Example 71 with UserExtSource
use of cz.metacentrum.perun.core.api.UserExtSource in project perun by CESNET.
the class MembersManagerBlImpl method convertMembersToRichMembers.
public List<RichMember> convertMembersToRichMembers(PerunSession sess, List<Member> members) throws InternalErrorException {
List<RichMember> richMembers = new ArrayList<RichMember>();
for (Member member : members) {
User user = getPerunBl().getUsersManagerBl().getUserByMember(sess, member);
List<UserExtSource> userExtSources = getPerunBl().getUsersManagerBl().getUserExtSources(sess, user);
RichMember richMember = new RichMember(user, member, userExtSources);
richMembers.add(richMember);
}
return richMembers;
}
Also used :
User(cz.metacentrum.perun.core.api.User)
UserExtSource(cz.metacentrum.perun.core.api.UserExtSource)
ArrayList(java.util.ArrayList)
RichMember(cz.metacentrum.perun.core.api.RichMember)
RichMember(cz.metacentrum.perun.core.api.RichMember)
Member(cz.metacentrum.perun.core.api.Member)
Example 72 with UserExtSource
use of cz.metacentrum.perun.core.api.UserExtSource in project perun by CESNET.
the class MembersManagerBlImpl method createSponsoredAccount.
public Member createSponsoredAccount(PerunSession sess, Map<String, String> params, String namespace, ExtSource extSource, String extSourcePostfix, User owner, Vo vo, int loa) throws InternalErrorException, PasswordCreationFailedException, PasswordOperationTimeoutException, PasswordStrengthFailedException, GroupOperationsException, ExtendMembershipException, AlreadyMemberException, WrongReferenceAttributeValueException, WrongAttributeValueException, UserNotExistsException, ExtSourceNotExistsException, LoginNotExistsException {
String loginNamespaceUri = AttributesManager.NS_USER_ATTR_DEF + ":login-namespace:" + namespace;
boolean passwordPresent = params.get("password") != null;
if (params.get(loginNamespaceUri) == null) {
Map<String, String> generatedParams = getPerunBl().getUsersManagerBl().generateAccount(sess, namespace, params);
params.putAll(generatedParams);
} else if (passwordPresent) {
getPerunBl().getUsersManagerBl().reservePassword(sess, params.get(loginNamespaceUri), namespace, params.get("password"));
} else {
throw new InternalErrorException("If login for new account is provided, password must be provided also");
}
Iterator<String> iterator = params.keySet().iterator();
// remove non-valid entries from map for Candidate otherwise it would fail to create member
while (iterator.hasNext()) {
String next = iterator.next();
if (!next.startsWith("urn:perun:user") && !next.startsWith("urn:perun:member")) {
iterator.remove();
}
}
String extSourceLogin = params.get(loginNamespaceUri) + extSourcePostfix;
UserExtSource userExtSource = new UserExtSource(extSource, loa, extSourceLogin);
Candidate candidate = new Candidate(userExtSource, params);
Member member = this.createSpecificMember(sess, vo, candidate, Arrays.asList(owner), SpecificUserType.SPONSORED);
this.validateMemberAsync(sess, member);
if (passwordPresent) {
User user = getPerunBl().getUsersManagerBl().getUserById(sess, member.getUserId());
getPerunBl().getUsersManagerBl().validatePasswordAndSetExtSources(sess, user, params.get(loginNamespaceUri), namespace);
}
return member;
}
Also used :
Candidate(cz.metacentrum.perun.core.api.Candidate)
User(cz.metacentrum.perun.core.api.User)
UserExtSource(cz.metacentrum.perun.core.api.UserExtSource)
InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException)
RichMember(cz.metacentrum.perun.core.api.RichMember)
Member(cz.metacentrum.perun.core.api.Member)
Example 73 with UserExtSource
use of cz.metacentrum.perun.core.api.UserExtSource in project perun by CESNET.
the class AttributesManagerBlImpl method getAttributesDefinitionWithRights.
