Example 1 with DynRealmTO
use of org.apache.syncope.common.lib.to.DynRealmTO in project syncope by apache.
the class DynRealmITCase method misc.
@Test
public void misc() {
DynRealmTO dynRealm = null;
try {
dynRealm = new DynRealmTO();
dynRealm.setKey("/name" + getUUIDString());
dynRealm.getDynMembershipConds().put(AnyTypeKind.USER.name(), "cool==true");
// invalid key (starts with /)
try {
dynRealmService.create(dynRealm);
fail("This should not happen");
} catch (SyncopeClientException e) {
assertEquals(ClientExceptionType.InvalidDynRealm, e.getType());
}
dynRealm.setKey("name" + getUUIDString());
Response response = dynRealmService.create(dynRealm);
dynRealm = getObject(response.getLocation(), DynRealmService.class, DynRealmTO.class);
assertNotNull(dynRealm);
PagedResult<UserTO> matching = userService.search(new AnyQuery.Builder().fiql("cool==true").build());
assertNotNull(matching);
assertNotEquals(0, matching.getSize());
UserTO user = matching.getResult().get(0);
assertTrue(user.getDynRealms().contains(dynRealm.getKey()));
} finally {
if (dynRealm != null) {
dynRealmService.delete(dynRealm.getKey());
}
}
}
Also used :
Response(javax.ws.rs.core.Response)
DynRealmService(org.apache.syncope.common.rest.api.service.DynRealmService)
UserTO(org.apache.syncope.common.lib.to.UserTO)
SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException)
DynRealmTO(org.apache.syncope.common.lib.to.DynRealmTO)
AnyQuery(org.apache.syncope.common.rest.api.beans.AnyQuery)
Test(org.junit.jupiter.api.Test)
Example 2 with DynRealmTO
use of org.apache.syncope.common.lib.to.DynRealmTO in project syncope by apache.
the class RealmChoicePanel method reloadRealmTree.
public final void reloadRealmTree() {
final Label realmLabel = new Label("realmLabel", new Model<>());
realmLabel.setOutputMarkupId(true);
container.addOrReplace(realmLabel);
if (model.getObject().getFullPath().startsWith(SyncopeConstants.ROOT_REALM)) {
realmLabel.setDefaultModel(new ResourceModel("realmLabel", "Realm"));
} else {
realmLabel.setDefaultModel(new ResourceModel("dynRealmLabel", "Dynamic Realm"));
}
final Label label = new Label("realm", model.getObject().getFullPath());
label.setOutputMarkupId(true);
container.addOrReplace(label);
final DropDownButton realms = new DropDownButton("realms", new ResourceModel("select", ""), new Model<IconType>(GlyphIconType.folderopen)) {
private static final long serialVersionUID = -5560086780455361131L;
@Override
protected List<AbstractLink> newSubMenuButtons(final String buttonMarkupId) {
RealmChoicePanel.this.links.clear();
RealmChoicePanel.this.links.add(new BootstrapAjaxLink<RealmTO>(ButtonList.getButtonMarkupId(), new Model<RealmTO>(), Buttons.Type.Link, new ResourceModel("realms", "Realms")) {
private static final long serialVersionUID = -7978723352517770744L;
@Override
public void onClick(final AjaxRequestTarget target) {
}
@Override
public boolean isEnabled() {
return false;
}
@Override
protected void onComponentTag(final ComponentTag tag) {
tag.put("class", "panel box box-primary box-header with-border");
tag.put("style", "margin: 20px 5px 0px 5px; width: 90%");
}
});
for (Pair<String, RealmTO> link : realmTree.getObject()) {
final RealmTO realmTO = link.getValue();
RealmChoicePanel.this.links.add(new BootstrapAjaxLink<RealmTO>(ButtonList.getButtonMarkupId(), Model.of(realmTO), Buttons.Type.Link, new Model<>(link.getKey())) {
private static final long serialVersionUID = -7978723352517770644L;
@Override
public void onClick(final AjaxRequestTarget target) {
model.setObject(realmTO);
label.setDefaultModelObject(model.getObject().getFullPath());
