Author: ilgrosso Date: Tue Mar 5 15:34:56 2013 New Revision: 1452852 URL: http://svn.apache.org/r1452852 Log: [SYNCOPE-328] Widespread check of non-null deref of global policies
Modified: syncope/trunk/core/src/main/java/org/apache/syncope/core/connid/ConnObjectUtil.java syncope/trunk/core/src/main/java/org/apache/syncope/core/connid/PasswordGenerator.java syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/dao/PolicyDAO.java syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/validation/entity/PolicyValidator.java syncope/trunk/core/src/main/java/org/apache/syncope/core/rest/data/UserDataBinder.java syncope/trunk/core/src/main/java/org/apache/syncope/core/sync/impl/SyncopeSyncResultHandler.java syncope/trunk/core/src/main/java/org/apache/syncope/core/util/MappingUtil.java syncope/trunk/core/src/test/java/org/apache/syncope/core/connid/PasswordGeneratorTest.java Modified: syncope/trunk/core/src/main/java/org/apache/syncope/core/connid/ConnObjectUtil.java URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/main/java/org/apache/syncope/core/connid/ConnObjectUtil.java?rev=1452852&r1=1452851&r2=1452852&view=diff ============================================================================== --- syncope/trunk/core/src/main/java/org/apache/syncope/core/connid/ConnObjectUtil.java (original) +++ syncope/trunk/core/src/main/java/org/apache/syncope/core/connid/ConnObjectUtil.java Tue Mar 5 15:34:56 2013 @@ -44,6 +44,7 @@ import org.apache.syncope.core.persisten import org.apache.syncope.core.persistence.beans.AbstractMappingItem; import org.apache.syncope.core.persistence.beans.AbstractVirAttr; import org.apache.syncope.core.persistence.beans.ExternalResource; +import org.apache.syncope.core.persistence.beans.PasswordPolicy; import org.apache.syncope.core.persistence.beans.SyncTask; import org.apache.syncope.core.persistence.beans.membership.Membership; import org.apache.syncope.core.persistence.beans.role.SyncopeRole; @@ -133,7 +134,7 @@ public class ConnObjectUtil { } /** - * Build an UserTO out of connector object attributes and schema mapping. + * Build a UserTO / RoleTO out of connector object attributes and schema mapping. * * @param obj connector object * @param syncTask synchronization task @@ -147,37 +148,44 @@ public class ConnObjectUtil { T subjectTO = getAttributableTOFromConnObject(obj, syncTask, attrUtil); - // if password was not set above, generate - if (AttributableType.USER == attrUtil.getType() && StringUtils.isBlank(((UserTO) subjectTO).getPassword())) { + // (for users) if password was not set above, generate + if (subjectTO instanceof UserTO && StringUtils.isBlank(((UserTO) subjectTO).getPassword())) { + final UserTO userTO = (UserTO) subjectTO; + List<PasswordPolicySpec> ppSpecs = new ArrayList<PasswordPolicySpec>(); - ppSpecs.add((PasswordPolicySpec) policyDAO.getGlobalPasswordPolicy().getSpecification()); - for (MembershipTO memb : ((UserTO) subjectTO).getMemberships()) { + PasswordPolicy globalPP = policyDAO.getGlobalPasswordPolicy(); + if (globalPP != null && globalPP.getSpecification() != null) { + ppSpecs.add(globalPP.<PasswordPolicySpec>getSpecification()); + } + + for (MembershipTO memb : userTO.getMemberships()) { SyncopeRole role = roleDAO.find(memb.getRoleId()); if (role != null && role.getPasswordPolicy() != null && role.getPasswordPolicy().getSpecification() != null) { - ppSpecs.add((PasswordPolicySpec) role.getPasswordPolicy().getSpecification()); + ppSpecs.add(role.getPasswordPolicy().<PasswordPolicySpec>getSpecification()); } } - for (String resName : subjectTO.getResources()) { + + for (String resName : userTO.getResources()) { ExternalResource resource = resourceDAO.find(resName); if (resource != null && resource.getPasswordPolicy() != null && resource.getPasswordPolicy().getSpecification() != null) { - ppSpecs.add((PasswordPolicySpec) resource.getPasswordPolicy().getSpecification()); + ppSpecs.add(resource.getPasswordPolicy().