Example 6 with GuardedString
use of eu.bcvsolutions.idm.core.security.api.domain.GuardedString in project CzechIdMng by bcvsolutions.
the class DefaultSysProvisioningServiceTest method doIdentityProvisioningChangePassword.
@Test
public void doIdentityProvisioningChangePassword() {
IdmIdentityDto identity = idmIdentityService.getByUsername(IDENTITY_USERNAME);
AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
filter.setIdentityId(identity.getId());
AccIdentityAccountDto accountIdentityOne = identityAccoutnService.find(filter, null).getContent().get(0);
SysSystemDto system = systemService.get(accountService.get(accountIdentityOne.getAccount()).getSystem());
// Create new password one
PasswordChangeDto passwordChange = new PasswordChangeDto();
passwordChange.setAccounts(ImmutableList.of(accountIdentityOne.getAccount().toString()));
passwordChange.setNewPassword(new GuardedString(IDENTITY_PASSWORD_ONE));
passwordChange.setIdm(true);
// Do change of password for selected accounts
idmIdentityService.passwordChange(identity, passwordChange);
accountIdentityOne = identityAccoutnService.get(accountIdentityOne.getId());
// Check correct password One
provisioningService.authenticate(accountService.get(accountIdentityOne.getAccount()).getUid(), new GuardedString(IDENTITY_PASSWORD_ONE), system, SystemEntityType.IDENTITY);
// Check incorrect password
try {
provisioningService.authenticate(accountService.get(accountIdentityOne.getAccount()).getUid(), new GuardedString(IDENTITY_PASSWORD_TWO), system, SystemEntityType.IDENTITY);
fail("Bad credentials exception is expected here!");
} catch (ResultCodeException ex) {
//
}
// Do change of password for selected accounts
passwordChange.setNewPassword(new GuardedString(IDENTITY_PASSWORD_TWO));
idmIdentityService.passwordChange(idmIdentityService.get(accountIdentityOne.getIdentity()), passwordChange);
// Check correct password Two
accountIdentityOne = identityAccoutnService.get(accountIdentityOne.getId());
provisioningService.authenticate(accountService.get(accountIdentityOne.getAccount()).getUid(), new GuardedString(IDENTITY_PASSWORD_TWO), system, SystemEntityType.IDENTITY);
}
Also used :
PasswordChangeDto(eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto)
AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter)
ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException)
GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)
Test(org.junit.Test)
Example 7 with GuardedString
use of eu.bcvsolutions.idm.core.security.api.domain.GuardedString in project CzechIdMng by bcvsolutions.
the class DefaultSysProvisioningServiceTest method createIdentity.
/**
* @return
* @deprecated use testHepler after role + dto refactoring
*/
@Deprecated
private IdmIdentityDto createIdentity() {
IdmIdentityDto identity = new IdmIdentityDto();
identity.setUsername("test" + "-" + UUID.randomUUID());
identity.setFirstName("Test");
identity.setLastName("Identity");
identity.setPassword(new GuardedString("password"));
return idmIdentityService.save(identity);
}
Also used :
GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
Example 8 with GuardedString
use of eu.bcvsolutions.idm.core.security.api.domain.GuardedString in project CzechIdMng by bcvsolutions.
the class SystemSaveProcessor method process.
@Override
public EventResult<SysSystemDto> process(EntityEvent<SysSystemDto> event) {
SysSystemDto dto = event.getContent();
// create default connector server
if (dto.getConnectorServer() == null) {
dto.setConnectorServer(new SysConnectorServerDto());
}
// create default connector key
if (dto.getConnectorKey() == null) {
dto.setConnectorKey(new SysConnectorKeyDto());
}
// create default blocked operations
if (dto.getBlockedOperation() == null) {
dto.setBlockedOperation(new SysBlockedOperationDto());
}
if (!service.isNew(dto)) {
// Check if is connector changed
SysSystemDto oldSystem = service.get(dto.getId());
if (!dto.getConnectorKey().equals(oldSystem.getConnectorKey())) {
// If is connector changed, we set virtual to false. (Virtual
// connectors set this attribute on true by themselves)
dto.setVirtual(false);
}
// check blocked provisioning operation and clear provisioning break cache
clearProvisionignBreakCache(dto, oldSystem);
}
SysSystemDto newSystem = service.saveInternal(dto);
event.setContent(newSystem);
// save password from remote connector server to confidential storage
if (dto.getConnectorServer().getPassword() != null) {
// save for newSystem
confidentialStorage.save(newSystem.getId(), SysSystem.class, SysSystemService.REMOTE_SERVER_PASSWORD, dto.getConnectorServer().getPassword().asString());
//
// set asterix
newSystem.getConnectorServer().setPassword(new GuardedString(GuardedString.SECRED_PROXY_STRING));
}
// TODO: clone content - mutable previous event content :/
return new DefaultEventResult<>(event, this);
}
Also used :
SysConnectorKeyDto(eu.bcvsolutions.idm.acc.dto.SysConnectorKeyDto)
DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult)
SysBlockedOperationDto(eu.bcvsolutions.idm.acc.dto.SysBlockedOperationDto)
GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString)
SysConnectorServerDto(eu.bcvsolutions.idm.acc.dto.SysConnectorServerDto)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
Example 9 with GuardedString
use of eu.bcvsolutions.idm.core.security.api.domain.GuardedString in project CzechIdMng by bcvsolutions.
