Search in sources :

Example 21 with Provision

use of org.apache.syncope.core.persistence.api.entity.resource.Provision in project syncope by apache.

the class ConnObjectUtils method getAnyTO.

/**
 * Build a UserTO / GroupTO / AnyObjectTO out of connector object attributes and schema mapping.
 *
 * @param obj connector object
 * @param pullTask pull task
 * @param provision provision information
 * @param anyUtils utils
 * @param <T> any object
 * @return UserTO for the user to be created
 */
@Transactional(readOnly = true)
public <T extends AnyTO> T getAnyTO(final ConnectorObject obj, final PullTask pullTask, final Provision provision, final AnyUtils anyUtils) {
    T anyTO = getAnyTOFromConnObject(obj, pullTask, provision, anyUtils);
    // (for users) if password was not set above, generate if resource is configured for that
    if (anyTO instanceof UserTO && StringUtils.isBlank(((UserTO) anyTO).getPassword()) && provision.getResource().isRandomPwdIfNotProvided()) {
        UserTO userTO = (UserTO) anyTO;
        List<PasswordPolicy> passwordPolicies = new ArrayList<>();
        Realm realm = realmDAO.findByFullPath(userTO.getRealm());
        if (realm != null) {
            realmDAO.findAncestors(realm).stream().filter(ancestor -> ancestor.getPasswordPolicy() != null).forEach(ancestor -> {
                passwordPolicies.add(ancestor.getPasswordPolicy());
            });
        }
        userTO.getResources().stream().map(resource -> resourceDAO.find(resource)).filter(resource -> resource != null && resource.getPasswordPolicy() != null).forEach(resource -> {
            passwordPolicies.add(resource.getPasswordPolicy());
        });
        String password;
        try {
            password = passwordGenerator.generate(passwordPolicies);
        } catch (InvalidPasswordRuleConf e) {
            LOG.error("Could not generate policy-compliant random password for {}", userTO, e);
            password = SecureRandomUtils.generateRandomPassword(16);
        }
        userTO.setPassword(password);
    }
    return anyTO;
}
Also used : AttrTO(org.apache.syncope.common.lib.to.AttrTO) Realm(org.apache.syncope.core.persistence.api.entity.Realm) RealmTO(org.apache.syncope.common.lib.to.RealmTO) LoggerFactory(org.slf4j.LoggerFactory) AnyTO(org.apache.syncope.common.lib.to.AnyTO) Autowired(org.springframework.beans.factory.annotation.Autowired) ConnObjectTO(org.apache.syncope.common.lib.to.ConnObjectTO) PasswordGenerator(org.apache.syncope.core.spring.security.PasswordGenerator) InvalidPasswordRuleConf(org.apache.syncope.core.provisioning.api.utils.policy.InvalidPasswordRuleConf) StringUtils(org.apache.commons.lang3.StringUtils) ArrayList(java.util.ArrayList) PasswordPolicy(org.apache.syncope.core.persistence.api.entity.policy.PasswordPolicy) GuardedString(org.identityconnectors.common.security.GuardedString) Attribute(org.identityconnectors.framework.common.objects.Attribute) PullTask(org.apache.syncope.core.persistence.api.entity.task.PullTask) Base64(org.identityconnectors.common.Base64) MappingManager(org.apache.syncope.core.provisioning.api.MappingManager) SecurityUtil(org.identityconnectors.common.security.SecurityUtil) RealmDAO(org.apache.syncope.core.persistence.api.dao.RealmDAO) OrgUnit(org.apache.syncope.core.persistence.api.entity.resource.OrgUnit) AnyPatch(org.apache.syncope.common.lib.patch.AnyPatch) Encryptor(org.apache.syncope.core.spring.security.Encryptor) Logger(org.slf4j.Logger) UserDAO(org.apache.syncope.core.persistence.api.dao.UserDAO) GuardedByteArray(org.identityconnectors.common.security.GuardedByteArray) Set(java.util.Set) User(org.apache.syncope.core.persistence.api.entity.user.User) GroupTO(org.apache.syncope.common.lib.to.GroupTO) SecureRandomUtils(org.apache.syncope.core.spring.security.SecureRandomUtils) ConnectorObject(org.identityconnectors.framework.common.objects.ConnectorObject) List(java.util.List) Provision(org.apache.syncope.core.persistence.api.entity.resource.Provision) Component(org.springframework.stereotype.Component) UserTO(org.apache.syncope.common.lib.to.UserTO) AnyUtils(org.apache.syncope.core.persistence.api.entity.AnyUtils) ExternalResourceDAO(org.apache.syncope.core.persistence.api.dao.ExternalResourceDAO) AnyOperations(org.apache.syncope.common.lib.AnyOperations) AnyObjectTO(org.apache.syncope.common.lib.to.AnyObjectTO) Transactional(org.springframework.transaction.annotation.Transactional) InvalidPasswordRuleConf(org.apache.syncope.core.provisioning.api.utils.policy.InvalidPasswordRuleConf) UserTO(org.apache.syncope.common.lib.to.UserTO) PasswordPolicy(org.apache.syncope.core.persistence.api.entity.policy.PasswordPolicy) ArrayList(java.util.ArrayList) GuardedString(org.identityconnectors.common.security.GuardedString) Realm(org.apache.syncope.core.persistence.api.entity.Realm) Transactional(org.springframework.transaction.annotation.Transactional)