realmLabel.setDefaultModel(new ResourceModel("realmLabel", "Realm"));
target.add(label);
send(pageRef.getPage(), Broadcast.EXACT, new ChosenRealm<>(realmTO, target));
}
@Override
public boolean isEnabled() {
return availableRealms.stream().anyMatch(availableRealm -> realmTO.getFullPath().startsWith(availableRealm));
}
});
}
if (!dynRealmTree.getObject().isEmpty()) {
RealmChoicePanel.this.links.add(new BootstrapAjaxLink<RealmTO>(ButtonList.getButtonMarkupId(), new Model<RealmTO>(), Buttons.Type.Link, new ResourceModel("dynrealms", "Dynamic Realms")) {
private static final long serialVersionUID = -7978723352517770744L;
@Override
public void onClick(final AjaxRequestTarget target) {
}
@Override
public boolean isEnabled() {
return false;
}
@Override
protected void onComponentTag(final ComponentTag tag) {
tag.put("class", "panel box box-primary box-header with-border");
tag.put("style", "margin: 20px 5px 0px 5px; width: 90%");
}
});
for (DynRealmTO dynRealmTO : dynRealmTree.getObject()) {
final RealmTO realmTO = new RealmTO();
realmTO.setKey(dynRealmTO.getKey());
realmTO.setName(dynRealmTO.getKey());
realmTO.setFullPath(dynRealmTO.getKey());
RealmChoicePanel.this.links.add(new BootstrapAjaxLink<RealmTO>(ButtonList.getButtonMarkupId(), new Model<RealmTO>(), Buttons.Type.Link, new Model<>(realmTO.getKey())) {
private static final long serialVersionUID = -7978723352517770644L;
@Override
public void onClick(final AjaxRequestTarget target) {
model.setObject(realmTO);
label.setDefaultModelObject(realmTO.getKey());
realmLabel.setDefaultModel(new ResourceModel("dynRealmLabel", "Dynamic Realm"));
target.add(label);
send(pageRef.getPage(), Broadcast.EXACT, new ChosenRealm<>(realmTO, target));
}
@Override
public boolean isEnabled() {
return availableRealms.stream().anyMatch(availableRealm -> {
return SyncopeConstants.ROOT_REALM.equals(availableRealm) || realmTO.getKey().equals(availableRealm);
});
}
});
}
}
return RealmChoicePanel.this.links;
}
};
realms.setOutputMarkupId(true);
realms.setAlignment(AlignmentBehavior.Alignment.RIGHT);
realms.setType(Buttons.Type.Menu);
MetaDataRoleAuthorizationStrategy.authorize(realms, ENABLE, StandardEntitlement.REALM_LIST);
container.addOrReplace(realms);
}
Also used :
StandardEntitlement(org.apache.syncope.common.lib.types.StandardEntitlement)
DynRealmTO(org.apache.syncope.common.lib.to.DynRealmTO)
RealmTO(org.apache.syncope.common.lib.to.RealmTO)
Buttons(de.agilecoders.wicket.core.markup.html.bootstrap.button.Buttons)
HashMap(java.util.HashMap)
SyncopeConsoleSession(org.apache.syncope.client.console.SyncopeConsoleSession)
IconType(de.agilecoders.wicket.core.markup.html.bootstrap.image.IconType)
StringUtils(org.apache.commons.lang3.StringUtils)
GlyphIconType(de.agilecoders.wicket.core.markup.html.bootstrap.image.GlyphIconType)
ArrayList(java.util.ArrayList)
BootstrapAjaxLink(de.agilecoders.wicket.core.markup.html.bootstrap.button.BootstrapAjaxLink)
Pair(org.apache.commons.lang3.tuple.Pair)
Map(java.util.Map)
AjaxRequestTarget(org.apache.wicket.ajax.AjaxRequestTarget)
ComponentTag(org.apache.wicket.markup.ComponentTag)
AbstractLink(org.apache.wicket.markup.html.link.AbstractLink)
Label(org.apache.wicket.markup.html.basic.Label)
AlignmentBehavior(de.agilecoders.wicket.core.markup.html.bootstrap.behavior.AlignmentBehavior)
SyncopeConstants(org.apache.syncope.common.lib.SyncopeConstants)
MetaDataRoleAuthorizationStrategy(org.apache.wicket.authroles.authorization.strategies.role.metadata.MetaDataRoleAuthorizationStrategy)
ButtonList(de.agilecoders.wicket.core.markup.html.bootstrap.button.ButtonList)
