Search in sources :

Example 1 with Implementation

use of org.apache.syncope.core.persistence.api.entity.Implementation in project syncope by apache.

the class JPAImplementationDAO method save.

@Override
public Implementation save(final Implementation implementation) {
    Implementation merged = entityManager().merge(implementation);
    ImplementationManager.purge(merged.getKey());
    return merged;
}
Also used : JPAImplementation(org.apache.syncope.core.persistence.jpa.entity.JPAImplementation) Implementation(org.apache.syncope.core.persistence.api.entity.Implementation)

Example 2 with Implementation

use of org.apache.syncope.core.persistence.api.entity.Implementation in project syncope by apache.

the class JPAUserDAO method enforcePolicies.

@Transactional(readOnly = true)
@Override
public Pair<Boolean, Boolean> enforcePolicies(final User user) {
    // ------------------------------
    // Verify password policies
    // ------------------------------
    LOG.debug("Password Policy enforcement");
    try {
        int maxPPSpecHistory = 0;
        for (PasswordPolicy policy : getPasswordPolicies(user)) {
            if (user.getPassword() == null && !policy.isAllowNullPassword()) {
                throw new PasswordPolicyException("Password mandatory");
            }
            for (Implementation impl : policy.getRules()) {
                Optional<PasswordRule> rule = ImplementationManager.buildPasswordRule(impl);
                if (rule.isPresent()) {
                    rule.get().enforce(user);
                }
            }
            if (user.verifyPasswordHistory(user.getClearPassword(), policy.getHistoryLength())) {
                throw new PasswordPolicyException("Password value was used in the past: not allowed");
            }
            if (policy.getHistoryLength() > maxPPSpecHistory) {
                maxPPSpecHistory = policy.getHistoryLength();
            }
        }
        // update user's password history with encrypted password
        if (maxPPSpecHistory > 0 && user.getPassword() != null && !user.getPasswordHistory().contains(user.getPassword())) {
            user.getPasswordHistory().add(user.getPassword());
        }
        // keep only the last maxPPSpecHistory items in user's password history
        if (maxPPSpecHistory < user.getPasswordHistory().size()) {
            for (int i = 0; i < user.getPasswordHistory().size() - maxPPSpecHistory; i++) {
                user.getPasswordHistory().remove(i);
            }
        }
    } catch (Exception e) {
        LOG.error("Invalid password for {}", user, e);
        throw new InvalidEntityException(User.class, EntityViolationType.InvalidPassword, e.getMessage());
    } finally {
        // password has been validated, let's remove its clear version
        user.removeClearPassword();
    }
    // ------------------------------
    // Verify account policies
    // ------------------------------
    LOG.debug("Account Policy enforcement");
    boolean suspend = false;
    boolean propagateSuspension = false;
    try {
        if (user.getUsername() == null) {
            throw new AccountPolicyException("Null username");
        }
        if (adminUser.equals(user.getUsername()) || anonymousUser.equals(user.getUsername())) {
            throw new AccountPolicyException("Not allowed: " + user.getUsername());
        }
        if (!USERNAME_PATTERN.matcher(user.getUsername()).matches()) {
            throw new AccountPolicyException("Character(s) not allowed");
        }
        for (AccountPolicy policy : getAccountPolicies(user)) {
            for (Implementation impl : policy.getRules()) {
                Optional<AccountRule> rule = ImplementationManager.buildAccountRule(impl);
                if (rule.isPresent()) {
                    rule.get().enforce(user);
                }
            }
            suspend |= user.getFailedLogins() != null && policy.getMaxAuthenticationAttempts() > 0 && user.getFailedLogins() > policy.getMaxAuthenticationAttempts() && !user.isSuspended();
            propagateSuspension |= policy.isPropagateSuspension();
        }
    } catch (Exception e) {
        LOG.error("Invalid username for {}", user, e);
        throw new InvalidEntityException(User.class, EntityViolationType.InvalidUsername, e.getMessage());
    }
    return ImmutablePair.of(suspend, propagateSuspension);
}
Also used : PasswordRule(org.apache.syncope.core.persistence.api.dao.PasswordRule) AccountRule(org.apache.syncope.core.persistence.api.dao.AccountRule) JPAUser(org.apache.syncope.core.persistence.jpa.entity.user.JPAUser) User(org.apache.syncope.core.persistence.api.entity.user.User) AccountPolicyException(org.apache.syncope.core.provisioning.api.utils.policy.AccountPolicyException) Implementation(org.apache.syncope.core.persistence.api.entity.Implementation) NoResultException(javax.persistence.NoResultException) AccountPolicyException(org.apache.syncope.core.provisioning.api.utils.policy.AccountPolicyException) PasswordPolicyException(org.apache.syncope.core.provisioning.api.utils.policy.PasswordPolicyException) DelegatedAdministrationException(org.apache.syncope.core.spring.security.DelegatedAdministrationException) InvalidEntityException(org.apache.syncope.core.persistence.api.attrvalue.validation.InvalidEntityException) InvalidEntityException(org.apache.syncope.core.persistence.api.attrvalue.validation.InvalidEntityException) AccountPolicy(org.apache.syncope.core.persistence.api.entity.policy.AccountPolicy) PasswordPolicyException(org.apache.syncope.core.provisioning.api.utils.policy.PasswordPolicyException) PasswordPolicy(org.apache.syncope.core.persistence.api.entity.policy.PasswordPolicy) Transactional(org.springframework.transaction.annotation.Transactional)

