Example 51 with GroupTO
use of org.apache.syncope.common.lib.to.GroupTO in project syncope by apache.
the class PushTaskITCase method issueSYNCOPE598.
@Test
public void issueSYNCOPE598() {
// create a new group schema
PlainSchemaTO schemaTO = new PlainSchemaTO();
schemaTO.setKey("LDAPGroupName" + getUUIDString());
schemaTO.setType(AttrSchemaType.String);
schemaTO.setMandatoryCondition("true");
schemaTO = createSchema(SchemaType.PLAIN, schemaTO);
assertNotNull(schemaTO);
AnyTypeClassTO typeClass = new AnyTypeClassTO();
typeClass.setKey("SYNCOPE-598" + getUUIDString());
typeClass.getPlainSchemas().add(schemaTO.getKey());
anyTypeClassService.create(typeClass);
// create a new sample group
GroupTO groupTO = new GroupTO();
groupTO.setName("all" + getUUIDString());
groupTO.setRealm("/even");
groupTO.getAuxClasses().add(typeClass.getKey());
groupTO.getPlainAttrs().add(attrTO(schemaTO.getKey(), "all"));
groupTO = createGroup(groupTO).getEntity();
assertNotNull(groupTO);
String resourceName = "resource-ldap-grouponly";
ResourceTO newResourceTO = null;
try {
// Create resource ad-hoc
ResourceTO resourceTO = new ResourceTO();
resourceTO.setKey(resourceName);
resourceTO.setConnector("74141a3b-0762-4720-a4aa-fc3e374ef3ef");
ProvisionTO provisionTO = new ProvisionTO();
provisionTO.setAnyType(AnyTypeKind.GROUP.name());
provisionTO.setObjectClass(ObjectClass.GROUP_NAME);
provisionTO.getAuxClasses().add(typeClass.getKey());
resourceTO.getProvisions().add(provisionTO);
MappingTO mapping = new MappingTO();
provisionTO.setMapping(mapping);
ItemTO item = new ItemTO();
item.setExtAttrName("cn");
item.setIntAttrName(schemaTO.getKey());
item.setConnObjectKey(true);
item.setPurpose(MappingPurpose.BOTH);
mapping.setConnObjectKeyItem(item);
mapping.setConnObjectLink("'cn=' + " + schemaTO.getKey() + " + ',ou=groups,o=isp'");
Response response = resourceService.create(resourceTO);
newResourceTO = getObject(response.getLocation(), ResourceService.class, ResourceTO.class);
assertNotNull(newResourceTO);
assertFalse(newResourceTO.getProvision(AnyTypeKind.USER.name()).isPresent());
assertNotNull(newResourceTO.getProvision(AnyTypeKind.GROUP.name()).get().getMapping());
// create push task ad-hoc
PushTaskTO task = new PushTaskTO();
task.setName("issueSYNCOPE598");
task.setActive(true);
task.setResource(resourceName);
task.setSourceRealm(SyncopeConstants.ROOT_REALM);
task.setPerformCreate(true);
task.setPerformDelete(true);
task.setPerformUpdate(true);
task.setUnmatchingRule(UnmatchingRule.ASSIGN);
task.setMatchingRule(MatchingRule.UPDATE);
task.getFilters().put(AnyTypeKind.GROUP.name(), SyncopeClient.getGroupSearchConditionBuilder().is("name").equalTo(groupTO.getName()).query());
response = taskService.create(TaskType.PUSH, task);
PushTaskTO push = getObject(response.getLocation(), TaskService.class, PushTaskTO.class);
assertNotNull(push);
// execute the new task
ExecTO exec = execProvisioningTask(taskService, TaskType.PUSH, push.getKey(), 50, false);
assertEquals(PropagationTaskExecStatus.SUCCESS, PropagationTaskExecStatus.valueOf(exec.getStatus()));
} finally {
groupService.delete(groupTO.getKey());
if (newResourceTO != null) {
resourceService.delete(resourceName);
}
}
}
Also used :
Response(javax.ws.rs.core.Response)
PlainSchemaTO(org.apache.syncope.common.lib.to.PlainSchemaTO)
MappingTO(org.apache.syncope.common.lib.to.MappingTO)
ExecTO(org.apache.syncope.common.lib.to.ExecTO)
ResourceTO(org.apache.syncope.common.lib.to.ResourceTO)
PushTaskTO(org.apache.syncope.common.lib.to.PushTaskTO)
ResourceService(org.apache.syncope.common.rest.api.service.ResourceService)
ProvisionTO(org.apache.syncope.common.lib.to.ProvisionTO)
AnyTypeClassTO(org.apache.syncope.common.lib.to.AnyTypeClassTO)
ItemTO(org.apache.syncope.common.lib.to.ItemTO)
GroupTO(org.apache.syncope.common.lib.to.GroupTO)
Test(org.junit.jupiter.api.Test)
Example 52 with GroupTO
use of org.apache.syncope.common.lib.to.GroupTO in project syncope by apache.
