Search in sources :

Example 16 with MembershipTO

use of org.apache.syncope.common.lib.to.MembershipTO in project testcases by coheigea.

the class SyncopeDeployer method deployUserData.

@SuppressWarnings("unchecked")
public void deployUserData() {
    WebClient client = WebClient.create(address);
    client = client.type("application/xml");
    String authorizationHeader = "Basic " + Base64Utility.encode(("admin" + ":" + "password").getBytes());
    client.header("Authorization", authorizationHeader);
    client.accept("application/xml");
    // Create the groups first
    client = client.path("groups");
    PagedResult<GroupTO> existingGroups = (PagedResult<GroupTO>) client.get(PagedResult.class);
    GroupTO bossGroup = findOrCreateGroup("boss", existingGroups, client);
    GroupTO employeeGroup = findOrCreateGroup("employee", existingGroups, client);
    // Now create the users
    client = client.replacePath("users");
    PagedResult<UserTO> existingUsers = (PagedResult<UserTO>) client.get(PagedResult.class);
    if (!doesUserAlreadyExist("alice", existingUsers.getResult())) {
        UserTO user = new UserTO();
        user.setUsername("alice");
        user.setPassword("security");
        user.setRealm("/");
        MembershipTO membership = new MembershipTO();
        membership.setGroupKey(employeeGroup.getKey());
        // membership.setGroupName(employeeGroup.getName());
        user.getMemberships().add(membership);
        membership = new MembershipTO();
        // membership.setGroupName(bossGroup.getName());
        membership.setGroupKey(bossGroup.getKey());
        user.getMemberships().add(membership);
        client.post(user, ProvisioningResult.class);
    }
    if (!doesUserAlreadyExist("bob", existingUsers.getResult())) {
        UserTO user = new UserTO();
        user.setUsername("bob");
        user.setPassword("security");
        user.setRealm("/");
        MembershipTO membership = new MembershipTO();
        membership.setGroupKey(employeeGroup.getKey());
        // membership.setGroupName(employeeGroup.getName());
        user.getMemberships().add(membership);
        client.post(user, ProvisioningResult.class);
    }
    client.close();
    // Check via the client API that the users were created correctly
    SyncopeClientFactoryBean clientFactory = new SyncopeClientFactoryBean().setAddress(address);
    SyncopeClient syncopeClient = clientFactory.create("admin", "password");
    UserService userService = syncopeClient.getService(UserService.class);
    int count = userService.search(new AnyQuery.Builder().build()).getTotalCount();
    Assert.assertEquals(2, count);
}
Also used : UserService(org.apache.syncope.common.rest.api.service.UserService) WebClient(org.apache.cxf.jaxrs.client.WebClient) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) GroupTO(org.apache.syncope.common.lib.to.GroupTO) UserTO(org.apache.syncope.common.lib.to.UserTO) MembershipTO(org.apache.syncope.common.lib.to.MembershipTO) SyncopeClientFactoryBean(org.apache.syncope.client.lib.SyncopeClientFactoryBean) AnyQuery(org.apache.syncope.common.rest.api.beans.AnyQuery) PagedResult(org.apache.syncope.common.lib.to.PagedResult)

Example 17 with MembershipTO

use of org.apache.syncope.common.lib.to.MembershipTO in project testcases by coheigea.

the class SyncopeRolesInterceptor method handleMessage.

