use of org.apache.syncope.common.lib.to.ResourceTO in project syncope by apache.
the class AbstractITCase method getLdapResourceDirContext.
@SuppressWarnings({ "unchecked", "rawtypes", "UseOfObsoleteCollectionType" })
protected InitialDirContext getLdapResourceDirContext(final String bindDn, final String bindPwd) throws NamingException {
ResourceTO ldapRes = resourceService.read(RESOURCE_NAME_LDAP);
ConnInstanceTO ldapConn = connectorService.read(ldapRes.getConnector(), Locale.ENGLISH.getLanguage());
Properties env = new Properties();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://" + ldapConn.getConf("host").get().getValues().get(0) + ":" + ldapConn.getConf("port").get().getValues().get(0) + "/");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, bindDn == null ? ldapConn.getConf("principal").get().getValues().get(0) : bindDn);
env.put(Context.SECURITY_CREDENTIALS, bindPwd == null ? ldapConn.getConf("credentials").get().getValues().get(0) : bindPwd);
return new InitialDirContext(env);
}
use of org.apache.syncope.common.lib.to.ResourceTO in project syncope by apache.
the class UserITCase method suspendReactivateOnResource.
@Test
public void suspendReactivateOnResource() {
// Assert resources are present
ResourceTO dbTable = resourceService.read(RESOURCE_NAME_TESTDB);
assertNotNull(dbTable);
ResourceTO ldap = resourceService.read(RESOURCE_NAME_LDAP);
assertNotNull(ldap);
// Create user with reference to resources
UserTO userTO = getUniqueSampleTO("suspreactonresource@syncope.apache.org");
userTO.getMemberships().clear();
userTO.getResources().clear();
userTO.getResources().add(RESOURCE_NAME_TESTDB);
userTO.getResources().add(RESOURCE_NAME_LDAP);
userTO = createUser(userTO).getEntity();
assertNotNull(userTO);
assertEquals(FlowableDetector.isFlowableEnabledForUsers(syncopeService) ? "active" : "created", userTO.getStatus());
String userKey = userTO.getKey();
// Suspend with effect on syncope, ldap and db => user should be suspended in syncope and all resources
StatusPatch statusPatch = new StatusPatch.Builder().key(userKey).type(StatusPatchType.SUSPEND).onSyncope(true).resources(RESOURCE_NAME_TESTDB, RESOURCE_NAME_LDAP).build();
userTO = userService.status(statusPatch).readEntity(new GenericType<ProvisioningResult<UserTO>>() {
}).getEntity();
assertNotNull(userTO);
assertEquals("suspended", userTO.getStatus());
ConnObjectTO connObjectTO = resourceService.readConnObject(RESOURCE_NAME_TESTDB, AnyTypeKind.USER.name(), userKey);
assertFalse(getBooleanAttribute(connObjectTO, OperationalAttributes.ENABLE_NAME));
connObjectTO = resourceService.readConnObject(RESOURCE_NAME_LDAP, AnyTypeKind.USER.name(), userKey);
assertNotNull(connObjectTO);
// Suspend and reactivate only on ldap => db and syncope should still show suspended
statusPatch = new StatusPatch.Builder().key(userKey).type(StatusPatchType.SUSPEND).onSyncope(false).resources(RESOURCE_NAME_LDAP).build();
userService.status(statusPatch);
statusPatch.setType(StatusPatchType.REACTIVATE);
userTO = userService.status(statusPatch).readEntity(new GenericType<ProvisioningResult<UserTO>>() {
}).getEntity();
assertNotNull(userTO);
assertEquals("suspended", userTO.getStatus());
connObjectTO = resourceService.readConnObject(RESOURCE_NAME_TESTDB, AnyTypeKind.USER.name(), userKey);
assertFalse(getBooleanAttribute(connObjectTO, OperationalAttributes.ENABLE_NAME));
// Reactivate on syncope and db => syncope and db should show the user as active
statusPatch = new StatusPatch.Builder().key(userKey).type(StatusPatchType.REACTIVATE).onSyncope(true).resources(RESOURCE_NAME_TESTDB).build();
userTO = userService.status(statusPatch).readEntity(new GenericType<ProvisioningResult<UserTO>>() {
}).getEntity();
assertNotNull(userTO);
assertEquals("active", userTO.getStatus());
connObjectTO = resourceService.readConnObject(RESOURCE_NAME_TESTDB, AnyTypeKind.USER.name(), userKey);
assertTrue(getBooleanAttribute(connObjectTO, OperationalAttributes.ENABLE_NAME));
}
use of org.apache.syncope.common.lib.to.ResourceTO in project syncope by apache.
