wfrequest);
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "group", groupName);
}
}
if (!addOnly) {
for (String groupName : foundUser.getGroups()) {
if (!user.getGroups().contains(groupName)) {
this.customDBProvider.deleteGroup(con, userIDnum, groupName, wfrequest);
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Delete, approvalID, workflow, "group", groupName);
}
}
}
}
con.commit();
} catch (Throwable t) {
if (con != null) {
try {
con.rollback();
} catch (SQLException e1) {
// do nothing
}
}
throw new ProvisioningException("Could noy sync user", t);
} finally {
if (con != null) {
try {
con.close();
} catch (SQLException e) {
// do nothing
}
}
}
}
Also used :
User(com.tremolosecurity.provisioning.core.User)
SQLException(java.sql.SQLException)
HashMap(java.util.HashMap)
Connection(java.sql.Connection)
Workflow(com.tremolosecurity.provisioning.core.Workflow)
PreparedStatement(java.sql.PreparedStatement)
LDAPException(com.novell.ldap.LDAPException)
PropertyVetoException(java.beans.PropertyVetoException)
SQLException(java.sql.SQLException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
HashSet(java.util.HashSet)
Example 12 with User
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class LDAPProvider method doFindUser.
private User doFindUser(String userID, Set<String> attributes, StringBuffer filter, LDAPConnection con) throws LDAPException {
LDAPEntry ldapUser = null;
boolean isExternal = false;
LDAPSearchResults res = con.search(searchBase, 2, filter.toString(), this.toStringArray(attributes), false);
if (!res.hasMore()) {
if (this.allowExternalUsers) {
res = searchExternalUser(userID);
if (!res.hasMore()) {
return null;
}
isExternal = true;
} else {
return null;
}
}
try {
ldapUser = res.next();
while (res.hasMore()) res.next();
} catch (LDAPReferralException e) {
}
if (ldapUser == null) {
return null;
}
User user = new User(userID);
Iterator<LDAPAttribute> it = ldapUser.getAttributeSet().iterator();
while (it.hasNext()) {
LDAPAttribute attr = it.next();
Attribute userAttr = new Attribute(attr.getName());
String[] vals = attr.getStringValueArray();
for (int i = 0; i < vals.length; i++) {
userAttr.getValues().add(vals[i]);
}
user.getAttribs().put(userAttr.getName(), userAttr);
}
StringBuffer b = new StringBuffer();
// b.append("(uniqueMember=").append(ldapUser.getDN()).append(")");
String userDN = ldapUser.getDN();
if (isExternal) {
userDN = this.mapUnison2Dir(userDN);
}
res = con.search(searchBase, 2, equal(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute(), userDN).toString(), new String[] { "cn" }, false);
while (res.hasMore()) {
LDAPEntry group = res.next();
user.getGroups().add(group.getAttribute("cn").getStringValue());
}
return user;
}
Also used :
LDAPReferralException(com.novell.ldap.LDAPReferralException)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
User(com.tremolosecurity.provisioning.core.User)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(com.tremolosecurity.saml.Attribute)
Example 13 with User
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class UpdateApprovalAZListener method sendNotification.