public List<AttributeDefinition> getAttributesDefinitionWithRights(PerunSession sess, List<PerunBean> entities) throws InternalErrorException, AttributeNotExistsException {
List<AttributeDefinition> attributeDefinitions = new ArrayList<AttributeDefinition>();
//if there is no entities, so no attribute definition will be returned => empty array list of ADs
if (entities == null || entities.isEmpty())
return attributeDefinitions;
else
//or fill list by all attributeDefinitions
attributeDefinitions = this.getAttributesDefinition(sess);
//Prepare possible objects
User user = null;
Member member = null;
Vo vo = null;
Resource resource = null;
Group group = null;
Facility facility = null;
Host host = null;
UserExtSource ues = null;
//Iterate through all entities and fill those which are in list of entities
for (PerunBean entity : entities) {
if (entity instanceof User)
user = (User) entity;
else if (entity instanceof Member)
member = (Member) entity;
else if (entity instanceof Vo)
vo = (Vo) entity;
else if (entity instanceof Resource)
resource = (Resource) entity;
else if (entity instanceof Group)
group = (Group) entity;
else if (entity instanceof Facility)
facility = (Facility) entity;
else if (entity instanceof Host)
host = (Host) entity;
else if (entity instanceof UserExtSource)
ues = (UserExtSource) entity;
else
//Else skip not identified entity (log it)
log.debug("In method GetAttributesDefinitionWithRights there are entity which is not identified correctly and will be skipped: " + entity);
}
//Iterate through all attributesDefinitions and remove those which are not in the possible namespace or user in session has no rights to read them
Iterator<AttributeDefinition> iterator = attributeDefinitions.iterator();
while (iterator.hasNext()) {
AttributeDefinition attrDef = iterator.next();
if (this.isFromNamespace(sess, attrDef, NS_USER_FACILITY_ATTR) && user != null && facility != null) {
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.READ, attrDef, user, facility)) {
iterator.remove();
} else {
attrDef.setWritable(AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attrDef, user, facility));
}
} else if (this.isFromNamespace(sess, attrDef, NS_MEMBER_RESOURCE_ATTR) && member != null && resource != null) {
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.READ, attrDef, member, resource)) {
iterator.remove();
} else {
attrDef.setWritable(AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attrDef, member, resource));
}
} else if (this.isFromNamespace(sess, attrDef, NS_MEMBER_GROUP_ATTR) && member != null && group != null) {
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.READ, attrDef, member, group)) {
iterator.remove();
} else {
attrDef.setWritable(AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attrDef, member, group));
}
} else if (this.isFromNamespace(sess, attrDef, NS_GROUP_RESOURCE_ATTR) && group != null && resource != null) {
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.READ, attrDef, group, resource)) {
iterator.remove();
} else {
attrDef.setWritable(AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attrDef, group, resource));
}
} else if (this.isFromNamespace(sess, attrDef, NS_USER_ATTR) && user != null) {
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.READ, attrDef, user, null)) {
iterator.remove();
} else {
attrDef.setWritable(AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attrDef, user, null));
}
} else if (this.isFromNamespace(sess, attrDef, NS_MEMBER_ATTR) && member != null) {
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.READ, attrDef, member, null)) {
iterator.remove();
} else {
attrDef.setWritable(AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attrDef, member, null));
}
} else if (this.isFromNamespace(sess, attrDef, NS_VO_ATTR) && vo != null) {
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.READ, attrDef, vo, null)) {
iterator.remove();
} else {
attrDef.setWritable(AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attrDef, vo, null));
}
} else if (this.isFromNamespace(sess, attrDef, NS_RESOURCE_ATTR) && resource != null) {
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.READ, attrDef, resource, null)) {
iterator.remove();
} else {
attrDef.setWritable(AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attrDef, resource, null));
}
} else if (this.isFromNamespace(sess, attrDef, NS_GROUP_ATTR) && group != null) {
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.READ, attrDef, group, null)) {
iterator.remove();
} else {
attrDef.setWritable(AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attrDef, group, null));
}
} else if (this.isFromNamespace(sess, attrDef, NS_FACILITY_ATTR) && facility != null) {
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.READ, attrDef, facility, null)) {
iterator.remove();
} else {
attrDef.setWritable(AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attrDef, facility, null));
}
} else if (this.isFromNamespace(sess, attrDef, AttributesManager.NS_HOST_ATTR) && host != null) {
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.READ, attrDef, host, null)) {
iterator.remove();
} else {
attrDef.setWritable(AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attrDef, host, null));
}
} else if (this.isFromNamespace(sess, attrDef, AttributesManager.NS_UES_ATTR) && ues != null) {
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.READ, attrDef, ues, null)) {
iterator.remove();
} else {
attrDef.setWritable(AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attrDef, ues, null));
}
} else {
//if there is another namespace or if there are no entities (which are needed for the namespace) remove this attributeDefinition
iterator.remove();
}
}
return attributeDefinitions;
}
Also used :
Group(cz.metacentrum.perun.core.api.Group)
User(cz.metacentrum.perun.core.api.User)
ArrayList(java.util.ArrayList)
Resource(cz.metacentrum.perun.core.api.Resource)
AttributeDefinition(cz.metacentrum.perun.core.api.AttributeDefinition)
Host(cz.metacentrum.perun.core.api.Host)
PerunBean(cz.metacentrum.perun.core.api.PerunBean)
UserExtSource(cz.metacentrum.perun.core.api.UserExtSource)
Vo(cz.metacentrum.perun.core.api.Vo)
Facility(cz.metacentrum.perun.core.api.Facility)
Member(cz.metacentrum.perun.core.api.Member)
Example 74 with UserExtSource
use of cz.metacentrum.perun.core.api.UserExtSource in project perun by CESNET.