Example 22 with Provision

use of org.apache.syncope.core.persistence.api.entity.resource.Provision in project syncope by apache.

the class VirAttrHandlerImpl method getValues.

private Map<VirSchema, List<String>> getValues(final Any<?> any, final Set<VirSchema> schemas) {
    Set<ExternalResource> ownedResources = anyUtilsFactory.getInstance(any).getAllResources(any);
    Map<VirSchema, List<String>> result = new HashMap<>();
    Map<Provision, Set<VirSchema>> toRead = new HashMap<>();
    for (VirSchema schema : schemas) {
        if (ownedResources.contains(schema.getProvision().getResource())) {
            VirAttrCacheValue virAttrCacheValue = virAttrCache.get(any.getType().getKey(), any.getKey(), schema.getKey());
            if (virAttrCache.isValidEntry(virAttrCacheValue)) {
                LOG.debug("Values for {} found in cache: {}", schema, virAttrCacheValue);
                result.put(schema, virAttrCacheValue.getValues());
            } else {
                Set<VirSchema> schemasToRead = toRead.get(schema.getProvision());
                if (schemasToRead == null) {
                    schemasToRead = new HashSet<>();
                    toRead.put(schema.getProvision(), schemasToRead);
                }
                schemasToRead.add(schema);
            }
        } else {
            LOG.debug("Not considering {} since {} is not assigned to {}", schema, any, schema.getProvision().getResource());
        }
    }
    for (Map.Entry<Provision, Set<VirSchema>> entry : toRead.entrySet()) {
        LOG.debug("About to read from {}: {}", entry.getKey(), entry.getValue());
        Optional<MappingItem> connObjectKeyItem = MappingUtils.getConnObjectKeyItem(entry.getKey());
        String connObjectKeyValue = connObjectKeyItem.isPresent() ? mappingManager.getConnObjectKeyValue(any, entry.getKey()).orElse(null) : null;
        if (!connObjectKeyItem.isPresent() || connObjectKeyValue == null) {
            LOG.error("No ConnObjectKey or value found for {}, ignoring...", entry.getKey());
        } else {
            Set<MappingItem> linkingMappingItems = new HashSet<>();
            linkingMappingItems.add(connObjectKeyItem.get());
            linkingMappingItems.addAll(entry.getValue().stream().map(schema -> schema.asLinkingMappingItem()).collect(Collectors.toSet()));
            Connector connector = connFactory.getConnector(entry.getKey().getResource());
            try {
                ConnectorObject connectorObject = connector.getObject(entry.getKey().getObjectClass(), AttributeBuilder.build(connObjectKeyItem.get().getExtAttrName(), connObjectKeyValue), MappingUtils.buildOperationOptions(linkingMappingItems.iterator()));
                if (connectorObject == null) {
                    LOG.debug("No read from {} with filter '{} == {}'", entry.getKey(), connObjectKeyItem.get().getExtAttrName(), connObjectKeyValue);
                } else {
                    entry.getValue().forEach(schema -> {
                        Attribute attr = connectorObject.getAttributeByName(schema.getExtAttrName());
                        if (attr != null) {
                            VirAttrCacheValue virAttrCacheValue = new VirAttrCacheValue();
                            virAttrCacheValue.setValues(attr.getValue());
                            virAttrCache.put(any.getType().getKey(), any.getKey(), schema.getKey(), virAttrCacheValue);
                            LOG.debug("Values for {} set in cache: {}", schema, virAttrCacheValue);
                            result.put(schema, virAttrCacheValue.getValues());
                        }
                    });
                }
            } catch (Exception e) {
                LOG.error("Error reading from {}", entry.getKey(), e);
            }
        }
    }
    return result;
}
Also used : Provision(org.apache.syncope.core.persistence.api.entity.resource.Provision) Connector(org.apache.syncope.core.provisioning.api.Connector) MappingItem(org.apache.syncope.core.persistence.api.entity.resource.MappingItem) HashSet(java.util.HashSet) Set(java.util.Set) VirSchema(org.apache.syncope.core.persistence.api.entity.VirSchema) HashMap(java.util.HashMap) Attribute(org.identityconnectors.framework.common.objects.Attribute) ConnectorObject(org.identityconnectors.framework.common.objects.ConnectorObject) ExternalResource(org.apache.syncope.core.persistence.api.entity.resource.ExternalResource) List(java.util.List) VirAttrCacheValue(org.apache.syncope.core.provisioning.api.cache.VirAttrCacheValue) HashMap(java.util.HashMap) Map(java.util.Map) HashSet(java.util.HashSet)