Collection(java.util.Collection)
Model(org.apache.wicket.model.Model)
LoadableDetachableModel(org.apache.wicket.model.LoadableDetachableModel)
PageReference(org.apache.wicket.PageReference)
Collectors(java.util.stream.Collectors)
Panel(org.apache.wicket.markup.html.panel.Panel)
List(java.util.List)
WebMarkupContainer(org.apache.wicket.markup.html.WebMarkupContainer)
DropDownButton(de.agilecoders.wicket.core.markup.html.bootstrap.button.dropdown.DropDownButton)
Comparator(java.util.Comparator)
RealmRestClient(org.apache.syncope.client.console.rest.RealmRestClient)
ResourceModel(org.apache.wicket.model.ResourceModel)
Collections(java.util.Collections)
Broadcast(org.apache.wicket.event.Broadcast)
DropDownButton(de.agilecoders.wicket.core.markup.html.bootstrap.button.dropdown.DropDownButton)
Label(org.apache.wicket.markup.html.basic.Label)
DynRealmTO(org.apache.syncope.common.lib.to.DynRealmTO)
RealmTO(org.apache.syncope.common.lib.to.RealmTO)
DynRealmTO(org.apache.syncope.common.lib.to.DynRealmTO)
IconType(de.agilecoders.wicket.core.markup.html.bootstrap.image.IconType)
GlyphIconType(de.agilecoders.wicket.core.markup.html.bootstrap.image.GlyphIconType)
AjaxRequestTarget(org.apache.wicket.ajax.AjaxRequestTarget)
ComponentTag(org.apache.wicket.markup.ComponentTag)
Model(org.apache.wicket.model.Model)
LoadableDetachableModel(org.apache.wicket.model.LoadableDetachableModel)
ResourceModel(org.apache.wicket.model.ResourceModel)
ResourceModel(org.apache.wicket.model.ResourceModel)
AbstractLink(org.apache.wicket.markup.html.link.AbstractLink)
Example 3 with DynRealmTO
use of org.apache.syncope.common.lib.to.DynRealmTO in project syncope by apache.
the class DynRealmDirectoryPanel method getActions.
@Override
public ActionsPanel<DynRealmTO> getActions(final IModel<DynRealmTO> model) {
final ActionsPanel<DynRealmTO> panel = super.getActions(model);
panel.add(new ActionLink<DynRealmTO>() {
private static final long serialVersionUID = -7978723352517770644L;
@Override
public void onClick(final AjaxRequestTarget target, final DynRealmTO ignore) {
modal.header(new StringResourceModel("any.edit", model));
modal.setContent(new DynRealmModalPanel(new DynRealmWrapper(model.getObject()), false, modal, pageRef));
modal.show(true);
target.add(modal);
}
}, ActionLink.ActionType.EDIT, StandardEntitlement.DYNREALM_UPDATE);
panel.add(new ActionLink<DynRealmTO>() {
private static final long serialVersionUID = 3766262567901552032L;
@Override
public void onClick(final AjaxRequestTarget target, final DynRealmTO ignore) {
try {
restClient.delete(model.getObject().getKey());
SyncopeConsoleSession.get().info(getString(Constants.OPERATION_SUCCEEDED));
target.add(container);
} catch (SyncopeClientException e) {
LOG.error("While deleting dynamic realm {}", model.getObject().getKey(), e);
SyncopeConsoleSession.get().error(StringUtils.isBlank(e.getMessage()) ? e.getClass().getName() : e.getMessage());
}
((BasePage) pageRef.getPage()).getNotificationPanel().refresh(target);
}
}, ActionLink.ActionType.DELETE, StandardEntitlement.DYNREALM_DELETE, true);
return panel;
}
Also used :
AjaxRequestTarget(org.apache.wicket.ajax.AjaxRequestTarget)
DynRealmWrapper(org.apache.syncope.client.console.wizards.DynRealmWrapper)
SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException)
DynRealmTO(org.apache.syncope.common.lib.to.DynRealmTO)
BasePage(org.apache.syncope.client.console.pages.BasePage)
StringResourceModel(org.apache.wicket.model.StringResourceModel)
Example 4 with DynRealmTO
use of org.apache.syncope.common.lib.to.DynRealmTO in project syncope by apache.
