use of org.apache.syncope.common.lib.to.GroupTO in project syncope by apache.
the class PushTaskITCase method issueSYNCOPE598.
@Test
public void issueSYNCOPE598() {
// create a new group schema
PlainSchemaTO schemaTO = new PlainSchemaTO();
schemaTO.setKey("LDAPGroupName" + getUUIDString());
schemaTO.setType(AttrSchemaType.String);
schemaTO.setMandatoryCondition("true");
schemaTO = createSchema(SchemaType.PLAIN, schemaTO);
assertNotNull(schemaTO);
AnyTypeClassTO typeClass = new AnyTypeClassTO();
typeClass.setKey("SYNCOPE-598" + getUUIDString());
typeClass.getPlainSchemas().add(schemaTO.getKey());
anyTypeClassService.create(typeClass);
// create a new sample group
GroupTO groupTO = new GroupTO();
groupTO.setName("all" + getUUIDString());
groupTO.setRealm("/even");
groupTO.getAuxClasses().add(typeClass.getKey());
groupTO.getPlainAttrs().add(attrTO(schemaTO.getKey(), "all"));
groupTO = createGroup(groupTO).getEntity();
assertNotNull(groupTO);
String resourceName = "resource-ldap-grouponly";
ResourceTO newResourceTO = null;
try {
// Create resource ad-hoc
ResourceTO resourceTO = new ResourceTO();
resourceTO.setKey(resourceName);
resourceTO.setConnector("74141a3b-0762-4720-a4aa-fc3e374ef3ef");
ProvisionTO provisionTO = new ProvisionTO();
provisionTO.setAnyType(AnyTypeKind.GROUP.name());
provisionTO.setObjectClass(ObjectClass.GROUP_NAME);
provisionTO.getAuxClasses().add(typeClass.getKey());
resourceTO.getProvisions().add(provisionTO);
MappingTO mapping = new MappingTO();
provisionTO.setMapping(mapping);
ItemTO item = new ItemTO();
item.setExtAttrName("cn");
item.setIntAttrName(schemaTO.getKey());
item.setConnObjectKey(true);
item.setPurpose(MappingPurpose.BOTH);
mapping.setConnObjectKeyItem(item);
mapping.setConnObjectLink("'cn=' + " + schemaTO.getKey() + " + ',ou=groups,o=isp'");
Response response = resourceService.create(resourceTO);
newResourceTO = getObject(response.getLocation(), ResourceService.class, ResourceTO.class);
assertNotNull(newResourceTO);
assertFalse(newResourceTO.getProvision(AnyTypeKind.USER.name()).isPresent());
assertNotNull(newResourceTO.getProvision(AnyTypeKind.GROUP.name()).get().getMapping());
// create push task ad-hoc
PushTaskTO task = new PushTaskTO();
task.setName("issueSYNCOPE598");
task.setActive(true);
task.setResource(resourceName);
task.setSourceRealm(SyncopeConstants.ROOT_REALM);
task.setPerformCreate(true);
task.setPerformDelete(true);
task.setPerformUpdate(true);
task.setUnmatchingRule(UnmatchingRule.ASSIGN);
task.setMatchingRule(MatchingRule.UPDATE);
task.getFilters().put(AnyTypeKind.GROUP.name(), SyncopeClient.getGroupSearchConditionBuilder().is("name").equalTo(groupTO.getName()).query());
response = taskService.create(TaskType.PUSH, task);
PushTaskTO push = getObject(response.getLocation(), TaskService.class, PushTaskTO.class);
assertNotNull(push);
// execute the new task
ExecTO exec = execProvisioningTask(taskService, TaskType.PUSH, push.getKey(), 50, false);
assertEquals(PropagationTaskExecStatus.SUCCESS, PropagationTaskExecStatus.valueOf(exec.getStatus()));
} finally {
groupService.delete(groupTO.getKey());
if (newResourceTO != null) {
resourceService.delete(resourceName);
}
}
}
use of org.apache.syncope.common.lib.to.GroupTO in project syncope by apache.
the class LDAPMembershipPullActions method populateMemberships.
/**
* Pull Syncope memberships with the situation read on the external resource's group.