public void handleMessage(Message message) throws Fault {
    SecurityContext context = message.get(SecurityContext.class);
    if (context == null) {
        return;
    }
    Principal principal = context.getUserPrincipal();
    UsernameToken usernameToken = (UsernameToken) message.get(SecurityToken.class);
    if (principal == null || usernameToken == null || !principal.getName().equals(usernameToken.getName())) {
        return;
    }
    // Read the user from Syncope and get the roles
    WebClient client = WebClient.create(address, Collections.singletonList(new JacksonJsonProvider()));
    String authorizationHeader = "Basic " + Base64Utility.encode((usernameToken.getName() + ":" + usernameToken.getPassword()).getBytes());
    client.header("Authorization", authorizationHeader);
    client = client.path("users/self");
    UserTO user = null;
    try {
        user = client.get(UserTO.class);
        if (user == null) {
            Exception exception = new Exception("Authentication failed");
            throw new Fault(exception);
        }
    } catch (RuntimeException ex) {
        if (log.isDebugEnabled()) {
            log.debug(ex.getMessage(), ex);
        }
        throw new Fault(ex);
    }
    // Now get the roles
    List<MembershipTO> membershipList = user.getMemberships();
    Subject subject = new Subject();
    subject.getPrincipals().add(principal);
    for (MembershipTO membership : membershipList) {
        String roleName = membership.getGroupName();
        subject.getPrincipals().add(new SimpleGroup(roleName, usernameToken.getName()));
    }
    subject.setReadOnly();
    message.put(SecurityContext.class, new DefaultSecurityContext(principal, subject));
}
Also used : DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext) JacksonJsonProvider(com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider) UsernameToken(org.apache.cxf.common.security.UsernameToken) SimpleGroup(org.apache.cxf.common.security.SimpleGroup) Fault(org.apache.cxf.interceptor.Fault) WebClient(org.apache.cxf.jaxrs.client.WebClient) Subject(javax.security.auth.Subject) SecurityToken(org.apache.cxf.common.security.SecurityToken) UserTO(org.apache.syncope.common.lib.to.UserTO) MembershipTO(org.apache.syncope.common.lib.to.MembershipTO) SecurityContext(org.apache.cxf.security.SecurityContext) DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext) Principal(java.security.Principal)

Example 18 with MembershipTO

use of org.apache.syncope.common.lib.to.MembershipTO in project syncope by apache.

the class MembershipITCase method misc.

@Test
public void misc() {
    UserTO user = UserITCase.getUniqueSampleTO("memb@apache.org");
    user.setRealm("/even/two");
    user.getPlainAttrs().add(new AttrTO.Builder().schema("aLong").value("1976").build());
    user.getPlainAttrs().remove(user.getPlainAttr("ctype").get());
    // the group 034740a9-fa10-453b-af37-dc7897e98fb1 has USER type extensions for 'csv' and 'other'
    // any type classes
    MembershipTO membership = new MembershipTO.Builder().group("034740a9-fa10-453b-af37-dc7897e98fb1").build();
    membership.getPlainAttrs().add(new AttrTO.Builder().schema("aLong").value("1977").build());
    // 'fullname' is in 'minimal user', so it is not allowed for this membership
    membership.getPlainAttrs().add(new AttrTO.Builder().schema("fullname").value("discarded").build());
    user.getMemberships().add(membership);
    // user creation fails because of fullname
    try {
        createUser(user);
        fail("This should not happen");
    } catch (SyncopeClientException e) {
        assertEquals(ClientExceptionType.InvalidUser, e.getType());
        assertTrue(e.getMessage().contains("InvalidPlainAttr: fullname not allowed for membership of group"));
    }
    // remove fullname and try again
    membership.getPlainAttrs().remove(membership.getPlainAttr("fullname").get());
    try {
        user = createUser(user).getEntity();
        // 1. verify that 'aLong' is correctly populated for user
        assertEquals(1, user.getPlainAttr("aLong").get().getValues().size());
        assertEquals("1976", user.getPlainAttr("aLong").get().getValues().get(0));
        // 2. verify that 'aLong' is correctly populated for user's membership
        assertEquals(1, user.getMemberships().size());
        membership = user.getMembership("034740a9-fa10-453b-af37-dc7897e98fb1").get();
        assertNotNull(membership);
        assertEquals(1, membership.getPlainAttr("aLong").get().getValues().size());
        assertEquals("1977", membership.getPlainAttr("aLong").get().getValues().get(0));
        // 3. verify that derived attrbutes from 'csv' and 'other' are also populated for user's membership
        assertFalse(membership.getDerAttr("csvuserid").get().getValues().isEmpty());
        assertFalse(membership.getDerAttr("noschema").get().getValues().isEmpty());
        // update user - change some values and add new membership attribute
        UserPatch userPatch = new UserPatch();
        userPatch.setKey(user.getKey());
        userPatch.getPlainAttrs().add(new AttrPatch.Builder().attrTO(new AttrTO.Builder().schema("aLong").value("1977").build()).build());
        MembershipPatch membershipPatch = new MembershipPatch.Builder().group(membership.getGroupKey()).build();
        membershipPatch.getPlainAttrs().add(new AttrTO.Builder().schema("aLong").value("1976").build());
        membershipPatch.getPlainAttrs().add(new AttrTO.Builder().schema("ctype").value("membership type").build());
        userPatch.getMemberships().add(membershipPatch);
        user = updateUser(userPatch).getEntity();
        // 4. verify that 'aLong' is correctly populated for user
        assertEquals(1, user.getPlainAttr("aLong").get().getValues().size());
        assertEquals("1977", user.getPlainAttr("aLong").get().getValues().get(0));
        assertFalse(user.getPlainAttr("ctype").isPresent());
        // 5. verify that 'aLong' is correctly populated for user's membership
        assertEquals(1, user.getMemberships().size());
        membership = user.getMembership("034740a9-fa10-453b-af37-dc7897e98fb1").get();
        assertNotNull(membership);
        assertEquals(1, membership.getPlainAttr("aLong").get().getValues().size());
        assertEquals("1976", membership.getPlainAttr("aLong").get().getValues().get(0));
        // 6. verify that 'ctype' is correctly populated for user's membership
        assertEquals("membership type", membership.getPlainAttr("ctype").get().getValues().get(0));
        // finally remove membership
        userPatch = new UserPatch();
        userPatch.setKey(user.getKey());
        membershipPatch = new MembershipPatch.Builder().group(membership.getGroupKey()).operation(PatchOperation.DELETE).build();
        userPatch.getMemberships().add(membershipPatch);
        user = updateUser(userPatch).getEntity();
        assertTrue(user.getMemberships().isEmpty());
    } finally {
        if (user.getKey() != null) {
            userService.delete(user.getKey());
        }
    }
}
Also used : MembershipPatch(org.apache.syncope.common.lib.patch.MembershipPatch) UserTO(org.apache.syncope.common.lib.to.UserTO) MembershipTO(org.apache.syncope.common.lib.to.MembershipTO) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) UserPatch(org.apache.syncope.common.lib.patch.UserPatch) AttrPatch(org.apache.syncope.common.lib.patch.AttrPatch) Test(org.junit.jupiter.api.Test)