Example 23 with Provision

use of org.apache.syncope.core.persistence.api.entity.resource.Provision in project syncope by apache.

the class MappingTest method anyConnObjectLink.

@Test
public void anyConnObjectLink() {
    ExternalResource ldap = resourceDAO.find("resource-ldap");
    assertNotNull(ldap);
    Provision provision = ldap.getProvision(anyTypeDAO.findUser()).get();
    assertNotNull(provision);
    assertNotNull(provision.getMapping());
    assertNotNull(provision.getMapping().getConnObjectLink());
    User user = userDAO.findByUsername("rossini");
    assertNotNull(user);
    Name name = MappingUtils.evaluateNAME(user, provision, user.getUsername());
    assertEquals("uid=rossini,ou=people,o=isp", name.getNameValue());
    provision.getMapping().setConnObjectLink("'uid=' + username + realm.replaceAll('/', ',o=') + ',ou=people,o=isp'");
    name = MappingUtils.evaluateNAME(user, provision, user.getUsername());
    assertEquals("uid=rossini,o=even,ou=people,o=isp", name.getNameValue());
}
Also used : Provision(org.apache.syncope.core.persistence.api.entity.resource.Provision) User(org.apache.syncope.core.persistence.api.entity.user.User) ExternalResource(org.apache.syncope.core.persistence.api.entity.resource.ExternalResource) Name(org.identityconnectors.framework.common.objects.Name) Test(org.junit.jupiter.api.Test)

Example 24 with Provision

use of org.apache.syncope.core.persistence.api.entity.resource.Provision in project syncope by apache.

the class JPAAnyTypeClassDAO method delete.

@Override
public void delete(final String key) {
    AnyTypeClass anyTypeClass = find(key);
    if (anyTypeClass == null) {
        return;
    }
    for (PlainSchema schema : plainSchemaDAO.findByAnyTypeClasses(Collections.singletonList(anyTypeClass))) {
        schema.setAnyTypeClass(null);
    }
    for (DerSchema schema : derSchemaDAO.findByAnyTypeClasses(Collections.singletonList(anyTypeClass))) {
        schema.setAnyTypeClass(null);
    }
    for (VirSchema schema : virSchemaDAO.findByAnyTypeClasses(Collections.singletonList(anyTypeClass))) {
        schema.setAnyTypeClass(null);
    }
    for (AnyType type : anyTypeDAO.findByTypeClass(anyTypeClass)) {
        type.getClasses().remove(anyTypeClass);
    }
    for (TypeExtension typeExt : groupDAO.findTypeExtensions(anyTypeClass)) {
        typeExt.getAuxClasses().remove(anyTypeClass);
        if (typeExt.getAuxClasses().isEmpty()) {
            typeExt.getGroup().getTypeExtensions().remove(typeExt);
            typeExt.setGroup(null);
        }
    }
    for (Provision provision : resourceDAO.findProvisionsByAuxClass(anyTypeClass)) {
        provision.getAuxClasses().remove(anyTypeClass);
    }
    entityManager().remove(anyTypeClass);
}
Also used : Provision(org.apache.syncope.core.persistence.api.entity.resource.Provision) DerSchema(org.apache.syncope.core.persistence.api.entity.DerSchema) VirSchema(org.apache.syncope.core.persistence.api.entity.VirSchema) TypeExtension(org.apache.syncope.core.persistence.api.entity.group.TypeExtension) PlainSchema(org.apache.syncope.core.persistence.api.entity.PlainSchema) AnyTypeClass(org.apache.syncope.core.persistence.api.entity.AnyTypeClass) JPAAnyTypeClass(org.apache.syncope.core.persistence.jpa.entity.JPAAnyTypeClass) AnyType(org.apache.syncope.core.persistence.api.entity.AnyType)