<PasswordPolicySpec>getSpecification()); } } String password; try { - password = pwdGen.generatePasswordFromPwdSpec(ppSpecs); + password = pwdGen.generate(ppSpecs); } catch (InvalidPasswordPolicySpecException e) { - LOG.error("Could not generate policy-compliant random password for {}", subjectTO, e); + LOG.error("Could not generate policy-compliant random password for {}", userTO, e); password = RandomStringUtils.randomAlphanumeric(16); } - ((UserTO) subjectTO).setPassword(password); + userTO.setPassword(password); } return subjectTO; @@ -236,8 +244,7 @@ public class ConnObjectUtil { final T attributableTO = attrUtil.newAttributableTO(); // 1. fill with data from connector object - for (AbstractMappingItem item : - attrUtil.getMappingItems(syncTask.getResource(), MappingPurpose.SYNCHRONIZATION)) { + for (AbstractMappingItem item : attrUtil.getMappingItems(syncTask.getResource(), MappingPurpose.SYNCHRONIZATION)) { Attribute attribute = obj.getAttributeByName(item.getExtAttrName()); AttributeTO attributeTO; Modified: syncope/trunk/core/src/main/java/org/apache/syncope/core/connid/PasswordGenerator.java URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/main/java/org/apache/syncope/core/connid/PasswordGenerator.java?rev=1452852&r1=1452851&r2=1452852&view=diff ============================================================================== --- syncope/trunk/core/src/main/java/org/apache/syncope/core/connid/PasswordGenerator.java (original) +++ syncope/trunk/core/src/main/java/org/apache/syncope/core/connid/PasswordGenerator.java Tue Mar 5 15:34:56 2013 @@ -19,84 +19,76 @@ package org.apache.syncope.core.connid; import java.util.ArrayList; -import java.util.Iterator; import java.util.List; import org.apache.commons.lang.RandomStringUtils; import org.apache.commons.lang.StringUtils; import org.apache.syncope.common.types.PasswordPolicySpec; import org.apache.syncope.core.persistence.beans.ExternalResource; +import org.apache.syncope.core.persistence.beans.PasswordPolicy; import org.apache.syncope.core.persistence.beans.role.SyncopeRole; import org.apache.syncope.core.persistence.beans.user.SyncopeUser; import org.apache.syncope.core.persistence.dao.PolicyDAO; import org.apache.syncope.core.policy.PolicyPattern; import org.apache.syncope.core.util.InvalidPasswordPolicySpecException; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +/** + * Generate random passwords according to given policies. + * + * @see PasswordPolicy + */ @Component public class PasswordGenerator { - private static final Logger LOG = LoggerFactory.getLogger(PasswordGenerator.class); - - private static final String[] SPECIAL_CHAR = {"", "!", "£", "%", "&", "(", ")", "?", "#", "_", "$"}; + private static final String[] SPECIAL_CHARS = {"", "!", "£", "%", "&", "(", ")", "?", "#", "_", "$"}; @Autowired private PolicyDAO policyDAO; - public String generatePasswordFromPwdSpec(final List<PasswordPolicySpec> passwordPolicySpecs) + public String generate(final List<PasswordPolicySpec> ppSpecs) throws InvalidPasswordPolicySpecException { - PasswordPolicySpec policySpec = mergePolicySpecs(passwordPolicySpecs); + PasswordPolicySpec policySpec = merge(ppSpecs); - evaluateFinalPolicySpec(policySpec); + check(policySpec); - return generatePassword(policySpec); + return generate(policySpec); } - public String generateUserPassword(final SyncopeUser user) + public String generate(final SyncopeUser user) throws InvalidPasswordPolicySpecException { - List<PasswordPolicySpec> userPasswordPolicies = new ArrayList<PasswordPolicySpec>(); - PasswordPolicySpec passwordPolicySpec = policyDAO.getGlobalPasswordPolicy().getSpecification(); + List<PasswordPolicySpec> ppSpecs = new ArrayList<PasswordPolicySpec>(); - userPasswordPolicies.add(passwordPolicySpec); + PasswordPolicy globalPP = policyDAO.getGlobalPasswordPolicy(); + if (globalPP != null && globalPP.getSpecification() != null) { + ppSpecs.add(globalPP.