Search in sources :

Example 51 with GroupTO

use of org.apache.syncope.common.lib.to.GroupTO in project syncope by apache.

the class PushTaskITCase method issueSYNCOPE598.

@Test
public void issueSYNCOPE598() {
    // create a new group schema
    PlainSchemaTO schemaTO = new PlainSchemaTO();
    schemaTO.setKey("LDAPGroupName" + getUUIDString());
    schemaTO.setType(AttrSchemaType.String);
    schemaTO.setMandatoryCondition("true");
    schemaTO = createSchema(SchemaType.PLAIN, schemaTO);
    assertNotNull(schemaTO);
    AnyTypeClassTO typeClass = new AnyTypeClassTO();
    typeClass.setKey("SYNCOPE-598" + getUUIDString());
    typeClass.getPlainSchemas().add(schemaTO.getKey());
    anyTypeClassService.create(typeClass);
    // create a new sample group
    GroupTO groupTO = new GroupTO();
    groupTO.setName("all" + getUUIDString());
    groupTO.setRealm("/even");
    groupTO.getAuxClasses().add(typeClass.getKey());
    groupTO.getPlainAttrs().add(attrTO(schemaTO.getKey(), "all"));
    groupTO = createGroup(groupTO).getEntity();
    assertNotNull(groupTO);
    String resourceName = "resource-ldap-grouponly";
    ResourceTO newResourceTO = null;
    try {
        // Create resource ad-hoc
        ResourceTO resourceTO = new ResourceTO();
        resourceTO.setKey(resourceName);
        resourceTO.setConnector("74141a3b-0762-4720-a4aa-fc3e374ef3ef");
        ProvisionTO provisionTO = new ProvisionTO();
        provisionTO.setAnyType(AnyTypeKind.GROUP.name());
        provisionTO.setObjectClass(ObjectClass.GROUP_NAME);
        provisionTO.getAuxClasses().add(typeClass.getKey());
        resourceTO.getProvisions().add(provisionTO);
        MappingTO mapping = new MappingTO();
        provisionTO.setMapping(mapping);
        ItemTO item = new ItemTO();
        item.setExtAttrName("cn");
        item.setIntAttrName(schemaTO.getKey());
        item.setConnObjectKey(true);
        item.setPurpose(MappingPurpose.BOTH);
        mapping.setConnObjectKeyItem(item);
        mapping.setConnObjectLink("'cn=' + " + schemaTO.getKey() + " + ',ou=groups,o=isp'");
        Response response = resourceService.create(resourceTO);
        newResourceTO = getObject(response.getLocation(), ResourceService.class, ResourceTO.class);
        assertNotNull(newResourceTO);
        assertFalse(newResourceTO.getProvision(AnyTypeKind.USER.name()).isPresent());
        assertNotNull(newResourceTO.getProvision(AnyTypeKind.GROUP.name()).get().getMapping());
        // create push task ad-hoc
        PushTaskTO task = new PushTaskTO();
        task.setName("issueSYNCOPE598");
        task.setActive(true);
        task.setResource(resourceName);
        task.setSourceRealm(SyncopeConstants.ROOT_REALM);
        task.setPerformCreate(true);
        task.setPerformDelete(true);
        task.setPerformUpdate(true);
        task.setUnmatchingRule(UnmatchingRule.ASSIGN);
        task.setMatchingRule(MatchingRule.UPDATE);
        task.getFilters().put(AnyTypeKind.GROUP.name(), SyncopeClient.getGroupSearchConditionBuilder().is("name").equalTo(groupTO.getName()).query());
        response = taskService.create(TaskType.PUSH, task);
        PushTaskTO push = getObject(response.getLocation(), TaskService.class, PushTaskTO.class);
        assertNotNull(push);
        // execute the new task
        ExecTO exec = execProvisioningTask(taskService, TaskType.PUSH, push.getKey(), 50, false);
        assertEquals(PropagationTaskExecStatus.SUCCESS, PropagationTaskExecStatus.valueOf(exec.getStatus()));
    } finally {
        groupService.delete(groupTO.getKey());
        if (newResourceTO != null) {
            resourceService.delete(resourceName);
        }
    }
}
Also used : Response(javax.ws.rs.core.Response) PlainSchemaTO(org.apache.syncope.common.lib.to.PlainSchemaTO) MappingTO(org.apache.syncope.common.lib.to.MappingTO) ExecTO(org.apache.syncope.common.lib.to.ExecTO) ResourceTO(org.apache.syncope.common.lib.to.ResourceTO) PushTaskTO(org.apache.syncope.common.lib.to.PushTaskTO) ResourceService(org.apache.syncope.common.rest.api.service.ResourceService) ProvisionTO(org.apache.syncope.common.lib.to.ProvisionTO) AnyTypeClassTO(org.apache.syncope.common.lib.to.AnyTypeClassTO) ItemTO(org.apache.syncope.common.lib.to.ItemTO) GroupTO(org.apache.syncope.common.lib.to.GroupTO) Test(org.junit.jupiter.api.Test)