the class ProvisioningCreateProcessor method processInternal.
@Override
public IcUidAttribute processInternal(SysProvisioningOperationDto provisioningOperation, IcConnectorConfiguration connectorConfig) {
// get system for password policy
SysSystemDto system = systemService.get(provisioningOperation.getSystem());
// execute provisioning
IcConnectorObject connectorObject = provisioningOperation.getProvisioningContext().getConnectorObject();
for (IcAttribute attribute : connectorObject.getAttributes()) {
// if attribute is password and his value is empty, generate new password
if (attribute instanceof IcPasswordAttribute && ((IcPasswordAttribute) attribute).getPasswordValue() == null) {
UUID passwordPolicyId = system.getPasswordPolicyGenerate();
//
String password = null;
if (passwordPolicyId == null) {
LOG.debug("Generate password policy for system [{}], not found. Password will be generate by default password policy", system.getCode());
password = passwordPolicyService.generatePasswordByDefault();
} else {
LOG.debug("Generate password policy for system [{}] found", system.getCode());
password = passwordPolicyService.generatePassword(passwordPolicyService.get(passwordPolicyId));
}
//
connectorObject.getAttributes().remove(attribute);
connectorObject.getAttributes().add(new IcPasswordAttributeImpl(ProvisioningService.PASSWORD_SCHEMA_PROPERTY_NAME, new GuardedString(password)));
break;
}
}
//
IcUidAttribute icUid = connectorFacade.createObject(systemService.getConnectorInstance(system), connectorConfig, connectorObject.getObjectClass(), connectorObject.getAttributes());
//
// set connector object back to provisioning context
provisioningOperation.getProvisioningContext().setConnectorObject(connectorObject);
// has to be first - we need to replace guarded strings before systemEntityService.save(systemEntity)
provisioningOperation = provisioningOperationService.save(provisioningOperation);
return icUid;
}
Also used :
IcPasswordAttributeImpl(eu.bcvsolutions.idm.ic.impl.IcPasswordAttributeImpl)
IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
IcPasswordAttribute(eu.bcvsolutions.idm.ic.api.IcPasswordAttribute)
GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString)
GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString)
IcUidAttribute(eu.bcvsolutions.idm.ic.api.IcUidAttribute)
UUID(java.util.UUID)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
Example 10 with GuardedString
use of eu.bcvsolutions.idm.core.security.api.domain.GuardedString in project CzechIdMng by bcvsolutions.
the class InitApplicationData method init.