the class DynRealmDataBinderImpl method getDynRealmTO.
@Override
public DynRealmTO getDynRealmTO(final DynRealm dynRealm) {
DynRealmTO dynRealmTO = new DynRealmTO();
dynRealmTO.setKey(dynRealm.getKey());
dynRealm.getDynMemberships().forEach(memb -> {
dynRealmTO.getDynMembershipConds().put(memb.getAnyType().getKey(), memb.getFIQLCond());
});
return dynRealmTO;
}
Also used :
DynRealmTO(org.apache.syncope.common.lib.to.DynRealmTO)
Example 5 with DynRealmTO
use of org.apache.syncope.common.lib.to.DynRealmTO in project syncope by apache.
the class DynRealmITCase method delegatedAdmin.
@Test
public void delegatedAdmin() {
DynRealmTO dynRealm = null;
RoleTO role = null;
try {
// 1. create dynamic realm for all users and groups having resource-ldap assigned
dynRealm = new DynRealmTO();
dynRealm.setKey("LDAPLovers" + getUUIDString());
dynRealm.getDynMembershipConds().put(AnyTypeKind.USER.name(), "$resources==resource-ldap");
dynRealm.getDynMembershipConds().put(AnyTypeKind.GROUP.name(), "$resources==resource-ldap");
Response response = dynRealmService.create(dynRealm);
dynRealm = getObject(response.getLocation(), DynRealmService.class, DynRealmTO.class);
assertNotNull(dynRealm);
// 2. create role for such dynamic realm
role = new RoleTO();
role.setKey("Administer LDAP" + getUUIDString());
role.getEntitlements().add(StandardEntitlement.USER_SEARCH);
role.getEntitlements().add(StandardEntitlement.USER_READ);
role.getEntitlements().add(StandardEntitlement.USER_UPDATE);
role.getEntitlements().add(StandardEntitlement.GROUP_READ);
role.getEntitlements().add(StandardEntitlement.GROUP_UPDATE);
role.getDynRealms().add(dynRealm.getKey());
role = createRole(role);
assertNotNull(role);
// 3. create new user and assign the new role
UserTO dynRealmAdmin = UserITCase.getUniqueSampleTO("dynRealmAdmin@apache.org");
dynRealmAdmin.setPassword("password123");
dynRealmAdmin.getRoles().add(role.getKey());
dynRealmAdmin = createUser(dynRealmAdmin).getEntity();
assertNotNull(dynRealmAdmin);
// 4. create new user and group, assign resource-ldap
UserTO user = UserITCase.getUniqueSampleTO("dynRealmUser@apache.org");
user.setRealm("/even/two");
user.getResources().clear();
user.getResources().add(RESOURCE_NAME_LDAP);
user = createUser(user).getEntity();
assertNotNull(user);
final String userKey = user.getKey();
GroupTO group = GroupITCase.getSampleTO("dynRealmGroup");
group.setRealm("/odd");
group.getResources().clear();
group.getResources().add(RESOURCE_NAME_LDAP);
group = createGroup(group).getEntity();
assertNotNull(group);
final String groupKey = group.getKey();
if (ElasticsearchDetector.isElasticSearchEnabled(syncopeService)) {
try {
Thread.sleep(2000);
} catch (InterruptedException ex) {
// ignore
}
}
// 5. verify that the new user and group are found when searching by dynamic realm
PagedResult<UserTO> matchingUsers = userService.search(new AnyQuery.Builder().realm("/").fiql(SyncopeClient.getUserSearchConditionBuilder().inDynRealms(dynRealm.getKey()).query()).build());
assertTrue(matchingUsers.getResult().stream().anyMatch(object -> object.getKey().equals(userKey)));