the class ExtSourcesManagerBlImpl method getCandidate.
@Override
public Candidate getCandidate(PerunSession sess, ExtSource source, String login) throws InternalErrorException, ExtSourceNotExistsException, CandidateNotExistsException, ExtSourceUnsupportedOperationException {
// New Canddate
Candidate candidate = new Candidate();
// Prepare userExtSource object
UserExtSource userExtSource = new UserExtSource();
userExtSource.setExtSource(source);
userExtSource.setLogin(login);
// Set the userExtSource
candidate.setUserExtSource(userExtSource);
// Get the subject from the extSource
Map<String, String> subject = null;
try {
subject = ((ExtSourceSimpleApi) source).getSubjectByLogin(login);
} catch (SubjectNotExistsException e) {
throw new CandidateNotExistsException(login);
}
if (subject == null) {
throw new CandidateNotExistsException("Candidate with login [" + login + "] not exists");
}
//If first name of candidate is not in format of name, set null instead
candidate.setFirstName(subject.get("firstName"));
if (candidate.getFirstName() != null) {
Matcher name = namePattern.matcher(candidate.getFirstName());
if (!name.matches())
candidate.setFirstName(null);
}
//If last name of candidate is not in format of name, set null instead
candidate.setLastName(subject.get("lastName"));
if (candidate.getLastName() != null) {
Matcher name = namePattern.matcher(candidate.getLastName());
if (!name.matches())
candidate.setLastName(null);
}
candidate.setMiddleName(subject.get("middleName"));
candidate.setTitleAfter(subject.get("titleAfter"));
candidate.setTitleBefore(subject.get("titleBefore"));
//Set service user
if (subject.get("isServiceUser") == null) {
candidate.setServiceUser(false);
} else {
String isServiceUser = subject.get("isServiceUser");
if (isServiceUser.equals("true")) {
candidate.setServiceUser(true);
} else {
candidate.setServiceUser(false);
}
}
//Set sponsored user
if (subject.get("isSponsoredUser") == null) {
candidate.setSponsoredUser(false);
} else {
String isSponsoredUser = subject.get("isSponsoredUser");
if (isSponsoredUser.equals("true")) {
candidate.setSponsoredUser(true);
} else {
candidate.setSponsoredUser(false);
}
}
// Additional userExtSources
List<UserExtSource> additionalUserExtSources = new ArrayList<UserExtSource>();
// Filter attributes
Map<String, String> attributes = new HashMap<String, String>();
for (String attrName : subject.keySet()) {
// FIXME volat metody z attributesManagera nez kontrolovat na zacatek jmena
if (attrName.startsWith(AttributesManager.NS_MEMBER_ATTR) || attrName.startsWith(AttributesManager.NS_USER_ATTR)) {
attributes.put(attrName, subject.get(attrName));
} else if (attrName.startsWith(ExtSourcesManagerImpl.USEREXTSOURCEMAPPING)) {
//skip null additional ext sources
if (subject.get(attrName) == null)
continue;
// Add additionalUserExtSources
// Entry contains extSourceName|extSourceType|extLogin[|LoA]
String[] userExtSourceRaw = subject.get(attrName).split("\\|");
log.debug("Processing additionalUserExtSource {}", subject.get(attrName));
//Check if the array has at least 3 parts, this is protection against outOfBoundException