the class UserIssuesITCase method issueSYNCOPE391.
@Test
public void issueSYNCOPE391() {
// 1. create user on Syncope with null password
UserTO userTO = UserITCase.getUniqueSampleTO("syncope391@syncope.apache.org");
userTO.setPassword(null);
userTO = createUser(userTO, false).getEntity();
assertNotNull(userTO);
assertNull(userTO.getPassword());
// 2. create existing user on csv and check that password on Syncope is null and that password on resource
// doesn't change
userTO = new UserTO();
userTO.setRealm(SyncopeConstants.ROOT_REALM);
userTO.setPassword(null);
userTO.setUsername("syncope391@syncope.apache.org");
userTO.getPlainAttrs().add(attrTO("fullname", "fullname"));
userTO.getPlainAttrs().add(attrTO("firstname", "nome0"));
userTO.getPlainAttrs().add(attrTO("surname", "cognome0"));
userTO.getPlainAttrs().add(attrTO("userId", "syncope391@syncope.apache.org"));
userTO.getPlainAttrs().add(attrTO("email", "syncope391@syncope.apache.org"));
userTO.getAuxClasses().add("csv");
userTO.getResources().add(RESOURCE_NAME_CSV);
userTO = createUser(userTO, false).getEntity();
assertNotNull(userTO);
ConnObjectTO connObjectTO = resourceService.readConnObject(RESOURCE_NAME_CSV, AnyTypeKind.USER.name(), userTO.getKey());
assertNotNull(connObjectTO);
// check if password has not changed
assertEquals("password0", connObjectTO.getAttr(OperationalAttributes.PASSWORD_NAME).get().getValues().get(0));
assertNull(userTO.getPassword());
// 3. create user with not null password and propagate onto resource-csv, specify not to save password on
// Syncope local storage
userTO = UserITCase.getUniqueSampleTO("syncope391@syncope.apache.org");
userTO.setPassword("passwordTESTNULL1");
userTO.getVirAttrs().clear();
userTO.getAuxClasses().add("csv");
userTO.getResources().add(RESOURCE_NAME_CSV);
userTO = createUser(userTO, false).getEntity();
assertNotNull(userTO);
connObjectTO = resourceService.readConnObject(RESOURCE_NAME_CSV, AnyTypeKind.USER.name(), userTO.getKey());
assertNotNull(connObjectTO);
// check if password has been propagated and that saved userTO's password is null
assertEquals("passwordTESTNULL1", connObjectTO.getAttr(OperationalAttributes.PASSWORD_NAME).get().getValues().get(0));
assertNull(userTO.getPassword());
// 4. create user and propagate password on resource-csv and on Syncope local storage
userTO = UserITCase.getUniqueSampleTO("syncope391@syncope.apache.org");
userTO.setPassword("passwordTESTNULL1");
userTO.getVirAttrs().clear();
userTO.getAuxClasses().add("csv");
userTO.getResources().add(RESOURCE_NAME_CSV);
// storePassword true by default
userTO = createUser(userTO).getEntity();
assertNotNull(userTO);
connObjectTO = resourceService.readConnObject(RESOURCE_NAME_CSV, AnyTypeKind.USER.name(), userTO.getKey());
assertNotNull(connObjectTO);
// check if password has been correctly propagated on Syncope and resource-csv as usual
assertEquals("passwordTESTNULL1", connObjectTO.getAttr(OperationalAttributes.PASSWORD_NAME).get().getValues().get(0));
Pair<Map<String, Set<String>>, UserTO> self = clientFactory.create(userTO.getUsername(), "passwordTESTNULL1").self();
assertNotNull(self);
// 4. add password policy to resource with passwordNotStore to false --> must store password
ResourceTO csv = resourceService.read(RESOURCE_NAME_CSV);