Example 19 with MembershipTO

use of org.apache.syncope.common.lib.to.MembershipTO in project syncope by apache.

the class MembershipITCase method pull.

@Test
public void pull() {
    // 0. create ad-hoc resource, with adequate mapping
    ResourceTO newResource = resourceService.read(RESOURCE_NAME_DBPULL);
    newResource.setKey(getUUIDString());
    ItemTO item = newResource.getProvision("USER").get().getMapping().getItems().stream().filter(object -> "firstname".equals(object.getIntAttrName())).findFirst().get();
    assertNotNull(item);
    assertEquals("ID", item.getExtAttrName());
    item.setIntAttrName("memberships[additional].aLong");
    item.setPurpose(MappingPurpose.BOTH);
    item = newResource.getProvision("USER").get().getMapping().getItems().stream().filter(object -> "fullname".equals(object.getIntAttrName())).findFirst().get();
    item.setPurpose(MappingPurpose.PULL);
    PullTaskTO newTask = null;
    try {
        newResource = createResource(newResource);
        assertNotNull(newResource);
        // 1. create user with new resource assigned
        UserTO user = UserITCase.getUniqueSampleTO("memb@apache.org");
        user.setRealm("/even/two");
        user.getPlainAttrs().remove(user.getPlainAttr("ctype").get());
        user.getResources().clear();
        user.getResources().add(newResource.getKey());
        MembershipTO membership = new MembershipTO.Builder().group("034740a9-fa10-453b-af37-dc7897e98fb1").build();
        membership.getPlainAttrs().add(new AttrTO.Builder().schema("aLong").value("5432").build());
        user.getMemberships().add(membership);
        user = createUser(user).getEntity();
        assertNotNull(user);
        // 2. verify that user was found on resource
        JdbcTemplate jdbcTemplate = new JdbcTemplate(testDataSource);
        String idOnResource = queryForObject(jdbcTemplate, 50, "SELECT id FROM testpull WHERE id=?", String.class, "5432");
        assertEquals("5432", idOnResource);
        // 3. unlink user from resource, then remove it
        DeassociationPatch patch = new DeassociationPatch();
        patch.setKey(user.getKey());
        patch.setAction(ResourceDeassociationAction.UNLINK);
        patch.getResources().add(newResource.getKey());
        assertNotNull(userService.deassociate(patch).readEntity(BulkActionResult.class));
        userService.delete(user.getKey());
        // 4. create pull task and execute
        newTask = taskService.read(TaskType.PULL, "7c2242f4-14af-4ab5-af31-cdae23783655", true);
        newTask.setResource(newResource.getKey());
        newTask.setDestinationRealm("/even/two");
        Response response = taskService.create(TaskType.PULL, newTask);
        newTask = getObject(response.getLocation(), TaskService.class, PullTaskTO.class);
        assertNotNull(newTask);
        ExecTO execution = AbstractTaskITCase.execProvisioningTask(taskService, TaskType.PULL, newTask.getKey(), 50, false);
        assertEquals(PropagationTaskExecStatus.SUCCESS, PropagationTaskExecStatus.valueOf(execution.getStatus()));
        // 5. verify that pulled user has
        PagedResult<UserTO> users = userService.search(new AnyQuery.Builder().realm("/").fiql(SyncopeClient.getUserSearchConditionBuilder().is("username").equalTo(user.getUsername()).query()).build());
        assertEquals(1, users.getTotalCount());
        assertEquals(1, users.getResult().get(0).getMemberships().size());
