Example 16 with User
use of org.apache.syncope.core.persistence.api.entity.user.User in project syncope by apache.
the class JPAGroupDAO method findOwnedByUser.
@Transactional(readOnly = true)
@Override
public List<Group> findOwnedByUser(final String userKey) {
User owner = userDAO().find(userKey);
if (owner == null) {
return Collections.<Group>emptyList();
}
StringBuilder queryString = new StringBuilder("SELECT e FROM ").append(JPAGroup.class.getSimpleName()).append(" e WHERE e.userOwner=:owner ");
for (String groupKey : userDAO().findAllGroupKeys(owner)) {
queryString.append("OR e.groupOwner.id='").append(groupKey).append("' ");
}
TypedQuery<Group> query = entityManager().createQuery(queryString.toString(), Group.class);
query.setParameter("owner", owner);
return query.getResultList();
}
Also used :
JPAGroup(org.apache.syncope.core.persistence.jpa.entity.group.JPAGroup)
Group(org.apache.syncope.core.persistence.api.entity.group.Group)
User(org.apache.syncope.core.persistence.api.entity.user.User)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 17 with User
use of org.apache.syncope.core.persistence.api.entity.user.User in project syncope by apache.
the class JPARoleDAO method save.
@Override
public Role save(final Role role) {
Role merged = entityManager().merge(role);
// refresh dynamic memberships
if (merged.getDynMembership() != null) {
List<User> matching = searchDAO().search(SearchCondConverter.convert(merged.getDynMembership().getFIQLCond()), AnyTypeKind.USER);
clearDynMembers(merged);
matching.forEach((user) -> {
Query insert = entityManager().createNativeQuery("INSERT INTO " + DYNMEMB_TABLE + " VALUES(?, ?)");
insert.setParameter(1, user.getKey());
insert.setParameter(2, merged.getKey());
insert.executeUpdate();
publisher.publishEvent(new AnyCreatedUpdatedEvent<>(this, user, AuthContextUtils.getDomain()));
});
}
return merged;
}
Also used :
JPARole(org.apache.syncope.core.persistence.jpa.entity.JPARole)
Role(org.apache.syncope.core.persistence.api.entity.Role)
User(org.apache.syncope.core.persistence.api.entity.user.User)
JPAUser(org.apache.syncope.core.persistence.jpa.entity.user.JPAUser)
TypedQuery(javax.persistence.TypedQuery)
Query(javax.persistence.Query)
Example 18 with User
use of org.apache.syncope.core.persistence.api.entity.user.User in project syncope by apache.
the class JPARoleDAO method refreshDynMemberships.
@Transactional
@Override
public void refreshDynMemberships(final User user) {
findAll().stream().filter(role -> role.getDynMembership() != null).forEach(role -> {
Query delete = entityManager().createNativeQuery("DELETE FROM " + DYNMEMB_TABLE + " WHERE role_id=? AND any_id=?");
delete.setParameter(1, role.getKey());
delete.setParameter(2, user.getKey());
delete.executeUpdate();
if (searchDAO().matches(user, SearchCondConverter.convert(role.getDynMembership().getFIQLCond()))) {
Query insert = entityManager().createNativeQuery("INSERT INTO " + DYNMEMB_TABLE + " VALUES(?, ?)");
insert.setParameter(1, user.getKey());
insert.setParameter(2, role.getKey());
insert.executeUpdate();
}
});
}
Also used :
JPARole(org.apache.syncope.core.persistence.jpa.entity.JPARole)
AnySearchDAO(org.apache.syncope.core.persistence.api.dao.AnySearchDAO)
Realm(org.apache.syncope.core.persistence.api.entity.Realm)
User(org.apache.syncope.core.persistence.api.entity.user.User)
Autowired(org.springframework.beans.factory.annotation.Autowired)
TypedQuery(javax.persistence.TypedQuery)
RoleDAO(org.apache.syncope.core.persistence.api.dao.RoleDAO)
ArrayList(java.util.ArrayList)
AnyTypeKind(org.apache.syncope.common.lib.types.AnyTypeKind)
AnyCreatedUpdatedEvent(org.apache.syncope.core.provisioning.api.event.AnyCreatedUpdatedEvent)
List(java.util.List)
Query(javax.persistence.Query)
ApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher)
SearchCondConverter(org.apache.syncope.core.persistence.api.search.SearchCondConverter)
Privilege(org.apache.syncope.core.persistence.api.entity.Privilege)
JPAUser(org.apache.syncope.core.persistence.jpa.entity.user.JPAUser)
AuthContextUtils(org.apache.syncope.core.spring.security.AuthContextUtils)
ApplicationContextProvider(org.apache.syncope.core.spring.ApplicationContextProvider)
Repository(org.springframework.stereotype.Repository)
Collections(java.util.Collections)
Role(org.apache.syncope.core.persistence.api.entity.Role)
Transactional(org.springframework.transaction.annotation.Transactional)
TypedQuery(javax.persistence.TypedQuery)
Query(javax.persistence.Query)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 19 with User
use of org.apache.syncope.core.persistence.api.entity.user.User in project syncope by apache.