protected void init() {
securityService.setSystemAuthentication();
//
try {
// prepare default form definitions
if (formService.getDefinition(IdmIdentity.class) == null) {
formService.createDefinition(IdmIdentity.class, new ArrayList<>());
}
if (formService.getDefinition(IdmRole.class) == null) {
formService.createDefinition(IdmRole.class, new ArrayList<>());
}
if (formService.getDefinition(IdmTreeNode.class) == null) {
formService.createDefinition(IdmTreeNode.class, new ArrayList<>());
}
if (formService.getDefinition(IdmIdentityContract.class) == null) {
formService.createDefinition(IdmIdentityContract.class, new ArrayList<>());
}
//
// create super admin role
IdmRoleDto existsSuperAdminRole = this.roleService.getByCode(ADMIN_ROLE);
if (existsSuperAdminRole == null && this.roleService.find(new PageRequest(0, 1)).getTotalElements() == 0) {
//
final IdmRoleDto superAdminRole = new IdmRoleDto();
superAdminRole.setName(ADMIN_ROLE);
superAdminRole.setRoleType(RoleType.SYSTEM);
existsSuperAdminRole = this.roleService.save(superAdminRole);
// super admin authorization policy
IdmAuthorizationPolicyDto policy = new IdmAuthorizationPolicyDto();
policy.setGroupPermission(IdmGroupPermission.APP.getName());
policy.setPermissions(IdmBasePermission.ADMIN);
policy.setRole(existsSuperAdminRole.getId());
policy.setEvaluator(BasePermissionEvaluator.class);
authorizationPolicyService.save(policy);
//
LOG.info(MessageFormat.format("Super admin Role created [id: {0}]", superAdminRole.getId()));
}
//
// create super admin
IdmIdentityDto existsSuperAdmin = this.identityService.getByUsername(ADMIN_USERNAME);
if (existsSuperAdmin == null || this.identityService.find(new PageRequest(0, 1)).getTotalElements() == 0) {
//
IdmIdentityDto identityAdmin = new IdmIdentityDto();
identityAdmin.setUsername(ADMIN_USERNAME);
identityAdmin.setPassword(new GuardedString(ADMIN_PASSWORD));
identityAdmin.setLastName("Administrator");
identityAdmin = this.identityService.save(identityAdmin);
LOG.info(MessageFormat.format("Super admin identity created [id: {0}]", identityAdmin.getId()));
//
// create prime contract
IdmIdentityContractDto contract = identityContractService.getPrimeContract(identityAdmin.getId());
if (contract == null) {
contract = identityContractService.prepareMainContract(identityAdmin.getId());
contract = identityContractService.save(contract);
}
//
// assign super admin role
IdmIdentityRoleDto identityRole = new IdmIdentityRoleDto();
identityRole.setIdentityContract(contract.getId());
identityRole.setRole(existsSuperAdminRole.getId());
identityRoleService.save(identityRole);
}
//
// create Node type for organization
IdmTreeTypeDto treeType = treeTypeService.getByCode(DEFAULT_TREE_TYPE);
if (treeType == null && this.treeTypeService.find(new PageRequest(0, 1)).getTotalElements() == 0) {
treeType = new IdmTreeTypeDto();
treeType.setCode(DEFAULT_TREE_TYPE);
treeType.setName("Organization structure");
treeType = this.treeTypeService.save(treeType);
treeConfiguration.setDefaultType(treeType.getId());
// create organization root
if (treeNodeService.findRoots(treeType.getId(), new PageRequest(0, 1)).getTotalElements() == 0) {
IdmTreeNodeDto organizationRoot = new IdmTreeNodeDto();
organizationRoot.setCode("root");
organizationRoot.setName("Root organization");
organizationRoot.setTreeType(treeType.getId());
organizationRoot = this.treeNodeService.save(organizationRoot);
}
}
//
// initial missing scripts, current scripts isn't redploy
scriptService.init();
// save only missing templates, current templates is not redeploys
notificationTemplateService.init();
//
// init notification configuration, initialization topic need exists system templates!
notificationConfigurationService.initDefaultTopics();
//
// Cancels all previously ran tasks
longRunningTaskManager.init();
//
// Cancels all previously ran events
entityEventManager.init();
} finally {
SecurityContextHolder.clearContext();
}
}
Also used :
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
IdmAuthorizationPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto)
GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString)
IdmTreeNodeDto(eu.bcvsolutions.idm.core.api.dto.IdmTreeNodeDto)
IdmTreeTypeDto(eu.bcvsolutions.idm.core.api.dto.IdmTreeTypeDto)
PageRequest(org.springframework.data.domain.PageRequest)
IdmTreeNode(eu.bcvsolutions.idm.core.model.entity.IdmTreeNode)
IdmRole(eu.bcvsolutions.idm.core.model.entity.IdmRole)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)
IdmIdentity(eu.bcvsolutions.idm.core.model.entity.IdmIdentity)
IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)
IdmIdentityContract(eu.bcvsolutions.idm.core.model.entity.IdmIdentityContract)
Aggregations
GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)97
Test (org.junit.Test)61
IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)59
AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)49
LoginDto (eu.bcvsolutions.idm.core.security.api.dto.LoginDto)40
IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)30
SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)26
PasswordChangeDto (eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto)20
ArrayList (java.util.ArrayList)13
IdmAuthorizationPolicyDto (eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto)11
IcConnectorObject (eu.bcvsolutions.idm.ic.api.IcConnectorObject)11
AccIdentityAccountDto (eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)10
AccIdentityAccountFilter (eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter)9
HashMap (java.util.HashMap)9
IdmIdentityContractDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)8
Transactional (org.springframework.transaction.annotation.Transactional)8
ProvisioningAttributeDto (eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto)7
SysSystemAttributeMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)7
IdmRole (eu.bcvsolutions.idm.core.model.entity.IdmRole)7
List (java.util.List)7
