Author: ilgrosso
Date: Fri Dec 7 14:29:41 2012
New Revision: 1418327
URL: http://svn.apache.org/viewvc?rev=1418327view=rev
Log:
Adding a utility PropagationActions class allowing transparent LDAP role
membership propagation
Modified:
syncope/branches/DEV_ROLE_PROVISIONING/core/src/main/java/org/apache/syncope/core/propagation/LDAPMembershipPropagationActions.java
syncope/branches/DEV_ROLE_PROVISIONING/core/src/test/resources/content.xml
Modified:
syncope/branches/DEV_ROLE_PROVISIONING/core/src/main/java/org/apache/syncope/core/propagation/LDAPMembershipPropagationActions.java
URL:
http://svn.apache.org/viewvc/syncope/branches/DEV_ROLE_PROVISIONING/core/src/main/java/org/apache/syncope/core/propagation/LDAPMembershipPropagationActions.java?rev=1418327r1=1418326r2=1418327view=diff
==
---
syncope/branches/DEV_ROLE_PROVISIONING/core/src/main/java/org/apache/syncope/core/propagation/LDAPMembershipPropagationActions.java
(original)
+++
syncope/branches/DEV_ROLE_PROVISIONING/core/src/main/java/org/apache/syncope/core/propagation/LDAPMembershipPropagationActions.java
Fri Dec 7 14:29:41 2012
@@ -19,28 +19,42 @@
package org.apache.syncope.core.propagation;
import java.util.ArrayList;
+import java.util.HashSet;
import java.util.List;
+import java.util.Set;
import org.apache.commons.jexl2.JexlContext;
import org.apache.commons.jexl2.MapContext;
import org.apache.commons.lang.StringUtils;
import org.apache.syncope.core.persistence.beans.PropagationTask;
import org.apache.syncope.core.persistence.beans.role.SyncopeRole;
-import org.apache.syncope.core.persistence.dao.RoleDAO;
+import org.apache.syncope.core.persistence.beans.user.SyncopeUser;
+import org.apache.syncope.core.persistence.dao.UserDAO;
import org.apache.syncope.core.util.JexlUtil;
+import org.apache.syncope.types.AttributableType;
+import org.apache.syncope.types.ResourceOperation;
+import org.identityconnectors.framework.common.objects.Attribute;
import org.identityconnectors.framework.common.objects.AttributeBuilder;
import org.identityconnectors.framework.common.objects.ConnectorObject;
-import org.identityconnectors.framework.common.objects.ObjectClass;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.transaction.annotation.Transactional;
+/**
+ * Simple action for propagating role memberships to LDAP groups, when the
same resource is configured for both users
+ * and roles.
+ */
public class LDAPMembershipPropagationActions extends
DefaultPropagationActions {
private static final Logger LOG =
LoggerFactory.getLogger(LDAPMembershipPropagationActions.class);
+/**
+ * Allows easy subclassing for the ConnId AD connector bundle.
+ */
+protected static final String GROUP_MEMBERSHIP_ATTR = ldapGroups;
+
@Autowired
-private RoleDAO roleDAO;
+private UserDAO userDAO;
@Autowired
private JexlUtil jexlUtil;
@@ -50,10 +64,17 @@ public class LDAPMembershipPropagationAc
public void before(final PropagationTask task, final ConnectorObject
beforeObj) {
super.before(task, beforeObj);
-if (beforeObj.getObjectClass() == ObjectClass.ACCOUNT
task.getResource().getRmapping() != null) {
+if (ResourceOperation.DELETE != task.getPropagationOperation()
+ AttributableType.USER == task.getSubjectType()
task.getResource().getRmapping() != null) {
+
+SyncopeUser user = userDAO.find(task.getSubjectId());
+if (user == null) {
+throw new IllegalArgumentException(User +
task.getSubjectId() + not found);
+}
+
ListString roleAccountLinks = new ArrayListString();
-for (SyncopeRole role : roleDAO.findAll()) {
-if (role.getResources().contains(task.getResource())
+for (SyncopeRole role : user.getRoles()) {
+if
(role.getResourceNames().contains(task.getResource().getName())
StringUtils.isNotBlank(task.getResource().getRmapping().getAccountLink())) {
LOG.debug(Evaluating accountLink for {}, role);
@@ -73,10 +94,12 @@ public class LDAPMembershipPropagationAc
LOG.debug(Role accountLinks to propagate for membership: {},
roleAccountLinks);
if (!roleAccountLinks.isEmpty()) {
-task.getAttributes().add(AttributeBuilder.build(ldapGroups,
roleAccountLinks));
+SetAttribute attributes = new
HashSetAttribute(task.getAttributes());
+attributes.add(AttributeBuilder.build(GROUP_MEMBERSHIP_ATTR,
roleAccountLinks));
+task.setAttributes(attributes);
}
} else {
-LOG.debug(It's {}, not doing anything,
beforeObj.getObjectClass());
+LOG.debug(Not about user, or role mapping missing for