Search in sources :

Example 11 with GuardedString

use of eu.bcvsolutions.idm.core.security.api.domain.GuardedString in project CzechIdMng by bcvsolutions.

the class InitDemoData method init.

protected void init() {
    // we need to be ensured admin and and admin role exists.
    initApplicationData.init();
    // 
    securityService.setSystemAuthentication();
    // 
    try {
        IdmIdentityDto identityAdmin = this.identityService.getByUsername(InitApplicationData.ADMIN_USERNAME);
        // 
        Page<IdmTreeNodeDto> rootsList = treeNodeService.findRoots((UUID) null, new PageRequest(0, 1));
        IdmTreeNodeDto rootOrganization = null;
        if (!rootsList.getContent().isEmpty()) {
            rootOrganization = rootsList.getContent().get(0);
        } else {
            IdmTreeNodeDto organizationRoot = new IdmTreeNodeDto();
            organizationRoot.setCode("root");
            organizationRoot.setName("Organization ROOT");
            organizationRoot.setTreeType(treeTypeService.getByCode(InitApplicationData.DEFAULT_TREE_TYPE).getId());
            organizationRoot = this.treeNodeService.save(organizationRoot);
        }
        // 
        if (!configurationService.getBooleanValue(PARAMETER_DEMO_DATA_CREATED, false)) {
            LOG.info("Creating demo data ...");
            // 
            // create default password policy for validate
            IdmPasswordPolicyDto passValidate = null;
            try {
                passValidate = this.passwordPolicyService.getDefaultPasswordPolicy(IdmPasswordPolicyType.VALIDATE);
            } catch (ResultCodeException e) {
            // nothing, password policy for validate not exist
            }
            // default password policy not exist, try to found by name
            if (passValidate == null) {
                passValidate = this.passwordPolicyService.findOneByName("DEFAULT_VALIDATE_POLICY");
            }
            // if password policy still not exist create default password policy
            if (passValidate == null) {
                passValidate = new IdmPasswordPolicyDto();
                passValidate.setName("DEFAULT_VALIDATE_POLICY");
                passValidate.setDefaultPolicy(true);
                passValidate.setType(IdmPasswordPolicyType.VALIDATE);
                passwordPolicyService.save(passValidate);
            }
            // 
            // create default password policy for generate
            IdmPasswordPolicyDto passGenerate = null;
            try {
                passGenerate = this.passwordPolicyService.getDefaultPasswordPolicy(IdmPasswordPolicyType.GENERATE);
            } catch (ResultCodeException e) {
            // nothing, password policy for generate password not exist
            }
            // try to found password policy by name
            if (passGenerate == null) {
                passGenerate = this.passwordPolicyService.findOneByName("DEFAULT_GENERATE_POLICY");
            }
            // if still not exist create default generate password policy
            if (passGenerate == null) {
                passGenerate = new IdmPasswordPolicyDto();
                passGenerate.setName("DEFAULT_GENERATE_POLICY");
                passGenerate.setDefaultPolicy(true);
                passGenerate.setType(IdmPasswordPolicyType.GENERATE);
                passGenerate.setMinLowerChar(2);
                passGenerate.setMinNumber(2);
                passGenerate.setMinSpecialChar(2);
                passGenerate.setMinUpperChar(2);
                passGenerate.setMinPasswordLength(8);
                passGenerate.setMaxPasswordLength(12);
                passwordPolicyService.save(passGenerate);
            }
            // 
            // role may exists from another module initialization
            IdmRoleDto role1 = this.roleService.getByCode(DEFAULT_ROLE_NAME);
            if (role1 == null) {
                role1 = new IdmRoleDto();
                role1.setName(DEFAULT_ROLE_NAME);
                role1 = this.roleService.save(role1);
            }
            // self policy
            IdmAuthorizationPolicyDto selfPolicy = new IdmAuthorizationPolicyDto();
            selfPolicy.setPermissions(IdmBasePermission.AUTOCOMPLETE, IdmBasePermission.READ, IdentityBasePermission.PASSWORDCHANGE, IdentityBasePermission.CHANGEPERMISSION);
            selfPolicy.setRole(role1.getId());
            selfPolicy.setGroupPermission(CoreGroupPermission.IDENTITY.getName());
            selfPolicy.setAuthorizableType(IdmIdentity.class.getCanonicalName());
            selfPolicy.setEvaluator(SelfIdentityEvaluator.class);
            authorizationPolicyService.save(selfPolicy);
            // read identity roles by identity
            IdmAuthorizationPolicyDto identityRolePolicy = new IdmAuthorizationPolicyDto();
            identityRolePolicy.setRole(role1.getId());
            identityRolePolicy.setGroupPermission(CoreGroupPermission.IDENTITYROLE.getName());