private void sendNotification(String emailTemplate, ConfigManager cfg, Session session, String userKey) throws ProvisioningException {
try {
ArrayList<String> attrs = new ArrayList<String>();
// attrs.add("mail");
// attrs.add(cfg.getProvisioningEngine().getUserIDAttribute());
LDAPSearchResults res = cfg.getMyVD().search(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getLdapRoot(), 2, equal(cfg.getProvisioningEngine().getUserIDAttribute(), userKey).toString(), attrs);
if (!res.hasMore()) {
if (logger.isDebugEnabled()) {
logger.debug("Can not find '" + userKey + "'");
}
return;
}
LDAPEntry entry = res.next();
if (logger.isDebugEnabled()) {
logger.debug("Approver DN - " + entry.getDN());
LDAPAttributeSet attrsx = entry.getAttributeSet();
for (Object o : attrsx) {
LDAPAttribute attrx = (LDAPAttribute) o;
for (String val : attrx.getStringValueArray()) {
logger.debug("Approver Attribute '" + attrx.getName() + "'='" + val + "'");
}
}
}
String userID = entry.getAttribute(cfg.getProvisioningEngine().getUserIDAttribute()).getStringValue();
if (entry.getAttribute("mail") == null) {
StringBuffer b = new StringBuffer();
b.append("No email address for ").append(userKey);
logger.warn(b.toString());
} else {
String mail = entry.getAttribute("mail").getStringValue();
logger.debug("Sedning notification to '" + mail + "'");
cfg.getProvisioningEngine().sendNotification(mail, emailTemplate, new User(entry));
}
} catch (LDAPReferralException le) {
StringBuffer b = new StringBuffer();
b.append("User : '").append(userKey).append("' not found");
logger.warn(b.toString());
} catch (LDAPException le) {
if (le.getResultCode() == 32) {
StringBuffer b = new StringBuffer();
b.append("User : '").append(userKey).append("' not found");
logger.warn(b.toString());
} else {
throw new ProvisioningException("could not create approver", le);
}
} catch (Exception e) {
throw new ProvisioningException("Could not create approver", e);
}
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
User(com.tremolosecurity.provisioning.core.User)
LDAPAttributeSet(com.novell.ldap.LDAPAttributeSet)
ArrayList(java.util.ArrayList)
LDAPException(com.novell.ldap.LDAPException)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
SQLException(java.sql.SQLException)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
IOException(java.io.IOException)
JMSException(javax.jms.JMSException)
BadPaddingException(javax.crypto.BadPaddingException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
LDAPReferralException(com.novell.ldap.LDAPReferralException)
LDAPReferralException(com.novell.ldap.LDAPReferralException)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
LDAPException(com.novell.ldap.LDAPException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
Example 14 with User
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class MongoDBTarget method findUser.
public User findUser(String userID, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
MongoIterable<String> colNames = mongo.getDatabase(this.database).listCollectionNames();
for (String col : colNames) {
FindIterable<Document> searchRes = mongo.getDatabase(this.database).getCollection(col).find(and(eq("objectClass", this.userObjectClass), eq(this.userIdAttribute, userID)));
Document doc = searchRes.first();
if (doc != null) {
User user = new User(userID);
for (String attrName : attributes) {
Object o = doc.get(attrName);
if (o != null) {
if (o instanceof List) {
List l = (List) o;
Attribute attr = new Attribute(attrName);
attr.getValues().addAll(l);
user.getAttribs().put(attrName, attr);
} else {
Attribute attr = new Attribute(attrName);
attr.getValues().add(o.toString());
user.getAttribs().put(attrName, attr);
}
}
}
MongoIterable<String> colNamesG = mongo.getDatabase(this.database).listCollectionNames();
for (String colG : colNamesG) {
FindIterable<Document> searchResG = mongo.getDatabase(this.database).getCollection(colG).find(and(eq("objectClass", this.groupObjectClass), eq(this.groupMemberAttribute, doc.getString(this.groupUserIdAttribute))));
for (Document g : searchResG) {
user.getGroups().add(g.getString(this.groupIdAttribute));
}
}
user.getAttribs().put(this.collectionAttributeName, new Attribute(this.collectionAttributeName, col));
user.getAttribs().put("_id", new Attribute("_id", doc.getObjectId("_id").toString()));
return user;
}
}
// if we're here, there's no entry in the mongo
if (this.supportExternalUsers) {
try {
LDAPSearchResults res = this.searchExternalUser(userID);
if (!res.hasMore()) {
return null;
} else {
LDAPEntry ldap = res.next();
LDAPAttribute attr = ldap.getAttribute(this.groupUserIdAttribute);
if (attr == null) {
return null;
}
String groupMemberID = attr.getStringValue();
User user = new User(userID);
user.getAttribs().put(this.userIdAttribute, new Attribute(this.userIdAttribute, userID));
MongoIterable<String> colNamesG = mongo.getDatabase(this.database).listCollectionNames();
for (String colG : colNamesG) {
FindIterable<Document> searchResG = mongo.getDatabase(this.database).getCollection(colG).find(and(eq("objectClass", this.groupObjectClass), eq(this.groupMemberAttribute, groupMemberID)));
for (Document g : searchResG) {
user.getGroups().add(g.getString(this.groupIdAttribute));
}
}
return user;
}
} catch (LDAPException e) {
throw new ProvisioningException("Error searching for external user", e);
}
} else {
return null;
}
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
User(com.tremolosecurity.provisioning.core.User)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(com.tremolosecurity.saml.Attribute)
Document(org.bson.Document)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
LDAPException(com.novell.ldap.LDAPException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
ArrayList(java.util.ArrayList)
List(java.util.List)
Example 15 with User
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class KeystoneProvisioningTarget method setUserPassword.
