Examples with PasswordChangeType eu.bcvsolutions.idm.core.api.domain.PasswordChangeType used on opensource projects

Search in sources :

Example 1 with PasswordChangeType

use of eu.bcvsolutions.idm.core.api.domain.PasswordChangeType in project CzechIdMng by bcvsolutions.

the class IdentityPasswordValidateProcessor method process.

@Override
public EventResult<IdmIdentityDto> process(EntityEvent<IdmIdentityDto> event) {
    PasswordChangeDto passwordChangeDto = (PasswordChangeDto) event.getProperties().get(IdentityPasswordProcessor.PROPERTY_PASSWORD_CHANGE_DTO);
    IdmIdentityDto identity = event.getContent();
    // 
    Assert.notNull(passwordChangeDto, "Password change dto is required.");
    Assert.notNull(identity, "Identity is required.");
    // 
    LOG.debug("Call validate password for systems and default password policy for identity username [{}]", event.getContent().getUsername());
    // 
    List<IdmPasswordPolicyDto> passwordPolicyList = validateDefinition(identity, passwordChangeDto);
    // 
    // Find user accounts
    AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
    filter.setIdentityId(identity.getId());
    List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(filter, null).getContent();
    // 
    if (!securityService.isAdmin()) {
        // check accounts and property all_only
        PasswordChangeType passwordChangeType = identityConfiguration.getPasswordChangeType();
        if (passwordChangeType == PasswordChangeType.ALL_ONLY) {
            // get distinct account ids from identity accounts
            List<String> accountIds = identityAccounts.stream().filter(identityAccount -> {
                // filter by ownership
                return (identityAccount.isOwnership());
            }).map(AccIdentityAccountDto::getAccount).map(UUID::toString).collect(Collectors.toList());
            // 
            if (!accountIds.isEmpty() && !passwordChangeDto.getAccounts().isEmpty()) {
                // size of the found accounts must match the account size in the password change - ALL_ONLY
                boolean containsAll = accountIds.size() == passwordChangeDto.getAccounts().size();
                if (!containsAll) {
                    throw new ResultCodeException(CoreResultCode.PASSWORD_CHANGE_ALL_ONLY);
                }
            }
        }
    }
    // 
    // validate
    IdmPasswordValidationDto passwordValidationDto = new IdmPasswordValidationDto();
    // get old password for validation - till, from and password history
    IdmPasswordDto oldPassword = this.passwordService.findOneByIdentity(identity.getId());
    passwordValidationDto.setOldPassword(oldPassword == null ? null : oldPassword.getId());
    passwordValidationDto.setIdentity(identity);
    passwordValidationDto.setPassword(passwordChangeDto.getNewPassword());
    this.passwordPolicyService.validate(passwordValidationDto, passwordPolicyList);
    // 
    return new DefaultEventResult<>(event, this);
}
Also used : IdmPasswordPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto) ProvisioningEvent(eu.bcvsolutions.idm.acc.event.ProvisioningEvent) Autowired(org.springframework.beans.factory.annotation.Autowired) Enabled(eu.bcvsolutions.idm.core.security.api.domain.Enabled) CoreEventProcessor(eu.bcvsolutions.idm.core.api.event.CoreEventProcessor) IdmPasswordDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto) IdmPasswordService(eu.bcvsolutions.idm.core.api.service.IdmPasswordService) SecurityService(eu.bcvsolutions.idm.core.security.api.service.SecurityService) ArrayList(java.util.ArrayList) IdmPasswordValidationDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordValidationDto) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult) IdentityEventType(eu.bcvsolutions.idm.core.model.event.IdentityEvent.IdentityEventType) EventResult(eu.bcvsolutions.idm.core.api.event.EventResult) IdentityProcessor(eu.bcvsolutions.idm.core.api.event.processor.IdentityProcessor) EntityEvent(eu.bcvsolutions.idm.core.api.event.EntityEvent) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) Description(org.springframework.context.annotation.Description) AccModuleDescriptor(eu.bcvsolutions.idm.acc.AccModuleDescriptor) PasswordChangeType(eu.bcvsolutions.idm.core.api.domain.PasswordChangeType) AccIdentityAccountRepository(eu.bcvsolutions.idm.acc.repository.AccIdentityAccountRepository) IdmPasswordPolicyType(eu.bcvsolutions.idm.core.api.domain.IdmPasswordPolicyType) IdentityPasswordProcessor(eu.bcvsolutions.idm.core.model.event.processor.identity.IdentityPasswordProcessor) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) UUID(java.util.UUID) Collectors(java.util.stream.Collectors) List(java.util.List) Component(org.springframework.stereotype.Component) IdmPasswordPolicy(eu.bcvsolutions.idm.core.model.entity.IdmPasswordPolicy) CoreResultCode(eu.bcvsolutions.idm.core.api.domain.CoreResultCode) AccIdentityAccountService(eu.bcvsolutions.idm.acc.service.api.AccIdentityAccountService) IdentityConfiguration(eu.bcvsolutions.idm.core.api.config.domain.IdentityConfiguration) PasswordChangeDto(eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto) Assert(org.springframework.util.Assert) IdmPasswordPolicyService(eu.bcvsolutions.idm.core.api.service.IdmPasswordPolicyService) PasswordChangeType(eu.bcvsolutions.idm.core.api.domain.PasswordChangeType) PasswordChangeDto(eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) IdmPasswordPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto) IdmPasswordValidationDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordValidationDto) IdmPasswordDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)

Example 2 with PasswordChangeType

use of eu.bcvsolutions.idm.core.api.domain.PasswordChangeType in project CzechIdMng by bcvsolutions.

the class AbstractIdentityPasswordValidateProcessor method process.