Example 52 with GroupTO

use of org.apache.syncope.common.lib.to.GroupTO in project syncope by apache.

the class LDAPMembershipPullActions method populateMemberships.

/**
 * Pull Syncope memberships with the situation read on the external resource's group.
 *
 * @param profile pull profile
 * @param delta representing the pullong group
 * @param groupTO group after modification performed by the handler
 * @throws JobExecutionException if anything goes wrong
 */
protected void populateMemberships(final ProvisioningProfile<?, ?> profile, final SyncDelta delta, final GroupTO groupTO) throws JobExecutionException {
    Connector connector = profile.getConnector();
    getMembAttrValues(delta, connector).stream().map(membValue -> {
        Set<String> memb = memberships.get(membValue.toString());
        if (memb == null) {
            memb = new HashSet<>();
            memberships.put(membValue.toString(), memb);
        }
        return memb;
    }).forEachOrdered(memb -> {
        memb.add(groupTO.getKey());
    });
}
Also used : ProvisioningProfile(org.apache.syncope.core.provisioning.api.pushpull.ProvisioningProfile) ProvisioningReport(org.apache.syncope.core.provisioning.api.pushpull.ProvisioningReport) LoggerFactory(org.slf4j.LoggerFactory) Autowired(org.springframework.beans.factory.annotation.Autowired) HashMap(java.util.HashMap) HashSet(java.util.HashSet) ConnConfProperty(org.apache.syncope.common.lib.types.ConnConfProperty) Attribute(org.identityconnectors.framework.common.objects.Attribute) PullTask(org.apache.syncope.core.persistence.api.entity.task.PullTask) EntityTO(org.apache.syncope.common.lib.to.EntityTO) GroupDAO(org.apache.syncope.core.persistence.api.dao.GroupDAO) OperationOptionsBuilder(org.identityconnectors.framework.common.objects.OperationOptionsBuilder) Map(java.util.Map) SetUMembershipsJob(org.apache.syncope.core.provisioning.java.job.SetUMembershipsJob) SyncDelta(org.identityconnectors.framework.common.objects.SyncDelta) Logger(org.slf4j.Logger) UserDAO(org.apache.syncope.core.persistence.api.dao.UserDAO) Set(java.util.Set) GroupTO(org.apache.syncope.common.lib.to.GroupTO) AnyTypeDAO(org.apache.syncope.core.persistence.api.dao.AnyTypeDAO) JobExecutionException(org.quartz.JobExecutionException) Connector(org.apache.syncope.core.provisioning.api.Connector) ConnectorObject(org.identityconnectors.framework.common.objects.ConnectorObject) List(java.util.List) ObjectClass(org.identityconnectors.framework.common.objects.ObjectClass) Optional(java.util.Optional) Collections(java.util.Collections) Connector(org.apache.syncope.core.provisioning.api.Connector) HashSet(java.util.HashSet) Set(java.util.Set) HashSet(java.util.HashSet)

Example 53 with GroupTO

use of org.apache.syncope.common.lib.to.GroupTO in project syncope by apache.

the class ConnObjectUtils method getAnyPatch.