            identityRolePolicy.setAuthorizableType(IdmIdentityRole.class.getCanonicalName());
            identityRolePolicy.setEvaluator(IdentityRoleByIdentityEvaluator.class);
            authorizationPolicyService.save(identityRolePolicy);
            // read identity contracts by identity
            IdmAuthorizationPolicyDto identityContractPolicy = new IdmAuthorizationPolicyDto();
            identityContractPolicy.setRole(role1.getId());
            identityContractPolicy.setGroupPermission(CoreGroupPermission.IDENTITYCONTRACT.getName());
            identityContractPolicy.setAuthorizableType(IdmIdentityContract.class.getCanonicalName());
            identityContractPolicy.setEvaluator(IdentityContractByIdentityEvaluator.class);
            authorizationPolicyService.save(identityContractPolicy);
            // read contract guarantees by identity contract
            IdmAuthorizationPolicyDto contractGuaranteePolicy = new IdmAuthorizationPolicyDto();
            contractGuaranteePolicy.setRole(role1.getId());
            contractGuaranteePolicy.setGroupPermission(CoreGroupPermission.CONTRACTGUARANTEE.getName());
            contractGuaranteePolicy.setAuthorizableType(IdmContractGuarantee.class.getCanonicalName());
            contractGuaranteePolicy.setEvaluator(ContractGuaranteeByIdentityContractEvaluator.class);
            authorizationPolicyService.save(contractGuaranteePolicy);
            // only autocomplete roles that can be requested
            IdmAuthorizationPolicyDto applyForPolicy = new IdmAuthorizationPolicyDto();
            applyForPolicy.setPermissions(IdmBasePermission.AUTOCOMPLETE);
            applyForPolicy.setRole(role1.getId());
            applyForPolicy.setGroupPermission(CoreGroupPermission.ROLE.getName());
            applyForPolicy.setAuthorizableType(IdmRole.class.getCanonicalName());
            applyForPolicy.setEvaluator(RoleCanBeRequestedEvaluator.class);
            authorizationPolicyService.save(applyForPolicy);
            // role requests by identity
            IdmAuthorizationPolicyDto roleRequestByIdentityPolicy = new IdmAuthorizationPolicyDto();
            roleRequestByIdentityPolicy.setRole(role1.getId());
            roleRequestByIdentityPolicy.setGroupPermission(CoreGroupPermission.ROLEREQUEST.getName());
            roleRequestByIdentityPolicy.setAuthorizableType(IdmRoleRequest.class.getCanonicalName());
            roleRequestByIdentityPolicy.setEvaluator(RoleRequestByIdentityEvaluator.class);
            authorizationPolicyService.save(roleRequestByIdentityPolicy);
            // self role requests
            IdmAuthorizationPolicyDto selfRoleRequestPolicy = new IdmAuthorizationPolicyDto();
            selfRoleRequestPolicy.setPermissions(IdmBasePermission.READ, IdmBasePermission.UPDATE, IdmBasePermission.CREATE, IdmBasePermission.DELETE);
            selfRoleRequestPolicy.setRole(role1.getId());
            selfRoleRequestPolicy.setGroupPermission(CoreGroupPermission.ROLEREQUEST.getName());
            selfRoleRequestPolicy.setAuthorizableType(IdmRoleRequest.class.getCanonicalName());
            selfRoleRequestPolicy.setEvaluator(SelfRoleRequestEvaluator.class);
            authorizationPolicyService.save(selfRoleRequestPolicy);
            // role rerquests in approval
            IdmAuthorizationPolicyDto roleRequestByWfPolicy = new IdmAuthorizationPolicyDto();
            roleRequestByWfPolicy.setPermissions(IdmBasePermission.READ, IdmBasePermission.UPDATE);
            roleRequestByWfPolicy.setRole(role1.getId());
            roleRequestByWfPolicy.setGroupPermission(CoreGroupPermission.ROLEREQUEST.getName());
            roleRequestByWfPolicy.setAuthorizableType(IdmRoleRequest.class.getCanonicalName());
            roleRequestByWfPolicy.setEvaluator(RoleRequestByWfInvolvedIdentityEvaluator.class);
            authorizationPolicyService.save(roleRequestByWfPolicy);
            // tree node - autocomplete
            IdmAuthorizationPolicyDto treeNodePolicy = new IdmAuthorizationPolicyDto();
            treeNodePolicy.setPermissions(IdmBasePermission.AUTOCOMPLETE);
            treeNodePolicy.setRole(role1.getId());
            treeNodePolicy.setGroupPermission(CoreGroupPermission.TREENODE.getName());
            treeNodePolicy.setAuthorizableType(IdmTreeNode.class.getCanonicalName());
            treeNodePolicy.setEvaluator(BasePermissionEvaluator.class);
            authorizationPolicyService.save(treeNodePolicy);
            // tree type - autocomplete all
            IdmAuthorizationPolicyDto treeTypePolicy = new IdmAuthorizationPolicyDto();
            treeTypePolicy.setPermissions(IdmBasePermission.AUTOCOMPLETE);
            treeTypePolicy.setRole(role1.getId());
            treeTypePolicy.setGroupPermission(CoreGroupPermission.TREETYPE.getName());
            treeTypePolicy.setAuthorizableType(IdmTreeType.class.getCanonicalName());