@Override
public EventResult<IdmIdentityDto> process(EntityEvent<IdmIdentityDto> event) {
    IdmIdentityDto identity = event.getContent();
    PasswordChangeDto passwordChangeDto = (PasswordChangeDto) event.getProperties().get(IdentityPasswordProcessor.PROPERTY_PASSWORD_CHANGE_DTO);
    Assert.notNull(passwordChangeDto, "Password change dto is required.");
    // 
    if (requiresOriginalPassword()) {
        PasswordChangeType passwordChangeType = identityConfiguration.getPasswordChangeType();
        if (passwordChangeType == PasswordChangeType.DISABLED) {
            // check if isn't disable password change
            throw new ResultCodeException(CoreResultCode.PASSWORD_CHANGE_DISABLED);
        } else if (passwordChangeType == PasswordChangeType.ALL_ONLY && !passwordChangeDto.isAll()) {
            // for all only must change also password for czechidm
            throw new ResultCodeException(CoreResultCode.PASSWORD_CHANGE_ALL_ONLY);
        }
        // checkAccess(identity, IdentityBasePermission.PASSWORDCHANGE) is called before event publishing
        if (identity.getId().equals(securityService.getCurrentId()) && identityConfiguration.isRequireOldPassword()) {
            if (passwordChangeDto.getOldPassword() == null) {
                throw new ResultCodeException(CoreResultCode.PASSWORD_CHANGE_CURRENT_FAILED_IDM);
            }
            // authentication trough chain
            LoginDto loginDto = new LoginDto();
            loginDto.setUsername(identity.getUsername());
            loginDto.setPassword(passwordChangeDto.getOldPassword());
            // password is changed => prevent to validate this flag again
            loginDto.setSkipMustChange(true);
            // 
            boolean successChainValidation = authenticationManager.validate(loginDto);
            if (!successChainValidation) {
                throw new ResultCodeException(CoreResultCode.PASSWORD_CHANGE_CURRENT_FAILED_IDM);
            }
        }
    }
    if (passwordChangeDto.isAll() || passwordChangeDto.isIdm()) {
        // change identity's password
        // validate password
        IdmPasswordValidationDto passwordValidationDto = new IdmPasswordValidationDto();
        // set old password for validation - valid till, from and history check
        IdmPasswordDto oldPassword = this.passwordService.findOneByIdentity(identity.getId());
        passwordValidationDto.setOldPassword(oldPassword == null ? null : oldPassword.getId());
        passwordValidationDto.setPassword(passwordChangeDto.getNewPassword());
        passwordValidationDto.setIdentity(identity);
        this.passwordPolicyService.validate(passwordValidationDto);
    }
    return new DefaultEventResult<>(event, this);
}
Also used : PasswordChangeType(eu.bcvsolutions.idm.core.api.domain.PasswordChangeType) IdmPasswordValidationDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordValidationDto) PasswordChangeDto(eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto) IdmPasswordDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) LoginDto(eu.bcvsolutions.idm.core.security.api.dto.LoginDto)

Aggregations

PasswordChangeType (eu.bcvsolutions.idm.core.api.domain.PasswordChangeType)2 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)2 IdmPasswordDto (eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto)2 IdmPasswordValidationDto (eu.bcvsolutions.idm.core.api.dto.IdmPasswordValidationDto)2 PasswordChangeDto (eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto)2 DefaultEventResult (eu.bcvsolutions.idm.core.api.event.DefaultEventResult)2 ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)2 AccModuleDescriptor (eu.bcvsolutions.idm.acc.AccModuleDescriptor)1 AccIdentityAccountDto (eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)1 AccIdentityAccountFilter (eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter)1 ProvisioningEvent (eu.bcvsolutions.idm.acc.event.ProvisioningEvent)1 AccIdentityAccountRepository (eu.bcvsolutions.idm.acc.repository.AccIdentityAccountRepository)1 AccIdentityAccountService (eu.bcvsolutions.idm.acc.service.api.AccIdentityAccountService)1 IdentityConfiguration (eu.bcvsolutions.idm.core.api.config.domain.IdentityConfiguration)1 CoreResultCode (eu.bcvsolutions.idm.core.api.domain.CoreResultCode)1 IdmPasswordPolicyType (eu.bcvsolutions.idm.core.api.domain.IdmPasswordPolicyType)1 IdmPasswordPolicyDto (eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto)1 CoreEventProcessor (eu.bcvsolutions.idm.core.api.event.CoreEventProcessor)1 EntityEvent (eu.bcvsolutions.idm.core.api.event.EntityEvent)1 EventResult (eu.bcvsolutions.idm.core.api.event.EventResult)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial