@PreAuthorize("hasRole('" + StandardEntitlement.POLICY_LIST + "')") @Transactional(readOnly = true) public <T extends PolicyTO> List<T> list(final PolicyType type) { PolicyUtils policyUtils = policyUtilsFactory.getInstance(type); return policyDAO.find(policyUtils.policyClass()).stream(). <T>map(binder::getPolicyTO).collect(Collectors.toList()); }
@PreAuthorize("hasRole('" + StandardEntitlement.POLICY_CREATE + "')") public <T extends PolicyTO> T create(final PolicyType type, final T policyTO) { PolicyUtils policyUtils = policyUtilsFactory.getInstance(policyTO); if (policyUtils.getType() != type) { SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidRequest); sce.getElements().add("Found " + type + ", expected " + policyUtils.getType()); throw sce; } return binder.getPolicyTO(policyDAO.save(binder.create(policyTO))); }
passwordPolicyTO.setAllowNullPassword(passwordPolicy.isAllowNullPassword()); passwordPolicyTO.setHistoryLength(passwordPolicy.getHistoryLength()); passwordPolicy.getRules().stream().map(Entity::getKey).collect(Collectors.toList())); } else if (policy instanceof AccountPolicy) { AccountPolicy accountPolicy = AccountPolicy.class.cast(policy); accountPolicyTO.setMaxAuthenticationAttempts(accountPolicy.getMaxAuthenticationAttempts()); accountPolicyTO.setPropagateSuspension(accountPolicy.isPropagateSuspension()); accountPolicy.getRules().stream().map(Entity::getKey).collect(Collectors.toList())); accountPolicy.getResources().stream().map(Entity::getKey).collect(Collectors.toList())); } else if (policy instanceof PullPolicy) { PullPolicy pullPolicy = PullPolicy.class.cast(policy); pullPolicyTO.setConflictResolutionAction(((PullPolicy) policy).getConflictResolutionAction()); pullPolicy.getCorrelationRules().forEach(rule -> { pullPolicyTO.getCorrelationRules().put(rule.getAnyType().getKey(), rule.getImplementation().getKey()); }); } else if (policy instanceof PushPolicy) { pushPolicyTO.setConflictResolutionAction(((PushPolicy) policy).getConflictResolutionAction()); pushPolicy.getCorrelationRules().forEach(rule -> { pushPolicyTO.getCorrelationRules().put(rule.getAnyType().getKey(), rule.getImplementation().getKey()); }); policyTO.setKey(policy.getKey()); policyTO.setDescription(policy.getDescription());
passwordPolicy.setAllowNullPassword(passwordPolicyTO.isAllowNullPassword()); passwordPolicy.setHistoryLength(passwordPolicyTO.getHistoryLength()); LOG.debug("Invalid " + Implementation.class.getSimpleName() + " {}, ignoring...", ruleKey); } else { passwordPolicy.add(rule); passwordPolicy.getRules(). removeIf(implementation -> !passwordPolicyTO.getRules().contains(implementation.getKey())); } else if (policyTO instanceof AccountPolicyTO) { accountPolicy.setMaxAuthenticationAttempts(accountPolicyTO.getMaxAuthenticationAttempts()); accountPolicy.setPropagateSuspension(accountPolicyTO.isPropagateSuspension()); LOG.debug("Invalid " + Implementation.class.getSimpleName() + " {}, ignoring...", ruleKey); } else { accountPolicy.add(rule); accountPolicy.getRules(). removeIf(implementation -> !accountPolicyTO.getRules().contains(implementation.getKey())); accountPolicy.getResources().clear(); accountPolicyTO.getPassthroughResources().forEach(resourceName -> { ExternalResource resource = resourceDAO.find(resourceName); LOG.debug("Ignoring invalid resource {} ", resourceName); } else { accountPolicy.add(resource);
int maxPPSpecHistory = 0; for (PasswordPolicy policy : getPasswordPolicies(user)) { if (user.getPassword() == null && !policy.isAllowNullPassword()) { throw new PasswordPolicyException("Password mandatory"); for (Implementation impl : policy.getRules()) { ImplementationManager.buildPasswordRule(impl).ifPresent(rule -> rule.enforce(user)); if (policy.getHistoryLength() > 0) { List<String> pwdHistory = user.getPasswordHistory(); matching = pwdHistory.subList(policy.getHistoryLength() >= pwdHistory.size() ? 0 : pwdHistory.size() - policy.getHistoryLength(), pwdHistory.size()).stream(). map(old -> ENCRYPTOR.verify(user.getClearPassword(), user.getCipherAlgorithm(), old)). reduce(matching, (accumulator, item) -> accumulator | item); if (policy.getHistoryLength() > maxPPSpecHistory) { maxPPSpecHistory = policy.getHistoryLength(); for (Implementation impl : policy.getRules()) { Optional<AccountRule> rule = ImplementationManager.buildAccountRule(impl); if (rule.isPresent()) { suspend |= user.getFailedLogins() != null && policy.getMaxAuthenticationAttempts() > 0 && user.getFailedLogins() > policy.getMaxAuthenticationAttempts() && !user.isSuspended(); propagateSuspension |= policy.isPropagateSuspension();
protected Set<? extends ExternalResource> getPassthroughResources(final User user) { Set<? extends ExternalResource> result = null; // 1. look for assigned resources, pick the ones whose account policy has authentication resources for (ExternalResource resource : userDAO.findAllResources(user)) { if (resource.getAccountPolicy() != null && !resource.getAccountPolicy().getResources().isEmpty()) { if (result == null) { result = resource.getAccountPolicy().getResources(); } else { result.retainAll(resource.getAccountPolicy().getResources()); } } } // 2. look for realms, pick the ones whose account policy has authentication resources for (Realm realm : realmDAO.findAncestors(user.getRealm())) { if (realm.getAccountPolicy() != null && !realm.getAccountPolicy().getResources().isEmpty()) { if (result == null) { result = realm.getAccountPolicy().getResources(); } else { result.retainAll(realm.getAccountPolicy().getResources()); } } } return result == null ? Collections.emptySet() : result; }
@Override public String generate(final List<PasswordPolicy> policies) throws InvalidPasswordRuleConf { List<DefaultPasswordRuleConf> defaultRuleConfs = new ArrayList<>(); policies.stream().forEach(policy -> policy.getRules().forEach(impl -> { try { ImplementationManager.buildPasswordRule(impl).ifPresent(rule -> { if (rule.getConf() instanceof DefaultPasswordRuleConf) { defaultRuleConfs.add((DefaultPasswordRuleConf) rule.getConf()); } }); } catch (Exception e) { LOG.error("Invalid {}, ignoring...", impl, e); } })); DefaultPasswordRuleConf ruleConf = merge(defaultRuleConfs); check(ruleConf); return generate(ruleConf); }
public List<ConnectorObject> match( final Connector connector, final Any<?> any, final Provision provision) { Optional<? extends PushCorrelationRuleEntity> correlationRule = provision.getResource().getPushPolicy() == null ? Optional.empty() : provision.getResource().getPushPolicy().getCorrelationRule(provision.getAnyType()); Optional<PushCorrelationRule> rule = Optional.empty(); if (correlationRule.isPresent()) { try { rule = ImplementationManager.buildPushCorrelationRule(correlationRule.get().getImplementation()); } catch (Exception e) { LOG.error("While building {}", correlationRule.get().getImplementation(), e); } } try { return rule.isPresent() ? findByCorrelationRule(connector, any, provision, rule.get()) : findByConnObjectKey(connector, any, provision); } catch (RuntimeException e) { LOG.error("Could not match {} with any existing {}", any, provision.getObjectClass(), e); return Collections.<ConnectorObject>emptyList(); } }
: provision.getResource().getPullPolicy().getCorrelationRule(provision.getAnyType()); rule = ImplementationManager.buildPullCorrelationRule(correlationRule.get().getImplementation()); } catch (Exception e) { LOG.error("While building {}", correlationRule.get().getImplementation(), e);
@Override public boolean isValid(final Policy policy, final ConstraintValidatorContext context) { context.disableDefaultConstraintViolation(); if (isHtml(policy.getDescription())) { context.buildConstraintViolationWithTemplate( getTemplate(EntityViolationType.InvalidName, "Invalid description")). addPropertyNode("description").addConstraintViolation(); return false; } return true; } }
@Override public RealmTO getRealmTO(final Realm realm, final boolean admin) { RealmTO realmTO = new RealmTO(); realmTO.setKey(realm.getKey()); realmTO.setName(realm.getName()); realmTO.setParent(realm.getParent() == null ? null : realm.getParent().getKey()); realmTO.setFullPath(realm.getFullPath()); if (admin) { realmTO.setAccountPolicy(realm.getAccountPolicy() == null ? null : realm.getAccountPolicy().getKey()); realmTO.setPasswordPolicy(realm.getPasswordPolicy() == null ? null : realm.getPasswordPolicy().getKey()); realm.getActions().forEach(action -> { realmTO.getActions().add(action.getKey()); }); realm.getTemplates().forEach(template -> { realmTO.getTemplates().put(template.getAnyType().getKey(), template.get()); }); realm.getResources().forEach(resource -> { realmTO.getResources().add(resource.getKey()); }); } return realmTO; }
profile.setConflictResolutionAction(pushTask.getResource().getPushPolicy() == null ? ConflictResolutionAction.IGNORE : pushTask.getResource().getPushPolicy().getConflictResolutionAction());
profile.setConflictResolutionAction(pullTask.getResource().getPullPolicy() == null ? ConflictResolutionAction.IGNORE : pullTask.getResource().getPullPolicy().getConflictResolutionAction());
protected Set<? extends ExternalResource> getPassthroughResources(final User user) { Set<? extends ExternalResource> result = null; // 1. look for assigned resources, pick the ones whose account policy has authentication resources for (ExternalResource resource : userDAO.findAllResources(user)) { if (resource.getAccountPolicy() != null && !resource.getAccountPolicy().getResources().isEmpty()) { if (result == null) { result = resource.getAccountPolicy().getResources(); } else { result.retainAll(resource.getAccountPolicy().getResources()); } } } // 2. look for realms, pick the ones whose account policy has authentication resources for (Realm realm : realmDAO.findAncestors(user.getRealm())) { if (realm.getAccountPolicy() != null && !realm.getAccountPolicy().getResources().isEmpty()) { if (result == null) { result = realm.getAccountPolicy().getResources(); } else { result.retainAll(realm.getAccountPolicy().getResources()); } } } return result == null ? Collections.emptySet() : result; }
@Override public String generate(final List<PasswordPolicy> policies) throws InvalidPasswordRuleConf { List<DefaultPasswordRuleConf> defaultRuleConfs = new ArrayList<>(); policies.stream().forEach(policy -> policy.getRules().forEach(impl -> { try { ImplementationManager.buildPasswordRule(impl).ifPresent(rule -> { if (rule.getConf() instanceof DefaultPasswordRuleConf) { defaultRuleConfs.add((DefaultPasswordRuleConf) rule.getConf()); } }); } catch (Exception e) { LOG.error("Invalid {}, ignoring...", impl, e); } })); DefaultPasswordRuleConf ruleConf = merge(defaultRuleConfs); check(ruleConf); return generate(ruleConf); }
@PreAuthorize("hasRole('" + StandardEntitlement.POLICY_READ + "')") @Transactional(readOnly = true) public <T extends PolicyTO> T read(final PolicyType type, final String key) { Policy policy = policyDAO.find(key); if (policy == null) { throw new NotFoundException("Policy " + key + " not found"); } PolicyUtils policyUtils = policyUtilsFactory.getInstance(policy); if (type != null && policyUtils.getType() != type) { SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidRequest); sce.getElements().add("Found " + type + ", expected " + policyUtils.getType()); throw sce; } return binder.getPolicyTO(policy); }
forEach(group -> group.getResources().remove(resource)); policyDAO.findByResource(resource). forEach(policy -> policy.getResources().remove(resource));
@PreAuthorize("hasRole('" + StandardEntitlement.POLICY_UPDATE + "')") public PolicyTO update(final PolicyType type, final PolicyTO policyTO) { Policy policy = policyDAO.find(policyTO.getKey()); PolicyUtils policyUtils = policyUtilsFactory.getInstance(policy); if (policyUtils.getType() != type) { SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidRequest); sce.getElements().add("Found " + type + ", expected " + policyUtils.getType()); throw sce; } return binder.getPolicyTO(policyDAO.save(binder.update(policy, policyTO))); }
@PreAuthorize("hasRole('" + StandardEntitlement.POLICY_DELETE + "')") public <T extends PolicyTO> T delete(final PolicyType type, final String key) { Policy policy = policyDAO.find(key); if (policy == null) { throw new NotFoundException("Policy " + key + " not found"); } PolicyUtils policyUtils = policyUtilsFactory.getInstance(policy); if (type != null && policyUtils.getType() != type) { SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidRequest); sce.getElements().add("Found " + type + ", expected " + policyUtils.getType()); throw sce; } T deleted = binder.getPolicyTO(policy); policyDAO.delete(policy); return deleted; }