/**
 * Build {@link AnyPatch} out of connector object attributes and schema mapping.
 *
 * @param key any object to be updated
 * @param obj connector object
 * @param original any object to get diff from
 * @param pullTask pull task
 * @param provision provision information
 * @param anyUtils utils
 * @param <T> any object
 * @return modifications for the any object to be updated
 */
@SuppressWarnings("unchecked")
@Transactional(readOnly = true)
public <T extends AnyPatch> T getAnyPatch(final String key, final ConnectorObject obj, final AnyTO original, final PullTask pullTask, final Provision provision, final AnyUtils anyUtils) {
    AnyTO updated = getAnyTOFromConnObject(obj, pullTask, provision, anyUtils);
    updated.setKey(key);
    T anyPatch = null;
    if (null != anyUtils.getAnyTypeKind()) {
        switch(anyUtils.getAnyTypeKind()) {
            case USER:
                UserTO originalUser = (UserTO) original;
                UserTO updatedUser = (UserTO) updated;
                if (StringUtils.isBlank(updatedUser.getUsername())) {
                    updatedUser.setUsername(originalUser.getUsername());
                }
                // update password if and only if password is really changed
                User user = userDAO.authFind(key);
                if (StringUtils.isBlank(updatedUser.getPassword()) || ENCRYPTOR.verify(updatedUser.getPassword(), user.getCipherAlgorithm(), user.getPassword())) {
                    updatedUser.setPassword(null);
                }
                updatedUser.setSecurityQuestion(updatedUser.getSecurityQuestion());
                updatedUser.setMustChangePassword(originalUser.isMustChangePassword());
                anyPatch = (T) AnyOperations.diff(updatedUser, originalUser, true);
                break;
            case GROUP:
                GroupTO originalGroup = (GroupTO) original;
                GroupTO updatedGroup = (GroupTO) updated;
                if (StringUtils.isBlank(updatedGroup.getName())) {
                    updatedGroup.setName(originalGroup.getName());
                }
                updatedGroup.setUserOwner(originalGroup.getUserOwner());
                updatedGroup.setGroupOwner(originalGroup.getGroupOwner());
                updatedGroup.setUDynMembershipCond(originalGroup.getUDynMembershipCond());
                updatedGroup.getADynMembershipConds().putAll(originalGroup.getADynMembershipConds());
                updatedGroup.getTypeExtensions().addAll(originalGroup.getTypeExtensions());
                anyPatch = (T) AnyOperations.diff(updatedGroup, originalGroup, true);
                break;
            case ANY_OBJECT:
                AnyObjectTO originalAnyObject = (AnyObjectTO) original;
                AnyObjectTO updatedAnyObject = (AnyObjectTO) updated;
                if (StringUtils.isBlank(updatedAnyObject.getName())) {
                    updatedAnyObject.setName(originalAnyObject.getName());
                }
                anyPatch = (T) AnyOperations.diff(updatedAnyObject, originalAnyObject, true);
                break;
            default:
        }
    }
    return anyPatch;
}
Also used : AnyTO(org.apache.syncope.common.lib.to.AnyTO) AnyObjectTO(org.apache.syncope.common.lib.to.AnyObjectTO) User(org.apache.syncope.core.persistence.api.entity.user.User) UserTO(org.apache.syncope.common.lib.to.UserTO) GroupTO(org.apache.syncope.common.lib.to.GroupTO) Transactional(org.springframework.transaction.annotation.Transactional)

Example 54 with GroupTO

use of org.apache.syncope.common.lib.to.GroupTO in project syncope by apache.

the class ConnObjectUtils method getAnyTO.