            treeTypePolicy.setEvaluator(BasePermissionEvaluator.class);
            authorizationPolicyService.save(treeTypePolicy);
            // workflow task read and execute
            IdmAuthorizationPolicyDto workflowTaskPolicy = new IdmAuthorizationPolicyDto();
            workflowTaskPolicy.setPermissions(IdmBasePermission.READ, IdmBasePermission.EXECUTE);
            workflowTaskPolicy.setRole(role1.getId());
            workflowTaskPolicy.setGroupPermission(CoreGroupPermission.WORKFLOWTASK.getName());
            workflowTaskPolicy.setEvaluator(BasePermissionEvaluator.class);
            authorizationPolicyService.save(workflowTaskPolicy);
            // 
            LOG.info(MessageFormat.format("Role created [id: {0}]", role1.getId()));
            // 
            IdmRoleDto role2 = new IdmRoleDto();
            role2.setName("customRole");
            // TODO: subroles are disabled for now
            // List<IdmRoleComposition> subRoles = new ArrayList<>();
            // subRoles.add(new IdmRoleComposition(role2, superAdminRole));
            // role2.setSubRoles(subRoles);
            role2 = this.roleService.save(role2);
            LOG.info(MessageFormat.format("Role created [id: {0}]", role2.getId()));
            // 
            IdmRoleDto roleManager = new IdmRoleDto();
            roleManager.setName("manager");
            roleManager = this.roleService.save(roleManager);
            LOG.info(MessageFormat.format("Role created [id: {0}]", roleManager.getId()));
            // 
            // 
            IdmIdentityDto identity = new IdmIdentityDto();
            identity.setUsername("tomiska");
            identity.setPassword(new GuardedString("heslo"));
            identity.setFirstName("Radek");
            identity.setLastName("Tomiška");
            identity.setEmail("radek.tomiska@bcvsolutions.eu");
            identity = this.identityService.save(identity);
            LOG.info(MessageFormat.format("Identity created [id: {0}]", identity.getId()));
            // 
            // create prime contract
            IdmIdentityContractDto identityContract = identityContractService.getPrimeContract(identity.getId());
            if (identityContract == null) {
                identityContract = identityContractService.prepareMainContract(identity.getId());
                identityContract = identityContractService.save(identityContract);
            }
            // 
            IdmIdentityRoleDto identityRole1 = new IdmIdentityRoleDto();
            identityRole1.setIdentityContract(identityContract.getId());
            identityRole1.setRole(role1.getId());
            identityRole1 = identityRoleService.save(identityRole1);
            // 
            IdmIdentityRoleDto identityRole2 = new IdmIdentityRoleDto();
            identityRole2.setIdentityContract(identityContract.getId());
            identityRole2.setRole(role2.getId());
            identityRole2 = identityRoleService.save(identityRole2);
            // 
            IdmIdentityDto identity2 = new IdmIdentityDto();
            identity2.setUsername("svanda");
            identity2.setFirstName("Vít");
            identity2.setPassword(new GuardedString("heslo"));
            identity2.setLastName("Švanda");
            identity2.setEmail("vit.svanda@bcvsolutions.eu");
            identity2 = this.identityService.save(identity2);
            LOG.info(MessageFormat.format("Identity created [id: {0}]", identity2.getId()));
            // 
            IdmIdentityDto identity3 = new IdmIdentityDto();
            identity3.setUsername("kopr");
            identity3.setFirstName("Ondrej");
            identity3.setPassword(new GuardedString("heslo"));
            identity3.setLastName("Kopr");
            identity3.setEmail("ondrej.kopr@bcvsolutions.eu");
            identity3 = this.identityService.save(identity3);
            LOG.info(MessageFormat.format("Identity created [id: {0}]", identity3.getId()));
            // 
            // get tree type for organization
            IdmTreeTypeDto treeType = treeTypeService.getByCode(InitApplicationData.DEFAULT_TREE_TYPE);
            // 
            IdmTreeNodeDto organization1 = new IdmTreeNodeDto();
            organization1.setCode("one");
            organization1.setName("Organization One");
            organization1.setParent(rootOrganization.getId());
            organization1.setTreeType(treeType.getId());
            organization1 = this.treeNodeService.save(organization1);
            // 
            IdmTreeNodeDto organization2 = new IdmTreeNodeDto();
            organization2.setCode("two");
            organization2.setName("Organization Two");
            organization2.setCreator("ja");
            organization2.setParent(rootOrganization.getId());
            organization2.setTreeType(treeType.getId());
            organization2 = this.treeNodeService.save(organization2);
            // 
            IdmIdentityContractDto identityWorkPosition = new IdmIdentityContractDto();
