@Override public Optional<? extends Provision> getProvision(final String anyType) { return getProvisions().stream(). filter(provision -> provision.getAnyType().getKey().equals(anyType)).findFirst(); }
@Override @SuppressWarnings("unchecked") public List<String> findADynMembers(final Group group) { List<String> result = new ArrayList<>(); group.getADynMemberships().forEach(memb -> { Query query = entityManager().createNativeQuery( "SELECT any_id FROM " + ADYNMEMB_TABLE + " WHERE group_id=? AND anyType_id=?"); query.setParameter(1, group.getKey()); query.setParameter(2, memb.getAnyType().getKey()); query.getResultList().stream().map(key -> key instanceof Object[] ? (String) ((Object[]) key)[0] : ((String) key)). filter(anyObject -> !result.contains((String) anyObject)). forEach(anyObject -> { result.add((String) anyObject); }); }); return result; }
@Override public TypeExtensionTO getTypeExtensionTO(final TypeExtension typeExt) { TypeExtensionTO typeExtTO = new TypeExtensionTO(); typeExtTO.setAnyType(typeExt.getAnyType().getKey()); typeExtTO.getAuxClasses().addAll( typeExt.getAuxClasses().stream().map(Entity::getKey).collect(Collectors.toList())); return typeExtTO; }
protected void doHandle( final List<? extends Any<?>> anys, final SyncopePushResultHandler handler, final ExternalResource resource) throws JobExecutionException { for (int i = 0; i < anys.size() && !interrupt; i++) { try { handler.handle(anys.get(i).getKey()); reportHandled( anys.get(i).getType().getKey(), (anys.get(i) instanceof User ? ((User) anys.get(i)).getUsername() : anys.get(i) instanceof Group ? ((Group) anys.get(i)).getName() : ((AnyObject) anys.get(i)).getName())); } catch (Exception e) { LOG.warn("Failure pushing '{}' on '{}'", anys.get(i), resource, e); throw new JobExecutionException("While pushing " + anys.get(i) + " on " + resource, e); } } }
@Override protected void securityChecks(final AnyObject anyObject) { Map<String, Set<String>> authorizations = AuthContextUtils.getAuthorizations(); Set<String> authRealms = authorizations.containsKey(AnyEntitlement.READ.getFor(anyObject.getType().getKey())) ? authorizations.get(AnyEntitlement.READ.getFor(anyObject.getType().getKey())) : Collections.emptySet(); boolean authorized = authRealms.stream(). anyMatch(realm -> anyObject.getRealm().getFullPath().startsWith(realm)); if (!authorized) { authorized = findDynRealms(anyObject.getKey()).stream(). filter(dynRealm -> authRealms.contains(dynRealm)). count() > 0; } if (authRealms.isEmpty() || !authorized) { throw new DelegatedAdministrationException( anyObject.getRealm().getFullPath(), AnyTypeKind.ANY_OBJECT.name(), anyObject.getKey()); } }
@Transactional(readOnly = true) public void addEntitlementsForAnyTypes() { for (AnyType anyType : anyTypeDAO.findAll()) { if (anyType != anyTypeDAO.findUser() && anyType != anyTypeDAO.findGroup()) { EntitlementsHolder.getInstance().addFor(anyType.getKey()); } } } }
protected Map<String, String> getConnObjectKeys(final Any<?> any, final AnyUtils anyUtils) { Map<String, String> connObjectKeys = new HashMap<>(); anyUtils.getAllResources(any). forEach(resource -> resource.getProvision(any.getType()). filter(provision -> provision.getMapping() != null). ifPresent(provision -> { MappingItem connObjectKeyItem = MappingUtils.getConnObjectKeyItem(provision). orElseThrow(() -> new NotFoundException( "ConnObjectKey mapping for " + any.getType().getKey() + " " + any.getKey() + " on resource '" + resource.getKey() + "'")); mappingManager.getConnObjectKeyValue(any, provision). ifPresent(value -> connObjectKeys.put(resource.getKey(), value)); })); return connObjectKeys; } }
@Override public DynRealmTO getDynRealmTO(final DynRealm dynRealm) { DynRealmTO dynRealmTO = new DynRealmTO(); dynRealmTO.setKey(dynRealm.getKey()); dynRealm.getDynMemberships().forEach(memb -> { dynRealmTO.getDynMembershipConds().put(memb.getAnyType().getKey(), memb.getFIQLCond()); }); return dynRealmTO; }
@Override public AnyTypeTO getAnyTypeTO(final AnyType anyType) { AnyTypeTO anyTypeTO = new AnyTypeTO(); anyTypeTO.setKey(anyType.getKey()); anyTypeTO.setKind(anyType.getKind()); anyType.getClasses().forEach(anyTypeClass -> { anyTypeTO.getClasses().add(anyTypeClass.getKey()); }); return anyTypeTO; }