<PasswordPolicySpec>getSpecification()); + } - PasswordPolicySpec rolePasswordPolicySpec; - if ((user.getRoles() != null) || (!user.getRoles().isEmpty())) { - for (Iterator<SyncopeRole> rolesIterator = user.getRoles().iterator(); rolesIterator.hasNext();) { - SyncopeRole syncopeRole = rolesIterator.next(); - rolePasswordPolicySpec = syncopeRole.getPasswordPolicy().getSpecification(); - userPasswordPolicies.add(rolePasswordPolicySpec); + for (SyncopeRole role : user.getRoles()) { + if (role.getPasswordPolicy() != null && role.getPasswordPolicy().getSpecification() != null) { + ppSpecs.add(role.getPasswordPolicy().<PasswordPolicySpec>getSpecification()); } } - PasswordPolicySpec resourcePasswordPolicySpec; - - if ((user.getResources() != null) || (!user.getResources().isEmpty())) { - for (Iterator<ExternalResource> resourcesIterator = user.getResources().iterator(); - resourcesIterator.hasNext();) { - ExternalResource externalResource = resourcesIterator.next(); - if (externalResource.getPasswordPolicy() != null) { - resourcePasswordPolicySpec = externalResource.getPasswordPolicy().getSpecification(); - userPasswordPolicies.add(resourcePasswordPolicySpec); - } + for (ExternalResource resource : user.getResources()) { + if (resource.getPasswordPolicy() != null && resource.getPasswordPolicy().getSpecification() != null) { + ppSpecs.add(resource.getPasswordPolicy().<PasswordPolicySpec>getSpecification()); } } - PasswordPolicySpec policySpec = mergePolicySpecs(userPasswordPolicies); - evaluateFinalPolicySpec(policySpec); - return generatePassword(policySpec); + PasswordPolicySpec policySpec = merge(ppSpecs); + check(policySpec); + return generate(policySpec); } - private PasswordPolicySpec mergePolicySpecs(final List<PasswordPolicySpec> userPasswordPolicies) { + private PasswordPolicySpec merge(final List<PasswordPolicySpec> ppSpecs) { PasswordPolicySpec fpps = new PasswordPolicySpec(); fpps.setMinLength(0); fpps.setMaxLength(1000); - for (Iterator<PasswordPolicySpec> it = userPasswordPolicies.iterator(); it.hasNext();) { - PasswordPolicySpec policySpec = it.next(); + for (PasswordPolicySpec policySpec : ppSpecs) { if (policySpec.getMinLength() > fpps.getMinLength()) { fpps.setMinLength(policySpec.getMinLength()); } @@ -164,7 +156,7 @@ public class PasswordGenerator { return fpps; } - private void evaluateFinalPolicySpec(final PasswordPolicySpec policySpec) + private void check(final PasswordPolicySpec policySpec) throws InvalidPasswordPolicySpecException { if (policySpec.getMinLength() == 0) { @@ -208,7 +200,7 @@ public class PasswordGenerator { } } - private String generatePassword(final PasswordPolicySpec policySpec) { + private String generate(final PasswordPolicySpec policySpec) { String[] generatedPassword = new String[policySpec.getMinLength()]; for (int i = 0; i < generatedPassword.length; i++) { @@ -289,35 +281,38 @@ public class PasswordGenerator { private void checkRequired(final String[] generatedPassword, final PasswordPolicySpec policySpec) { if (policySpec.isDigitRequired() && !PolicyPattern.DIGIT.matcher(StringUtils.join(generatedPassword)).matches()) { + generatedPassword[firstEmptyChar(generatedPassword)] = RandomStringUtils.randomNumeric(1); } if (policySpec.isUppercaseRequired() && !PolicyPattern.ALPHA_UPPERCASE.matcher(StringUtils.join(generatedPassword)).matches()) { + generatedPassword[firstEmptyChar(generatedPassword)] = RandomStringUtils.randomAlphabetic(1).toUpperCase(); } if (policySpec.isLowercaseRequired() && !PolicyPattern.ALPHA_LOWERCASE.matcher(StringUtils.join(generatedPassword)).matches()) { + generatedPassword[firstEmptyChar(generatedPassword)] = RandomStringUtils.randomAlphabetic(1).toLowerCase(); } if (policySpec.isNonAlphanumericRequired() && !PolicyPattern.NON_ALPHANUMERIC.matcher(StringUtils.join(generatedPassword)).matches()) { - generatedPassword[firstEmptyChar(generatedPassword)] = SPECIAL_CHAR[randomNumber(SPECIAL_CHAR.length - 1)]; + + generatedPassword[firstEmptyChar(generatedPassword)] = + SPECIAL_CHARS[randomNumber(SPECIAL_CHARS.length - 1)]; } } private void checkPrefixAndSuffix(final String[] generatedPassword, final PasswordPolicySpec policySpec) { - for (Iterator<String> it = policySpec.getPrefixesNotPermitted().iterator(); it.hasNext();) { - String prefix = it.next(); + for (String prefix : policySpec.getPrefixesNotPermitted()) { if (StringUtils.join(generatedPassword).startsWith(prefix)) { checkStartChar(generatedPassword, policySpec); } } - for (Iterator<String> it = policySpec.getSuffixesNotPermitted().iterator(); it.hasNext();) { - String suffix = it.next(); + for (String suffix : policySpec.getSuffixesNotPermitted()) { if (StringUtils.join(generatedPassword).endsWith(suffix)) { checkEndChar(generatedPassword, policySpec); } Modified: syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/dao/PolicyDAO.java URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/dao/PolicyDAO.java?rev=1452852&r1=1452851&r2=1452852&view=diff ============================================================================== --- syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/dao/PolicyDAO.java (original) +++ syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/dao/PolicyDAO.java Tue Mar 5 15:34:56 2013 @@ -30,10 +30,10 @@ public interface PolicyDAO extends DAO { Policy find(Long id); - PasswordPolicy getGlobalPasswordPolicy(); - List<? extends Policy> find(PolicyType type); + PasswordPolicy getGlobalPasswordPolicy(); + AccountPolicy getGlobalAccountPolicy(); SyncPolicy getGlobalSyncPolicy(); Modified: syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/validation/entity/PolicyValidator.java URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/validation/entity/PolicyValidator.java?rev=1452852&r1=1452851&r2=1452852&view=diff ============================================================================== --- syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/validation/entity/PolicyValidator.java (original) +++ syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/validation/entity/PolicyValidator.java Tue Mar 5 15:34:56 2013 @@ -43,29 +43,26 @@ public class PolicyValidator extends Abs @Override public boolean isValid(final Policy object, final ConstraintValidatorContext context) { - context.disableDefaultConstraintViolation(); if (object.getSpecification() != null && ((object instanceof PasswordPolicy && !(object.getSpecification() instanceof PasswordPolicySpec)) - || ((object instanceof AccountPolicy && !(object.getSpecification() instanceof AccountPolicySpec))) || ((object instanceof SyncPolicy && !(object - .getSpecification() instanceof SyncPolicySpec))))) { + || ((object instanceof AccountPolicy && !(object.getSpecification() instanceof AccountPolicySpec))) + || ((object instanceof SyncPolicy && !(object.getSpecification() instanceof SyncPolicySpec))))) { - context.buildConstraintViolationWithTemplate("Invalid policy specification").addNode( - EntityViolationType.valueOf("Invalid" + object.getClass().getSimpleName()).name()) - .addConstraintViolation(); + context.buildConstraintViolationWithTemplate("Invalid policy specification"). + addNode(EntityViolationType.valueOf("Invalid" + object.getClass().getSimpleName()).name()). + addConstraintViolation(); return false; } switch (object.getType()) { case GLOBAL_PASSWORD: - // just one GLOBAL_PASSWORD policy final PasswordPolicy passwordPolicy = policyDAO.getGlobalPasswordPolicy(); if (passwordPolicy != null && !passwordPolicy.getId().equals(object.getId())) { - context.buildConstraintViolationWithTemplate("Password policy already exists").addNode( EntityViolationType.InvalidPasswordPolicy.name()).addConstraintViolation(); @@ -74,12 +71,10 @@ public class PolicyValidator extends