@Override public List<ConnInstance> findAll() { final Set<String> authRealms = AuthContextUtils.getAuthorizations().get(StandardEntitlement.CONNECTOR_LIST); if (authRealms == null || authRealms.isEmpty()) { return Collections.emptyList(); } TypedQuery<ConnInstance> query = entityManager().createQuery( "SELECT e FROM " + JPAConnInstance.class.getSimpleName() + " e", ConnInstance.class); return query.getResultList().stream().filter(connInstance -> authRealms.stream(). anyMatch(realm -> connInstance.getAdminRealm().getFullPath().startsWith(realm))). collect(Collectors.toList()); }
@Override public List<ExternalResource> findAll() { final Set<String> authRealms = AuthContextUtils.getAuthorizations().get(StandardEntitlement.RESOURCE_LIST); if (authRealms == null || authRealms.isEmpty()) { return Collections.emptyList(); } TypedQuery<ExternalResource> query = entityManager().createQuery( "SELECT e FROM " + JPAExternalResource.class.getSimpleName() + " e", ExternalResource.class); return query.getResultList().stream().filter(resource -> authRealms.stream(). anyMatch(realm -> resource.getConnector() != null && resource.getConnector().getAdminRealm().getFullPath().startsWith(realm))). collect(Collectors.toList()); }
@Override public ConnInstance authFind(final String key) { ConnInstance connInstance = find(key); if (connInstance == null) { return null; } Set<String> authRealms = AuthContextUtils.getAuthorizations().get(StandardEntitlement.CONNECTOR_READ); if (authRealms == null || authRealms.isEmpty() || !authRealms.stream().anyMatch( realm -> connInstance.getAdminRealm().getFullPath().startsWith(realm))) { throw new DelegatedAdministrationException( connInstance.getAdminRealm().getFullPath(), ConnInstance.class.getSimpleName(), connInstance.getKey()); } return connInstance; }
@Override public ExternalResource authFind(final String key) { ExternalResource resource = find(key); if (resource == null) { return null; } Set<String> authRealms = AuthContextUtils.getAuthorizations().get(StandardEntitlement.RESOURCE_READ); if (authRealms == null || authRealms.isEmpty() || !authRealms.stream().anyMatch(realm -> resource.getConnector() != null && resource.getConnector().getAdminRealm().getFullPath().startsWith(realm))) { throw new DelegatedAdministrationException( resource.getConnector().getAdminRealm().getFullPath(), ExternalResource.class.getSimpleName(), resource.getKey()); } return resource; }
@PreAuthorize("hasRole('" + StandardEntitlement.RESOURCE_DELETE + "')") public ResourceTO delete(final String key) { ExternalResource resource = resourceDAO.authFind(key); if (resource == null) { throw new NotFoundException("Resource '" + key + "'"); } Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.RESOURCE_DELETE), resource.getConnector().getAdminRealm().getFullPath()); securityChecks(effectiveRealms, resource.getConnector().getAdminRealm().getFullPath(), resource.getKey()); ResourceTO resourceToDelete = binder.getResourceTO(resource); resourceDAO.delete(key); return resourceToDelete; }
@PreAuthorize("hasRole('" + StandardEntitlement.CONNECTOR_DELETE + "')") public ConnInstanceTO delete(final String key) { ConnInstance connInstance = connInstanceDAO.authFind(key); if (connInstance == null) { throw new NotFoundException("Connector '" + key + "'"); } Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.CONNECTOR_DELETE), connInstance.getAdminRealm().getFullPath()); securityChecks(effectiveRealms, connInstance.getAdminRealm().getFullPath(), connInstance.getKey()); if (!connInstance.getResources().isEmpty()) { SyncopeClientException associatedResources = SyncopeClientException.build( ClientExceptionType.AssociatedResources); connInstance.getResources().forEach(resource -> { associatedResources.getElements().add(resource.getKey()); }); throw associatedResources; } ConnInstanceTO deleted = binder.getConnInstanceTO(connInstance); connInstanceDAO.delete(key); return deleted; }
@PreAuthorize("hasRole('" + StandardEntitlement.RESOURCE_UPDATE + "')") public ResourceTO update(final ResourceTO resourceTO) { ExternalResource resource = resourceDAO.authFind(resourceTO.getKey()); if (resource == null) { throw new NotFoundException("Resource '" + resourceTO.getKey() + "'"); } Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.RESOURCE_UPDATE), resource.getConnector().getAdminRealm().getFullPath()); securityChecks(effectiveRealms, resource.getConnector().getAdminRealm().getFullPath(), resource.getKey()); return binder.getResourceTO(resourceDAO.save(binder.update(resource, resourceTO))); }
@PreAuthorize("hasRole('" + StandardEntitlement.RESOURCE_CREATE + "')") public ResourceTO create(final ResourceTO resourceTO) { if (StringUtils.isBlank(resourceTO.getKey())) { SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.RequiredValuesMissing); sce.getElements().add("Resource key"); throw sce; } ConnInstance connInstance = connInstanceDAO.authFind(resourceTO.getConnector()); if (connInstance == null) { SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidExternalResource); sce.getElements().add("Connector " + resourceTO.getConnector()); throw sce; } Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.RESOURCE_CREATE), connInstance.getAdminRealm().getFullPath()); securityChecks(effectiveRealms, connInstance.getAdminRealm().getFullPath(), null); if (resourceDAO.authFind(resourceTO.getKey()) != null) { throw new DuplicateException(resourceTO.getKey()); } return binder.getResourceTO(resourceDAO.save(binder.create(resourceTO))); }
@PreAuthorize("hasRole('" + StandardEntitlement.RESOURCE_UPDATE + "')") public void removeSyncToken(final String key, final String anyTypeKey) { ExternalResource resource = resourceDAO.authFind(key); if (resource == null) { throw new NotFoundException("Resource '" + key + "'"); } if (SyncopeConstants.REALM_ANYTYPE.equals(anyTypeKey)) { if (resource.getOrgUnit() == null) { throw new NotFoundException("Realm provision not enabled for Resource '" + key + "'"); } resource.getOrgUnit().setSyncToken(null); } else { AnyType anyType = anyTypeDAO.find(anyTypeKey); if (anyType == null) { throw new NotFoundException("AnyType '" + anyTypeKey + "'"); } Optional<? extends Provision> provision = resource.getProvision(anyType); if (!provision.isPresent()) { throw new NotFoundException("Provision for AnyType '" + anyTypeKey + "' in Resource '" + key + "'"); } provision.get().setSyncToken(null); } Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.RESOURCE_UPDATE), resource.getConnector().getAdminRealm().getFullPath()); securityChecks(effectiveRealms, resource.getConnector().getAdminRealm().getFullPath(), resource.getKey()); resourceDAO.save(resource); }
resource.getConnector().getAdminRealm().getFullPath()); securityChecks(effectiveRealms, resource.getConnector().getAdminRealm().getFullPath(), resource.getKey());
connInstance.setAdminRealm(realmDAO.findByFullPath(connInstanceTO.getAdminRealm())); if (connInstance.getAdminRealm() == null) { sce.getElements().add("Invalid or null realm specified: " + connInstanceTO.getAdminRealm());
connInstanceTO.setDisplayName(connInstance.getDisplayName()); connInstanceTO.setConnRequestTimeout(connInstance.getConnRequestTimeout()); connInstanceTO.setAdminRealm(connInstance.getAdminRealm().getFullPath()); connInstanceTO.setLocation(info.getLeft().toASCIIString()); connInstanceTO.getCapabilities().addAll(connInstance.getCapabilities());