Search in sources :

Example 1 with PasswordPolicyTO

use of org.apache.syncope.common.lib.policy.PasswordPolicyTO in project syncope by apache.

the class UserIssuesITCase method issueSYNCOPE626.

@Test
public void issueSYNCOPE626() {
    DefaultPasswordRuleConf ruleConf = new DefaultPasswordRuleConf();
    ruleConf.setUsernameAllowed(false);
    ImplementationTO rule = new ImplementationTO();
    rule.setKey("DefaultPasswordRuleConf" + getUUIDString());
    rule.setEngine(ImplementationEngine.JAVA);
    rule.setType(ImplementationType.PASSWORD_RULE);
    rule.setBody(POJOHelper.serialize(ruleConf));
    Response response = implementationService.create(rule);
    rule.setKey(response.getHeaderString(RESTHeaders.RESOURCE_KEY));
    PasswordPolicyTO passwordPolicy = new PasswordPolicyTO();
    passwordPolicy.setDescription("Password Policy for SYNCOPE-626");
    passwordPolicy.getRules().add(rule.getKey());
    passwordPolicy = createPolicy(PolicyType.PASSWORD, passwordPolicy);
    assertNotNull(passwordPolicy);
    RealmTO realm = realmService.list("/even/two").get(0);
    String oldPasswordPolicy = realm.getPasswordPolicy();
    realm.setPasswordPolicy(passwordPolicy.getKey());
    realmService.update(realm);
    try {
        UserTO user = UserITCase.getUniqueSampleTO("syncope626@syncope.apache.org");
        user.setRealm(realm.getFullPath());
        user.setPassword(user.getUsername());
        try {
            createUser(user);
            fail("This should not happen");
        } catch (SyncopeClientException e) {
            assertEquals(ClientExceptionType.InvalidUser, e.getType());
            assertTrue(e.getElements().iterator().next().startsWith("InvalidPassword"));
        }
        user.setPassword("password123");
        user = createUser(user).getEntity();
        assertNotNull(user);
    } finally {
        realm.setPasswordPolicy(oldPasswordPolicy);
        realmService.update(realm);
        policyService.delete(PolicyType.PASSWORD, passwordPolicy.getKey());
    }
}
Also used : ImplementationTO(org.apache.syncope.common.lib.to.ImplementationTO) Response(javax.ws.rs.core.Response) DefaultPasswordRuleConf(org.apache.syncope.common.lib.policy.DefaultPasswordRuleConf) UserTO(org.apache.syncope.common.lib.to.UserTO) RealmTO(org.apache.syncope.common.lib.to.RealmTO) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) PasswordPolicyTO(org.apache.syncope.common.lib.policy.PasswordPolicyTO) Test(org.junit.jupiter.api.Test)

Example 2 with PasswordPolicyTO

use of org.apache.syncope.common.lib.policy.PasswordPolicyTO in project syncope by apache.

the class UserITCase method customPolicyRules.