        assertEquals("5432", users.getResult().get(0).getMemberships().get(0).getPlainAttr("aLong").get().getValues().get(0));
    } catch (Exception e) {
        LOG.error("Unexpected error", e);
        fail(e.getMessage());
    } finally {
        if (newTask != null && !"83f7e85d-9774-43fe-adba-ccd856312994".equals(newTask.getKey())) {
            taskService.delete(TaskType.PULL, newTask.getKey());
        }
        resourceService.delete(newResource.getKey());
    }
}
Also used : Assertions.fail(org.junit.jupiter.api.Assertions.fail) Assertions.assertNotNull(org.junit.jupiter.api.Assertions.assertNotNull) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) TaskService(org.apache.syncope.common.rest.api.service.TaskService) PropagationTaskExecStatus(org.apache.syncope.common.lib.types.PropagationTaskExecStatus) AttrTO(org.apache.syncope.common.lib.to.AttrTO) Autowired(org.springframework.beans.factory.annotation.Autowired) UserPatch(org.apache.syncope.common.lib.patch.UserPatch) ResourceDeassociationAction(org.apache.syncope.common.lib.types.ResourceDeassociationAction) JdbcTemplate(org.springframework.jdbc.core.JdbcTemplate) AnyTypeKind(org.apache.syncope.common.lib.types.AnyTypeKind) SpringJUnitConfig(org.springframework.test.context.junit.jupiter.SpringJUnitConfig) MembershipPatch(org.apache.syncope.common.lib.patch.MembershipPatch) Assertions.assertFalse(org.junit.jupiter.api.Assertions.assertFalse) DataSource(javax.sql.DataSource) ItemTO(org.apache.syncope.common.lib.to.ItemTO) ClientExceptionType(org.apache.syncope.common.lib.types.ClientExceptionType) Assertions.assertEquals(org.junit.jupiter.api.Assertions.assertEquals) AbstractITCase(org.apache.syncope.fit.AbstractITCase) AnyQuery(org.apache.syncope.common.rest.api.beans.AnyQuery) MembershipTO(org.apache.syncope.common.lib.to.MembershipTO) PagedResult(org.apache.syncope.common.lib.to.PagedResult) ExecTO(org.apache.syncope.common.lib.to.ExecTO) ResourceTO(org.apache.syncope.common.lib.to.ResourceTO) BulkActionResult(org.apache.syncope.common.lib.to.BulkActionResult) GroupTO(org.apache.syncope.common.lib.to.GroupTO) Test(org.junit.jupiter.api.Test) AttrPatch(org.apache.syncope.common.lib.patch.AttrPatch) TypeExtensionTO(org.apache.syncope.common.lib.to.TypeExtensionTO) Response(javax.ws.rs.core.Response) MappingPurpose(org.apache.syncope.common.lib.types.MappingPurpose) DeassociationPatch(org.apache.syncope.common.lib.patch.DeassociationPatch) PatchOperation(org.apache.syncope.common.lib.types.PatchOperation) Assertions.assertTrue(org.junit.jupiter.api.Assertions.assertTrue) PullTaskTO(org.apache.syncope.common.lib.to.PullTaskTO) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) UserTO(org.apache.syncope.common.lib.to.UserTO) TaskType(org.apache.syncope.common.lib.types.TaskType) ExecTO(org.apache.syncope.common.lib.to.ExecTO) TaskService(org.apache.syncope.common.rest.api.service.TaskService) JdbcTemplate(org.springframework.jdbc.core.JdbcTemplate) ItemTO(org.apache.syncope.common.lib.to.ItemTO) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) Response(javax.ws.rs.core.Response) DeassociationPatch(org.apache.syncope.common.lib.patch.DeassociationPatch) ResourceTO(org.apache.syncope.common.lib.to.ResourceTO) UserTO(org.apache.syncope.common.lib.to.UserTO) MembershipTO(org.apache.syncope.common.lib.to.MembershipTO) PullTaskTO(org.apache.syncope.common.lib.to.PullTaskTO) BulkActionResult(org.apache.syncope.common.lib.to.BulkActionResult) Test(org.junit.jupiter.api.Test)