the class LDAPMembershipPullActions method populateMemberships.
/**
* Pull Syncope memberships with the situation read on the external resource's group.
*
* @param profile pull profile
* @param delta representing the pullong group
* @param groupTO group after modification performed by the handler
* @throws JobExecutionException if anything goes wrong
*/
protected void populateMemberships(final ProvisioningProfile<?, ?> profile, final SyncDelta delta, final GroupTO groupTO) throws JobExecutionException {
Connector connector = profile.getConnector();
getMembAttrValues(delta, connector).stream().map(membValue -> {
Set<String> memb = memberships.get(membValue.toString());
if (memb == null) {
memb = new HashSet<>();
memberships.put(membValue.toString(), memb);
}
return memb;
}).forEachOrdered(memb -> {
memb.add(groupTO.getKey());
});
}
Also used :
ProvisioningProfile(org.apache.syncope.core.provisioning.api.pushpull.ProvisioningProfile)
ProvisioningReport(org.apache.syncope.core.provisioning.api.pushpull.ProvisioningReport)
LoggerFactory(org.slf4j.LoggerFactory)
Autowired(org.springframework.beans.factory.annotation.Autowired)
HashMap(java.util.HashMap)
HashSet(java.util.HashSet)
ConnConfProperty(org.apache.syncope.common.lib.types.ConnConfProperty)
Attribute(org.identityconnectors.framework.common.objects.Attribute)
PullTask(org.apache.syncope.core.persistence.api.entity.task.PullTask)
EntityTO(org.apache.syncope.common.lib.to.EntityTO)
GroupDAO(org.apache.syncope.core.persistence.api.dao.GroupDAO)
OperationOptionsBuilder(org.identityconnectors.framework.common.objects.OperationOptionsBuilder)
Map(java.util.Map)
SetUMembershipsJob(org.apache.syncope.core.provisioning.java.job.SetUMembershipsJob)
SyncDelta(org.identityconnectors.framework.common.objects.SyncDelta)
Logger(org.slf4j.Logger)
UserDAO(org.apache.syncope.core.persistence.api.dao.UserDAO)
Set(java.util.Set)
GroupTO(org.apache.syncope.common.lib.to.GroupTO)
AnyTypeDAO(org.apache.syncope.core.persistence.api.dao.AnyTypeDAO)
JobExecutionException(org.quartz.JobExecutionException)
Connector(org.apache.syncope.core.provisioning.api.Connector)
ConnectorObject(org.identityconnectors.framework.common.objects.ConnectorObject)
List(java.util.List)
ObjectClass(org.identityconnectors.framework.common.objects.ObjectClass)
Optional(java.util.Optional)
Collections(java.util.Collections)
Connector(org.apache.syncope.core.provisioning.api.Connector)
HashSet(java.util.HashSet)
Set(java.util.Set)
HashSet(java.util.HashSet)
Example 53 with GroupTO
use of org.apache.syncope.common.lib.to.GroupTO in project syncope by apache.
the class ConnObjectUtils method getAnyPatch.
/**
* Build {@link AnyPatch} out of connector object attributes and schema mapping.