@Test
public void customPolicyRules() {
    // Using custom policy rules with application/xml requires to overwrite
    // org.apache.syncope.common.lib.policy.AbstractAccountRuleConf's and / or
    // org.apache.syncope.common.lib.policy.AbstractPasswordRuleConf's
    // @XmlSeeAlso - the power of JAXB :-/
    assumeTrue(MediaType.APPLICATION_JSON_TYPE.equals(clientFactory.getContentType().getMediaType()));
    ImplementationTO implementationTO = new ImplementationTO();
    implementationTO.setKey("TestAccountRuleConf" + UUID.randomUUID().toString());
    implementationTO.setEngine(ImplementationEngine.JAVA);
    implementationTO.setType(ImplementationType.ACCOUNT_RULE);
    implementationTO.setBody(POJOHelper.serialize(new TestAccountRuleConf()));
    Response response = implementationService.create(implementationTO);
    implementationTO.setKey(response.getHeaderString(RESTHeaders.RESOURCE_KEY));
    AccountPolicyTO accountPolicy = new AccountPolicyTO();
    accountPolicy.setDescription("Account Policy with custom rules");
    accountPolicy.getRules().add(implementationTO.getKey());
    accountPolicy = createPolicy(PolicyType.ACCOUNT, accountPolicy);
    assertNotNull(accountPolicy);
    implementationTO = new ImplementationTO();
    implementationTO.setKey("TestPasswordRuleConf" + UUID.randomUUID().toString());
    implementationTO.setEngine(ImplementationEngine.JAVA);
    implementationTO.setType(ImplementationType.PASSWORD_RULE);
    implementationTO.setBody(POJOHelper.serialize(new TestPasswordRuleConf()));
    response = implementationService.create(implementationTO);
    implementationTO.setKey(response.getHeaderString(RESTHeaders.RESOURCE_KEY));
    PasswordPolicyTO passwordPolicy = new PasswordPolicyTO();
    passwordPolicy.setDescription("Password Policy with custom rules");
    passwordPolicy.getRules().add(implementationTO.getKey());
    passwordPolicy = createPolicy(PolicyType.PASSWORD, passwordPolicy);
    assertNotNull(passwordPolicy);
    RealmTO realm = realmService.list("/even/two").get(0);
    String oldAccountPolicy = realm.getAccountPolicy();
    realm.setAccountPolicy(accountPolicy.getKey());
    String oldPasswordPolicy = realm.getPasswordPolicy();
    realm.setPasswordPolicy(passwordPolicy.getKey());
    realmService.update(realm);
    try {
        UserTO user = getUniqueSampleTO("custompolicyrules@syncope.apache.org");
        user.setRealm(realm.getFullPath());
        try {
            createUser(user);
            fail("This should not happen");
        } catch (SyncopeClientException e) {
            assertEquals(ClientExceptionType.InvalidUser, e.getType());
            assertTrue(e.getElements().iterator().next().startsWith("InvalidPassword"));
        }
        user.setPassword(user.getPassword() + "XXX");
        try {
            createUser(user);
            fail("This should not happen");
        } catch (SyncopeClientException e) {
            assertEquals(ClientExceptionType.InvalidUser, e.getType());
            assertTrue(e.getElements().iterator().next().startsWith("InvalidUsername"));
        }
        user.setUsername("YYY" + user.getUsername());
        user = createUser(user).getEntity();
        assertNotNull(user);
    } finally {
        realm.setAccountPolicy(oldAccountPolicy);
        realm.setPasswordPolicy(oldPasswordPolicy);
        realmService.update(realm);
        policyService.delete(PolicyType.PASSWORD, passwordPolicy.getKey());
        policyService.delete(PolicyType.ACCOUNT, accountPolicy.getKey());
    }
}
Also used : ImplementationTO(org.apache.syncope.common.lib.to.ImplementationTO) Response(javax.ws.rs.core.Response) TestPasswordRuleConf(org.apache.syncope.fit.core.reference.TestPasswordRuleConf) UserTO(org.apache.syncope.common.lib.to.UserTO) RealmTO(org.apache.syncope.common.lib.to.RealmTO) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) AccountPolicyTO(org.apache.syncope.common.lib.policy.AccountPolicyTO) TestAccountRuleConf(org.apache.syncope.fit.core.reference.TestAccountRuleConf) PasswordPolicyTO(org.apache.syncope.common.lib.policy.PasswordPolicyTO) Test(org.junit.jupiter.api.Test)

Example 3 with PasswordPolicyTO

use of org.apache.syncope.common.lib.policy.PasswordPolicyTO in project syncope by apache.

the class PolicyITCase method update.

@Test
public void update() {
    PasswordPolicyTO globalPolicy = policyService.read(PolicyType.PASSWORD, "ce93fcda-dc3a-4369-a7b0-a6108c261c85");
    PasswordPolicyTO policy = SerializationUtils.clone(globalPolicy);
    policy.setDescription("A simple password policy");
    // create a new password policy using the former as a template
    policy = createPolicy(PolicyType.PASSWORD, policy);
    assertNotNull(policy);
    assertNotEquals("ce93fcda-dc3a-4369-a7b0-a6108c261c85", policy.getKey());
    ImplementationTO rule = implementationService.read(ImplementationType.PASSWORD_RULE, policy.getRules().get(0));
    assertNotNull(rule);
    DefaultPasswordRuleConf ruleConf = POJOHelper.deserialize(rule.getBody(), DefaultPasswordRuleConf.class);
    ruleConf.setMaxLength(22);
    rule.setBody(POJOHelper.serialize(ruleConf));
    // update new password policy
    policyService.update(PolicyType.PASSWORD, policy);
    policy = policyService.read(PolicyType.PASSWORD, policy.getKey());
    assertNotNull(policy);
    ruleConf = POJOHelper.deserialize(rule.getBody(), DefaultPasswordRuleConf.class);
    assertEquals(22, ruleConf.getMaxLength());
    assertEquals(8, ruleConf.getMinLength());
}
Also used : ImplementationTO(org.apache.syncope.common.lib.to.ImplementationTO) DefaultPasswordRuleConf(org.apache.syncope.common.lib.policy.DefaultPasswordRuleConf) PasswordPolicyTO(org.apache.syncope.common.lib.policy.PasswordPolicyTO) Test(org.junit.jupiter.api.Test)

Example 4 with PasswordPolicyTO

use of org.apache.syncope.common.lib.policy.PasswordPolicyTO in project syncope by apache.

the class PolicyDataBinderImpl method getPolicy.