the class JPASecurityQuestionDAO method delete.
@Override
public void delete(final String key) {
SecurityQuestion securityQuestion = find(key);
if (securityQuestion == null) {
return;
}
for (User user : userDAO.findBySecurityQuestion(securityQuestion)) {
user.setSecurityQuestion(null);
user.setSecurityAnswer(null);
userDAO.save(user);
}
entityManager().remove(securityQuestion);
}
Also used :
User(org.apache.syncope.core.persistence.api.entity.user.User)
JPASecurityQuestion(org.apache.syncope.core.persistence.jpa.entity.JPASecurityQuestion)
SecurityQuestion(org.apache.syncope.core.persistence.api.entity.user.SecurityQuestion)
Example 20 with User
use of org.apache.syncope.core.persistence.api.entity.user.User in project syncope by apache.
the class JPAUserDAO method enforcePolicies.
@Transactional(readOnly = true)
@Override
public Pair<Boolean, Boolean> enforcePolicies(final User user) {
// ------------------------------
// Verify password policies
// ------------------------------
LOG.debug("Password Policy enforcement");
try {
int maxPPSpecHistory = 0;
for (PasswordPolicy policy : getPasswordPolicies(user)) {
if (user.getPassword() == null && !policy.isAllowNullPassword()) {
throw new PasswordPolicyException("Password mandatory");
}
for (Implementation impl : policy.getRules()) {
Optional<PasswordRule> rule = ImplementationManager.buildPasswordRule(impl);
if (rule.isPresent()) {
rule.get().enforce(user);
}
}
if (user.verifyPasswordHistory(user.getClearPassword(), policy.getHistoryLength())) {
throw new PasswordPolicyException("Password value was used in the past: not allowed");
}
if (policy.getHistoryLength() > maxPPSpecHistory) {
maxPPSpecHistory = policy.getHistoryLength();
}
}
// update user's password history with encrypted password
if (maxPPSpecHistory > 0 && user.getPassword() != null && !user.getPasswordHistory().contains(user.getPassword())) {
user.getPasswordHistory().add(user.getPassword());
}
// keep only the last maxPPSpecHistory items in user's password history
if (maxPPSpecHistory < user.getPasswordHistory().size()) {
for (int i = 0; i < user.getPasswordHistory().size() - maxPPSpecHistory; i++) {
user.getPasswordHistory().remove(i);
}
}
} catch (Exception e) {
LOG.error("Invalid password for {}", user, e);
throw new InvalidEntityException(User.class, EntityViolationType.InvalidPassword, e.getMessage());
} finally {
// password has been validated, let's remove its clear version
user.removeClearPassword();
}
// ------------------------------
// Verify account policies
// ------------------------------
LOG.debug("Account Policy enforcement");
boolean suspend = false;
boolean propagateSuspension = false;
try {
if (user.getUsername() == null) {
throw new AccountPolicyException("Null username");
}
if (adminUser.equals(user.getUsername()) || anonymousUser.equals(user.getUsername())) {
throw new AccountPolicyException("Not allowed: " + user.getUsername());
}
if (!USERNAME_PATTERN.matcher(user.getUsername()).matches()) {
throw new AccountPolicyException("Character(s) not allowed");
}
for (AccountPolicy policy : getAccountPolicies(user)) {
for (Implementation impl : policy.getRules()) {