/**
 * Build a UserTO / GroupTO / AnyObjectTO out of connector object attributes and schema mapping.
 *
 * @param obj connector object
 * @param pullTask pull task
 * @param provision provision information
 * @param anyUtils utils
 * @param <T> any object
 * @return UserTO for the user to be created
 */
@Transactional(readOnly = true)
public <T extends AnyTO> T getAnyTO(final ConnectorObject obj, final PullTask pullTask, final Provision provision, final AnyUtils anyUtils) {
    T anyTO = getAnyTOFromConnObject(obj, pullTask, provision, anyUtils);
    // (for users) if password was not set above, generate if resource is configured for that
    if (anyTO instanceof UserTO && StringUtils.isBlank(((UserTO) anyTO).getPassword()) && provision.getResource().isRandomPwdIfNotProvided()) {
        UserTO userTO = (UserTO) anyTO;
        List<PasswordPolicy> passwordPolicies = new ArrayList<>();
        Realm realm = realmDAO.findByFullPath(userTO.getRealm());
        if (realm != null) {
            realmDAO.findAncestors(realm).stream().filter(ancestor -> ancestor.getPasswordPolicy() != null).forEach(ancestor -> {
                passwordPolicies.add(ancestor.getPasswordPolicy());
            });
        }
        userTO.getResources().stream().map(resource -> resourceDAO.find(resource)).filter(resource -> resource != null && resource.getPasswordPolicy() != null).forEach(resource -> {
            passwordPolicies.add(resource.getPasswordPolicy());
        });
        String password;
        try {
            password = passwordGenerator.generate(passwordPolicies);
        } catch (InvalidPasswordRuleConf e) {
            LOG.error("Could not generate policy-compliant random password for {}", userTO, e);
            password = SecureRandomUtils.generateRandomPassword(16);
        }
        userTO.setPassword(password);
    }
    return anyTO;
}
Also used : AttrTO(org.apache.syncope.common.lib.to.AttrTO) Realm(org.apache.syncope.core.persistence.api.entity.Realm) RealmTO(org.apache.syncope.common.lib.to.RealmTO) LoggerFactory(org.slf4j.LoggerFactory) AnyTO(org.apache.syncope.common.lib.to.AnyTO) Autowired(org.springframework.beans.factory.annotation.Autowired) ConnObjectTO(org.apache.syncope.common.lib.to.ConnObjectTO) PasswordGenerator(org.apache.syncope.core.spring.security.PasswordGenerator) InvalidPasswordRuleConf(org.apache.syncope.core.provisioning.api.utils.policy.InvalidPasswordRuleConf) StringUtils(org.apache.commons.lang3.StringUtils) ArrayList(java.util.ArrayList) PasswordPolicy(org.apache.syncope.core.persistence.api.entity.policy.PasswordPolicy) GuardedString(org.identityconnectors.common.security.GuardedString) Attribute(org.identityconnectors.framework.common.objects.Attribute) PullTask(org.apache.syncope.core.persistence.api.entity.task.PullTask) Base64(org.identityconnectors.common.Base64) MappingManager(org.apache.syncope.core.provisioning.api.MappingManager) SecurityUtil(org.identityconnectors.common.security.SecurityUtil) RealmDAO(org.apache.syncope.core.persistence.api.dao.RealmDAO) OrgUnit(org.apache.syncope.core.persistence.api.entity.resource.OrgUnit) AnyPatch(org.apache.syncope.common.lib.patch.AnyPatch) Encryptor(org.apache.syncope.core.spring.security.Encryptor) Logger(org.slf4j.Logger) UserDAO(org.apache.syncope.core.persistence.api.dao.UserDAO) GuardedByteArray(org.identityconnectors.common.security.GuardedByteArray) Set(java.util.Set) User(org.apache.syncope.core.persistence.api.entity.user.User) GroupTO(org.apache.syncope.common.lib.to.GroupTO) SecureRandomUtils(org.apache.syncope.core.spring.security.SecureRandomUtils) ConnectorObject(org.identityconnectors.framework.common.objects.ConnectorObject) List(java.util.List) Provision(org.apache.syncope.core.persistence.api.entity.resource.Provision) Component(org.springframework.stereotype.Component) UserTO(org.apache.syncope.common.lib.to.UserTO) AnyUtils(org.apache.syncope.core.persistence.api.entity.AnyUtils) ExternalResourceDAO(org.apache.syncope.core.persistence.api.dao.ExternalResourceDAO) AnyOperations(org.apache.syncope.common.lib.AnyOperations) AnyObjectTO(org.apache.syncope.common.lib.to.AnyObjectTO) Transactional(org.springframework.transaction.annotation.Transactional) InvalidPasswordRuleConf(org.apache.syncope.core.provisioning.api.utils.policy.InvalidPasswordRuleConf) UserTO(org.apache.syncope.common.lib.to.UserTO) PasswordPolicy(org.apache.syncope.core.persistence.api.entity.policy.PasswordPolicy) ArrayList(java.util.ArrayList) GuardedString(org.identityconnectors.common.security.GuardedString) Realm(org.apache.syncope.core.persistence.api.entity.Realm) Transactional(org.springframework.transaction.annotation.Transactional)

Example 55 with GroupTO

use of org.apache.syncope.common.lib.to.GroupTO in project syncope by apache.

the class TemplateUtils method apply.