PagedResult<GroupTO> matchingGroups = groupService.search(new AnyQuery.Builder().realm("/").fiql(SyncopeClient.getGroupSearchConditionBuilder().inDynRealms(dynRealm.getKey()).query()).build());
assertTrue(matchingGroups.getResult().stream().anyMatch(object -> object.getKey().equals(groupKey)));
// 6. prepare to act as delegated admin
SyncopeClient delegatedClient = clientFactory.create(dynRealmAdmin.getUsername(), "password123");
UserService delegatedUserService = delegatedClient.getService(UserService.class);
GroupService delegatedGroupService = delegatedClient.getService(GroupService.class);
// 7. verify delegated administration
// USER_READ
assertNotNull(delegatedUserService.read(userKey));
// GROUP_READ
assertNotNull(delegatedGroupService.read(groupKey));
// USER_SEARCH
matchingUsers = delegatedUserService.search(new AnyQuery.Builder().realm("/").build());
assertTrue(matchingUsers.getResult().stream().anyMatch(object -> object.getKey().equals(userKey)));
// USER_UPDATE
UserPatch userPatch = new UserPatch();
userPatch.setKey(userKey);
userPatch.getResources().add(new StringPatchItem.Builder().value(RESOURCE_NAME_LDAP).operation(PatchOperation.DELETE).build());
// this will fail because unassigning resource-ldap would result in removing the user from the dynamic realm
try {
delegatedUserService.update(userPatch);
fail("This should not happen");
} catch (SyncopeClientException e) {
assertEquals(ClientExceptionType.DelegatedAdministration, e.getType());
}
// this will succeed instead
userPatch.getResources().clear();
userPatch.getResources().add(new StringPatchItem.Builder().value(RESOURCE_NAME_NOPROPAGATION).build());
user = delegatedUserService.update(userPatch).readEntity(new GenericType<ProvisioningResult<UserTO>>() {
}).getEntity();
assertNotNull(user);
assertTrue(user.getResources().contains(RESOURCE_NAME_NOPROPAGATION));
// GROUP_UPDATE
GroupPatch groupPatch = new GroupPatch();
groupPatch.setKey(groupKey);
groupPatch.getPlainAttrs().add(new AttrPatch.Builder().attrTO(attrTO("icon", "modified")).build());
group = delegatedGroupService.update(groupPatch).readEntity(new GenericType<ProvisioningResult<GroupTO>>() {
}).getEntity();
assertNotNull(group);
assertEquals("modified", group.getPlainAttr("icon").get().getValues().get(0));
} finally {
if (role != null) {
roleService.delete(role.getKey());
}
if (dynRealm != null) {
dynRealmService.delete(dynRealm.getKey());
}
}
}
Also used :
Assertions.fail(org.junit.jupiter.api.Assertions.fail)
Assertions.assertNotNull(org.junit.jupiter.api.Assertions.assertNotNull)
StringPatchItem(org.apache.syncope.common.lib.patch.StringPatchItem)
StandardEntitlement(org.apache.syncope.common.lib.types.StandardEntitlement)
DynRealmTO(org.apache.syncope.common.lib.to.DynRealmTO)
SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException)
ElasticsearchDetector(org.apache.syncope.fit.ElasticsearchDetector)
UserService(org.apache.syncope.common.rest.api.service.UserService)
GroupService(org.apache.syncope.common.rest.api.service.GroupService)
Assertions.assertNotEquals(org.junit.jupiter.api.Assertions.assertNotEquals)
UserPatch(org.apache.syncope.common.lib.patch.UserPatch)
ProvisioningResult(org.apache.syncope.common.lib.to.ProvisioningResult)
DynRealmService(org.apache.syncope.common.rest.api.service.DynRealmService)