Example 25 with Provision

use of org.apache.syncope.core.persistence.api.entity.resource.Provision in project syncope by apache.

the class ResourceTest method save.

@Test
public void save() {
    ExternalResource resource = entityFactory.newEntity(ExternalResource.class);
    resource.setKey("ws-target-resource-basic-save");
    resource.setPropagationPriority(2);
    Provision provision = entityFactory.newEntity(Provision.class);
    provision.setAnyType(anyTypeDAO.findUser());
    provision.setObjectClass(ObjectClass.ACCOUNT);
    provision.setResource(resource);
    resource.add(provision);
    Mapping mapping = entityFactory.newEntity(Mapping.class);
    mapping.setProvision(provision);
    provision.setMapping(mapping);
    MappingItem connObjectKey = entityFactory.newEntity(MappingItem.class);
    connObjectKey.setExtAttrName("username");
    connObjectKey.setIntAttrName("fullname");
    connObjectKey.setPurpose(MappingPurpose.BOTH);
    mapping.setConnObjectKeyItem(connObjectKey);
    ConnInstance connector = resourceDAO.find("ws-target-resource-1").getConnector();
    resource.setConnector(connector);
    // save the resource
    ExternalResource actual = resourceDAO.save(resource);
    assertNotNull(actual);
    assertNotNull(actual.getConnector());
    assertNotNull(actual.getProvision(anyTypeDAO.findUser()).get().getMapping());
    assertFalse(actual.getProvision(anyTypeDAO.findUser()).get().getMapping().getItems().isEmpty());
    assertEquals(Integer.valueOf(2), actual.getPropagationPriority());
}
Also used : Provision(org.apache.syncope.core.persistence.api.entity.resource.Provision) MappingItem(org.apache.syncope.core.persistence.api.entity.resource.MappingItem) Mapping(org.apache.syncope.core.persistence.api.entity.resource.Mapping) ExternalResource(org.apache.syncope.core.persistence.api.entity.resource.ExternalResource) ConnInstance(org.apache.syncope.core.persistence.api.entity.ConnInstance) Test(org.junit.jupiter.api.Test) AbstractTest(org.apache.syncope.core.persistence.jpa.AbstractTest)

Aggregations

Provision (org.apache.syncope.core.persistence.api.entity.resource.Provision)30 ExternalResource (org.apache.syncope.core.persistence.api.entity.resource.ExternalResource)20 MappingItem (org.apache.syncope.core.persistence.api.entity.resource.MappingItem)19 List (java.util.List)13 Set (java.util.Set)12 Autowired (org.springframework.beans.factory.annotation.Autowired)12 UserDAO (org.apache.syncope.core.persistence.api.dao.UserDAO)11 ArrayList (java.util.ArrayList)10 StringUtils (org.apache.commons.lang3.StringUtils)10 Attribute (org.identityconnectors.framework.common.objects.Attribute)10 HashSet (java.util.HashSet)9 GroupDAO (org.apache.syncope.core.persistence.api.dao.GroupDAO)9 VirSchemaDAO (org.apache.syncope.core.persistence.api.dao.VirSchemaDAO)9 OrgUnit (org.apache.syncope.core.persistence.api.entity.resource.OrgUnit)9 Connector (org.apache.syncope.core.provisioning.api.Connector)9 Test (org.junit.jupiter.api.Test)9 Transactional (org.springframework.transaction.annotation.Transactional)9 Collections (java.util.Collections)8 Collectors (java.util.stream.Collectors)8 IteratorChain (org.apache.syncope.common.lib.collections.IteratorChain)8