Search in sources :

Example 6 with AccountPolicy

use of org.apache.syncope.core.persistence.api.entity.policy.AccountPolicy in project syncope by apache.

the class PolicyDataBinderImpl method getPolicyTO.

@SuppressWarnings("unchecked")
@Override
public <T extends PolicyTO> T getPolicyTO(final Policy policy) {
    T policyTO = null;
    if (policy instanceof PasswordPolicy) {
        PasswordPolicy passwordPolicy = PasswordPolicy.class.cast(policy);
        PasswordPolicyTO passwordPolicyTO = new PasswordPolicyTO();
        policyTO = (T) passwordPolicyTO;
        passwordPolicyTO.setAllowNullPassword(passwordPolicy.isAllowNullPassword());
        passwordPolicyTO.setHistoryLength(passwordPolicy.getHistoryLength());
        passwordPolicyTO.getRules().addAll(passwordPolicy.getRules().stream().map(Entity::getKey).collect(Collectors.toList()));
    } else if (policy instanceof AccountPolicy) {
        AccountPolicy accountPolicy = AccountPolicy.class.cast(policy);
        AccountPolicyTO accountPolicyTO = new AccountPolicyTO();
        policyTO = (T) accountPolicyTO;
        accountPolicyTO.setMaxAuthenticationAttempts(accountPolicy.getMaxAuthenticationAttempts());
        accountPolicyTO.setPropagateSuspension(accountPolicy.isPropagateSuspension());
        accountPolicyTO.getRules().addAll(accountPolicy.getRules().stream().map(Entity::getKey).collect(Collectors.toList()));
        accountPolicyTO.getPassthroughResources().addAll(accountPolicy.getResources().stream().map(Entity::getKey).collect(Collectors.toList()));
    } else if (policy instanceof PullPolicy) {
        PullPolicy pullPolicy = PullPolicy.class.cast(policy);
        PullPolicyTO pullPolicyTO = new PullPolicyTO();
        policyTO = (T) pullPolicyTO;
        pullPolicyTO.setConflictResolutionAction(((PullPolicy) policy).getConflictResolutionAction());
        pullPolicy.getCorrelationRules().forEach(rule -> {
            pullPolicyTO.getCorrelationRules().put(rule.getAnyType().getKey(), rule.getImplementation().getKey());
        });
    }
    if (policyTO != null) {
        policyTO.setKey(policy.getKey());
        policyTO.setDescription(policy.getDescription());
        for (ExternalResource resource : resourceDAO.findByPolicy(policy)) {
            policyTO.getUsedByResources().add(resource.getKey());
        }
        for (Realm realm : realmDAO.findByPolicy(policy)) {
            policyTO.getUsedByRealms().add(realm.getFullPath());
        }
    }
    return policyTO;
}
Also used : Entity(org.apache.syncope.core.persistence.api.entity.Entity) AccountPolicy(org.apache.syncope.core.persistence.api.entity.policy.AccountPolicy) PullPolicyTO(org.apache.syncope.common.lib.policy.PullPolicyTO) PasswordPolicy(org.apache.syncope.core.persistence.api.entity.policy.PasswordPolicy) PullPolicy(org.apache.syncope.core.persistence.api.entity.policy.PullPolicy) AccountPolicyTO(org.apache.syncope.common.lib.policy.AccountPolicyTO) ExternalResource(org.apache.syncope.core.persistence.api.entity.resource.ExternalResource) Realm(org.apache.syncope.core.persistence.api.entity.Realm) PasswordPolicyTO(org.apache.syncope.common.lib.policy.PasswordPolicyTO)

Example 7 with AccountPolicy

use of org.apache.syncope.core.persistence.api.entity.policy.AccountPolicy in project syncope by apache.

the class ResourceDataBinderImpl method update.