if (userExtSourceRaw.length < 3) {
throw new InternalErrorException("There is missing some mandatory part of additional user extSource value when processing it - '" + attrName + "'");
}
String additionalExtSourceName = userExtSourceRaw[0];
String additionalExtSourceType = userExtSourceRaw[1];
String additionalExtLogin = userExtSourceRaw[2];
int additionalExtLoa = 0;
//Loa is not mandatory argument
if (userExtSourceRaw.length > 3 && userExtSourceRaw[3] != null) {
try {
additionalExtLoa = Integer.parseInt(userExtSourceRaw[3]);
} catch (NumberFormatException e) {
throw new ParserException("Candidate with login [" + login + "] has wrong LoA '" + userExtSourceRaw[3] + "'.", e, "LoA");
}
}
ExtSource additionalExtSource;
if (additionalExtSourceName == null || additionalExtSourceName.isEmpty() || additionalExtSourceType == null || additionalExtSourceType.isEmpty() || additionalExtLogin == null || additionalExtLogin.isEmpty()) {
log.error("User with login {} has invalid additional userExtSource defined {}.", login, userExtSourceRaw);
} else {
try {
// Try to get extSource, with full extSource object (containg ID)
additionalExtSource = getPerunBl().getExtSourcesManagerBl().getExtSourceByName(sess, additionalExtSourceName);
} catch (ExtSourceNotExistsException e) {
try {
// Create new one if not exists
additionalExtSource = new ExtSource(additionalExtSourceName, additionalExtSourceType);
additionalExtSource = getPerunBl().getExtSourcesManagerBl().createExtSource(sess, additionalExtSource, null);
} catch (ExtSourceExistsException e1) {
throw new ConsistencyErrorException("Creating existin extSource: " + additionalExtSourceName);
}
}
//add additional user extSource
additionalUserExtSources.add(new UserExtSource(additionalExtSource, additionalExtLoa, additionalExtLogin));
}
}
}
candidate.setAdditionalUserExtSources(additionalUserExtSources);
candidate.setAttributes(attributes);
return candidate;
}
Also used :
Candidate(cz.metacentrum.perun.core.api.Candidate)
ParserException(cz.metacentrum.perun.core.api.exceptions.ParserException)
ConsistencyErrorException(cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException)
Matcher(java.util.regex.Matcher)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException)
UserExtSource(cz.metacentrum.perun.core.api.UserExtSource)
ExtSourceExistsException(cz.metacentrum.perun.core.api.exceptions.ExtSourceExistsException)
SubjectNotExistsException(cz.metacentrum.perun.core.api.exceptions.SubjectNotExistsException)
ExtSource(cz.metacentrum.perun.core.api.ExtSource)
UserExtSource(cz.metacentrum.perun.core.api.UserExtSource)
ExtSourceNotExistsException(cz.metacentrum.perun.core.api.exceptions.ExtSourceNotExistsException)
CandidateNotExistsException(cz.metacentrum.perun.core.api.exceptions.CandidateNotExistsException)
Example 75 with UserExtSource
use of cz.metacentrum.perun.core.api.UserExtSource in project perun by CESNET.
the class urn_perun_user_attribute_def_def_login_namespace_vsup method changedAttributeHook.
/**
* When login changes: first set / changed always change eduroam-vsup login too !!
* When login is set add UserExtSource, since logins are generated in Perun.
