use of org.apache.syncope.common.lib.to.MembershipTO in project testcases by coheigea.
the class SyncopeDeployer method deployUserData.
@SuppressWarnings("unchecked")
public void deployUserData() {
WebClient client = WebClient.create(address);
client = client.type("application/xml");
String authorizationHeader = "Basic " + Base64Utility.encode(("admin" + ":" + "password").getBytes());
client.header("Authorization", authorizationHeader);
client.accept("application/xml");
// Create the groups first
client = client.path("groups");
PagedResult<GroupTO> existingGroups = (PagedResult<GroupTO>) client.get(PagedResult.class);
GroupTO bossGroup = findOrCreateGroup("boss", existingGroups, client);
GroupTO employeeGroup = findOrCreateGroup("employee", existingGroups, client);
// Now create the users
client = client.replacePath("users");
PagedResult<UserTO> existingUsers = (PagedResult<UserTO>) client.get(PagedResult.class);
if (!doesUserAlreadyExist("alice", existingUsers.getResult())) {
UserTO user = new UserTO();
user.setUsername("alice");
user.setPassword("security");
user.setRealm("/");
MembershipTO membership = new MembershipTO();
membership.setGroupKey(employeeGroup.getKey());
// membership.setGroupName(employeeGroup.getName());
user.getMemberships().add(membership);
membership = new MembershipTO();
// membership.setGroupName(bossGroup.getName());
membership.setGroupKey(bossGroup.getKey());
user.getMemberships().add(membership);
client.post(user, ProvisioningResult.class);
}
if (!doesUserAlreadyExist("bob", existingUsers.getResult())) {
UserTO user = new UserTO();
user.setUsername("bob");
user.setPassword("security");
user.setRealm("/");
MembershipTO membership = new MembershipTO();
membership.setGroupKey(employeeGroup.getKey());
// membership.setGroupName(employeeGroup.getName());
user.getMemberships().add(membership);
client.post(user, ProvisioningResult.class);
}
client.close();
// Check via the client API that the users were created correctly
SyncopeClientFactoryBean clientFactory = new SyncopeClientFactoryBean().setAddress(address);
SyncopeClient syncopeClient = clientFactory.create("admin", "password");
UserService userService = syncopeClient.getService(UserService.class);
int count = userService.search(new AnyQuery.Builder().build()).getTotalCount();
Assert.assertEquals(2, count);
}
use of org.apache.syncope.common.lib.to.MembershipTO in project testcases by coheigea.
the class SyncopeRolesInterceptor method handleMessage.
public void handleMessage(Message message) throws Fault {
SecurityContext context = message.get(SecurityContext.class);
if (context == null) {
return;
}
Principal principal = context.getUserPrincipal();
UsernameToken usernameToken = (UsernameToken) message.get(SecurityToken.class);
if (principal == null || usernameToken == null || !principal.getName().equals(usernameToken.getName())) {
return;
}
// Read the user from Syncope and get the roles
WebClient client = WebClient.create(address, Collections.singletonList(new JacksonJsonProvider()));
String authorizationHeader = "Basic " + Base64Utility.encode((usernameToken.getName() + ":" + usernameToken.getPassword()).getBytes());
client.header("Authorization", authorizationHeader);
client = client.path("users/self");
UserTO user = null;
try {
user = client.get(UserTO.class);
if (user == null) {
Exception exception = new Exception("Authentication failed");
throw new Fault(exception);
}
} catch (RuntimeException ex) {
if (log.isDebugEnabled()) {
log.debug(ex.getMessage(), ex);
}
throw new Fault(ex);
}
// Now get the roles
List<MembershipTO> membershipList = user.getMemberships();
Subject subject = new Subject();
subject.getPrincipals().add(principal);
for (MembershipTO membership : membershipList) {
String roleName = membership.getGroupName();
subject.getPrincipals().add(new SimpleGroup(roleName, usernameToken.getName()));
}
subject.setReadOnly();
message.put(SecurityContext.class, new DefaultSecurityContext(principal, subject));
}
use of org.apache.syncope.common.lib.to.MembershipTO in project syncope by apache.
the class MembershipITCase method misc.
