protected Set<? extends ExternalResource> getPassthroughResources(final User user) { Set<? extends ExternalResource> result = null; // 1. look for assigned resources, pick the ones whose account policy has authentication resources for (ExternalResource resource : userDAO.findAllResources(user)) { if (resource.getAccountPolicy() != null && !resource.getAccountPolicy().getResources().isEmpty()) { if (result == null) { result = resource.getAccountPolicy().getResources(); } else { result.retainAll(resource.getAccountPolicy().getResources()); } } } // 2. look for realms, pick the ones whose account policy has authentication resources for (Realm realm : realmDAO.findAncestors(user.getRealm())) { if (realm.getAccountPolicy() != null && !realm.getAccountPolicy().getResources().isEmpty()) { if (result == null) { result = realm.getAccountPolicy().getResources(); } else { result.retainAll(realm.getAccountPolicy().getResources()); } } } return result == null ? Collections.emptySet() : result; }
policyTO = (T) accountPolicyTO; accountPolicyTO.setMaxAuthenticationAttempts(accountPolicy.getMaxAuthenticationAttempts()); accountPolicyTO.setPropagateSuspension(accountPolicy.isPropagateSuspension()); accountPolicy.getRules().stream().map(Entity::getKey).collect(Collectors.toList())); accountPolicy.getResources().stream().map(Entity::getKey).collect(Collectors.toList())); } else if (policy instanceof PullPolicy) { PullPolicy pullPolicy = PullPolicy.class.cast(policy);
AccountPolicyTO accountPolicyTO = AccountPolicyTO.class.cast(policyTO); accountPolicy.setMaxAuthenticationAttempts(accountPolicyTO.getMaxAuthenticationAttempts()); accountPolicy.setPropagateSuspension(accountPolicyTO.isPropagateSuspension()); LOG.debug("Invalid " + Implementation.class.getSimpleName() + " {}, ignoring...", ruleKey); } else { accountPolicy.add(rule); accountPolicy.getRules(). removeIf(implementation -> !accountPolicyTO.getRules().contains(implementation.getKey())); accountPolicy.getResources().clear(); accountPolicyTO.getPassthroughResources().forEach(resourceName -> { ExternalResource resource = resourceDAO.find(resourceName); LOG.debug("Ignoring invalid resource {} ", resourceName); } else { accountPolicy.add(resource);
for (Implementation impl : policy.getRules()) { Optional<AccountRule> rule = ImplementationManager.buildAccountRule(impl); if (rule.isPresent()) { suspend |= user.getFailedLogins() != null && policy.getMaxAuthenticationAttempts() > 0 && user.getFailedLogins() > policy.getMaxAuthenticationAttempts() && !user.isSuspended(); propagateSuspension |= policy.isPropagateSuspension();
@Override public RealmTO getRealmTO(final Realm realm, final boolean admin) { RealmTO realmTO = new RealmTO(); realmTO.setKey(realm.getKey()); realmTO.setName(realm.getName()); realmTO.setParent(realm.getParent() == null ? null : realm.getParent().getKey()); realmTO.setFullPath(realm.getFullPath()); if (admin) { realmTO.setAccountPolicy(realm.getAccountPolicy() == null ? null : realm.getAccountPolicy().getKey()); realmTO.setPasswordPolicy(realm.getPasswordPolicy() == null ? null : realm.getPasswordPolicy().getKey()); realm.getActions().forEach(action -> { realmTO.getActions().add(action.getKey()); }); realm.getTemplates().forEach(template -> { realmTO.getTemplates().put(template.getAnyType().getKey(), template.get()); }); realm.getResources().forEach(resource -> { realmTO.getResources().add(resource.getKey()); }); } return realmTO; }
? null : resource.getAccountPolicy().getKey());
protected Set<? extends ExternalResource> getPassthroughResources(final User user) { Set<? extends ExternalResource> result = null; // 1. look for assigned resources, pick the ones whose account policy has authentication resources for (ExternalResource resource : userDAO.findAllResources(user)) { if (resource.getAccountPolicy() != null && !resource.getAccountPolicy().getResources().isEmpty()) { if (result == null) { result = resource.getAccountPolicy().getResources(); } else { result.retainAll(resource.getAccountPolicy().getResources()); } } } // 2. look for realms, pick the ones whose account policy has authentication resources for (Realm realm : realmDAO.findAncestors(user.getRealm())) { if (realm.getAccountPolicy() != null && !realm.getAccountPolicy().getResources().isEmpty()) { if (result == null) { result = realm.getAccountPolicy().getResources(); } else { result.retainAll(realm.getAccountPolicy().getResources()); } } } return result == null ? Collections.emptySet() : result; }
forEach(group -> group.getResources().remove(resource)); policyDAO.findByResource(resource). forEach(policy -> policy.getResources().remove(resource));