*
* @param key any object to be updated
* @param obj connector object
* @param original any object to get diff from
* @param pullTask pull task
* @param provision provision information
* @param anyUtils utils
* @param <T> any object
* @return modifications for the any object to be updated
*/
@SuppressWarnings("unchecked")
@Transactional(readOnly = true)
public <T extends AnyPatch> T getAnyPatch(final String key, final ConnectorObject obj, final AnyTO original, final PullTask pullTask, final Provision provision, final AnyUtils anyUtils) {
AnyTO updated = getAnyTOFromConnObject(obj, pullTask, provision, anyUtils);
updated.setKey(key);
T anyPatch = null;
if (null != anyUtils.getAnyTypeKind()) {
switch(anyUtils.getAnyTypeKind()) {
case USER:
UserTO originalUser = (UserTO) original;
UserTO updatedUser = (UserTO) updated;
if (StringUtils.isBlank(updatedUser.getUsername())) {
updatedUser.setUsername(originalUser.getUsername());
}
// update password if and only if password is really changed
User user = userDAO.authFind(key);
if (StringUtils.isBlank(updatedUser.getPassword()) || ENCRYPTOR.verify(updatedUser.getPassword(), user.getCipherAlgorithm(), user.getPassword())) {
updatedUser.setPassword(null);
}
updatedUser.setSecurityQuestion(updatedUser.getSecurityQuestion());
updatedUser.setMustChangePassword(originalUser.isMustChangePassword());
anyPatch = (T) AnyOperations.diff(updatedUser, originalUser, true);
break;
case GROUP:
GroupTO originalGroup = (GroupTO) original;
GroupTO updatedGroup = (GroupTO) updated;
if (StringUtils.isBlank(updatedGroup.getName())) {
updatedGroup.setName(originalGroup.getName());
}
updatedGroup.setUserOwner(originalGroup.getUserOwner());
updatedGroup.setGroupOwner(originalGroup.getGroupOwner());
updatedGroup.setUDynMembershipCond(originalGroup.getUDynMembershipCond());
updatedGroup.getADynMembershipConds().putAll(originalGroup.getADynMembershipConds());
updatedGroup.getTypeExtensions().addAll(originalGroup.getTypeExtensions());
anyPatch = (T) AnyOperations.diff(updatedGroup, originalGroup, true);
break;
case ANY_OBJECT:
AnyObjectTO originalAnyObject = (AnyObjectTO) original;
AnyObjectTO updatedAnyObject = (AnyObjectTO) updated;
if (StringUtils.isBlank(updatedAnyObject.getName())) {
updatedAnyObject.setName(originalAnyObject.getName());
}
anyPatch = (T) AnyOperations.diff(updatedAnyObject, originalAnyObject, true);
break;
default:
}
}
return anyPatch;
}
Also used :
AnyTO(org.apache.syncope.common.lib.to.AnyTO)
AnyObjectTO(org.apache.syncope.common.lib.to.AnyObjectTO)
User(org.apache.syncope.core.persistence.api.entity.user.User)
UserTO(org.apache.syncope.common.lib.to.UserTO)
GroupTO(org.apache.syncope.common.lib.to.GroupTO)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 54 with GroupTO
use of org.apache.syncope.common.lib.to.GroupTO in project syncope by apache.
the class ConnObjectUtils method getAnyTO.
/**
* Build a UserTO / GroupTO / AnyObjectTO out of connector object attributes and schema mapping.