            identityWorkPosition.setIdentity(identityAdmin.getId());
            identityWorkPosition.setWorkPosition(organization2.getId());
            identityWorkPosition = identityContractService.save(identityWorkPosition);
            IdmContractGuaranteeDto contractGuarantee = new IdmContractGuaranteeDto();
            contractGuarantee.setIdentityContract(identityWorkPosition.getId());
            contractGuarantee.setGuarantee(identity2.getId());
            contractGuaranteeService.save(contractGuarantee);
            // 
            LOG.info("Demo data was created.");
            // 
            configurationService.setBooleanValue(PARAMETER_DEMO_DATA_CREATED, true);
            // 
            // demo eav identity form
            IdmFormAttributeDto letter = new IdmFormAttributeDto();
            letter.setCode("letter");
            letter.setName("Favorite letter");
            letter.setPlaceholder("Character");
            letter.setDescription("Some favorite character");
            letter.setPersistentType(PersistentType.CHAR);
            letter.setRequired(true);
            letter = formService.saveAttribute(IdmIdentity.class, letter);
            IdmFormAttributeDto phone = new IdmFormAttributeDto();
            phone.setCode(FORM_ATTRIBUTE_PHONE);
            phone.setName("Phone");
            phone.setDescription("Additional identitiy's phone");
            phone.setPersistentType(PersistentType.TEXT);
            phone = formService.saveAttribute(IdmIdentity.class, phone);
            IdmFormAttributeDto description = new IdmFormAttributeDto();
            description.setCode("description");
            description.setName("Description");
            description.setDescription("Some longer optional text (2000 characters)");
            description.setPersistentType(PersistentType.TEXT);
            description.setFaceType(BaseFaceType.TEXTAREA);
            description = formService.saveAttribute(IdmIdentity.class, description);
            IdmFormAttributeDto rich = new IdmFormAttributeDto();
            rich.setCode("rich");
            rich.setName("RichText");
            rich.setDescription("Some rich text (2000 characters)");
            rich.setPersistentType(PersistentType.TEXT);
            description.setFaceType(BaseFaceType.RICHTEXTAREA);
            rich = formService.saveAttribute(IdmIdentity.class, rich);
            IdmFormAttributeDto sure = new IdmFormAttributeDto();
            sure.setCode("sure");
            sure.setName("Registration");
            sure.setPersistentType(PersistentType.BOOLEAN);
            sure.setDefaultValue(Boolean.TRUE.toString());
            sure = formService.saveAttribute(IdmIdentity.class, sure);
            IdmFormAttributeDto intNumber = new IdmFormAttributeDto();
            intNumber.setCode("intNumber");
            intNumber.setName("Int number");
            intNumber.setPersistentType(PersistentType.INT);
            intNumber = formService.saveAttribute(IdmIdentity.class, intNumber);
            IdmFormAttributeDto longNumber = new IdmFormAttributeDto();
            longNumber.setCode("longNumber");
            longNumber.setName("Long number");
            longNumber.setPersistentType(PersistentType.LONG);
            longNumber = formService.saveAttribute(IdmIdentity.class, longNumber);
            IdmFormAttributeDto doubleNumber = new IdmFormAttributeDto();
            doubleNumber.setCode("doubleNumber");
            doubleNumber.setName("Double number");
            doubleNumber.setPersistentType(PersistentType.DOUBLE);
            doubleNumber = formService.saveAttribute(IdmIdentity.class, doubleNumber);
            IdmFormAttributeDto currency = new IdmFormAttributeDto();
            currency.setCode("currency");
            currency.setName("Price");
            currency.setPersistentType(PersistentType.DOUBLE);
            currency.setFaceType(BaseFaceType.CURRENCY);
            currency = formService.saveAttribute(IdmIdentity.class, currency);
            IdmFormAttributeDto date = new IdmFormAttributeDto();
            date.setCode("date");
            date.setName("Date");
            date.setPersistentType(PersistentType.DATE);
            date.setRequired(true);
            date.setDescription("Important date");
            date = formService.saveAttribute(IdmIdentity.class, date);
            IdmFormAttributeDto datetime = new IdmFormAttributeDto();
            datetime.setCode(FORM_ATTRIBUTE_DATETIME);
            datetime.setName("Date and time");
            datetime.setPersistentType(PersistentType.DATETIME);
            datetime = formService.saveAttribute(IdmIdentity.class, datetime);
            IdmFormAttributeDto uuid = new IdmFormAttributeDto();
            uuid.setCode(FORM_ATTRIBUTE_UUID);
            uuid.setName("UUID");
            uuid.setDescription("Some uuid value");