*
* @param profile pull profile
* @param delta representing the pullong group
* @param groupTO group after modification performed by the handler
* @throws JobExecutionException if anything goes wrong
*/
protected void populateMemberships(final ProvisioningProfile<?, ?> profile, final SyncDelta delta, final GroupTO groupTO) throws JobExecutionException {
Connector connector = profile.getConnector();
getMembAttrValues(delta, connector).stream().map(membValue -> {
Set<String> memb = memberships.get(membValue.toString());
if (memb == null) {
memb = new HashSet<>();
memberships.put(membValue.toString(), memb);
}
return memb;
}).forEachOrdered(memb -> {
memb.add(groupTO.getKey());
});
}
use of org.apache.syncope.common.lib.to.GroupTO in project syncope by apache.
the class ConnObjectUtils method getAnyPatch.
/**
* Build {@link AnyPatch} out of connector object attributes and schema mapping.
*
* @param key any object to be updated
* @param obj connector object
* @param original any object to get diff from
* @param pullTask pull task
* @param provision provision information
* @param anyUtils utils
* @param <T> any object
* @return modifications for the any object to be updated
*/
@SuppressWarnings("unchecked")
@Transactional(readOnly = true)
public <T extends AnyPatch> T getAnyPatch(final String key, final ConnectorObject obj, final AnyTO original, final PullTask pullTask, final Provision provision, final AnyUtils anyUtils) {
AnyTO updated = getAnyTOFromConnObject(obj, pullTask, provision, anyUtils);
updated.setKey(key);
T anyPatch = null;
if (null != anyUtils.getAnyTypeKind()) {
switch(anyUtils.getAnyTypeKind()) {
case USER:
UserTO originalUser = (UserTO) original;
UserTO updatedUser = (UserTO) updated;
if (StringUtils.isBlank(updatedUser.getUsername())) {
updatedUser.setUsername(originalUser.getUsername());
}
// update password if and only if password is really changed
User user = userDAO.authFind(key);
if (StringUtils.isBlank(updatedUser.getPassword()) || ENCRYPTOR.verify(updatedUser.getPassword(), user.getCipherAlgorithm(), user.getPassword())) {
updatedUser.setPassword(null);
}
updatedUser.setSecurityQuestion(updatedUser.getSecurityQuestion());
updatedUser.setMustChangePassword(originalUser.isMustChangePassword());
anyPatch = (T) AnyOperations.diff(updatedUser, originalUser, true);
break;
case GROUP:
GroupTO originalGroup = (GroupTO) original;
GroupTO updatedGroup = (GroupTO) updated;
if (StringUtils.isBlank(updatedGroup.getName())) {
updatedGroup.setName(originalGroup.getName());
}
updatedGroup.setUserOwner(originalGroup.getUserOwner());
updatedGroup.setGroupOwner(originalGroup.getGroupOwner());
updatedGroup.setUDynMembershipCond(originalGroup.getUDynMembershipCond());
updatedGroup.getADynMembershipConds().putAll(originalGroup.getADynMembershipConds());
updatedGroup.getTypeExtensions().addAll(originalGroup.getTypeExtensions());
anyPatch = (T) AnyOperations.diff(updatedGroup, originalGroup, true);
break;
case ANY_OBJECT:
AnyObjectTO originalAnyObject = (AnyObjectTO) original;
AnyObjectTO updatedAnyObject = (AnyObjectTO) updated;
if (StringUtils.isBlank(updatedAnyObject.getName())) {
updatedAnyObject.setName(originalAnyObject.getName());
}
anyPatch = (T) AnyOperations.diff(updatedAnyObject, originalAnyObject, true);
break;
default:
}
}
return anyPatch;
}
use of org.apache.syncope.common.lib.to.GroupTO in project syncope by apache.
the class ConnObjectUtils method getAnyTO.
/**
* Build a UserTO / GroupTO / AnyObjectTO out of connector object attributes and schema mapping.