@Test
public void misc() {
UserTO user = UserITCase.getUniqueSampleTO("memb@apache.org");
user.setRealm("/even/two");
user.getPlainAttrs().add(new AttrTO.Builder().schema("aLong").value("1976").build());
user.getPlainAttrs().remove(user.getPlainAttr("ctype").get());
// the group 034740a9-fa10-453b-af37-dc7897e98fb1 has USER type extensions for 'csv' and 'other'
// any type classes
MembershipTO membership = new MembershipTO.Builder().group("034740a9-fa10-453b-af37-dc7897e98fb1").build();
membership.getPlainAttrs().add(new AttrTO.Builder().schema("aLong").value("1977").build());
// 'fullname' is in 'minimal user', so it is not allowed for this membership
membership.getPlainAttrs().add(new AttrTO.Builder().schema("fullname").value("discarded").build());
user.getMemberships().add(membership);
// user creation fails because of fullname
try {
createUser(user);
fail("This should not happen");
} catch (SyncopeClientException e) {
assertEquals(ClientExceptionType.InvalidUser, e.getType());
assertTrue(e.getMessage().contains("InvalidPlainAttr: fullname not allowed for membership of group"));
}
// remove fullname and try again
membership.getPlainAttrs().remove(membership.getPlainAttr("fullname").get());
try {
user = createUser(user).getEntity();
// 1. verify that 'aLong' is correctly populated for user
assertEquals(1, user.getPlainAttr("aLong").get().getValues().size());
assertEquals("1976", user.getPlainAttr("aLong").get().getValues().get(0));
// 2. verify that 'aLong' is correctly populated for user's membership
assertEquals(1, user.getMemberships().size());
membership = user.getMembership("034740a9-fa10-453b-af37-dc7897e98fb1").get();
assertNotNull(membership);
assertEquals(1, membership.getPlainAttr("aLong").get().getValues().size());
assertEquals("1977", membership.getPlainAttr("aLong").get().getValues().get(0));
// 3. verify that derived attrbutes from 'csv' and 'other' are also populated for user's membership
assertFalse(membership.getDerAttr("csvuserid").get().getValues().isEmpty());
assertFalse(membership.getDerAttr("noschema").get().getValues().isEmpty());
// update user - change some values and add new membership attribute
UserPatch userPatch = new UserPatch();
userPatch.setKey(user.getKey());
userPatch.getPlainAttrs().add(new AttrPatch.Builder().attrTO(new AttrTO.Builder().schema("aLong").value("1977").build()).build());
MembershipPatch membershipPatch = new MembershipPatch.Builder().group(membership.getGroupKey()).build();
membershipPatch.getPlainAttrs().add(new AttrTO.Builder().schema("aLong").value("1976").build());
membershipPatch.getPlainAttrs().add(new AttrTO.Builder().schema("ctype").value("membership type").build());
userPatch.getMemberships().add(membershipPatch);
user = updateUser(userPatch).getEntity();
// 4. verify that 'aLong' is correctly populated for user
assertEquals(1, user.getPlainAttr("aLong").get().getValues().size());
assertEquals("1977", user.getPlainAttr("aLong").get().getValues().get(0));
assertFalse(user.getPlainAttr("ctype").isPresent());
// 5. verify that 'aLong' is correctly populated for user's membership
assertEquals(1, user.getMemberships().size());
membership = user.getMembership("034740a9-fa10-453b-af37-dc7897e98fb1").get();
assertNotNull(membership);
assertEquals(1, membership.getPlainAttr("aLong").get().getValues().size());
assertEquals("1976", membership.getPlainAttr("aLong").get().getValues().get(0));
// 6. verify that 'ctype' is correctly populated for user's membership
assertEquals("membership type", membership.getPlainAttr("ctype").get().getValues().get(0));
// finally remove membership
userPatch = new UserPatch();
userPatch.setKey(user.getKey());
membershipPatch = new MembershipPatch.Builder().group(membership.getGroupKey()).operation(PatchOperation.DELETE).build();
userPatch.getMemberships().add(membershipPatch);
user = updateUser(userPatch).getEntity();
assertTrue(user.getMemberships().isEmpty());
} finally {
if (user.getKey() != null) {
userService.delete(user.getKey());
}
}
}
use of org.apache.syncope.common.lib.to.MembershipTO in project syncope by apache.
the class MembershipITCase method pull.