*
* @param obj connector object
* @param pullTask pull task
* @param provision provision information
* @param anyUtils utils
* @param <T> any object
* @return UserTO for the user to be created
*/
@Transactional(readOnly = true)
public <T extends AnyTO> T getAnyTO(final ConnectorObject obj, final PullTask pullTask, final Provision provision, final AnyUtils anyUtils) {
T anyTO = getAnyTOFromConnObject(obj, pullTask, provision, anyUtils);
// (for users) if password was not set above, generate if resource is configured for that
if (anyTO instanceof UserTO && StringUtils.isBlank(((UserTO) anyTO).getPassword()) && provision.getResource().isRandomPwdIfNotProvided()) {
UserTO userTO = (UserTO) anyTO;
List<PasswordPolicy> passwordPolicies = new ArrayList<>();
Realm realm = realmDAO.findByFullPath(userTO.getRealm());
if (realm != null) {
realmDAO.findAncestors(realm).stream().filter(ancestor -> ancestor.getPasswordPolicy() != null).forEach(ancestor -> {
passwordPolicies.add(ancestor.getPasswordPolicy());
});
}
userTO.getResources().stream().map(resource -> resourceDAO.find(resource)).filter(resource -> resource != null && resource.getPasswordPolicy() != null).forEach(resource -> {
passwordPolicies.add(resource.getPasswordPolicy());
});
String password;
try {
password = passwordGenerator.generate(passwordPolicies);
} catch (InvalidPasswordRuleConf e) {
LOG.error("Could not generate policy-compliant random password for {}", userTO, e);
password = SecureRandomUtils.generateRandomPassword(16);
}
userTO.setPassword(password);
}
return anyTO;
}
Also used :
AttrTO(org.apache.syncope.common.lib.to.AttrTO)
Realm(org.apache.syncope.core.persistence.api.entity.Realm)
RealmTO(org.apache.syncope.common.lib.to.RealmTO)
LoggerFactory(org.slf4j.LoggerFactory)
AnyTO(org.apache.syncope.common.lib.to.AnyTO)
Autowired(org.springframework.beans.factory.annotation.Autowired)
ConnObjectTO(org.apache.syncope.common.lib.to.ConnObjectTO)
PasswordGenerator(org.apache.syncope.core.spring.security.PasswordGenerator)
InvalidPasswordRuleConf(org.apache.syncope.core.provisioning.api.utils.policy.InvalidPasswordRuleConf)
StringUtils(org.apache.commons.lang3.StringUtils)
ArrayList(java.util.ArrayList)
PasswordPolicy(org.apache.syncope.core.persistence.api.entity.policy.PasswordPolicy)
GuardedString(org.identityconnectors.common.security.GuardedString)
Attribute(org.identityconnectors.framework.common.objects.Attribute)
PullTask(org.apache.syncope.core.persistence.api.entity.task.PullTask)
Base64(org.identityconnectors.common.Base64)
MappingManager(org.apache.syncope.core.provisioning.api.MappingManager)
SecurityUtil(org.identityconnectors.common.security.SecurityUtil)
RealmDAO(org.apache.syncope.core.persistence.api.dao.RealmDAO)
OrgUnit(org.apache.syncope.core.persistence.api.entity.resource.OrgUnit)
AnyPatch(org.apache.syncope.common.lib.patch.AnyPatch)
Encryptor(org.apache.syncope.core.spring.security.Encryptor)
Logger(org.slf4j.Logger)
UserDAO(org.apache.syncope.core.persistence.api.dao.UserDAO)
GuardedByteArray(org.identityconnectors.common.security.GuardedByteArray)
Set(java.util.Set)
User(org.apache.syncope.core.persistence.api.entity.user.User)
GroupTO(org.apache.syncope.common.lib.to.GroupTO)
SecureRandomUtils(org.apache.syncope.core.spring.security.SecureRandomUtils)
ConnectorObject(org.identityconnectors.framework.common.objects.ConnectorObject)
List(java.util.List)
Provision(org.apache.syncope.core.persistence.api.entity.resource.Provision)
Component(org.springframework.stereotype.Component)
UserTO(org.apache.syncope.common.lib.to.UserTO)
AnyUtils(org.apache.syncope.core.persistence.api.entity.AnyUtils)
ExternalResourceDAO(org.apache.syncope.core.persistence.api.dao.ExternalResourceDAO)
AnyOperations(org.apache.syncope.common.lib.AnyOperations)
AnyObjectTO(org.apache.syncope.common.lib.to.AnyObjectTO)
Transactional(org.springframework.transaction.annotation.Transactional)
InvalidPasswordRuleConf(org.apache.syncope.core.provisioning.api.utils.policy.InvalidPasswordRuleConf)
UserTO(org.apache.syncope.common.lib.to.UserTO)
PasswordPolicy(org.apache.syncope.core.persistence.api.entity.policy.PasswordPolicy)
ArrayList(java.util.ArrayList)
GuardedString(org.identityconnectors.common.security.GuardedString)
Realm(org.apache.syncope.core.persistence.api.entity.Realm)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 55 with GroupTO
use of org.apache.syncope.common.lib.to.GroupTO in project syncope by apache.
the class TemplateUtils method apply.