@Override
public ExternalResource update(final ExternalResource resource, final ResourceTO resourceTO) {
    if (resource.getKey() != null) {
        ResourceTO current = getResourceTO(resource);
        if (!current.equals(resourceTO)) {
            // 1. save the current configuration, before update
            ExternalResourceHistoryConf resourceHistoryConf = entityFactory.newEntity(ExternalResourceHistoryConf.class);
            resourceHistoryConf.setCreator(AuthContextUtils.getUsername());
            resourceHistoryConf.setCreation(new Date());
            resourceHistoryConf.setEntity(resource);
            resourceHistoryConf.setConf(current);
            resourceHistoryConfDAO.save(resourceHistoryConf);
            // 2. ensure the maximum history size is not exceeded
            List<ExternalResourceHistoryConf> history = resourceHistoryConfDAO.findByEntity(resource);
            long maxHistorySize = confDAO.find("resource.conf.history.size", 10L);
            if (maxHistorySize < history.size()) {
                // always remove the last item since history was obtained  by a query with ORDER BY creation DESC
                for (int i = 0; i < history.size() - maxHistorySize; i++) {
                    resourceHistoryConfDAO.delete(history.get(history.size() - 1).getKey());
                }
            }
        }
    }
    resource.setKey(resourceTO.getKey());
    if (resourceTO.getConnector() != null) {
        ConnInstance connector = connInstanceDAO.find(resourceTO.getConnector());
        resource.setConnector(connector);
        if (!connector.getResources().contains(resource)) {
            connector.add(resource);
        }
    }
    resource.setEnforceMandatoryCondition(resourceTO.isEnforceMandatoryCondition());
    resource.setPropagationPriority(resourceTO.getPropagationPriority());
    resource.setRandomPwdIfNotProvided(resourceTO.isRandomPwdIfNotProvided());
    // 1. add or update all (valid) provisions from TO
    resourceTO.getProvisions().forEach(provisionTO -> {
        AnyType anyType = anyTypeDAO.find(provisionTO.getAnyType());
        if (anyType == null) {
            LOG.debug("Invalid {} specified {}, ignoring...", AnyType.class.getSimpleName(), provisionTO.getAnyType());
        } else {
            Provision provision = resource.getProvision(anyType).orElse(null);
            if (provision == null) {
                provision = entityFactory.newEntity(Provision.class);
                provision.setResource(resource);
                resource.add(provision);
                provision.setAnyType(anyType);
            }
            if (provisionTO.getObjectClass() == null) {
                SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidProvision);
                sce.getElements().add("Null " + ObjectClass.class.getSimpleName());
                throw sce;
            }
            provision.setObjectClass(new ObjectClass(provisionTO.getObjectClass()));
            // add all classes contained in the TO
            for (String name : provisionTO.getAuxClasses()) {
                AnyTypeClass anyTypeClass = anyTypeClassDAO.find(name);
                if (anyTypeClass == null) {
                    LOG.warn("Ignoring invalid {}: {}", AnyTypeClass.class.getSimpleName(), name);
                } else {
                    provision.add(anyTypeClass);
                }
            }
            // remove all classes not contained in the TO
            provision.getAuxClasses().removeIf(anyTypeClass -> !provisionTO.getAuxClasses().contains(anyTypeClass.getKey()));
            if (provisionTO.getMapping() == null) {
                provision.setMapping(null);
            } else {
                Mapping mapping = provision.getMapping();
                if (mapping == null) {
                    mapping = entityFactory.newEntity(Mapping.class);
                    mapping.setProvision(provision);
                    provision.setMapping(mapping);
                } else {
                    mapping.getItems().clear();
                }
                AnyTypeClassTO allowedSchemas = new AnyTypeClassTO();
                for (Iterator<AnyTypeClass> itor = new IteratorChain<>(provision.getAnyType().getClasses().iterator(), provision.getAuxClasses().iterator()); itor.hasNext(); ) {
                    AnyTypeClass anyTypeClass = itor.next();
                    allowedSchemas.getPlainSchemas().addAll(anyTypeClass.getPlainSchemas().stream().map(s -> s.getKey()).collect(Collectors.toList()));
                    allowedSchemas.getDerSchemas().addAll(anyTypeClass.getDerSchemas().stream().map(s -> s.getKey()).collect(Collectors.toList()));
                    allowedSchemas.getVirSchemas().addAll(anyTypeClass.getVirSchemas().stream().map(s -> s.getKey()).collect(Collectors.toList()));
                }
                populateMapping(provisionTO.getMapping(), mapping, allowedSchemas);
            }
            if (provisionTO.getVirSchemas().isEmpty()) {
                for (VirSchema schema : virSchemaDAO.findByProvision(provision)) {
                    virSchemaDAO.delete(schema.getKey());
                }
            } else {
                for (String schemaName : provisionTO.getVirSchemas()) {
                    VirSchema schema = virSchemaDAO.find(schemaName);
                    if (schema == null) {
                        LOG.debug("Invalid {} specified: {}, ignoring...", VirSchema.class.getSimpleName(), schemaName);
                    } else {
                        schema.setProvision(provision);
                    }
                }
            }
        }
    });
    // 2. remove all provisions not contained in the TO
    for (Iterator<? extends Provision> itor = resource.getProvisions().iterator(); itor.hasNext(); ) {
        Provision provision = itor.next();
        if (resourceTO.getProvision(provision.getAnyType().getKey()) == null) {
            virSchemaDAO.findByProvision(provision).forEach(schema -> {
                virSchemaDAO.delete(schema.getKey());
            });
            itor.remove();
        }
    }
    // 3. orgUnit
    if (resourceTO.getOrgUnit() == null && resource.getOrgUnit() != null) {
        resource.getOrgUnit().setResource(null);
        resource.setOrgUnit(null);
    } else if (resourceTO.getOrgUnit() != null) {
        OrgUnitTO orgUnitTO = resourceTO.getOrgUnit();
        OrgUnit orgUnit = resource.getOrgUnit();
        if (orgUnit == null) {
            orgUnit = entityFactory.newEntity(OrgUnit.class);
            orgUnit.setResource(resource);
            resource.setOrgUnit(orgUnit);
        }
        if (orgUnitTO.getObjectClass() == null) {
            SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidOrgUnit);