            uuid.setPersistentType(PersistentType.UUID);
            uuid = formService.saveAttribute(IdmIdentity.class, uuid);
            IdmFormAttributeDto webPages = new IdmFormAttributeDto();
            webPages.setCode(FORM_ATTRIBUTE_WWW);
            webPages.setName("WWW");
            webPages.setDescription("Favorite web pages (every line in new value)");
            webPages.setPersistentType(PersistentType.TEXT);
            webPages.setMultiple(true);
            webPages = formService.saveAttribute(IdmIdentity.class, webPages);
            IdmFormAttributeDto password = new IdmFormAttributeDto();
            password.setCode(FORM_ATTRIBUTE_PASSWORD);
            password.setName("Custom password");
            password.setPersistentType(PersistentType.TEXT);
            password.setConfidential(true);
            password.setDescription("Test password");
            password = formService.saveAttribute(IdmIdentity.class, password);
            IdmFormAttributeDto byteArray = new IdmFormAttributeDto();
            byteArray.setCode("byteArray");
            byteArray.setName("Byte array");
            byteArray.setPersistentType(PersistentType.BYTEARRAY);
            byteArray.setConfidential(false);
            byteArray.setDescription("Test byte array");
            byteArray.setPlaceholder("or image :-)");
            byteArray = formService.saveAttribute(IdmIdentity.class, byteArray);
            List<IdmFormValueDto> values = new ArrayList<>();
            IdmFormValueDto phoneValue = new IdmFormValueDto();
            phoneValue.setFormAttribute(phone.getId());
            phoneValue.setStringValue("12345679");
            values.add(phoneValue);
            formService.saveValues(identity.getId(), IdmIdentity.class, null, values);
            // 
            // demo eav role form
            IdmFormAttributeDto roleExt = new IdmFormAttributeDto();
            roleExt.setCode("extAttr");
            roleExt.setName("Ext.attr");
            roleExt.setPersistentType(PersistentType.TEXT);
            roleExt.setConfidential(false);
            roleExt.setDescription("Role's custom extended attribute");
            roleExt = formService.saveAttribute(IdmRole.class, roleExt);
            // 
            // demo eav tree node form
            IdmFormAttributeDto treeNodeExt = new IdmFormAttributeDto();
            treeNodeExt.setCode("extAttr");
            treeNodeExt.setName("Ext.attr");
            treeNodeExt.setPersistentType(PersistentType.TEXT);
            treeNodeExt.setConfidential(false);
            treeNodeExt.setDescription("Tree node's custom extended attribute");
            treeNodeExt = formService.saveAttribute(IdmTreeNode.class, treeNodeExt);
            // 
            // demo eav identity contract's form
            IdmFormAttributeDto identityContractExt = new IdmFormAttributeDto();
            identityContractExt.setCode("extAttr");
            identityContractExt.setName("Ext.attr");
            identityContractExt.setPersistentType(PersistentType.TEXT);
            identityContractExt.setConfidential(false);
            identityContractExt.setDescription("Identity contract's custom extended attribute");
            identityContractExt = formService.saveAttribute(IdmIdentityContract.class, identityContractExt);
        }
    } catch (Exception ex) {
        LOG.warn("Demo data was not created", ex);
    } finally {
        SecurityContextHolder.clearContext();
    }
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmContractGuarantee(eu.bcvsolutions.idm.core.model.entity.IdmContractGuarantee) ArrayList(java.util.ArrayList) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) IdmTreeTypeDto(eu.bcvsolutions.idm.core.api.dto.IdmTreeTypeDto) PageRequest(org.springframework.data.domain.PageRequest) IdmPasswordPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto) IdmIdentityRole(eu.bcvsolutions.idm.core.model.entity.IdmIdentityRole) IdmFormAttributeDto(eu.bcvsolutions.idm.core.eav.api.dto.IdmFormAttributeDto) IdmRole(eu.bcvsolutions.idm.core.model.entity.IdmRole) IdmFormValueDto(eu.bcvsolutions.idm.core.eav.api.dto.IdmFormValueDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIdentityContract(eu.bcvsolutions.idm.core.model.entity.IdmIdentityContract) IdmRoleRequest(eu.bcvsolutions.idm.core.model.entity.IdmRoleRequest) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) IdmAuthorizationPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto) IdmTreeNodeDto(eu.bcvsolutions.idm.core.api.dto.IdmTreeNodeDto) IdmTreeType(eu.bcvsolutions.idm.core.model.entity.IdmTreeType) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) IdmContractGuaranteeDto(eu.bcvsolutions.idm.core.api.dto.IdmContractGuaranteeDto) IdmTreeNode(eu.bcvsolutions.idm.core.model.entity.IdmTreeNode) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) IdmIdentity(eu.bcvsolutions.idm.core.model.entity.IdmIdentity) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)

