private boolean isSelfPasswordChange(PropertyDelta<ProtectedStringType> delta) { // We need runAs option, otherwise this is no self-service but an administrator setting the password. if (getOptions() == null) { return false; } if (getOptions().getRunAsIdentification() == null) { return false; } Collection<PrismPropertyValue<ProtectedStringType>> estimatedOldValues = delta.getEstimatedOldValues(); if (estimatedOldValues == null || estimatedOldValues.isEmpty()) { return false; } return true; }
private ConnectorOperationOptions createConnectorOperationOptions(ProvisioningContext ctx, ProvisioningOperationOptions options, OperationResult result) throws SchemaException, ConfigurationException, ObjectNotFoundException, CommunicationException, ExpressionEvaluationException { if (options == null) { return null; } String runAsAccountOid = options.getRunAsAccountOid(); if (runAsAccountOid == null) { return null; } RunAsCapabilityType capRunAs = ctx.getResourceEffectiveCapability(RunAsCapabilityType.class); if (capRunAs == null) { LOGGER.trace("Operation runAs requested, but resource does not have the capability. Ignoring runAs"); return null; } PrismObject<ShadowType> runAsShadow; try { runAsShadow = shadowManager.getRepoShadow(runAsAccountOid, result); } catch (ObjectNotFoundException e) { throw new ConfigurationException("Requested non-existing 'runAs' shadow", e); } ProvisioningContext runAsCtx = ctxFactory.create(runAsShadow, null, ctx.getTask(), result); shadowCaretaker.applyAttributesDefinition(runAsCtx, runAsShadow); ResourceObjectIdentification runAsIdentification = ResourceObjectIdentification.createFromShadow(runAsCtx.getObjectClassDefinition(), runAsShadow.asObjectable()); ConnectorOperationOptions connOptions = new ConnectorOperationOptions(); LOGGER.trace("RunAs identification: {}", runAsIdentification); connOptions.setRunAsIdentification(runAsIdentification); return connOptions; }
private OperationOptions createConnIdOptions(ConnectorOperationOptions options, Collection<Operation> changes) throws SchemaException { OperationOptionsBuilder connIdOptionsBuilder = new OperationOptionsBuilder(); if (options != null) { ResourceObjectIdentification runAsIdentification = options.getRunAsIdentification(); if (runAsIdentification != null) { connIdOptionsBuilder.setRunAsUser(getNameValue(runAsIdentification)); // We are going to figure out what the runAsPassword may be. // If there is a password change then there should be old value in the delta. // This is quite a black magic. But we do not have a better way now. for (Operation change : changes) { if (change instanceof PropertyModificationOperation) { PropertyDelta propertyDelta = ((PropertyModificationOperation)change).getPropertyDelta(); if (!propertyDelta.getPath().equivalent(SchemaConstants.PATH_PASSWORD_VALUE)) { continue; } Collection<PrismPropertyValue<ProtectedStringType>> oldValues = propertyDelta.getEstimatedOldValues(); if (oldValues == null || oldValues.isEmpty()) { continue; } ProtectedStringType oldPassword = oldValues.iterator().next().getValue(); if (oldPassword != null) { GuardedString oldPasswordGs = ConnIdUtil.toGuardedString(oldPassword, "runAs password", protector); connIdOptionsBuilder.setRunWithPassword(oldPasswordGs); } } } } } return connIdOptionsBuilder.build(); }