Abs break; case GLOBAL_ACCOUNT: - // just one GLOBAL_ACCOUNT policy final AccountPolicy accountPolicy = policyDAO.getGlobalAccountPolicy(); if (accountPolicy != null && !accountPolicy.getId().equals(object.getId())) { - context.buildConstraintViolationWithTemplate("Global Account policy already exists").addNode( EntityViolationType.InvalidAccountPolicy.name()).addConstraintViolation(); @@ -88,12 +83,10 @@ public class PolicyValidator extends Abs break; case GLOBAL_SYNC: - // just one GLOBAL_SYNC policy final SyncPolicy syncPolicy = policyDAO.getGlobalSyncPolicy(); if (syncPolicy != null && !syncPolicy.getId().equals(object.getId())) { - context.buildConstraintViolationWithTemplate("Global Sync policy already exists").addNode( EntityViolationType.InvalidSyncPolicy.name()).addConstraintViolation(); Modified: syncope/trunk/core/src/main/java/org/apache/syncope/core/rest/data/UserDataBinder.java URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/main/java/org/apache/syncope/core/rest/data/UserDataBinder.java?rev=1452852&r1=1452851&r2=1452852&view=diff ============================================================================== --- syncope/trunk/core/src/main/java/org/apache/syncope/core/rest/data/UserDataBinder.java (original) +++ syncope/trunk/core/src/main/java/org/apache/syncope/core/rest/data/UserDataBinder.java Tue Mar 5 15:34:56 2013 @@ -40,7 +40,7 @@ import org.apache.syncope.core.persisten import org.apache.syncope.core.persistence.beans.AbstractMappingItem; import org.apache.syncope.core.persistence.beans.AbstractVirAttr; import org.apache.syncope.core.persistence.beans.ExternalResource; -import org.apache.syncope.core.persistence.beans.Policy; +import org.apache.syncope.core.persistence.beans.PasswordPolicy; import org.apache.syncope.core.persistence.beans.membership.MAttr; import org.apache.syncope.core.persistence.beans.membership.MDerAttr; import org.apache.syncope.core.persistence.beans.membership.MVirAttr; @@ -136,10 +136,8 @@ public class UserDataBinder extends Abst * Get predefined password cipher algorithm from SyncopeConf. * * @return cipher algorithm. - * @throws NotFoundException in case of algorithm not included into <code>CipherAlgorithm</code>. */ private CipherAlgorithm getPredefinedCipherAlgoritm() { - final String algorithm = confDAO.find("password.cipher.algorithm", "AES").getValue(); try { @@ -149,6 +147,27 @@ public class UserDataBinder extends Abst } } + private void setPassword(final SyncopeUser user, final String password, + final SyncopeClientCompositeErrorException scce) { + + int passwordHistorySize = 0; + PasswordPolicy policy = policyDAO.getGlobalPasswordPolicy(); + if (policy != null && policy.getSpecification() != null) { + passwordHistorySize = policy.<PasswordPolicySpec>getSpecification().getHistoryLength(); + } + + try { + user.setPassword(password, getPredefinedCipherAlgoritm(), passwordHistorySize); + } catch (NotFoundException e) { + final SyncopeClientException invalidCiperAlgorithm = + new SyncopeClientException(SyncopeClientExceptionType.NotFound); + invalidCiperAlgorithm.addElement(e.getMessage()); + scce.addException(invalidCiperAlgorithm); + + throw scce; + } + } + public void create(final SyncopeUser user, final UserTO userTO) { SyncopeClientCompositeErrorException scce = new SyncopeClientCompositeErrorException(HttpStatus.BAD_REQUEST); @@ -184,29 +203,10 @@ public class UserDataBinder extends Abst fill(user, userTO, AttributableUtil.getInstance(AttributableType.USER), scce); // set password - int passwordHistorySize = 0; - - try { - Policy policy = policyDAO.getGlobalPasswordPolicy(); - PasswordPolicySpec passwordPolicy = policy.getSpecification(); - passwordHistorySize = passwordPolicy.getHistoryLength(); - } catch (Exception ignore) { - // ignore exceptions - } - - if (userTO.getPassword() == null || userTO.getPassword().isEmpty()) { + if (StringUtils.isBlank(userTO.getPassword())) { LOG.error("No password provided"); } else { - try { - user.setPassword(userTO.getPassword(), getPredefinedCipherAlgoritm(), passwordHistorySize); - } catch (NotFoundException e) { - final SyncopeClientException invalidAlgorith = - new SyncopeClientException(SyncopeClientExceptionType.NotFound); - invalidAlgorith.addElement(e.getMessage()); - scce.addException(invalidAlgorith); - - throw scce; - } + setPassword(user, userTO.getPassword(), scce); } // set username @@ -222,7 +222,6 @@ public class UserDataBinder extends Abst * @param user to be updated * @param userMod bean containing update request * @return updated user + propagation by resource - * @throws SyncopeClientCompositeErrorException if anything goes wrong * @see PropagationByResource */ public PropagationByResource update(final SyncopeUser user, final UserMod userMod) { @@ -236,26 +235,8 @@ public class UserDataBinder extends Abst Set<String> currentResources = user.getResourceNames(); // password - if (userMod.getPassword() != null) { - int passwordHistorySize = 0; - try { - Policy policy = policyDAO.getGlobalPasswordPolicy(); - PasswordPolicySpec passwordPolicy = policy.getSpecification(); - passwordHistorySize = passwordPolicy.getHistoryLength(); - } catch (Exception ignore) { - // ignore exceptions - } - - try { - user.setPassword(userMod.getPassword(), getPredefinedCipherAlgoritm(), passwordHistorySize); - } catch (NotFoundException e) { - final SyncopeClientException invalidAlgorith = - new SyncopeClientException(SyncopeClientExceptionType.NotFound); - invalidAlgorith.addElement(e.getMessage()); - scce.addException(invalidAlgorith); - - throw scce; - } + if (StringUtils.isNotBlank(userMod.getPassword())) { + setPassword(user, userMod.getPassword(), scce); user.setChangePwdDate(new Date()); Modified: syncope/trunk/core/src/main/java/org/apache/syncope/core/sync/impl/SyncopeSyncResultHandler.java URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/main/java/org/apache/syncope/core/sync/impl/SyncopeSyncResultHandler.java?rev=1452852&r1=1452851&r2=1452852&view=diff ============================================================================== --- syncope/trunk/core/src/main/java/org/apache/syncope/core/sync/impl/SyncopeSyncResultHandler.java (original) +++ syncope/trunk/core/src/main/java/org/apache/syncope/core/sync/impl/SyncopeSyncResultHandler.java Tue Mar 5 15:34:56 2013 @@ -50,12 +50,14 @@ import org.apache.syncope.core.persisten import org.apache.syncope.core.persistence.beans.AbstractMappingItem; import org.apache.syncope.core.persistence.beans.AbstractSchema; import org.apache.syncope.core.persistence.beans.PropagationTask; +import org.apache.syncope.core.persistence.beans.SyncPolicy; import org.apache.syncope.core.persistence.beans.SyncTask; import org.apache.syncope.core.persistence.beans.role.SyncopeRole; import org.apache.syncope.core.persistence.beans.user.SyncopeUser; import org.apache.syncope.core.persistence.dao.AttributableSearchDAO; import org.apache.syncope.core.persistence.dao.EntitlementDAO; import org.apache.syncope.core.persistence.dao.NotFoundException; +import org.apache.syncope.core.persistence.dao.PolicyDAO; import org.apache.syncope.core.persistence.dao.RoleDAO; import org.apache.syncope.core.persistence.dao.SchemaDAO; import org.apache.syncope.core.persistence.dao.UserDAO; @@ -99,6 +101,12 @@ public class SyncopeSyncResultHandler im protected static final Logger LOG = LoggerFactory.getLogger(SyncopeSyncResultHandler.class); /** + * Policy DAO. + */ + @Autowired + private PolicyDAO policyDAO; + + /** * Entitlement DAO. */ @Autowired @@ -420,18 +428,25 @@ public class SyncopeSyncResultHandler im * @param attrUtil attributable util * @return list of matching users / roles */ - public List<Long> findExisting(final String uid, final ConnectorObject connObj, final AttributableUtil attrUtil) { - SyncPolicySpec policySpec = null; - if (syncTask.getResource().getSyncPolicy() != null) { - policySpec = (SyncPolicySpec) syncTask.getResource().getSyncPolicy().getSpecification(); + protected List<Long> findExisting(final String uid, final ConnectorObject connObj, + final AttributableUtil attrUtil) { + + SyncPolicySpec syncPolicySpec = null; + if (syncTask.getResource().getSyncPolicy() == null) { + SyncPolicy globalSP = policyDAO.getGlobalSyncPolicy(); + if (globalSP != null) { + syncPolicySpec = globalSP.