*
* @param obj connector object
* @param pullTask pull task
* @param provision provision information
* @param anyUtils utils
* @param <T> any object
* @return UserTO for the user to be created
*/
@Transactional(readOnly = true)
public <T extends AnyTO> T getAnyTO(final ConnectorObject obj, final PullTask pullTask, final Provision provision, final AnyUtils anyUtils) {
T anyTO = getAnyTOFromConnObject(obj, pullTask, provision, anyUtils);
// (for users) if password was not set above, generate if resource is configured for that
if (anyTO instanceof UserTO && StringUtils.isBlank(((UserTO) anyTO).getPassword()) && provision.getResource().isRandomPwdIfNotProvided()) {
UserTO userTO = (UserTO) anyTO;
List<PasswordPolicy> passwordPolicies = new ArrayList<>();
Realm realm = realmDAO.findByFullPath(userTO.getRealm());
if (realm != null) {
realmDAO.findAncestors(realm).stream().filter(ancestor -> ancestor.getPasswordPolicy() != null).forEach(ancestor -> {
passwordPolicies.add(ancestor.getPasswordPolicy());
});
}
userTO.getResources().stream().map(resource -> resourceDAO.find(resource)).filter(resource -> resource != null && resource.getPasswordPolicy() != null).forEach(resource -> {
passwordPolicies.add(resource.getPasswordPolicy());
});
String password;
try {
password = passwordGenerator.generate(passwordPolicies);
} catch (InvalidPasswordRuleConf e) {
LOG.error("Could not generate policy-compliant random password for {}", userTO, e);
password = SecureRandomUtils.generateRandomPassword(16);
}
userTO.setPassword(password);
}
return anyTO;
}
use of org.apache.syncope.common.lib.to.GroupTO in project syncope by apache.
the class TemplateUtils method apply.
@Transactional(readOnly = true)
public <T extends AnyTO> void apply(final T anyTO, final AnyTO template) {
fill(anyTO, template);
MapContext jexlContext = new MapContext();
JexlUtils.addFieldsToContext(anyTO, jexlContext);
JexlUtils.addAttrTOsToContext(anyTO.getPlainAttrs(), jexlContext);
JexlUtils.addAttrTOsToContext(anyTO.getDerAttrs(), jexlContext);
JexlUtils.addAttrTOsToContext(anyTO.getVirAttrs(), jexlContext);
if (template instanceof AnyObjectTO) {
fillRelationships((GroupableRelatableTO) anyTO, ((GroupableRelatableTO) template));
fillMemberships((GroupableRelatableTO) anyTO, ((GroupableRelatableTO) template));
} else if (template instanceof UserTO) {
if (StringUtils.isNotBlank(((UserTO) template).getUsername())) {
String evaluated = JexlUtils.evaluate(((UserTO) template).getUsername(), jexlContext);
if (StringUtils.isNotBlank(evaluated)) {
((UserTO) anyTO).setUsername(evaluated);
}
}
if (StringUtils.isNotBlank(((UserTO) template).getPassword())) {
String evaluated = JexlUtils.evaluate(((UserTO) template).getPassword(), jexlContext);
if (StringUtils.isNotBlank(evaluated)) {
((UserTO) anyTO).setPassword(evaluated);
}
}
fillRelationships((GroupableRelatableTO) anyTO, ((GroupableRelatableTO) template));
fillMemberships((GroupableRelatableTO) anyTO, ((GroupableRelatableTO) template));
} else if (template instanceof GroupTO) {
if (StringUtils.isNotBlank(((GroupTO) template).getName())) {
String evaluated = JexlUtils.evaluate(((GroupTO) template).getName(), jexlContext);
if (StringUtils.isNotBlank(evaluated)) {
((GroupTO) anyTO).setName(evaluated);
}
}
if (((GroupTO) template).getUserOwner() != null) {
final User userOwner = userDAO.find(((GroupTO) template).getUserOwner());
if (userOwner != null) {
((GroupTO) anyTO).setUserOwner(userOwner.getKey());
}
}
if (((GroupTO) template).getGroupOwner() != null) {
final Group groupOwner = groupDAO.find(((GroupTO) template).getGroupOwner());
if (groupOwner != null) {
((GroupTO) anyTO).setGroupOwner(groupOwner.getKey());
}
}
}
}
Aggregations