@SuppressWarnings("unchecked")
private <T extends Policy> T getPolicy(final T policy, final PolicyTO policyTO) {
    T result = policy;
    if (policyTO instanceof PasswordPolicyTO) {
        if (result == null) {
            result = (T) entityFactory.newEntity(PasswordPolicy.class);
        }
        PasswordPolicy passwordPolicy = PasswordPolicy.class.cast(result);
        PasswordPolicyTO passwordPolicyTO = PasswordPolicyTO.class.cast(policyTO);
        passwordPolicy.setAllowNullPassword(passwordPolicyTO.isAllowNullPassword());
        passwordPolicy.setHistoryLength(passwordPolicyTO.getHistoryLength());
        passwordPolicyTO.getRules().forEach(ruleKey -> {
            Implementation rule = implementationDAO.find(ruleKey);
            if (rule == null) {
                LOG.debug("Invalid " + Implementation.class.getSimpleName() + " {}, ignoring...", ruleKey);
            } else {
                passwordPolicy.add(rule);
            }
        });
        // remove all implementations not contained in the TO
        passwordPolicy.getRules().removeIf(implementation -> !passwordPolicyTO.getRules().contains(implementation.getKey()));
    } else if (policyTO instanceof AccountPolicyTO) {
        if (result == null) {
            result = (T) entityFactory.newEntity(AccountPolicy.class);
        }
        AccountPolicy accountPolicy = AccountPolicy.class.cast(result);
        AccountPolicyTO accountPolicyTO = AccountPolicyTO.class.cast(policyTO);
        accountPolicy.setMaxAuthenticationAttempts(accountPolicyTO.getMaxAuthenticationAttempts());
        accountPolicy.setPropagateSuspension(accountPolicyTO.isPropagateSuspension());
        accountPolicyTO.getRules().forEach(ruleKey -> {
            Implementation rule = implementationDAO.find(ruleKey);
            if (rule == null) {
                LOG.debug("Invalid " + Implementation.class.getSimpleName() + " {}, ignoring...", ruleKey);
            } else {
                accountPolicy.add(rule);
            }
        });
        // remove all implementations not contained in the TO
        accountPolicy.getRules().removeIf(implementation -> !accountPolicyTO.getRules().contains(implementation.getKey()));
        accountPolicy.getResources().clear();
        accountPolicyTO.getPassthroughResources().forEach(resourceName -> {
            ExternalResource resource = resourceDAO.find(resourceName);
            if (resource == null) {
                LOG.debug("Ignoring invalid resource {} ", resourceName);
            } else {
                accountPolicy.add(resource);
            }
        });
    } else if (policyTO instanceof PullPolicyTO) {
        if (result == null) {
            result = (T) entityFactory.newEntity(PullPolicy.class);
        }
        PullPolicy pullPolicy = PullPolicy.class.cast(result);
        PullPolicyTO pullPolicyTO = PullPolicyTO.class.cast(policyTO);
        pullPolicy.setConflictResolutionAction(pullPolicyTO.getConflictResolutionAction());
        pullPolicyTO.getCorrelationRules().forEach((type, impl) -> {
            AnyType anyType = anyTypeDAO.find(type);
            if (anyType == null) {
                LOG.debug("Invalid AnyType {} specified, ignoring...", type);
            } else {
                CorrelationRule correlationRule = pullPolicy.getCorrelationRule(anyType).orElse(null);
                if (correlationRule == null) {
                    correlationRule = entityFactory.newEntity(CorrelationRule.class);