Example 12 with GuardedString

use of eu.bcvsolutions.idm.core.security.api.domain.GuardedString in project CzechIdMng by bcvsolutions.

the class DefaultIdmPasswordService method save.

@Override
@Transactional
public IdmPasswordDto save(IdmIdentityDto identity, PasswordChangeDto passwordChangeDto) {
    Assert.notNull(identity);
    Assert.notNull(passwordChangeDto);
    Assert.notNull(passwordChangeDto.getNewPassword());
    GuardedString password = passwordChangeDto.getNewPassword();
    // 
    IdmPasswordDto passwordDto = getPasswordByIdentity(identity.getId());
    // 
    if (passwordDto == null) {
        // identity has no password yet
        passwordDto = new IdmPasswordDto();
        passwordDto.setIdentity(identity.getId());
    }
    // 
    if (passwordChangeDto.getMaxPasswordAge() != null) {
        passwordDto.setValidTill(passwordChangeDto.getMaxPasswordAge().toLocalDate());
    } else {
        passwordDto.setValidTill(null);
    }
    // set valid from now
    passwordDto.setValidFrom(new LocalDate());
    // 
    passwordDto.setPassword(this.generateHash(password, getSalt(identity)));
    // 
    // set must change password to false
    passwordDto.setMustChange(false);
    // 
    // reset unsuccessful attempts, after password is changed
    passwordDto.resetUnsuccessfulAttempts();
    // 
    return save(passwordDto);
}
Also used : IdmPasswordDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) LocalDate(org.joda.time.LocalDate) Transactional(org.springframework.transaction.annotation.Transactional)

Example 13 with GuardedString

use of eu.bcvsolutions.idm.core.security.api.domain.GuardedString in project CzechIdMng by bcvsolutions.

the class DefaultIdmNotificationTemplateService method buildMessage.

