use of eu.bcvsolutions.idm.core.security.api.domain.GuardedString in project CzechIdMng by bcvsolutions.
the class BasicIdmAuthenticationFilterTest method testDisableIdmPasswordChangeViaRest.
@Test
public void testDisableIdmPasswordChangeViaRest() throws JsonProcessingException {
String testPassword = "testPassword";
String newTestPassword = "newTestPassword";
//
this.loginAsAdmin(TEST_ADMIN_USERNAME);
configurationService.setBooleanValue(IdentityConfiguration.PROPERTY_PUBLIC_CHANGE_PASSWORD_FOR_IDM_ENABLED, false);
//
// create identity
IdmIdentityDto identity = createIdentityInTransaction(testPassword);
// allow password change
IdmRoleDto roleWithPermission = testHelper.createRole();
testHelper.createAuthorizationPolicy(roleWithPermission.getId(), CoreGroupPermission.IDENTITY, IdmIdentity.class, SelfIdentityEvaluator.class, IdentityBasePermission.PASSWORDCHANGE);
testHelper.assignRoles(testHelper.getPrimeContract(identity.getId()), roleWithPermission);
this.logout();
authorizationPolicyService.getDefaultAuthorities(identity.getId());
PasswordChangeDto passwordChangeDto = new PasswordChangeDto();
passwordChangeDto.setAll(true);
passwordChangeDto.setIdm(true);
passwordChangeDto.setNewPassword(new GuardedString(newTestPassword));
passwordChangeDto.setOldPassword(new GuardedString(testPassword));
List<OperationResult> passwordChangeResults = passwordChangeController.passwordChange(identity.getUsername(), passwordChangeDto);
assertEquals(0, passwordChangeResults.size());
}
use of eu.bcvsolutions.idm.core.security.api.domain.GuardedString in project CzechIdMng by bcvsolutions.
the class DefaultSysProvisioningOperationService method getFullAccountObject.
/**
* Returns fully loaded AccountObject with guarded strings.
*
* @param provisioningOperation
* @return
*/
@Override
public Map<ProvisioningAttributeDto, Object> getFullAccountObject(SysProvisioningOperationDto provisioningOperation) {
if (provisioningOperation == null || provisioningOperation.getProvisioningContext() == null || provisioningOperation.getProvisioningContext().getAccountObject() == null) {
return null;
}
//
Map<ProvisioningAttributeDto, Object> fullAccountObject = new HashMap<>();
Map<ProvisioningAttributeDto, Object> accountObject = provisioningOperation.getProvisioningContext().getAccountObject();
for (Entry<ProvisioningAttributeDto, Object> entry : accountObject.entrySet()) {
if (entry.getValue() == null) {
fullAccountObject.put(entry.getKey(), entry.getValue());
continue;
}
Object idmValue = entry.getValue();
// single value
if (idmValue instanceof ConfidentialString) {
fullAccountObject.put(entry.getKey(), confidentialStorage.getGuardedString(provisioningOperation.getId(), SysProvisioningOperation.class, ((ConfidentialString) idmValue).getKey()));
continue;
}
// array
if (idmValue.getClass().isArray()) {
if (!idmValue.getClass().getComponentType().isPrimitive()) {
// objects only, we dont want pto proces byte, boolean etc.
Object[] idmValues = (Object[]) idmValue;
List<GuardedString> processedValues = new ArrayList<>();
for (int j = 0; j < idmValues.length; j++) {
Object singleValue = idmValues[j];
if (singleValue instanceof ConfidentialString) {
processedValues.add(confidentialStorage.getGuardedString(provisioningOperation.getId(), SysProvisioningOperation.class, ((ConfidentialString) singleValue).getKey()));
}
}
if (!processedValues.isEmpty()) {
fullAccountObject.put(entry.getKey(), processedValues.toArray(new GuardedString[processedValues.size()]));
continue;
}
}
} else // collection
if (idmValue instanceof Collection) {
Collection<?> idmValues = (Collection<?>) idmValue;
List<GuardedString> processedValues = new ArrayList<>();
idmValues.forEach(singleValue -> {
if (singleValue instanceof ConfidentialString) {
processedValues.add(confidentialStorage.getGuardedString(provisioningOperation.getId(), SysProvisioningOperation.class, ((ConfidentialString) singleValue).getKey()));
}
});
if (!processedValues.isEmpty()) {
fullAccountObject.put(entry.getKey(), processedValues);
continue;
}
}
// copy value
fullAccountObject.put(entry.getKey(), entry.getValue());
}
return fullAccountObject;
}
use of eu.bcvsolutions.idm.core.security.api.domain.GuardedString in project CzechIdMng by bcvsolutions.
the class DefaultSysProvisioningOperationService method getFullConnectorObject.
/**
* Returns fully loaded ConnectorObject with guarded strings.