@Override
public void setUserPassword(User user, Map<String, Object> request) throws ProvisioningException {
if (rolesOnly) {
throw new ProvisioningException("Unsupported");
}
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
HttpCon con = null;
String id;
if (user.getAttribs().get("id") != null) {
id = user.getAttribs().get("id").getValues().get(0);
} else {
HashSet<String> attrs = new HashSet<String>();
attrs.add("id");
User userFromKS = this.findUser(user.getUserID(), attrs, request);
id = userFromKS.getAttribs().get("id").getValues().get(0);
}
UserHolder holder = new UserHolder();
holder.setUser(new KSUser());
holder.getUser().setPassword(user.getPassword());
Gson gson = new Gson();
KSUser fromKS = null;
try {
con = this.createClient();
KSToken token = this.getToken(con);
String json = gson.toJson(holder);
StringBuffer b = new StringBuffer();
b.append(this.url).append("/users/").append(id);
json = this.callWSPotch(token.getAuthToken(), con, b.toString(), json);
this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Replace, approvalID, workflow, "password", "***********");
} catch (Exception e) {
throw new ProvisioningException("Could not work with keystone", e);
} finally {
if (con != null) {
con.getBcm().shutdown();
}
}
}
Also used :
User(com.tremolosecurity.provisioning.core.User)
KSUser(com.tremolosecurity.unison.openstack.model.KSUser)
KSUser(com.tremolosecurity.unison.openstack.model.KSUser)
Workflow(com.tremolosecurity.provisioning.core.Workflow)
Gson(com.google.gson.Gson)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
ClientProtocolException(org.apache.http.client.ClientProtocolException)
IOException(java.io.IOException)
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
KSToken(com.tremolosecurity.unison.openstack.util.KSToken)
UserHolder(com.tremolosecurity.unison.openstack.model.UserHolder)
HashSet(java.util.HashSet)
Aggregations
User (com.tremolosecurity.provisioning.core.User)64
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)44
Attribute (com.tremolosecurity.saml.Attribute)33
IOException (java.io.IOException)25
ArrayList (java.util.ArrayList)21
HttpCon (com.tremolosecurity.provisioning.util.HttpCon)18
LDAPAttribute (com.novell.ldap.LDAPAttribute)17
HashMap (java.util.HashMap)17
Workflow (com.tremolosecurity.provisioning.core.Workflow)16
ClientProtocolException (org.apache.http.client.ClientProtocolException)16
UnsupportedEncodingException (java.io.UnsupportedEncodingException)15
LDAPException (com.novell.ldap.LDAPException)14
HashSet (java.util.HashSet)14
LDAPEntry (com.novell.ldap.LDAPEntry)13
JSONObject (org.json.simple.JSONObject)13
ParseException (org.json.simple.parser.ParseException)13
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)11
JSONArray (org.json.simple.JSONArray)10
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)9
SQLException (java.sql.SQLException)9