Example 20 with MembershipTO

use of org.apache.syncope.common.lib.to.MembershipTO in project syncope by apache.

the class AbstractAnyDataBinder method getMembershipTO.

protected MembershipTO getMembershipTO(final Collection<? extends PlainAttr<?>> plainAttrs, final Map<DerSchema, String> derAttrs, final Map<VirSchema, List<String>> virAttrs, final Membership<? extends Any<?>> membership) {
    MembershipTO membershipTO = new MembershipTO.Builder().group(membership.getRightEnd().getKey(), membership.getRightEnd().getName()).build();
    plainAttrs.forEach(plainAttr -> {
        membershipTO.getPlainAttrs().add(new AttrTO.Builder().schema(plainAttr.getSchema().getKey()).values(plainAttr.getValuesAsStrings()).schemaInfo(schemaDataBinder.getPlainSchemaTO(plainAttr.getSchema())).build());
    });
    derAttrs.forEach((schema, value) -> {
        membershipTO.getDerAttrs().add(new AttrTO.Builder().schema(schema.getKey()).value(value).schemaInfo(schemaDataBinder.getDerSchemaTO(schema)).build());
    });
    virAttrs.forEach((schema, values) -> {
        membershipTO.getVirAttrs().add(new AttrTO.Builder().schema(schema.getKey()).values(values).schemaInfo(schemaDataBinder.getVirSchemaTO(schema)).build());
    });
    return membershipTO;
}
Also used : MembershipTO(org.apache.syncope.common.lib.to.MembershipTO) AttrTO(org.apache.syncope.common.lib.to.AttrTO)

Aggregations

MembershipTO (org.apache.syncope.common.lib.to.MembershipTO)23 UserTO (org.apache.syncope.common.lib.to.UserTO)18 AttrTO (org.apache.syncope.common.lib.to.AttrTO)15 GroupTO (org.apache.syncope.common.lib.to.GroupTO)12 Map (java.util.Map)11 Set (java.util.Set)9 SerializationUtils (org.apache.commons.lang3.SerializationUtils)9 AttrPatch (org.apache.syncope.common.lib.patch.AttrPatch)9 StringUtils (org.apache.commons.lang3.StringUtils)8 AnyObjectTO (org.apache.syncope.common.lib.to.AnyObjectTO)8 PatchOperation (org.apache.syncope.common.lib.types.PatchOperation)8 List (java.util.List)7 Optional (java.util.Optional)7 UserPatch (org.apache.syncope.common.lib.patch.UserPatch)7 AnyTO (org.apache.syncope.common.lib.to.AnyTO)7 Test (org.junit.jupiter.api.Test)7 Collections (java.util.Collections)6 Response (javax.ws.rs.core.Response)6 SyncopeClientException (org.apache.syncope.common.lib.SyncopeClientException)6 StringPatchItem (org.apache.syncope.common.lib.patch.StringPatchItem)6