assertNotNull(csv);
try {
csv.setPasswordPolicy("55e5de0b-c79c-4e66-adda-251b6fb8579a");
resourceService.update(csv);
csv = resourceService.read(RESOURCE_NAME_CSV);
assertEquals("55e5de0b-c79c-4e66-adda-251b6fb8579a", csv.getPasswordPolicy());
userTO = UserITCase.getUniqueSampleTO("syncope391@syncope.apache.org");
userTO.setPassword(null);
userTO.getVirAttrs().clear();
userTO.getAuxClasses().add("csv");
userTO.getResources().add(RESOURCE_NAME_CSV);
createUser(userTO, false);
fail("This should not happen");
} catch (SyncopeClientException e) {
assertEquals(ClientExceptionType.InvalidUser, e.getType());
assertTrue(e.getMessage().contains("Password mandatory"));
} finally {
// resource csv with null password policy
csv.setPasswordPolicy(null);
resourceService.update(csv);
}
}
use of org.apache.syncope.common.lib.to.ResourceTO in project syncope by apache.
the class UserIssuesITCase method issueSYNCOPE505LDAP.
@Test
public void issueSYNCOPE505LDAP() throws Exception {
// 1. create user
UserTO user = UserITCase.getUniqueSampleTO("syncope505-ldap@syncope.apache.org");
user.setPassword("security123");
user = createUser(user).getEntity();
assertNotNull(user);
assertTrue(user.getResources().isEmpty());
// 2. Add LDAPPasswordPropagationActions
ImplementationTO propagationActions = new ImplementationTO();
propagationActions.setKey(LDAPPasswordPropagationActions.class.getSimpleName());
propagationActions.setEngine(ImplementationEngine.JAVA);
propagationActions.setType(ImplementationType.PROPAGATION_ACTIONS);
propagationActions.setBody(LDAPPasswordPropagationActions.class.getName());
Response response = implementationService.create(propagationActions);
propagationActions = implementationService.read(propagationActions.getType(), response.getHeaderString(RESTHeaders.RESOURCE_KEY));
assertNotNull(propagationActions);
ResourceTO resourceTO = resourceService.read(RESOURCE_NAME_LDAP);
assertNotNull(resourceTO);
resourceTO.getPropagationActions().add(propagationActions.getKey());
resourceTO.setRandomPwdIfNotProvided(false);
resourceService.update(resourceTO);
// 3. Add a resource to the User
UserPatch userPatch = new UserPatch();
userPatch.setKey(user.getKey());
userPatch.getResources().add(new StringPatchItem.Builder().operation(PatchOperation.ADD_REPLACE).value(RESOURCE_NAME_LDAP).build());
userPatch.setPassword(new PasswordPatch.Builder().onSyncope(false).resource(RESOURCE_NAME_LDAP).build());
user = updateUser(userPatch).getEntity();
assertNotNull(user);
assertEquals(1, user.getResources().size());
// 4. Check that the LDAP resource has the correct password
ConnObjectTO connObject = resourceService.readConnObject(RESOURCE_NAME_LDAP, AnyTypeKind.USER.name(), user.getKey());
assertNotNull(getLdapRemoteObject(connObject.getAttr(Name.NAME).get().getValues().get(0), "security123", connObject.getAttr(Name.NAME).get().getValues().get(0)));
// 5. Remove LDAPPasswordPropagationActions
resourceTO = resourceService.read(RESOURCE_NAME_LDAP);
assertNotNull(resourceTO);
resourceTO.getPropagationActions().remove(propagationActions.getKey());
resourceTO.setRandomPwdIfNotProvided(true);
resourceService.update(resourceTO);
}
use of org.apache.syncope.common.lib.to.ResourceTO in project syncope by apache.
the class UserIssuesITCase method issueSYNCOPE493.