            sce.getElements().add("Null " + ObjectClass.class.getSimpleName());
            throw sce;
        }
        orgUnit.setObjectClass(new ObjectClass(orgUnitTO.getObjectClass()));
        if (orgUnitTO.getConnObjectLink() == null) {
            SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidOrgUnit);
            sce.getElements().add("Null connObjectLink");
            throw sce;
        }
        orgUnit.setConnObjectLink(orgUnitTO.getConnObjectLink());
        SyncopeClientCompositeException scce = SyncopeClientException.buildComposite();
        SyncopeClientException invalidMapping = SyncopeClientException.build(ClientExceptionType.InvalidMapping);
        SyncopeClientException requiredValuesMissing = SyncopeClientException.build(ClientExceptionType.RequiredValuesMissing);
        orgUnit.getItems().clear();
        for (ItemTO itemTO : orgUnitTO.getItems()) {
            if (itemTO == null) {
                LOG.error("Null {}", ItemTO.class.getSimpleName());
                invalidMapping.getElements().add("Null " + ItemTO.class.getSimpleName());
            } else if (itemTO.getIntAttrName() == null) {
                requiredValuesMissing.getElements().add("intAttrName");
                scce.addException(requiredValuesMissing);
            } else {
                if (!"name".equals(itemTO.getIntAttrName()) && !"fullpath".equals(itemTO.getIntAttrName())) {
                    LOG.error("Only 'name' and 'fullpath' are supported for Realms");
                    invalidMapping.getElements().add("Only 'name' and 'fullpath' are supported for Realms");
                } else {
                    // no mandatory condition implies mandatory condition false
                    if (!JexlUtils.isExpressionValid(itemTO.getMandatoryCondition() == null ? "false" : itemTO.getMandatoryCondition())) {
                        SyncopeClientException invalidMandatoryCondition = SyncopeClientException.build(ClientExceptionType.InvalidValues);
                        invalidMandatoryCondition.getElements().add(itemTO.getMandatoryCondition());
                        scce.addException(invalidMandatoryCondition);
                    }
                    OrgUnitItem item = entityFactory.newEntity(OrgUnitItem.class);
                    BeanUtils.copyProperties(itemTO, item, ITEM_IGNORE_PROPERTIES);
                    item.setOrgUnit(orgUnit);
                    if (item.isConnObjectKey()) {
                        orgUnit.setConnObjectKeyItem(item);
                    } else {
                        orgUnit.add(item);
                    }
                    itemTO.getTransformers().forEach(transformerKey -> {
                        Implementation transformer = implementationDAO.find(transformerKey);
                        if (transformer == null) {
                            LOG.debug("Invalid " + Implementation.class.getSimpleName() + " {}, ignoring...", transformerKey);
                        } else {
                            item.add(transformer);
                        }
                    });
                    // remove all implementations not contained in the TO
                    item.getTransformers().removeIf(implementation -> !itemTO.getTransformers().contains(implementation.getKey()));
                }
            }
        }
        if (!invalidMapping.getElements().isEmpty()) {
            scce.addException(invalidMapping);
        }
        if (scce.hasExceptions()) {
            throw scce;
        }
    }
    resource.setCreateTraceLevel(resourceTO.getCreateTraceLevel());
    resource.setUpdateTraceLevel(resourceTO.getUpdateTraceLevel());
    resource.setDeleteTraceLevel(resourceTO.getDeleteTraceLevel());
    resource.setProvisioningTraceLevel(resourceTO.getProvisioningTraceLevel());
    resource.setPasswordPolicy(resourceTO.getPasswordPolicy() == null ? null : (PasswordPolicy) policyDAO.find(resourceTO.getPasswordPolicy()));
    resource.setAccountPolicy(resourceTO.getAccountPolicy() == null ? null : (AccountPolicy) policyDAO.find(resourceTO.getAccountPolicy()));
    resource.setPullPolicy(resourceTO.getPullPolicy() == null ? null : (PullPolicy) policyDAO.find(resourceTO.getPullPolicy()));
    resource.setConfOverride(new HashSet<>(resourceTO.getConfOverride()));
    resource.setOverrideCapabilities(resourceTO.isOverrideCapabilities());
    resource.getCapabilitiesOverride().clear();
    resource.getCapabilitiesOverride().addAll(resourceTO.getCapabilitiesOverride());
    resourceTO.getPropagationActions().forEach(propagationActionKey -> {
        Implementation propagationAction = implementationDAO.find(propagationActionKey);
        if (propagationAction == null) {
            LOG.debug("Invalid " + Implementation.class.getSimpleName() + " {}, ignoring...", propagationActionKey);
        } else {
            resource.add(propagationAction);
        }
    });
    // remove all implementations not contained in the TO
    resource.getPropagationActions().removeIf(implementation -> !resourceTO.getPropagationActions().contains(implementation.getKey()));
    return resource;
}
Also used : OrgUnit(org.apache.syncope.core.persistence.api.entity.resource.OrgUnit) Mapping(org.apache.syncope.core.persistence.api.entity.resource.Mapping) ItemTO(org.apache.syncope.common.lib.to.ItemTO) ConnInstance(org.apache.syncope.core.persistence.api.entity.ConnInstance) Implementation(org.apache.syncope.core.persistence.api.entity.Implementation) PasswordPolicy(org.apache.syncope.core.persistence.api.entity.policy.PasswordPolicy) AnyTypeClassTO(org.apache.syncope.common.lib.to.AnyTypeClassTO) PullPolicy(org.apache.syncope.core.persistence.api.entity.policy.PullPolicy) AnyType(org.apache.syncope.core.persistence.api.entity.AnyType) AnyTypeClass(org.apache.syncope.core.persistence.api.entity.AnyTypeClass) Provision(org.apache.syncope.core.persistence.api.entity.resource.Provision) SyncopeClientCompositeException(org.apache.syncope.common.lib.SyncopeClientCompositeException) ObjectClass(org.identityconnectors.framework.common.objects.ObjectClass) ExternalResourceHistoryConf(org.apache.syncope.core.persistence.api.entity.resource.ExternalResourceHistoryConf) VirSchema(org.apache.syncope.core.persistence.api.entity.VirSchema) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) OrgUnitItem(org.apache.syncope.core.persistence.api.entity.resource.OrgUnitItem) IteratorChain(org.apache.syncope.common.lib.collections.IteratorChain) Date(java.util.Date) AccountPolicy(org.apache.syncope.core.persistence.api.entity.policy.AccountPolicy) OrgUnitTO(org.apache.syncope.common.lib.to.OrgUnitTO) ResourceTO(org.apache.syncope.common.lib.to.ResourceTO)