@Test
public void pull() {
// 0. create ad-hoc resource, with adequate mapping
ResourceTO newResource = resourceService.read(RESOURCE_NAME_DBPULL);
newResource.setKey(getUUIDString());
ItemTO item = newResource.getProvision("USER").get().getMapping().getItems().stream().filter(object -> "firstname".equals(object.getIntAttrName())).findFirst().get();
assertNotNull(item);
assertEquals("ID", item.getExtAttrName());
item.setIntAttrName("memberships[additional].aLong");
item.setPurpose(MappingPurpose.BOTH);
item = newResource.getProvision("USER").get().getMapping().getItems().stream().filter(object -> "fullname".equals(object.getIntAttrName())).findFirst().get();
item.setPurpose(MappingPurpose.PULL);
PullTaskTO newTask = null;
try {
newResource = createResource(newResource);
assertNotNull(newResource);
// 1. create user with new resource assigned
UserTO user = UserITCase.getUniqueSampleTO("memb@apache.org");
user.setRealm("/even/two");
user.getPlainAttrs().remove(user.getPlainAttr("ctype").get());
user.getResources().clear();
user.getResources().add(newResource.getKey());
MembershipTO membership = new MembershipTO.Builder().group("034740a9-fa10-453b-af37-dc7897e98fb1").build();
membership.getPlainAttrs().add(new AttrTO.Builder().schema("aLong").value("5432").build());
user.getMemberships().add(membership);
user = createUser(user).getEntity();
assertNotNull(user);
// 2. verify that user was found on resource
JdbcTemplate jdbcTemplate = new JdbcTemplate(testDataSource);
String idOnResource = queryForObject(jdbcTemplate, 50, "SELECT id FROM testpull WHERE id=?", String.class, "5432");
assertEquals("5432", idOnResource);
// 3. unlink user from resource, then remove it
DeassociationPatch patch = new DeassociationPatch();
patch.setKey(user.getKey());
patch.setAction(ResourceDeassociationAction.UNLINK);
patch.getResources().add(newResource.getKey());
assertNotNull(userService.deassociate(patch).readEntity(BulkActionResult.class));
userService.delete(user.getKey());
// 4. create pull task and execute
newTask = taskService.read(TaskType.PULL, "7c2242f4-14af-4ab5-af31-cdae23783655", true);
newTask.setResource(newResource.getKey());
newTask.setDestinationRealm("/even/two");
Response response = taskService.create(TaskType.PULL, newTask);
newTask = getObject(response.getLocation(), TaskService.class, PullTaskTO.class);
assertNotNull(newTask);
ExecTO execution = AbstractTaskITCase.execProvisioningTask(taskService, TaskType.PULL, newTask.getKey(), 50, false);
assertEquals(PropagationTaskExecStatus.SUCCESS, PropagationTaskExecStatus.valueOf(execution.getStatus()));
// 5. verify that pulled user has
PagedResult<UserTO> users = userService.search(new AnyQuery.Builder().realm("/").fiql(SyncopeClient.getUserSearchConditionBuilder().is("username").equalTo(user.getUsername()).query()).build());
assertEquals(1, users.getTotalCount());
assertEquals(1, users.getResult().get(0).getMemberships().size());
assertEquals("5432", users.getResult().get(0).getMemberships().get(0).getPlainAttr("aLong").get().getValues().get(0));
} catch (Exception e) {
LOG.error("Unexpected error", e);
fail(e.getMessage());
} finally {
if (newTask != null && !"83f7e85d-9774-43fe-adba-ccd856312994".equals(newTask.getKey())) {
taskService.delete(TaskType.PULL, newTask.getKey());
}
resourceService.delete(newResource.getKey());
}
}
use of org.apache.syncope.common.lib.to.MembershipTO in project syncope by apache.
the class AbstractAnyDataBinder method getMembershipTO.
protected MembershipTO getMembershipTO(final Collection<? extends PlainAttr<?>> plainAttrs, final Map<DerSchema, String> derAttrs, final Map<VirSchema, List<String>> virAttrs, final Membership<? extends Any<?>> membership) {
MembershipTO membershipTO = new MembershipTO.Builder().group(membership.getRightEnd().getKey(), membership.getRightEnd().getName()).build();
plainAttrs.forEach(plainAttr -> {
membershipTO.getPlainAttrs().add(new AttrTO.Builder().schema(plainAttr.getSchema().getKey()).values(plainAttr.getValuesAsStrings()).schemaInfo(schemaDataBinder.getPlainSchemaTO(plainAttr.getSchema())).build());
});
derAttrs.forEach((schema, value) -> {
membershipTO.getDerAttrs().add(new AttrTO.Builder().schema(schema.getKey()).value(value).schemaInfo(schemaDataBinder.getDerSchemaTO(schema)).build());
});
virAttrs.forEach((schema, values) -> {
membershipTO.getVirAttrs().add(new AttrTO.Builder().schema(schema.getKey()).values(values).schemaInfo(schemaDataBinder.getVirSchemaTO(schema)).build());
});
return membershipTO;
}
Aggregations