@Test
public void issueSYNCOPE493() {
// 1. create user and check that firstname is not propagated on resource with mapping for firstname set to NONE
UserTO userTO = UserITCase.getUniqueSampleTO("493@test.org");
userTO.getResources().add(RESOURCE_NAME_WS1);
ProvisioningResult<UserTO> result = createUser(userTO);
assertNotNull(userTO);
assertEquals(1, result.getPropagationStatuses().size());
assertEquals(PropagationTaskExecStatus.SUCCESS, result.getPropagationStatuses().get(0).getStatus());
userTO = result.getEntity();
ConnObjectTO actual = resourceService.readConnObject(RESOURCE_NAME_WS1, AnyTypeKind.USER.name(), userTO.getKey());
assertNotNull(actual);
// check if mapping attribute with purpose NONE really hasn't been propagated
assertFalse(actual.getAttr("NAME").isPresent());
// 2. update resource ws-target-resource-1
ResourceTO ws1 = resourceService.read(RESOURCE_NAME_WS1);
assertNotNull(ws1);
MappingTO ws1NewUMapping = ws1.getProvision(AnyTypeKind.USER.name()).get().getMapping();
// change purpose from NONE to BOTH
for (ItemTO itemTO : ws1NewUMapping.getItems()) {
if ("firstname".equals(itemTO.getIntAttrName())) {
itemTO.setPurpose(MappingPurpose.BOTH);
}
}
ws1.getProvision(AnyTypeKind.USER.name()).get().setMapping(ws1NewUMapping);
resourceService.update(ws1);
ResourceTO newWs1 = resourceService.read(ws1.getKey());
assertNotNull(newWs1);
// check for existence
Collection<ItemTO> mapItems = newWs1.getProvision(AnyTypeKind.USER.name()).get().getMapping().getItems();
assertNotNull(mapItems);
assertEquals(7, mapItems.size());
// 3. update user and check firstname propagation
UserPatch userPatch = new UserPatch();
userPatch.setKey(userTO.getKey());
userPatch.setPassword(new PasswordPatch());
userPatch.getPlainAttrs().add(attrAddReplacePatch("firstname", "firstnameNew"));
result = updateUser(userPatch);
assertNotNull(userTO);
assertEquals(1, result.getPropagationStatuses().size());
assertEquals(PropagationTaskExecStatus.SUCCESS, result.getPropagationStatuses().get(0).getStatus());
userTO = result.getEntity();
ConnObjectTO newUser = resourceService.readConnObject(RESOURCE_NAME_WS1, AnyTypeKind.USER.name(), userTO.getKey());
assertNotNull(newUser.getAttr("NAME"));
assertEquals("firstnameNew", newUser.getAttr("NAME").get().getValues().get(0));
// 4. restore resource ws-target-resource-1 mapping
ws1NewUMapping = newWs1.getProvision(AnyTypeKind.USER.name()).get().getMapping();
// restore purpose from BOTH to NONE
for (ItemTO itemTO : ws1NewUMapping.getItems()) {
if ("firstname".equals(itemTO.getIntAttrName())) {
itemTO.setPurpose(MappingPurpose.NONE);
}
}
newWs1.getProvision(AnyTypeKind.USER.name()).get().setMapping(ws1NewUMapping);
resourceService.update(newWs1);
}
Aggregations