Example 1 with SAML2IdPItem
use of org.apache.syncope.core.persistence.api.entity.SAML2IdPItem in project syncope by apache.
the class SAML2IdPDataBinderImpl method populateItems.
private void populateItems(final SAML2IdPTO idpTO, final SAML2IdP idp, final AnyTypeClassTO allowedSchemas) {
SyncopeClientCompositeException scce = SyncopeClientException.buildComposite();
SyncopeClientException invalidMapping = SyncopeClientException.build(ClientExceptionType.InvalidMapping);
SyncopeClientException requiredValuesMissing = SyncopeClientException.build(ClientExceptionType.RequiredValuesMissing);
for (ItemTO itemTO : idpTO.getItems()) {
if (itemTO == null) {
LOG.error("Null {}", ItemTO.class.getSimpleName());
invalidMapping.getElements().add("Null " + ItemTO.class.getSimpleName());
} else if (itemTO.getIntAttrName() == null) {
requiredValuesMissing.getElements().add("intAttrName");
scce.addException(requiredValuesMissing);
} else {
IntAttrName intAttrName = null;
try {
intAttrName = intAttrNameParser.parse(itemTO.getIntAttrName(), AnyTypeKind.USER);
} catch (ParseException e) {
LOG.error("Invalid intAttrName '{}' specified, ignoring", itemTO.getIntAttrName(), e);
}
if (intAttrName == null || intAttrName.getSchemaType() == null && intAttrName.getField() == null) {
LOG.error("'{}' not existing", itemTO.getIntAttrName());
invalidMapping.getElements().add("'" + itemTO.getIntAttrName() + "' not existing");
} else {
boolean allowed = true;
if (intAttrName.getSchemaType() != null && intAttrName.getEnclosingGroup() == null && intAttrName.getRelatedAnyObject() == null) {
switch(intAttrName.getSchemaType()) {
case PLAIN:
allowed = allowedSchemas.getPlainSchemas().contains(intAttrName.getSchemaName());
break;
case DERIVED:
allowed = allowedSchemas.getDerSchemas().contains(intAttrName.getSchemaName());
break;
case VIRTUAL:
allowed = allowedSchemas.getVirSchemas().contains(intAttrName.getSchemaName());
break;
default:
}
}
if (allowed) {
// no mandatory condition implies mandatory condition false
if (!JexlUtils.isExpressionValid(itemTO.getMandatoryCondition() == null ? "false" : itemTO.getMandatoryCondition())) {
SyncopeClientException invalidMandatoryCondition = SyncopeClientException.build(ClientExceptionType.InvalidValues);
invalidMandatoryCondition.getElements().add(itemTO.getMandatoryCondition());
scce.addException(invalidMandatoryCondition);
}
SAML2IdPItem item = entityFactory.newEntity(SAML2IdPItem.class);
BeanUtils.copyProperties(itemTO, item, ITEM_IGNORE_PROPERTIES);
item.setIdP(idp);
item.setPurpose(MappingPurpose.NONE);
if (item.isConnObjectKey()) {
if (intAttrName.getSchemaType() == SchemaType.VIRTUAL) {
invalidMapping.getElements().add("Virtual attributes cannot be set as ConnObjectKey");
}
if ("password".equals(intAttrName.getField())) {
invalidMapping.getElements().add("Password attributes cannot be set as ConnObjectKey");
}
idp.setConnObjectKeyItem(item);
} else {
idp.add(item);
}
} else {
LOG.error("'{}' not allowed", itemTO.getIntAttrName());
invalidMapping.getElements().add("'" + itemTO.getIntAttrName() + "' not allowed");
}
}
}
}
if (!invalidMapping.getElements().isEmpty()) {
scce.addException(invalidMapping);
}
if (scce.hasExceptions()) {
throw scce;
}
}
Also used :
SAML2IdPItem(org.apache.syncope.core.persistence.api.entity.SAML2IdPItem)
SyncopeClientCompositeException(org.apache.syncope.common.lib.SyncopeClientCompositeException)
SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException)
ParseException(java.text.ParseException)
ItemTO(org.apache.syncope.common.lib.to.ItemTO)
IntAttrName(org.apache.syncope.core.provisioning.api.IntAttrName)
Aggregations
ParseException (java.text.ParseException)1
SyncopeClientCompositeException (org.apache.syncope.common.lib.SyncopeClientCompositeException)1
SyncopeClientException (org.apache.syncope.common.lib.SyncopeClientException)1
ItemTO (org.apache.syncope.common.lib.to.ItemTO)1
SAML2IdPItem (org.apache.syncope.core.persistence.api.entity.SAML2IdPItem)1
IntAttrName (org.apache.syncope.core.provisioning.api.IntAttrName)1