@Override public AnyTypeTO delete(final AnyType anyType) { AnyTypeTO deleted = getAnyTypeTO(anyType); anyTypeDAO.delete(anyType.getKey()); final Set<String> removed = EntitlementsHolder.getInstance().removeFor(deleted.getKey()); if (!adminUser.equals(AuthContextUtils.getUsername())) { AccessToken accessToken = accessTokenDAO.findByOwner(AuthContextUtils.getUsername()); try { Set<SyncopeGrantedAuthority> authorities = new HashSet<>(POJOHelper.deserialize( ENCRYPTOR.decode(new String(accessToken.getAuthorities()), CipherAlgorithm.AES), new TypeReference<Set<SyncopeGrantedAuthority>>() { })); authorities.removeAll(authorities.stream(). filter(authority -> removed.contains(authority.getAuthority())).collect(Collectors.toList())); accessToken.setAuthorities(ENCRYPTOR.encode( POJOHelper.serialize(authorities), CipherAlgorithm.AES). getBytes()); accessTokenDAO.save(accessToken); } catch (Exception e) { LOG.error("Could not fetch or store authorities", e); } } return deleted; }
@Override public AnyType create(final AnyTypeTO anyTypeTO) { AnyType anyType = entityFactory.newEntity(AnyType.class); update(anyType, anyTypeTO); Set<String> added = EntitlementsHolder.getInstance().addFor(anyType.getKey()); if (!adminUser.equals(AuthContextUtils.getUsername())) { AccessToken accessToken = accessTokenDAO.findByOwner(AuthContextUtils.getUsername()); try { Set<SyncopeGrantedAuthority> authorities = new HashSet<>(POJOHelper.deserialize( ENCRYPTOR.decode(new String(accessToken.getAuthorities()), CipherAlgorithm.AES), new TypeReference<Set<SyncopeGrantedAuthority>>() { })); added.forEach(entitlement -> { authorities.add(new SyncopeGrantedAuthority(entitlement, SyncopeConstants.ROOT_REALM)); }); accessToken.setAuthorities(ENCRYPTOR.encode( POJOHelper.serialize(authorities), CipherAlgorithm.AES). getBytes()); accessTokenDAO.save(accessToken); } catch (Exception e) { LOG.error("Could not fetch or store authorities", e); } } return anyType; }
@Override public void update(final AnyType anyType, final AnyTypeTO anyTypeTO) { if (anyType.getKey() == null) { anyType.setKey(anyTypeTO.getKey()); } if (anyType.getKind() == null) { anyType.setKind(anyTypeTO.getKind()); } if (anyType.getKind() != anyTypeTO.getKind()) { SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidAnyType); sce.getElements().add(AnyTypeKind.class.getSimpleName() + " cannot be changed"); throw sce; } anyType.getClasses().clear(); anyTypeTO.getClasses().forEach(anyTypeClassName -> { AnyTypeClass anyTypeClass = anyTypeClassDAO.find(anyTypeClassName); if (anyTypeClass == null) { LOG.debug("Invalid " + AnyTypeClass.class.getSimpleName() + " {}, ignoring...", anyTypeClassName); } else { anyType.add(anyTypeClass); } }); }
private void setTemplates(final RealmTO realmTO, final Realm realm) { // validate JEXL expressions from templates and proceed if fine templateUtils.check(realmTO.getTemplates(), ClientExceptionType.InvalidRealm); realmTO.getTemplates().forEach((key, template) -> { AnyType type = anyTypeDAO.find(key); if (type == null) { LOG.debug("Invalid AnyType {} specified, ignoring...", key); } else { AnyTemplateRealm anyTemplate = realm.getTemplate(type).orElse(null); if (anyTemplate == null) { anyTemplate = entityFactory.newEntity(AnyTemplateRealm.class); anyTemplate.setAnyType(type); anyTemplate.setRealm(realm); realm.add(anyTemplate); } anyTemplate.set(template); } }); // remove all templates not contained in the TO realm.getTemplates(). removeIf(template -> !realmTO.getTemplates().containsKey(template.getAnyType().getKey())); }
protected RelationshipTO getRelationshipTO(final String relationshipType, final AnyObject otherEnd) { return new RelationshipTO.Builder(). type(relationshipType).otherEnd(otherEnd.getType().getKey(), otherEnd.getKey(), otherEnd.getName()). build(); }
@Override public RealmTO getRealmTO(final Realm realm, final boolean admin) { RealmTO realmTO = new RealmTO(); realmTO.setKey(realm.getKey()); realmTO.setName(realm.getName()); realmTO.setParent(realm.getParent() == null ? null : realm.getParent().getKey()); realmTO.setFullPath(realm.getFullPath()); if (admin) { realmTO.setAccountPolicy(realm.getAccountPolicy() == null ? null : realm.getAccountPolicy().getKey()); realmTO.setPasswordPolicy(realm.getPasswordPolicy() == null ? null : realm.getPasswordPolicy().getKey()); realm.getActions().forEach(action -> { realmTO.getActions().add(action.getKey()); }); realm.getTemplates().forEach(template -> { realmTO.getTemplates().put(template.getAnyType().getKey(), template.get()); }); realm.getResources().forEach(resource -> { realmTO.getResources().add(resource.getKey()); }); } return realmTO; }