@Transactional(readOnly = true)
public <T extends AnyTO> void apply(final T anyTO, final AnyTO template) {
fill(anyTO, template);
MapContext jexlContext = new MapContext();
JexlUtils.addFieldsToContext(anyTO, jexlContext);
JexlUtils.addAttrTOsToContext(anyTO.getPlainAttrs(), jexlContext);
JexlUtils.addAttrTOsToContext(anyTO.getDerAttrs(), jexlContext);
JexlUtils.addAttrTOsToContext(anyTO.getVirAttrs(), jexlContext);
if (template instanceof AnyObjectTO) {
fillRelationships((GroupableRelatableTO) anyTO, ((GroupableRelatableTO) template));
fillMemberships((GroupableRelatableTO) anyTO, ((GroupableRelatableTO) template));
} else if (template instanceof UserTO) {
if (StringUtils.isNotBlank(((UserTO) template).getUsername())) {
String evaluated = JexlUtils.evaluate(((UserTO) template).getUsername(), jexlContext);
if (StringUtils.isNotBlank(evaluated)) {
((UserTO) anyTO).setUsername(evaluated);
}
}
if (StringUtils.isNotBlank(((UserTO) template).getPassword())) {
String evaluated = JexlUtils.evaluate(((UserTO) template).getPassword(), jexlContext);
if (StringUtils.isNotBlank(evaluated)) {
((UserTO) anyTO).setPassword(evaluated);
}
}
fillRelationships((GroupableRelatableTO) anyTO, ((GroupableRelatableTO) template));
fillMemberships((GroupableRelatableTO) anyTO, ((GroupableRelatableTO) template));
} else if (template instanceof GroupTO) {
if (StringUtils.isNotBlank(((GroupTO) template).getName())) {
String evaluated = JexlUtils.evaluate(((GroupTO) template).getName(), jexlContext);
if (StringUtils.isNotBlank(evaluated)) {
((GroupTO) anyTO).setName(evaluated);
}
}
if (((GroupTO) template).getUserOwner() != null) {
final User userOwner = userDAO.find(((GroupTO) template).getUserOwner());
if (userOwner != null) {
((GroupTO) anyTO).setUserOwner(userOwner.getKey());
}
}
if (((GroupTO) template).getGroupOwner() != null) {
final Group groupOwner = groupDAO.find(((GroupTO) template).getGroupOwner());
if (groupOwner != null) {
((GroupTO) anyTO).setGroupOwner(groupOwner.getKey());
}
}
}
}
Also used :
AnyObjectTO(org.apache.syncope.common.lib.to.AnyObjectTO)
Group(org.apache.syncope.core.persistence.api.entity.group.Group)
GroupableRelatableTO(org.apache.syncope.common.lib.to.GroupableRelatableTO)
User(org.apache.syncope.core.persistence.api.entity.user.User)
UserTO(org.apache.syncope.common.lib.to.UserTO)
MapContext(org.apache.commons.jexl3.MapContext)
GroupTO(org.apache.syncope.common.lib.to.GroupTO)
Transactional(org.springframework.transaction.annotation.Transactional)
Aggregations
GroupTO (org.apache.syncope.common.lib.to.GroupTO)90
Test (org.junit.jupiter.api.Test)47
UserTO (org.apache.syncope.common.lib.to.UserTO)34
SyncopeClientException (org.apache.syncope.common.lib.SyncopeClientException)27
GroupPatch (org.apache.syncope.common.lib.patch.GroupPatch)23
MembershipTO (org.apache.syncope.common.lib.to.MembershipTO)17
AnyObjectTO (org.apache.syncope.common.lib.to.AnyObjectTO)16
List (java.util.List)15
AttrTO (org.apache.syncope.common.lib.to.AttrTO)15
ConnObjectTO (org.apache.syncope.common.lib.to.ConnObjectTO)14
ProvisioningResult (org.apache.syncope.common.lib.to.ProvisioningResult)14
Response (javax.ws.rs.core.Response)13
NamingException (javax.naming.NamingException)12
PropagationStatus (org.apache.syncope.common.lib.to.PropagationStatus)12
Map (java.util.Map)11
ForbiddenException (javax.ws.rs.ForbiddenException)11
AccessControlException (java.security.AccessControlException)10
BulkActionResult (org.apache.syncope.common.lib.to.BulkActionResult)10
PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)10
Collections (java.util.Collections)9