* When login is set, set also school mail u:d:vsupMail
*
* @param session
* @param user
* @param attribute
* @throws InternalErrorException
* @throws WrongReferenceAttributeValueException
*/
@Override
public void changedAttributeHook(PerunSessionImpl session, User user, Attribute attribute) throws InternalErrorException, WrongReferenceAttributeValueException {
if (attribute.getValue() != null) {
// add UES
ExtSource es = null;
try {
es = session.getPerunBl().getExtSourcesManagerBl().getExtSourceByName(session, "AD");
} catch (ExtSourceNotExistsException ex) {
throw new InternalErrorException("AD ext source on VŠUP doesn't exists.", ex);
}
try {
session.getPerunBl().getUsersManagerBl().getUserExtSourceByExtLogin(session, es, (String) attribute.getValue());
} catch (UserExtSourceNotExistsException ex) {
// add UES
UserExtSource ues = new UserExtSource(es, 2, (String) attribute.getValue());
try {
session.getPerunBl().getUsersManagerBl().addUserExtSource(session, user, ues);
} catch (UserExtSourceExistsException ex2) {
throw new ConsistencyErrorException(ex2);
}
}
// set eduroam-login
Attribute eduroamLogin = null;
try {
eduroamLogin = session.getPerunBl().getAttributesManagerBl().getAttribute(session, user, EDUROAM_VSUP_NAMESPACE);
if (!Objects.equals(attribute.getValue(), eduroamLogin.getValue())) {
eduroamLogin.setValue(attribute.getValue());
session.getPerunBl().getAttributesManagerBl().setAttribute(session, user, eduroamLogin);
}
} catch (WrongAttributeAssignmentException ex) {
throw new InternalErrorException(ex);
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException(ex);
} catch (WrongAttributeValueException ex) {
throw new WrongReferenceAttributeValueException(attribute, eduroamLogin, "Mismatch in checking of users VŠUP login and eduroam login.", ex);
}
// set všup school mail
Attribute schoolMail = null;
try {
schoolMail = session.getPerunBl().getAttributesManagerBl().getAttribute(session, user, VSUP_MAIL_NAMESPACE);
if (!Objects.equals(attribute.getValue(), schoolMail.getValue())) {
schoolMail.setValue(attribute.getValue() + "@vsup.cz");
session.getPerunBl().getAttributesManagerBl().setAttribute(session, user, schoolMail);
}
} catch (WrongAttributeAssignmentException ex) {
throw new InternalErrorException(ex);
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException(ex);
} catch (WrongAttributeValueException ex) {
throw new WrongReferenceAttributeValueException(attribute, schoolMail, "Mismatch in checking of users VŠUP login and schoolMail.", ex);
}
}
}
Also used :
ConsistencyErrorException(cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException)
Attribute(cz.metacentrum.perun.core.api.Attribute)
WrongAttributeAssignmentException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeAssignmentException)
UserExtSourceNotExistsException(cz.metacentrum.perun.core.api.exceptions.UserExtSourceNotExistsException)
AttributeNotExistsException(cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException)
InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException)
UserExtSourceExistsException(cz.metacentrum.perun.core.api.exceptions.UserExtSourceExistsException)
UserExtSource(cz.metacentrum.perun.core.api.UserExtSource)
WrongReferenceAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException)
UserExtSource(cz.metacentrum.perun.core.api.UserExtSource)
ExtSource(cz.metacentrum.perun.core.api.ExtSource)
ExtSourceNotExistsException(cz.metacentrum.perun.core.api.exceptions.ExtSourceNotExistsException)
UserExtSourceNotExistsException(cz.metacentrum.perun.core.api.exceptions.UserExtSourceNotExistsException)
WrongAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException)
Aggregations
UserExtSource (cz.metacentrum.perun.core.api.UserExtSource)79
AbstractPerunIntegrationTest (cz.metacentrum.perun.core.AbstractPerunIntegrationTest)34
Test (org.junit.Test)34
ExtSource (cz.metacentrum.perun.core.api.ExtSource)28
Attribute (cz.metacentrum.perun.core.api.Attribute)19
Candidate (cz.metacentrum.perun.core.api.Candidate)18
InternalErrorException (cz.metacentrum.perun.core.api.exceptions.InternalErrorException)14
User (cz.metacentrum.perun.core.api.User)12
Member (cz.metacentrum.perun.core.api.Member)11
ArrayList (java.util.ArrayList)11
RichAttribute (cz.metacentrum.perun.core.api.RichAttribute)8
Group (cz.metacentrum.perun.core.api.Group)7
ExtSourceNotExistsException (cz.metacentrum.perun.core.api.exceptions.ExtSourceNotExistsException)6
ConsistencyErrorException (cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException)5
HashMap (java.util.HashMap)5
RichUser (cz.metacentrum.perun.core.api.RichUser)4
AttributeNotExistsException (cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException)4
WrongAttributeAssignmentException (cz.metacentrum.perun.core.api.exceptions.WrongAttributeAssignmentException)4
Matcher (java.util.regex.Matcher)4
RichMember (cz.metacentrum.perun.core.api.RichMember)3