@Override
public IdmMessageDto buildMessage(IdmMessageDto message, boolean showGuardedString) {
    StringWriter bodyHtml = new StringWriter();
    StringWriter bodyText = new StringWriter();
    StringWriter subject = new StringWriter();
    IdmNotificationTemplateDto template = message.getTemplate() == null ? null : get(message.getTemplate().getId());
    // 
    if (template == null) {
        return message;
    }
    // get parameters from messages
    Map<String, Object> model = message.getParameters();
    // 
    // create copy of parameters
    Map<String, Object> parameters = new HashMap<>();
    // templates, but no parameters
    if (model != null) {
        for (Entry<String, Object> entry : model.entrySet()) {
            if (entry.getValue() instanceof GuardedString && showGuardedString) {
                parameters.put(entry.getKey(), ((GuardedString) entry.getValue()).asString());
            } else if (entry.getValue() instanceof GuardedString) {
                parameters.put(entry.getKey(), ((GuardedString) entry.getValue()).toString());
            } else {
                parameters.put(entry.getKey(), entry.getValue());
            }
        }
    }
    // prepare html, text, subject
    String html = template.getBodyHtml();
    String text = template.getBodyText();
    String subjectString = template.getSubject();
    // Same parameters for all (html, txt, subject)
    VelocityContext velocityContext = getContext(parameters);
    // include some tools from Apache velocity -
    // http://velocity.apache.org/tools/devel/generic.html#tools
    velocityContext.put("display", new DisplayTool());
    velocityContext.put("date", new DateTool());
    // 
    velocityEngine.evaluate(velocityContext, bodyHtml, template.getCode(), html);
    velocityEngine.evaluate(velocityContext, bodyText, template.getCode(), text);
    velocityEngine.evaluate(velocityContext, subject, template.getCode(), subjectString);
    // 
    IdmMessageDto newMessage;
    // if is set model from message build with them
    if (message.getModel() != null) {
        newMessage = new IdmMessageDto.Builder().setHtmlMessage(bodyHtml.toString()).setTextMessage(bodyText.toString()).setSubject(StringUtils.isNotEmpty(subject.toString()) ? subject.toString() : message.getModel().getStatusEnum()).setLevel(// level get from old message
        message.getLevel()).setTemplate(template).setParameters(model).setModel(message.getModel()).build();
    } else {
        // Build IdmMessage
        newMessage = new IdmMessageDto.Builder().setHtmlMessage(bodyHtml.toString()).setTextMessage(bodyText.toString()).setSubject(subject.toString()).setLevel(// level
        message.getLevel()).setTemplate(template).setParameters(model).build();
    }
    // 
    return newMessage;
}
Also used : DisplayTool(org.apache.velocity.tools.generic.DisplayTool) HashMap(java.util.HashMap) VelocityContext(org.apache.velocity.VelocityContext) IdmMessageDto(eu.bcvsolutions.idm.core.notification.api.dto.IdmMessageDto) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) IdmNotificationTemplateDto(eu.bcvsolutions.idm.core.notification.api.dto.IdmNotificationTemplateDto) DateTool(org.apache.velocity.tools.generic.DateTool) StringWriter(java.io.StringWriter)

Example 14 with GuardedString

use of eu.bcvsolutions.idm.core.security.api.domain.GuardedString in project CzechIdMng by bcvsolutions.

the class IdentitySetPasswordProcessorIntegrationTest method testGeneratePassword.

@Test
public void testGeneratePassword() {
    SysSystemDto system = helper.createTestResourceSystem(true);
    // 
    IdmRoleDto role = helper.createRole();
    helper.createRoleSystem(role, system);
    IdmIdentityDto identity = helper.createIdentity();
    IdmIdentityContractDto contract = helper.getPrimeContract(identity.getId());
    contract.setValidFrom(new LocalDate().plusDays(1));
    identityContractService.save(contract);
    identity = identityService.get(identity.getId());
    Assert.assertEquals(IdentityState.FUTURE_CONTRACT, identity.getState());
    helper.createIdentityRole(identity, role);
    // 
    AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
    filter.setIdentityId(identity.getId());
    AccIdentityAccountDto accountIdentityOne = identityAccountService.find(filter, null).getContent().get(0);
    AccAccountDto account = accountService.get(accountIdentityOne.getAccount());
    // Create new password one
    PasswordChangeDto passwordChange = new PasswordChangeDto();
    passwordChange.setAccounts(ImmutableList.of(account.getId().toString()));
    passwordChange.setNewPassword(new GuardedString(IDENTITY_PASSWORD_ONE));
    passwordChange.setIdm(true);
    // 
    // Do change of password for selected accounts
    identityService.passwordChange(identity, passwordChange);
    // 
    // Check correct password One
    TestResource resource = helper.findResource(account.getRealUid());
    Assert.assertNotNull(resource);
    Assert.assertEquals(IDENTITY_PASSWORD_ONE, resource.getPassword());
    // 
    // set contract to valid
    contract.setValidFrom(new LocalDate());
    identityContractService.save(contract);
    identity = identityService.get(identity.getId());
    Assert.assertEquals(IdentityState.VALID, identity.getState());
    // 
    // check password on target system was changed
    resource = helper.findResource(account.getRealUid());
    Assert.assertNotNull(resource);
    Assert.assertNotEquals(IDENTITY_PASSWORD_ONE, resource.getPassword());
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) PasswordChangeDto(eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) TestResource(eu.bcvsolutions.idm.acc.entity.TestResource) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) LocalDate(org.joda.time.LocalDate) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 15 with GuardedString