@Transactional(readOnly = true)
public <T extends AnyTO> void apply(final T anyTO, final AnyTO template) {
    fill(anyTO, template);
    MapContext jexlContext = new MapContext();
    JexlUtils.addFieldsToContext(anyTO, jexlContext);
    JexlUtils.addAttrTOsToContext(anyTO.getPlainAttrs(), jexlContext);
    JexlUtils.addAttrTOsToContext(anyTO.getDerAttrs(), jexlContext);
    JexlUtils.addAttrTOsToContext(anyTO.getVirAttrs(), jexlContext);
    if (template instanceof AnyObjectTO) {
        fillRelationships((GroupableRelatableTO) anyTO, ((GroupableRelatableTO) template));
        fillMemberships((GroupableRelatableTO) anyTO, ((GroupableRelatableTO) template));
    } else if (template instanceof UserTO) {
        if (StringUtils.isNotBlank(((UserTO) template).getUsername())) {
            String evaluated = JexlUtils.evaluate(((UserTO) template).getUsername(), jexlContext);
            if (StringUtils.isNotBlank(evaluated)) {
                ((UserTO) anyTO).setUsername(evaluated);
            }
        }
        if (StringUtils.isNotBlank(((UserTO) template).getPassword())) {
            String evaluated = JexlUtils.evaluate(((UserTO) template).getPassword(), jexlContext);
            if (StringUtils.isNotBlank(evaluated)) {
                ((UserTO) anyTO).setPassword(evaluated);
            }
        }
        fillRelationships((GroupableRelatableTO) anyTO, ((GroupableRelatableTO) template));
        fillMemberships((GroupableRelatableTO) anyTO, ((GroupableRelatableTO) template));
    } else if (template instanceof GroupTO) {
        if (StringUtils.isNotBlank(((GroupTO) template).getName())) {
            String evaluated = JexlUtils.evaluate(((GroupTO) template).getName(), jexlContext);
            if (StringUtils.isNotBlank(evaluated)) {
                ((GroupTO) anyTO).setName(evaluated);
            }
        }
        if (((GroupTO) template).getUserOwner() != null) {
            final User userOwner = userDAO.find(((GroupTO) template).getUserOwner());
            if (userOwner != null) {
                ((GroupTO) anyTO).setUserOwner(userOwner.getKey());
            }
        }
        if (((GroupTO) template).getGroupOwner() != null) {
            final Group groupOwner = groupDAO.find(((GroupTO) template).getGroupOwner());
            if (groupOwner != null) {
                ((GroupTO) anyTO).setGroupOwner(groupOwner.getKey());
            }
        }
    }
}
Also used : AnyObjectTO(org.apache.syncope.common.lib.to.AnyObjectTO) Group(org.apache.syncope.core.persistence.api.entity.group.Group) GroupableRelatableTO(org.apache.syncope.common.lib.to.GroupableRelatableTO) User(org.apache.syncope.core.persistence.api.entity.user.User) UserTO(org.apache.syncope.common.lib.to.UserTO) MapContext(org.apache.commons.jexl3.MapContext) GroupTO(org.apache.syncope.common.lib.to.GroupTO) Transactional(org.springframework.transaction.annotation.Transactional)

Aggregations

GroupTO (org.apache.syncope.common.lib.to.GroupTO)90 Test (org.junit.jupiter.api.Test)47 UserTO (org.apache.syncope.common.lib.to.UserTO)34 SyncopeClientException (org.apache.syncope.common.lib.SyncopeClientException)27 GroupPatch (org.apache.syncope.common.lib.patch.GroupPatch)23 MembershipTO (org.apache.syncope.common.lib.to.MembershipTO)17 AnyObjectTO (org.apache.syncope.common.lib.to.AnyObjectTO)16 List (java.util.List)15 AttrTO (org.apache.syncope.common.lib.to.AttrTO)15 ConnObjectTO (org.apache.syncope.common.lib.to.ConnObjectTO)14 ProvisioningResult (org.apache.syncope.common.lib.to.ProvisioningResult)14 Response (javax.ws.rs.core.Response)13 NamingException (javax.naming.NamingException)12 PropagationStatus (org.apache.syncope.common.lib.to.PropagationStatus)12 Map (java.util.Map)11 ForbiddenException (javax.ws.rs.ForbiddenException)11 AccessControlException (java.security.AccessControlException)10 BulkActionResult (org.apache.syncope.common.lib.to.BulkActionResult)10 PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)10 Collections (java.util.Collections)9