Optional<AccountRule> rule = ImplementationManager.buildAccountRule(impl);
if (rule.isPresent()) {
rule.get().enforce(user);
}
}
suspend |= user.getFailedLogins() != null && policy.getMaxAuthenticationAttempts() > 0 && user.getFailedLogins() > policy.getMaxAuthenticationAttempts() && !user.isSuspended();
propagateSuspension |= policy.isPropagateSuspension();
}
} catch (Exception e) {
LOG.error("Invalid username for {}", user, e);
throw new InvalidEntityException(User.class, EntityViolationType.InvalidUsername, e.getMessage());
}
return ImmutablePair.of(suspend, propagateSuspension);
}
Also used :
PasswordRule(org.apache.syncope.core.persistence.api.dao.PasswordRule)
AccountRule(org.apache.syncope.core.persistence.api.dao.AccountRule)
JPAUser(org.apache.syncope.core.persistence.jpa.entity.user.JPAUser)
User(org.apache.syncope.core.persistence.api.entity.user.User)
AccountPolicyException(org.apache.syncope.core.provisioning.api.utils.policy.AccountPolicyException)
Implementation(org.apache.syncope.core.persistence.api.entity.Implementation)
NoResultException(javax.persistence.NoResultException)
AccountPolicyException(org.apache.syncope.core.provisioning.api.utils.policy.AccountPolicyException)
PasswordPolicyException(org.apache.syncope.core.provisioning.api.utils.policy.PasswordPolicyException)
DelegatedAdministrationException(org.apache.syncope.core.spring.security.DelegatedAdministrationException)
InvalidEntityException(org.apache.syncope.core.persistence.api.attrvalue.validation.InvalidEntityException)
InvalidEntityException(org.apache.syncope.core.persistence.api.attrvalue.validation.InvalidEntityException)
AccountPolicy(org.apache.syncope.core.persistence.api.entity.policy.AccountPolicy)
PasswordPolicyException(org.apache.syncope.core.provisioning.api.utils.policy.PasswordPolicyException)
PasswordPolicy(org.apache.syncope.core.persistence.api.entity.policy.PasswordPolicy)
Transactional(org.springframework.transaction.annotation.Transactional)
Aggregations
User (org.apache.syncope.core.persistence.api.entity.user.User)135
Test (org.junit.jupiter.api.Test)58
AbstractTest (org.apache.syncope.core.persistence.jpa.AbstractTest)56
Transactional (org.springframework.transaction.annotation.Transactional)39
Group (org.apache.syncope.core.persistence.api.entity.group.Group)24
ArrayList (java.util.ArrayList)20
UserTO (org.apache.syncope.common.lib.to.UserTO)20
SearchCond (org.apache.syncope.core.persistence.api.dao.search.SearchCond)20
HashSet (java.util.HashSet)18
AttributeCond (org.apache.syncope.core.persistence.api.dao.search.AttributeCond)17
AnyObject (org.apache.syncope.core.persistence.api.entity.anyobject.AnyObject)17
List (java.util.List)16
WorkflowResult (org.apache.syncope.core.provisioning.api.WorkflowResult)16
UPlainAttr (org.apache.syncope.core.persistence.api.entity.user.UPlainAttr)15
Autowired (org.springframework.beans.factory.annotation.Autowired)15
Set (java.util.Set)14
PlainSchema (org.apache.syncope.core.persistence.api.entity.PlainSchema)14
PropagationByResource (org.apache.syncope.core.provisioning.api.PropagationByResource)14
Collections (java.util.Collections)11
Collectors (java.util.stream.Collectors)11