                    correlationRule.setAnyType(anyType);
                    correlationRule.setPullPolicy(pullPolicy);
                    pullPolicy.add(correlationRule);
                }
                Implementation rule = implementationDAO.find(impl);
                if (rule == null) {
                    throw new NotFoundException("Implementation " + type);
                }
                correlationRule.setImplementation(rule);
            }
        });
        // remove all rules not contained in the TO
        pullPolicy.getCorrelationRules().removeIf(anyFilter -> !pullPolicyTO.getCorrelationRules().containsKey(anyFilter.getAnyType().getKey()));
    }
    if (result != null) {
        result.setDescription(policyTO.getDescription());
    }
    return result;
}
Also used : PullPolicy(org.apache.syncope.core.persistence.api.entity.policy.PullPolicy) Realm(org.apache.syncope.core.persistence.api.entity.Realm) LoggerFactory(org.slf4j.LoggerFactory) AnyType(org.apache.syncope.core.persistence.api.entity.AnyType) Autowired(org.springframework.beans.factory.annotation.Autowired) Entity(org.apache.syncope.core.persistence.api.entity.Entity) PolicyDataBinder(org.apache.syncope.core.provisioning.api.data.PolicyDataBinder) PasswordPolicy(org.apache.syncope.core.persistence.api.entity.policy.PasswordPolicy) RealmDAO(org.apache.syncope.core.persistence.api.dao.RealmDAO) ImplementationDAO(org.apache.syncope.core.persistence.api.dao.ImplementationDAO) PolicyTO(org.apache.syncope.common.lib.policy.PolicyTO) PasswordPolicyTO(org.apache.syncope.common.lib.policy.PasswordPolicyTO) Logger(org.slf4j.Logger) Policy(org.apache.syncope.core.persistence.api.entity.policy.Policy) Implementation(org.apache.syncope.core.persistence.api.entity.Implementation) Collectors(java.util.stream.Collectors) AnyTypeDAO(org.apache.syncope.core.persistence.api.dao.AnyTypeDAO) NotFoundException(org.apache.syncope.core.persistence.api.dao.NotFoundException) EntityFactory(org.apache.syncope.core.persistence.api.entity.EntityFactory) ExternalResource(org.apache.syncope.core.persistence.api.entity.resource.ExternalResource) AccountPolicy(org.apache.syncope.core.persistence.api.entity.policy.AccountPolicy) Component(org.springframework.stereotype.Component) CorrelationRule(org.apache.syncope.core.persistence.api.entity.policy.CorrelationRule) AccountPolicyTO(org.apache.syncope.common.lib.policy.AccountPolicyTO) PullPolicyTO(org.apache.syncope.common.lib.policy.PullPolicyTO) ExternalResourceDAO(org.apache.syncope.core.persistence.api.dao.ExternalResourceDAO) PullPolicyTO(org.apache.syncope.common.lib.policy.PullPolicyTO) NotFoundException(org.apache.syncope.core.persistence.api.dao.NotFoundException) AccountPolicyTO(org.apache.syncope.common.lib.policy.AccountPolicyTO) ExternalResource(org.apache.syncope.core.persistence.api.entity.resource.ExternalResource) Implementation(org.apache.syncope.core.persistence.api.entity.Implementation) AccountPolicy(org.apache.syncope.core.persistence.api.entity.policy.AccountPolicy) PasswordPolicy(org.apache.syncope.core.persistence.api.entity.policy.PasswordPolicy) PullPolicy(org.apache.syncope.core.persistence.api.entity.policy.PullPolicy) CorrelationRule(org.apache.syncope.core.persistence.api.entity.policy.CorrelationRule) AnyType(org.apache.syncope.core.persistence.api.entity.AnyType) PasswordPolicyTO(org.apache.syncope.common.lib.policy.PasswordPolicyTO)