<SyncPolicySpec>getSpecification(); + } + } else { + syncPolicySpec = syncTask.getResource().getSyncPolicy().<SyncPolicySpec>getSpecification(); } SyncRule syncRule = null; List<String> altSearchSchemas = null; - if (policySpec != null) { - syncRule = attrUtil.getCorrelationRule(policySpec); - altSearchSchemas = attrUtil.getAltSearchSchemas(policySpec); + if (syncPolicySpec != null) { + syncRule = attrUtil.getCorrelationRule(syncPolicySpec); + altSearchSchemas = attrUtil.getAltSearchSchemas(syncPolicySpec); } return syncRule == null ? altSearchSchemas == null @@ -809,30 +824,30 @@ public class SyncopeSyncResultHandler im final String uid = delta.getPreviousUid() == null ? delta.getUid().getUidValue() : delta.getPreviousUid().getUidValue(); - final List<Long> subjects = findExisting(uid, delta.getObject(), attrUtil); + final List<Long> subjectIds = findExisting(uid, delta.getObject(), attrUtil); if (SyncDeltaType.CREATE_OR_UPDATE == delta.getDeltaType()) { - if (subjects.isEmpty()) { + if (subjectIds.isEmpty()) { results.addAll(create(delta, attrUtil, dryRun)); - } else if (subjects.size() == 1) { - results.addAll(update(delta, subjects.subList(0, 1), attrUtil, dryRun)); + } else if (subjectIds.size() == 1) { + results.addAll(update(delta, subjectIds.subList(0, 1), attrUtil, dryRun)); } else { switch (resAct) { case IGNORE: - LOG.error("More than one match {}", subjects); + LOG.error("More than one match {}", subjectIds); break; case FIRSTMATCH: - results.addAll(update(delta, subjects.subList(0, 1), attrUtil, dryRun)); + results.addAll(update(delta, subjectIds.subList(0, 1), attrUtil, dryRun)); break; case LASTMATCH: - results.addAll(update(delta, subjects.subList(subjects.size() - 1, subjects.size()), attrUtil, - dryRun)); + results.addAll(update(delta, subjectIds.subList(subjectIds.size() - 1, subjectIds.size()), + attrUtil, dryRun)); break; case ALL: - results.addAll(update(delta, subjects, attrUtil, dryRun)); + results.addAll(update(delta, subjectIds, attrUtil, dryRun)); break; default: @@ -841,27 +856,28 @@ public class SyncopeSyncResultHandler im } if (SyncDeltaType.DELETE == delta.getDeltaType()) { - if (subjects.isEmpty()) { + if (subjectIds.isEmpty()) { LOG.debug("No match found for deletion"); - } else if (subjects.size() == 1) { - results.addAll(delete(delta, subjects, attrUtil, dryRun)); + } else if (subjectIds.size() == 1) { + results.addAll(delete(delta, subjectIds, attrUtil, dryRun)); } else { switch (resAct) { case IGNORE: - LOG.error("More than one match {}", subjects); + LOG.error("More than one match {}", subjectIds); break; case FIRSTMATCH: - results.addAll(delete(delta, subjects.subList(0, 1), attrUtil, dryRun)); + results.addAll(delete(delta, subjectIds.subList(0, 1), attrUtil, dryRun)); break; case LASTMATCH: - results.addAll(delete(delta, subjects.subList(subjects.size() - 1, subjects.size()), attrUtil, + results.addAll(delete(delta, subjectIds.subList(subjectIds.size() - 1, subjectIds.size()), + attrUtil, dryRun)); break; case ALL: - results.addAll(delete(delta, subjects, attrUtil, dryRun)); + results.addAll(delete(delta, subjectIds, attrUtil, dryRun)); break; default: Modified: syncope/trunk/core/src/main/java/org/apache/syncope/core/util/MappingUtil.java URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/main/java/org/apache/syncope/core/util/MappingUtil.java?rev=1452852&r1=1452851&r2=1452852&view=diff ============================================================================== --- syncope/trunk/core/src/main/java/org/apache/syncope/core/util/MappingUtil.java (original) +++ syncope/trunk/core/src/main/java/org/apache/syncope/core/util/MappingUtil.java Tue Mar 5 15:34:56 2013 @@ -219,7 +219,7 @@ public final class MappingUtil { } } else if (resource.isRandomPwdIfNotProvided()) { try { - passwordAttrValue = passwordGenerator.generateUserPassword(user); + passwordAttrValue = passwordGenerator.generate(user); } catch (InvalidPasswordPolicySpecException e) { LOG.error("Could not generate policy-compliant random password for {}", user, e); Modified: syncope/trunk/core/src/test/java/org/apache/syncope/core/connid/PasswordGeneratorTest.java URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/test/java/org/apache/syncope/core/connid/PasswordGeneratorTest.java?rev=1452852&r1=1452851&r2=1452852&view=diff ============================================================================== --- syncope/trunk/core/src/test/java/org/apache/syncope/core/connid/PasswordGeneratorTest.java (original) +++ syncope/trunk/core/src/test/java/org/apache/syncope/core/connid/PasswordGeneratorTest.java Tue Mar 5 15:34:56 2013 @@ -49,7 +49,7 @@ public class PasswordGeneratorTest exten SyncopeUser user = userDAO.find(5L); String password = ""; try { - password = passwordGenerator.generateUserPassword(user); + password = passwordGenerator.generate(user); } catch (InvalidPasswordPolicySpecException ex) { fail(ex.getMessage()); } @@ -67,7 +67,7 @@ public class PasswordGeneratorTest exten String password = ""; try { - password = passwordGenerator.generateUserPassword(user); + password = passwordGenerator.generate(user); } catch (InvalidPasswordPolicySpecException ex) { fail(ex.getMessage()); @@ -89,7 +89,7 @@ public class PasswordGeneratorTest exten List<PasswordPolicySpec> passwordPolicySpecs = new ArrayList<PasswordPolicySpec>(); passwordPolicySpecs.add(passwordPolicySpec); passwordPolicySpecs.add(passwordPolicySpec2); - String generatedPassword = passwordGenerator.generatePasswordFromPwdSpec(passwordPolicySpecs); + String generatedPassword = passwordGenerator.generate(passwordPolicySpecs); assertTrue(Character.isDigit(generatedPassword.charAt(0))); assertTrue(Character.isDigit(generatedPassword.charAt(generatedPassword.length() - 1))); } @@ -106,7 +106,7 @@ public class PasswordGeneratorTest exten List<PasswordPolicySpec> passwordPolicySpecs = new ArrayList<PasswordPolicySpec>(); passwordPolicySpecs.add(passwordPolicySpec); passwordPolicySpecs.add(passwordPolicySpec2); - String generatedPassword = passwordGenerator.generatePasswordFromPwdSpec(passwordPolicySpecs); + String generatedPassword = passwordGenerator.generate(passwordPolicySpecs); assertTrue(Character.isDigit(generatedPassword.charAt(0))); assertTrue(Character.isLetter(generatedPassword.charAt(generatedPassword.length() - 1))); } @@ -123,7 +123,7 @@ public class PasswordGeneratorTest exten List<PasswordPolicySpec> passwordPolicySpecs = new ArrayList<PasswordPolicySpec>(); passwordPolicySpecs.add(passwordPolicySpec); passwordPolicySpecs.add(passwordPolicySpec2); - String generatedPassword = passwordGenerator.generatePasswordFromPwdSpec(passwordPolicySpecs); + String generatedPassword = passwordGenerator.generate(passwordPolicySpecs); assertTrue(PolicyPattern.NON_ALPHANUMERIC.matcher(generatedPassword).matches()); assertTrue(Character.isLetter(generatedPassword.charAt(generatedPassword.length() - 1))); } @@ -141,7 +141,7 @@ public class PasswordGeneratorTest exten List<PasswordPolicySpec> passwordPolicySpecs = new ArrayList<PasswordPolicySpec>(); passwordPolicySpecs.add(passwordPolicySpec); passwordPolicySpecs.add(passwordPolicySpec2); - passwordGenerator.generatePasswordFromPwdSpec(passwordPolicySpecs); + passwordGenerator.generate(passwordPolicySpecs); } private PasswordPolicySpec createBasePasswordPolicySpec() {