*
* TODO: don't update connectorObject in provisioningOperation (needs attribute defensive clone)
*
* @param provisioningOperation
* @return
*/
@Override
public IcConnectorObject getFullConnectorObject(SysProvisioningOperationDto provisioningOperation) {
if (provisioningOperation == null || provisioningOperation.getProvisioningContext() == null || provisioningOperation.getProvisioningContext().getConnectorObject() == null) {
return null;
}
List<IcAttribute> attributes = new ArrayList<>();
//
IcConnectorObject connectorObject = provisioningOperation.getProvisioningContext().getConnectorObject();
connectorObject.getAttributes().forEach(attribute -> {
IcAttribute attributeCopy = null;
if (attribute.isMultiValue()) {
List<Object> values = (List<Object>) attribute.getValues();
attributeCopy = new IcAttributeImpl(attribute.getName(), values, true);
} else if (attribute instanceof IcPasswordAttribute && attribute.getValue() != null) {
attributeCopy = new IcPasswordAttributeImpl(attribute.getName(), confidentialStorage.getGuardedString(provisioningOperation.getId(), SysProvisioningOperation.class, ((ConfidentialString) attribute.getValue()).getKey()));
} else if (attribute instanceof IcPasswordAttribute && attribute.getValue() == null) {
attributeCopy = new IcPasswordAttributeImpl(attribute.getName(), (GuardedString) null);
} else {
attributeCopy = new IcAttributeImpl(attribute.getName(), attribute.getValue());
}
attributes.add(attributeCopy);
});
IcConnectorObject newConnectorObject = new IcConnectorObjectImpl(connectorObject.getUidValue(), connectorObject.getObjectClass(), attributes);
return newConnectorObject;
}
use of eu.bcvsolutions.idm.core.security.api.domain.GuardedString in project CzechIdMng by bcvsolutions.
the class DefaultSysSystemAttributeMappingService method getAttributeValue.
/**
* Find value for this mapped attribute by property name. Returned value can be list of objects. Returns transformed value.
*
* @param uid - Account identifier
* @param entity
* @param attributeHandling
* @param idmValue
* @return
* @throws IntrospectionException
* @throws IllegalAccessException
* @throws InvocationTargetException
*/
@Override
public Object getAttributeValue(String uid, AbstractDto entity, AttributeMapping attributeHandling) {
Object idmValue = null;
//
SysSchemaAttributeDto schemaAttributeDto = getSchemaAttribute(attributeHandling);
//
if (attributeHandling.isExtendedAttribute() && entity != null && formService.isFormable(entity.getClass())) {
List<IdmFormValueDto> formValues = formService.getValues(entity, attributeHandling.getIdmPropertyName());
if (formValues.isEmpty()) {
idmValue = null;
} else if (schemaAttributeDto.isMultivalued()) {
// Multiple value extended attribute
List<Object> values = new ArrayList<>();
formValues.stream().forEachOrdered(formValue -> {
values.add(formValue.getValue());
});
idmValue = values;
} else {
// Single value extended attribute
IdmFormValueDto formValue = formValues.get(0);
if (formValue.isConfidential()) {
Object confidentialValue = formService.getConfidentialPersistentValue(formValue);
// If is confidential value String and schema attribute is GuardedString type, then convert to GuardedString will be did.
if (confidentialValue instanceof String && schemaAttributeDto.getClassType().equals(GuardedString.class.getName())) {
idmValue = new GuardedString((String) confidentialValue);
} else {
idmValue = confidentialValue;
}
} else {
idmValue = formValue.getValue();
}
}
} else // Find value from entity
if (attributeHandling.isEntityAttribute()) {
if (attributeHandling.isConfidentialAttribute()) {
// If is attribute isConfidential, then we will find value in
// secured storage
idmValue = confidentialStorage.getGuardedString(entity.getId(), entity.getClass(), attributeHandling.getIdmPropertyName());
} else {
try {
// We will search value directly in entity by property name
idmValue = EntityUtils.getEntityValue(entity, attributeHandling.getIdmPropertyName());
} catch (IntrospectionException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | ProvisioningException o_O) {
throw new ProvisioningException(AccResultCode.PROVISIONING_IDM_FIELD_NOT_FOUND, ImmutableMap.of("property", attributeHandling.getIdmPropertyName(), "entityType", entity.getClass()), o_O);
}
}
} else {
// If Attribute value is not in entity nor in extended attribute, then idmValue is null.
// It means attribute is static ... we will call transformation to resource.
}
return this.transformValueToResource(uid, idmValue, attributeHandling, entity);
}
use of eu.bcvsolutions.idm.core.security.api.domain.GuardedString in project CzechIdMng by bcvsolutions.
the class DefaultIdmPasswordServiceIntegrationTest method testResetUsuccessfulAttemptsAfterPasswordChange.
@Test
@Transactional
public void testResetUsuccessfulAttemptsAfterPasswordChange() {
IdmIdentityDto identity = testHelper.createIdentity();
// login
LoginDto loginDto = new LoginDto();
loginDto.setUsername(identity.getUsername());
loginDto.setPassword(new GuardedString("wrong"));
try {
loginController.login(loginDto);
} catch (IdmAuthenticationException ex) {
// nothing
}
try {
loginController.login(loginDto);
} catch (IdmAuthenticationException ex) {
// nothing
}
IdmPasswordDto password = passwordService.findOneByIdentity(identity.getId());
//
Assert.assertEquals(2, password.getUnsuccessfulAttempts());
//
// password change
PasswordChangeDto passwordChange = new PasswordChangeDto();
passwordChange.setIdm(true);
passwordChange.setNewPassword(new GuardedString("new"));
passwordService.save(identity, passwordChange);
//
password = passwordService.findOneByIdentity(identity.getId());
//
Assert.assertEquals(0, password.getUnsuccessfulAttempts());
}
Aggregations