Example 3 with Implementation

use of org.apache.syncope.core.persistence.api.entity.Implementation in project syncope by apache.

the class SchemaDataBinderImpl method fill.

// --------------- PLAIN -----------------
private PlainSchema fill(final PlainSchema schema, final PlainSchemaTO schemaTO) {
    if (!JexlUtils.isExpressionValid(schemaTO.getMandatoryCondition())) {
        SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidValues);
        sce.getElements().add(schemaTO.getMandatoryCondition());
        throw sce;
    }
    BeanUtils.copyProperties(schemaTO, schema, IGNORE_PROPERTIES);
    if (schemaTO.getValidator() == null) {
        schema.setValidator(null);
    } else {
        Implementation validator = implementationDAO.find(schemaTO.getValidator());
        if (validator == null) {
            LOG.debug("Invalid " + Implementation.class.getSimpleName() + " {}, ignoring...", schemaTO.getValidator());
        } else {
            schema.setValidator(validator);
        }
    }
    PlainSchema merged = plainSchemaDAO.save(schema);
    if (schemaTO.getAnyTypeClass() != null && (merged.getAnyTypeClass() == null || !schemaTO.getAnyTypeClass().equals(merged.getAnyTypeClass().getKey()))) {
        AnyTypeClass anyTypeClass = anyTypeClassDAO.find(schemaTO.getAnyTypeClass());
        if (anyTypeClass == null) {
            LOG.debug("Invalid " + AnyTypeClass.class.getSimpleName() + "{}, ignoring...", schemaTO.getAnyTypeClass());
        } else {
            anyTypeClass.add(merged);
            merged.setAnyTypeClass(anyTypeClass);
        }
    } else if (schemaTO.getAnyTypeClass() == null && merged.getAnyTypeClass() != null) {
        merged.getAnyTypeClass().getPlainSchemas().remove(merged);
        merged.setAnyTypeClass(null);
    }
    return merged;
}
Also used : SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) PlainSchema(org.apache.syncope.core.persistence.api.entity.PlainSchema) AnyTypeClass(org.apache.syncope.core.persistence.api.entity.AnyTypeClass) Implementation(org.apache.syncope.core.persistence.api.entity.Implementation)

Example 4 with Implementation

use of org.apache.syncope.core.persistence.api.entity.Implementation in project syncope by apache.

the class PolicyDataBinderImpl method getPolicy.