AnyTypeKind(org.apache.syncope.common.lib.types.AnyTypeKind)
GroupPatch(org.apache.syncope.common.lib.patch.GroupPatch)
RoleTO(org.apache.syncope.common.lib.to.RoleTO)
ClientExceptionType(org.apache.syncope.common.lib.types.ClientExceptionType)
Assertions.assertEquals(org.junit.jupiter.api.Assertions.assertEquals)
AbstractITCase(org.apache.syncope.fit.AbstractITCase)
AnyQuery(org.apache.syncope.common.rest.api.beans.AnyQuery)
PagedResult(org.apache.syncope.common.lib.to.PagedResult)
GroupTO(org.apache.syncope.common.lib.to.GroupTO)
GenericType(javax.ws.rs.core.GenericType)
Test(org.junit.jupiter.api.Test)
AttrPatch(org.apache.syncope.common.lib.patch.AttrPatch)
Response(javax.ws.rs.core.Response)
PatchOperation(org.apache.syncope.common.lib.types.PatchOperation)
Assertions.assertTrue(org.junit.jupiter.api.Assertions.assertTrue)
SyncopeClient(org.apache.syncope.client.lib.SyncopeClient)
UserTO(org.apache.syncope.common.lib.to.UserTO)
DynRealmService(org.apache.syncope.common.rest.api.service.DynRealmService)
DynRealmTO(org.apache.syncope.common.lib.to.DynRealmTO)
UserPatch(org.apache.syncope.common.lib.patch.UserPatch)
GroupPatch(org.apache.syncope.common.lib.patch.GroupPatch)
UserService(org.apache.syncope.common.rest.api.service.UserService)
ProvisioningResult(org.apache.syncope.common.lib.to.ProvisioningResult)
SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException)
RoleTO(org.apache.syncope.common.lib.to.RoleTO)
GroupService(org.apache.syncope.common.rest.api.service.GroupService)
SyncopeClient(org.apache.syncope.client.lib.SyncopeClient)
AttrPatch(org.apache.syncope.common.lib.patch.AttrPatch)
GroupTO(org.apache.syncope.common.lib.to.GroupTO)
Response(javax.ws.rs.core.Response)
UserTO(org.apache.syncope.common.lib.to.UserTO)
StringPatchItem(org.apache.syncope.common.lib.patch.StringPatchItem)
Test(org.junit.jupiter.api.Test)
Aggregations
DynRealmTO (org.apache.syncope.common.lib.to.DynRealmTO)7
SyncopeClientException (org.apache.syncope.common.lib.SyncopeClientException)3
Response (javax.ws.rs.core.Response)2
UserTO (org.apache.syncope.common.lib.to.UserTO)2
StandardEntitlement (org.apache.syncope.common.lib.types.StandardEntitlement)2
AnyQuery (org.apache.syncope.common.rest.api.beans.AnyQuery)2
DynRealmService (org.apache.syncope.common.rest.api.service.DynRealmService)2
AjaxRequestTarget (org.apache.wicket.ajax.AjaxRequestTarget)2
AlignmentBehavior (de.agilecoders.wicket.core.markup.html.bootstrap.behavior.AlignmentBehavior)1
BootstrapAjaxLink (de.agilecoders.wicket.core.markup.html.bootstrap.button.BootstrapAjaxLink)1
ButtonList (de.agilecoders.wicket.core.markup.html.bootstrap.button.ButtonList)1
Buttons (de.agilecoders.wicket.core.markup.html.bootstrap.button.Buttons)1
DropDownButton (de.agilecoders.wicket.core.markup.html.bootstrap.button.dropdown.DropDownButton)1
GlyphIconType (de.agilecoders.wicket.core.markup.html.bootstrap.image.GlyphIconType)1
IconType (de.agilecoders.wicket.core.markup.html.bootstrap.image.IconType)1
URI (java.net.URI)1
ArrayList (java.util.ArrayList)1
Collection (java.util.Collection)1
Collections (java.util.Collections)1
Comparator (java.util.Comparator)1