Example 5 with PasswordPolicyTO

use of org.apache.syncope.common.lib.policy.PasswordPolicyTO in project syncope by apache.

the class PolicyDataBinderImpl method getPolicyTO.

@SuppressWarnings("unchecked")
@Override
public <T extends PolicyTO> T getPolicyTO(final Policy policy) {
    T policyTO = null;
    if (policy instanceof PasswordPolicy) {
        PasswordPolicy passwordPolicy = PasswordPolicy.class.cast(policy);
        PasswordPolicyTO passwordPolicyTO = new PasswordPolicyTO();
        policyTO = (T) passwordPolicyTO;
        passwordPolicyTO.setAllowNullPassword(passwordPolicy.isAllowNullPassword());
        passwordPolicyTO.setHistoryLength(passwordPolicy.getHistoryLength());
        passwordPolicyTO.getRules().addAll(passwordPolicy.getRules().stream().map(Entity::getKey).collect(Collectors.toList()));
    } else if (policy instanceof AccountPolicy) {
        AccountPolicy accountPolicy = AccountPolicy.class.cast(policy);
        AccountPolicyTO accountPolicyTO = new AccountPolicyTO();
        policyTO = (T) accountPolicyTO;
        accountPolicyTO.setMaxAuthenticationAttempts(accountPolicy.getMaxAuthenticationAttempts());
        accountPolicyTO.setPropagateSuspension(accountPolicy.isPropagateSuspension());
        accountPolicyTO.getRules().addAll(accountPolicy.getRules().stream().map(Entity::getKey).collect(Collectors.toList()));
        accountPolicyTO.getPassthroughResources().addAll(accountPolicy.getResources().stream().map(Entity::getKey).collect(Collectors.toList()));
    } else if (policy instanceof PullPolicy) {
        PullPolicy pullPolicy = PullPolicy.class.cast(policy);
        PullPolicyTO pullPolicyTO = new PullPolicyTO();
        policyTO = (T) pullPolicyTO;
        pullPolicyTO.setConflictResolutionAction(((PullPolicy) policy).getConflictResolutionAction());
        pullPolicy.getCorrelationRules().forEach(rule -> {
            pullPolicyTO.getCorrelationRules().put(rule.getAnyType().getKey(), rule.getImplementation().getKey());
        });
    }
    if (policyTO != null) {
        policyTO.setKey(policy.getKey());
        policyTO.setDescription(policy.getDescription());
        for (ExternalResource resource : resourceDAO.findByPolicy(policy)) {
            policyTO.getUsedByResources().add(resource.getKey());
        }
        for (Realm realm : realmDAO.findByPolicy(policy)) {
            policyTO.getUsedByRealms().add(realm.getFullPath());
        }
    }
    return policyTO;
}
Also used : Entity(org.apache.syncope.core.persistence.api.entity.Entity) AccountPolicy(org.apache.syncope.core.persistence.api.entity.policy.AccountPolicy) PullPolicyTO(org.apache.syncope.common.lib.policy.PullPolicyTO) PasswordPolicy(org.apache.syncope.core.persistence.api.entity.policy.PasswordPolicy) PullPolicy(org.apache.syncope.core.persistence.api.entity.policy.PullPolicy) AccountPolicyTO(org.apache.syncope.common.lib.policy.AccountPolicyTO) ExternalResource(org.apache.syncope.core.persistence.api.entity.resource.ExternalResource) Realm(org.apache.syncope.core.persistence.api.entity.Realm) PasswordPolicyTO(org.apache.syncope.common.lib.policy.PasswordPolicyTO)

Aggregations

PasswordPolicyTO (org.apache.syncope.common.lib.policy.PasswordPolicyTO)6 Test (org.junit.jupiter.api.Test)4 AccountPolicyTO (org.apache.syncope.common.lib.policy.AccountPolicyTO)3 ImplementationTO (org.apache.syncope.common.lib.to.ImplementationTO)3 Response (javax.ws.rs.core.Response)2 SyncopeClientException (org.apache.syncope.common.lib.SyncopeClientException)2 DefaultPasswordRuleConf (org.apache.syncope.common.lib.policy.DefaultPasswordRuleConf)2 PullPolicyTO (org.apache.syncope.common.lib.policy.PullPolicyTO)2 RealmTO (org.apache.syncope.common.lib.to.RealmTO)2 UserTO (org.apache.syncope.common.lib.to.UserTO)2 Entity (org.apache.syncope.core.persistence.api.entity.Entity)2 Realm (org.apache.syncope.core.persistence.api.entity.Realm)2 AccountPolicy (org.apache.syncope.core.persistence.api.entity.policy.AccountPolicy)2 PasswordPolicy (org.apache.syncope.core.persistence.api.entity.policy.PasswordPolicy)2 PullPolicy (org.apache.syncope.core.persistence.api.entity.policy.PullPolicy)2 ExternalResource (org.apache.syncope.core.persistence.api.entity.resource.ExternalResource)2 Collectors (java.util.stream.Collectors)1 PolicyTO (org.apache.syncope.common.lib.policy.PolicyTO)1 AnyTypeDAO (org.apache.syncope.core.persistence.api.dao.AnyTypeDAO)1 ExternalResourceDAO (org.apache.syncope.core.persistence.api.dao.ExternalResourceDAO)1