use of eu.bcvsolutions.idm.core.security.api.domain.GuardedString in project CzechIdMng by bcvsolutions.

the class IdentityAccountManagementTest method overloadedAttributeChangePassword.

@Test
public void overloadedAttributeChangePassword() {
    IdmIdentityDto identity = identityService.getByUsername(IDENTITY_USERNAME);
    AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
    filter.setIdentityId(identity.getId());
    filter.setSystemId(systemService.getByCode(SYSTEM_NAME).getId());
    List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(filter, new PageRequest(0, 1, new Sort(Sort.Direction.ASC, AccIdentityAccount_.created.getName()))).getContent();
    TestResource resourceAccount = helper.findResource("x" + IDENTITY_USERNAME);
    // Create new password two
    PasswordChangeDto passwordChange = new PasswordChangeDto();
    passwordChange.setAccounts(ImmutableList.of(identityAccounts.get(0).getAccount().toString()));
    passwordChange.setNewPassword(new GuardedString(IDENTITY_PASSWORD_TWO));
    passwordChange.setIdm(true);
    // Do change of password for selected accounts
    identityService.passwordChange(identity, passwordChange);
    // Check correct password two
    resourceAccount = helper.findResource("x" + IDENTITY_USERNAME);
    Assert.assertEquals("Check same password on target system", IDENTITY_PASSWORD_TWO, resourceAccount.getPassword());
    // Add overloaded password attribute
    IdmRoleDto rolePassword = roleService.getByCode(ROLE_OVERLOADING_PASSWORD);
    IdmIdentityRoleDto irdto = new IdmIdentityRoleDto();
    irdto.setIdentityContract(identityContractService.findAllByIdentity(identity.getId()).get(0).getId());
    irdto.setRole(rolePassword.getId());
    // This evokes IdentityRole SAVE event. On this event will be start
    // account management and provisioning
    identityRoleService.save(irdto);
    // Do change of password for selected accounts
    passwordChange.setNewPassword(new GuardedString(IDENTITY_PASSWORD_THREE));
    identityService.passwordChange(identity, passwordChange);
    // Check correct overloaded password two
    resourceAccount = helper.findResource("x" + IDENTITY_USERNAME);
    Assert.assertEquals("Check overloaded password (added x) on target system", "x" + IDENTITY_PASSWORD_THREE, resourceAccount.getPassword());
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) PageRequest(org.springframework.data.domain.PageRequest) PasswordChangeDto(eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) Sort(org.springframework.data.domain.Sort) TestResource(eu.bcvsolutions.idm.acc.entity.TestResource) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Aggregations

GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)97 Test (org.junit.Test)61 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)59 AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)49 LoginDto (eu.bcvsolutions.idm.core.security.api.dto.LoginDto)40 IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)30 SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)26 PasswordChangeDto (eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto)20 ArrayList (java.util.ArrayList)13 IdmAuthorizationPolicyDto (eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto)11 IcConnectorObject (eu.bcvsolutions.idm.ic.api.IcConnectorObject)11 AccIdentityAccountDto (eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)10 AccIdentityAccountFilter (eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter)9 HashMap (java.util.HashMap)9 IdmIdentityContractDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)8 Transactional (org.springframework.transaction.annotation.Transactional)8 ProvisioningAttributeDto (eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto)7 SysSystemAttributeMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)7 IdmRole (eu.bcvsolutions.idm.core.model.entity.IdmRole)7 List (java.util.List)7