private <T extends AnyTO> T getAnyTOFromConnObject( final ConnectorObject obj, final PullTask pullTask, final Provision provision, final AnyUtils anyUtils) { T anyTO = anyUtils.newAnyTO(); anyTO.setType(provision.getAnyType().getKey()); // 1. fill with data from connector object anyTO.setRealm(pullTask.getDestinatioRealm().getFullPath()); MappingUtils.getPullItems(provision.getMapping().getItems()).forEach(item -> { mappingManager.setIntValues(item, obj.getAttributeByName(item.getExtAttrName()), anyTO); }); // 2. add data from defined template (if any) templateUtils.apply(anyTO, pullTask.getTemplate(provision.getAnyType())); return anyTO; } }
protected List<ProvisioningReport> assign( final SyncDelta delta, final Provision provision, final AnyUtils anyUtils) throws JobExecutionException { if (!profile.getTask().isPerformCreate()) { LOG.debug("PullTask not configured for create"); finalize(UnmatchingRule.toEventName(UnmatchingRule.ASSIGN), Result.SUCCESS, null, null, delta); return Collections.<ProvisioningReport>emptyList(); } AnyTO anyTO = connObjectUtils.getAnyTO(delta.getObject(), profile.getTask(), provision, anyUtils); anyTO.getResources().add(profile.getTask().getResource().getKey()); ProvisioningReport result = new ProvisioningReport(); result.setOperation(ResourceOperation.CREATE); result.setAnyType(provision.getAnyType().getKey()); result.setStatus(ProvisioningReport.Status.SUCCESS); result.setName(getName(anyTO)); result.setUidValue(delta.getUid().getUidValue()); if (profile.isDryRun()) { result.setKey(null); finalize(UnmatchingRule.toEventName(UnmatchingRule.ASSIGN), Result.SUCCESS, null, null, delta); } else { for (PullActions action : profile.getActions()) { action.beforeAssign(profile, delta, anyTO); } create(anyTO, delta, UnmatchingRule.toEventName(UnmatchingRule.ASSIGN), provision, result); } return Collections.singletonList(result); }
@Override public NotificationTO getNotificationTO(final Notification notification) { NotificationTO notificationTO = new NotificationTO(); notificationTO.setKey(notification.getKey()); notificationTO.setTemplate(notification.getTemplate().getKey()); notificationTO.getEvents().addAll(notification.getEvents()); notificationTO.setRecipientsFIQL(notification.getRecipientsFIQL()); notificationTO.getStaticRecipients().addAll(notification.getStaticRecipients()); notificationTO.setRecipientAttrName(notification.getRecipientAttrName()); notificationTO.setSelfAsRecipient(notification.isSelfAsRecipient()); notificationTO.setSender(notification.getSender()); notificationTO.setSubject(notification.getSubject()); notificationTO.setTraceLevel(notification.getTraceLevel()); notificationTO.setActive(notification.isActive()); notification.getAbouts().forEach(about -> { notificationTO.getAbouts().put(about.getAnyType().getKey(), about.get()); }); if (notification.getRecipientsProvider() != null) { notificationTO.setRecipientsProvider(notification.getRecipientsProvider().getKey()); } return notificationTO; }
protected List<ProvisioningReport> provision( final SyncDelta delta, final Provision provision, final AnyUtils anyUtils) throws JobExecutionException { if (!profile.getTask().isPerformCreate()) { LOG.debug("PullTask not configured for create"); finalize(UnmatchingRule.toEventName(UnmatchingRule.PROVISION), Result.SUCCESS, null, null, delta); return Collections.<ProvisioningReport>emptyList(); } AnyTO anyTO = connObjectUtils.getAnyTO(delta.getObject(), profile.getTask(), provision, anyUtils); ProvisioningReport result = new ProvisioningReport(); result.setOperation(ResourceOperation.CREATE); result.setAnyType(provision.getAnyType().getKey()); result.setStatus(ProvisioningReport.Status.SUCCESS); result.setName(getName(anyTO)); result.setUidValue(delta.getUid().getUidValue()); if (profile.isDryRun()) { result.setKey(null); finalize(UnmatchingRule.toEventName(UnmatchingRule.PROVISION), Result.SUCCESS, null, null, delta); } else { for (PullActions action : profile.getActions()) { action.beforeProvision(profile, delta, anyTO); } create(anyTO, delta, UnmatchingRule.toEventName(UnmatchingRule.PROVISION), provision, result); } return Collections.singletonList(result); }
@Override public VirSchemaTO getVirSchemaTO(final String key) { VirSchema schema = virSchemaDAO.find(key); if (schema == null) { throw new NotFoundException("Virtual Schema '" + key + "'"); } VirSchemaTO schemaTO = new VirSchemaTO(); schemaTO.setKey(schema.getKey()); schemaTO.setExtAttrName(schema.getExtAttrName()); schemaTO.setReadonly(schema.isReadonly()); labels(schema, schemaTO); schemaTO.setAnyTypeClass(schema.getAnyTypeClass() == null ? null : schema.getAnyTypeClass().getKey()); schemaTO.setResource(schema.getProvision().getResource().getKey()); schemaTO.setAnyType(schema.getProvision().getAnyType().getKey()); return schemaTO; } }