Aggregations

AccountPolicy (org.apache.syncope.core.persistence.api.entity.policy.AccountPolicy)7 PasswordPolicy (org.apache.syncope.core.persistence.api.entity.policy.PasswordPolicy)7 Implementation (org.apache.syncope.core.persistence.api.entity.Implementation)5 Realm (org.apache.syncope.core.persistence.api.entity.Realm)4 ExternalResource (org.apache.syncope.core.persistence.api.entity.resource.ExternalResource)4 SyncopeClientException (org.apache.syncope.common.lib.SyncopeClientException)3 Policy (org.apache.syncope.core.persistence.api.entity.policy.Policy)3 PullPolicy (org.apache.syncope.core.persistence.api.entity.policy.PullPolicy)3 AccountPolicyTO (org.apache.syncope.common.lib.policy.AccountPolicyTO)2 PasswordPolicyTO (org.apache.syncope.common.lib.policy.PasswordPolicyTO)2 PullPolicyTO (org.apache.syncope.common.lib.policy.PullPolicyTO)2 AnyType (org.apache.syncope.core.persistence.api.entity.AnyType)2 Entity (org.apache.syncope.core.persistence.api.entity.Entity)2 ArrayList (java.util.ArrayList)1 Date (java.util.Date)1 Collectors (java.util.stream.Collectors)1 NoResultException (javax.persistence.NoResultException)1 SyncopeClientCompositeException (org.apache.syncope.common.lib.SyncopeClientCompositeException)1 IteratorChain (org.apache.syncope.common.lib.collections.IteratorChain)1 PolicyTO (org.apache.syncope.common.lib.policy.PolicyTO)1