use of org.apache.syncope.core.persistence.api.entity.Implementation in project syncope by apache.
the class JPAImplementationDAO method save.
@Override
public Implementation save(final Implementation implementation) {
Implementation merged = entityManager().merge(implementation);
ImplementationManager.purge(merged.getKey());
return merged;
}
use of org.apache.syncope.core.persistence.api.entity.Implementation in project syncope by apache.
the class JPAUserDAO method enforcePolicies.
@Transactional(readOnly = true)
@Override
public Pair<Boolean, Boolean> enforcePolicies(final User user) {
// ------------------------------
// Verify password policies
// ------------------------------
LOG.debug("Password Policy enforcement");
try {
int maxPPSpecHistory = 0;
for (PasswordPolicy policy : getPasswordPolicies(user)) {
if (user.getPassword() == null && !policy.isAllowNullPassword()) {
throw new PasswordPolicyException("Password mandatory");
}
for (Implementation impl : policy.getRules()) {
Optional<PasswordRule> rule = ImplementationManager.buildPasswordRule(impl);
if (rule.isPresent()) {
rule.get().enforce(user);
}
}
if (user.verifyPasswordHistory(user.getClearPassword(), policy.getHistoryLength())) {
throw new PasswordPolicyException("Password value was used in the past: not allowed");
}
if (policy.getHistoryLength() > maxPPSpecHistory) {
maxPPSpecHistory = policy.getHistoryLength();
}
}
// update user's password history with encrypted password
if (maxPPSpecHistory > 0 && user.getPassword() != null && !user.getPasswordHistory().contains(user.getPassword())) {
user.getPasswordHistory().add(user.getPassword());
}
// keep only the last maxPPSpecHistory items in user's password history
if (maxPPSpecHistory < user.getPasswordHistory().size()) {
for (int i = 0; i < user.getPasswordHistory().size() - maxPPSpecHistory; i++) {
user.getPasswordHistory().remove(i);
}
}
} catch (Exception e) {
LOG.error("Invalid password for {}", user, e);
throw new InvalidEntityException(User.class, EntityViolationType.InvalidPassword, e.getMessage());
} finally {
// password has been validated, let's remove its clear version
user.removeClearPassword();
}
// ------------------------------
// Verify account policies
// ------------------------------
LOG.debug("Account Policy enforcement");
boolean suspend = false;
boolean propagateSuspension = false;
try {
if (user.getUsername() == null) {
throw new AccountPolicyException("Null username");
}
if (adminUser.equals(user.getUsername()) || anonymousUser.equals(user.getUsername())) {
throw new AccountPolicyException("Not allowed: " + user.getUsername());
}
if (!USERNAME_PATTERN.matcher(user.getUsername()).matches()) {
throw new AccountPolicyException("Character(s) not allowed");
}
for (AccountPolicy policy : getAccountPolicies(user)) {
for (Implementation impl : policy.getRules()) {
Optional<AccountRule> rule = ImplementationManager.buildAccountRule(impl);
if (rule.isPresent()) {
rule.get().enforce(user);
}
}
suspend |= user.getFailedLogins() != null && policy.getMaxAuthenticationAttempts() > 0 && user.getFailedLogins() > policy.getMaxAuthenticationAttempts() && !user.isSuspended();
propagateSuspension |= policy.isPropagateSuspension();
}
} catch (Exception e) {
LOG.error("Invalid username for {}", user, e);
throw new InvalidEntityException(User.class, EntityViolationType.InvalidUsername, e.getMessage());
}
return ImmutablePair.of(suspend, propagateSuspension);
}
use of org.apache.syncope.core.persistence.api.entity.Implementation in project syncope by apache.
the class SchemaDataBinderImpl method fill.
// --------------- PLAIN -----------------
private PlainSchema fill(final PlainSchema schema, final PlainSchemaTO schemaTO) {
if (!JexlUtils.isExpressionValid(schemaTO.getMandatoryCondition())) {
SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidValues);
sce.getElements().add(schemaTO.getMandatoryCondition());
throw sce;
}
BeanUtils.copyProperties(schemaTO, schema, IGNORE_PROPERTIES);
if (schemaTO.getValidator() == null) {
schema.setValidator(null);
} else {
Implementation validator = implementationDAO.find(schemaTO.getValidator());
if (validator == null) {
LOG.debug("Invalid " + Implementation.class.getSimpleName() + " {}, ignoring...", schemaTO.getValidator());
} else {
schema.setValidator(validator);
}
}
PlainSchema merged = plainSchemaDAO.save(schema);
if (schemaTO.getAnyTypeClass() != null && (merged.getAnyTypeClass() == null || !schemaTO.getAnyTypeClass().equals(merged.getAnyTypeClass().getKey()))) {
AnyTypeClass anyTypeClass = anyTypeClassDAO.find(schemaTO.getAnyTypeClass());
if (anyTypeClass == null) {
LOG.debug("Invalid " + AnyTypeClass.class.getSimpleName() + "{}, ignoring...", schemaTO.getAnyTypeClass());
} else {
anyTypeClass.add(merged);
merged.setAnyTypeClass(anyTypeClass);
}
} else if (schemaTO.getAnyTypeClass() == null && merged.getAnyTypeClass() != null) {
merged.getAnyTypeClass().getPlainSchemas().remove(merged);
merged.setAnyTypeClass(null);
}
return merged;
}
use of org.apache.syncope.core.persistence.api.entity.Implementation in project syncope by apache.
the class PolicyDataBinderImpl method getPolicy.