@SuppressWarnings("unchecked")
private <T extends Policy> T getPolicy(final T policy, final PolicyTO policyTO) {
    T result = policy;
    if (policyTO instanceof PasswordPolicyTO) {
        if (result == null) {
            result = (T) entityFactory.newEntity(PasswordPolicy.class);
        }
        PasswordPolicy passwordPolicy = PasswordPolicy.class.cast(result);
        PasswordPolicyTO passwordPolicyTO = PasswordPolicyTO.class.cast(policyTO);
        passwordPolicy.setAllowNullPassword(passwordPolicyTO.isAllowNullPassword());
        passwordPolicy.setHistoryLength(passwordPolicyTO.getHistoryLength());
        passwordPolicyTO.getRules().forEach(ruleKey -> {
            Implementation rule = implementationDAO.find(ruleKey);
            if (rule == null) {
                LOG.debug("Invalid " + Implementation.class.getSimpleName() + " {}, ignoring...", ruleKey);
            } else {
                passwordPolicy.add(rule);
            }
        });
        // remove all implementations not contained in the TO
        passwordPolicy.getRules().removeIf(implementation -> !passwordPolicyTO.getRules().contains(implementation.getKey()));
    } else if (policyTO instanceof AccountPolicyTO) {
        if (result == null) {
            result = (T) entityFactory.newEntity(AccountPolicy.class);
        }
        AccountPolicy accountPolicy = AccountPolicy.class.cast(result);
        AccountPolicyTO accountPolicyTO = AccountPolicyTO.class.cast(policyTO);
        accountPolicy.setMaxAuthenticationAttempts(accountPolicyTO.getMaxAuthenticationAttempts());
        accountPolicy.setPropagateSuspension(accountPolicyTO.isPropagateSuspension());
        accountPolicyTO.getRules().forEach(ruleKey -> {
            Implementation rule = implementationDAO.find(ruleKey);
            if (rule == null) {
                LOG.debug("Invalid " + Implementation.class.getSimpleName() + " {}, ignoring...", ruleKey);
            } else {
                accountPolicy.add(rule);
            }
        });
        // remove all implementations not contained in the TO
        accountPolicy.getRules().removeIf(implementation -> !accountPolicyTO.getRules().contains(implementation.getKey()));
        accountPolicy.getResources().clear();
        accountPolicyTO.getPassthroughResources().forEach(resourceName -> {
            ExternalResource resource = resourceDAO.find(resourceName);
            if (resource == null) {
                LOG.debug("Ignoring invalid resource {} ", resourceName);
            } else {
                accountPolicy.add(resource);
            }
        });
    } else if (policyTO instanceof PullPolicyTO) {
        if (result == null) {
            result = (T) entityFactory.newEntity(PullPolicy.class);
        }
        PullPolicy pullPolicy = PullPolicy.class.cast(result);
        PullPolicyTO pullPolicyTO = PullPolicyTO.class.cast(policyTO);
        pullPolicy.setConflictResolutionAction(pullPolicyTO.getConflictResolutionAction());
        pullPolicyTO.getCorrelationRules().forEach((type, impl) -> {
            AnyType anyType = anyTypeDAO.find(type);
            if (anyType == null) {
                LOG.debug("Invalid AnyType {} specified, ignoring...", type);
            } else {
                CorrelationRule correlationRule = pullPolicy.getCorrelationRule(anyType).orElse(null);
                if (correlationRule == null) {
                    correlationRule = entityFactory.newEntity(CorrelationRule.class);
                    correlationRule.setAnyType(anyType);
                    correlationRule.setPullPolicy(pullPolicy);
                    pullPolicy.add(correlationRule);
                }
                Implementation rule = implementationDAO.find(impl);
                if (rule == null) {
                    throw new NotFoundException("Implementation " + type);
                }
                correlationRule.setImplementation(rule);
            }
        });
        // remove all rules not contained in the TO
        pullPolicy.getCorrelationRules().removeIf(anyFilter -> !pullPolicyTO.getCorrelationRules().containsKey(anyFilter.getAnyType().getKey()));
    }
    if (result != null) {
        result.setDescription(policyTO.getDescription());
    }
    return result;
}
Also used : PullPolicy(org.apache.syncope.core.persistence.api.entity.policy.PullPolicy) Realm(org.apache.syncope.core.persistence.api.entity.Realm) LoggerFactory(org.slf4j.LoggerFactory) AnyType(org.apache.syncope.core.persistence.api.entity.AnyType) Autowired(org.springframework.beans.factory.annotation.Autowired) Entity(org.apache.syncope.core.persistence.api.entity.Entity) PolicyDataBinder(org.apache.syncope.core.provisioning.api.data.PolicyDataBinder) PasswordPolicy(org.apache.syncope.core.persistence.api.entity.policy.PasswordPolicy) RealmDAO(org.apache.syncope.core.persistence.api.dao.RealmDAO) ImplementationDAO(org.apache.syncope.core.persistence.api.dao.ImplementationDAO) PolicyTO(org.apache.syncope.common.lib.policy.PolicyTO) PasswordPolicyTO(org.apache.syncope.common.lib.policy.PasswordPolicyTO) Logger(org.slf4j.Logger) Policy(org.apache.syncope.core.persistence.api.entity.policy.Policy) Implementation(org.apache.syncope.core.persistence.api.entity.Implementation) Collectors(java.util.stream.Collectors) AnyTypeDAO(org.apache.syncope.core.persistence.api.dao.AnyTypeDAO) NotFoundException(org.apache.syncope.core.persistence.api.dao.NotFoundException) EntityFactory(org.apache.syncope.core.persistence.api.entity.EntityFactory) ExternalResource(org.apache.syncope.core.persistence.api.entity.resource.ExternalResource) AccountPolicy(org.apache.syncope.core.persistence.api.entity.policy.AccountPolicy) Component(org.springframework.stereotype.Component) CorrelationRule(org.apache.syncope.core.persistence.api.entity.policy.CorrelationRule) AccountPolicyTO(org.apache.syncope.common.lib.policy.AccountPolicyTO) PullPolicyTO(org.apache.syncope.common.lib.policy.PullPolicyTO) ExternalResourceDAO(org.apache.syncope.core.persistence.api.dao.ExternalResourceDAO) PullPolicyTO(org.apache.syncope.common.lib.policy.PullPolicyTO) NotFoundException(org.apache.syncope.core.persistence.api.dao.NotFoundException) AccountPolicyTO(org.apache.syncope.common.lib.policy.AccountPolicyTO) ExternalResource(org.apache.syncope.core.persistence.api.entity.resource.ExternalResource) Implementation(org.apache.syncope.core.persistence.api.entity.Implementation) AccountPolicy(org.apache.syncope.core.persistence.api.entity.policy.AccountPolicy) PasswordPolicy(org.apache.syncope.core.persistence.api.entity.policy.PasswordPolicy) PullPolicy(org.apache.syncope.core.persistence.api.entity.policy.PullPolicy) CorrelationRule(org.apache.syncope.core.persistence.api.entity.policy.CorrelationRule) AnyType(org.apache.syncope.core.persistence.api.entity.AnyType) PasswordPolicyTO(org.apache.syncope.common.lib.policy.PasswordPolicyTO)

Example 5 with Implementation

use of org.apache.syncope.core.persistence.api.entity.Implementation in project syncope by apache.

the class ReportDataBinderImpl method getReport.

@Override
public void getReport(final Report report, final ReportTO reportTO) {
    BeanUtils.copyProperties(reportTO, report, IGNORE_REPORT_PROPERTIES);
    ReportTemplate template = reportTemplateDAO.find(reportTO.getTemplate());
    if (template == null) {
        SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.RequiredValuesMissing);
        sce.getElements().add("template");
        throw sce;
    }
    report.setTemplate(template);
    reportTO.getReportlets().forEach(reportletKey -> {
        Implementation reportlet = implementationDAO.find(reportletKey);
        if (reportlet == null) {
            LOG.debug("Invalid " + Implementation.class.getSimpleName() + " {}, ignoring...", reportletKey);
        } else {
            report.add(reportlet);
        }
    });
    // remove all implementations not contained in the TO
    report.getReportlets().removeIf(reportlet -> !reportTO.getReportlets().contains(reportlet.getKey()));
}
Also used : ReportTemplate(org.apache.syncope.core.persistence.api.entity.ReportTemplate) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) Implementation(org.apache.syncope.core.persistence.api.entity.Implementation)

Aggregations

Implementation (org.apache.syncope.core.persistence.api.entity.Implementation)28 SyncopeClientException (org.apache.syncope.common.lib.SyncopeClientException)12 NotFoundException (org.apache.syncope.core.persistence.api.dao.NotFoundException)8 ExternalResource (org.apache.syncope.core.persistence.api.entity.resource.ExternalResource)8 PasswordPolicy (org.apache.syncope.core.persistence.api.entity.policy.PasswordPolicy)7 ImplementationDAO (org.apache.syncope.core.persistence.api.dao.ImplementationDAO)6 AbstractTest (org.apache.syncope.core.persistence.jpa.AbstractTest)6 Test (org.junit.jupiter.api.Test)6 AnyType (org.apache.syncope.core.persistence.api.entity.AnyType)5 Date (java.util.Date)4 AnyTypeDAO (org.apache.syncope.core.persistence.api.dao.AnyTypeDAO)4 EntityFactory (org.apache.syncope.core.persistence.api.entity.EntityFactory)4 AccountPolicy (org.apache.syncope.core.persistence.api.entity.policy.AccountPolicy)4 PullPolicy (org.apache.syncope.core.persistence.api.entity.policy.PullPolicy)4 PullTask (org.apache.syncope.core.persistence.api.entity.task.PullTask)4 SchedTask (org.apache.syncope.core.persistence.api.entity.task.SchedTask)4 Logger (org.slf4j.Logger)4 LoggerFactory (org.slf4j.LoggerFactory)4 Autowired (org.springframework.beans.factory.annotation.Autowired)4 PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)4