@SuppressWarnings("unchecked")
private <T extends Policy> T getPolicy(final T policy, final PolicyTO policyTO) {
T result = policy;
if (policyTO instanceof PasswordPolicyTO) {
if (result == null) {
result = (T) entityFactory.newEntity(PasswordPolicy.class);
}
PasswordPolicy passwordPolicy = PasswordPolicy.class.cast(result);
PasswordPolicyTO passwordPolicyTO = PasswordPolicyTO.class.cast(policyTO);
passwordPolicy.setAllowNullPassword(passwordPolicyTO.isAllowNullPassword());
passwordPolicy.setHistoryLength(passwordPolicyTO.getHistoryLength());
passwordPolicyTO.getRules().forEach(ruleKey -> {
Implementation rule = implementationDAO.find(ruleKey);
if (rule == null) {
LOG.debug("Invalid " + Implementation.class.getSimpleName() + " {}, ignoring...", ruleKey);
} else {
passwordPolicy.add(rule);
}
});
// remove all implementations not contained in the TO
passwordPolicy.getRules().removeIf(implementation -> !passwordPolicyTO.getRules().contains(implementation.getKey()));
} else if (policyTO instanceof AccountPolicyTO) {
if (result == null) {
result = (T) entityFactory.newEntity(AccountPolicy.class);
}
AccountPolicy accountPolicy = AccountPolicy.class.cast(result);
AccountPolicyTO accountPolicyTO = AccountPolicyTO.class.cast(policyTO);
accountPolicy.setMaxAuthenticationAttempts(accountPolicyTO.getMaxAuthenticationAttempts());
accountPolicy.setPropagateSuspension(accountPolicyTO.isPropagateSuspension());
accountPolicyTO.getRules().forEach(ruleKey -> {
Implementation rule = implementationDAO.find(ruleKey);
if (rule == null) {
LOG.debug("Invalid " + Implementation.class.getSimpleName() + " {}, ignoring...", ruleKey);
} else {
accountPolicy.add(rule);
}
});
// remove all implementations not contained in the TO
accountPolicy.getRules().removeIf(implementation -> !accountPolicyTO.getRules().contains(implementation.getKey()));
accountPolicy.getResources().clear();
accountPolicyTO.getPassthroughResources().forEach(resourceName -> {
ExternalResource resource = resourceDAO.find(resourceName);
if (resource == null) {
LOG.debug("Ignoring invalid resource {} ", resourceName);
} else {
accountPolicy.add(resource);
}
});
} else if (policyTO instanceof PullPolicyTO) {
if (result == null) {
result = (T) entityFactory.newEntity(PullPolicy.class);
}
PullPolicy pullPolicy = PullPolicy.class.cast(result);
PullPolicyTO pullPolicyTO = PullPolicyTO.class.cast(policyTO);
pullPolicy.setConflictResolutionAction(pullPolicyTO.getConflictResolutionAction());
pullPolicyTO.getCorrelationRules().forEach((type, impl) -> {
AnyType anyType = anyTypeDAO.find(type);
if (anyType == null) {
LOG.debug("Invalid AnyType {} specified, ignoring...", type);
} else {
CorrelationRule correlationRule = pullPolicy.getCorrelationRule(anyType).orElse(null);
if (correlationRule == null) {
correlationRule = entityFactory.newEntity(CorrelationRule.class);
correlationRule.setAnyType(anyType);
correlationRule.setPullPolicy(pullPolicy);
pullPolicy.add(correlationRule);
}
Implementation rule = implementationDAO.find(impl);
if (rule == null) {
throw new NotFoundException("Implementation " + type);
}
correlationRule.setImplementation(rule);
}
});
// remove all rules not contained in the TO
pullPolicy.getCorrelationRules().removeIf(anyFilter -> !pullPolicyTO.getCorrelationRules().containsKey(anyFilter.getAnyType().getKey()));
}
if (result != null) {
result.setDescription(policyTO.getDescription());
}
return result;
}
use of org.apache.syncope.core.persistence.api.entity.Implementation in project syncope by apache.
the class ReportDataBinderImpl method getReport.
@Override
public void getReport(final Report report, final ReportTO reportTO) {
BeanUtils.copyProperties(reportTO, report, IGNORE_REPORT_PROPERTIES);
ReportTemplate template = reportTemplateDAO.find(reportTO.getTemplate());
if (template == null) {
SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.RequiredValuesMissing);
sce.getElements().add("template");
throw sce;
}
report.setTemplate(template);
reportTO.getReportlets().forEach(reportletKey -> {
Implementation reportlet = implementationDAO.find(reportletKey);
if (reportlet == null) {
LOG.debug("Invalid " + Implementation.class.getSimpleName() + " {}, ignoring...", reportletKey);
} else {
report.add(reportlet);
}
});
// remove all implementations not contained in the TO
report.getReportlets().removeIf(reportlet -> !reportTO.getReportlets().contains(reportlet.getKey()));
}
Aggregations