Author: ilgrosso
Date: Thu Jun 5 13:18:41 2014
New Revision: 1600646
URL: http://svn.apache.org/r1600646
Log:
[SYNCOPE-499] Added careful checks before using role template's parent, user
owner and role owner
Modified:
syncope/branches/1_1_X/console/src/main/java/org/apache/syncope/console/pages/panels/RoleDetailsPanel.java
syncope/branches/1_1_X/console/src/main/java/org/apache/syncope/console/pages/panels/RolePanel.java
syncope/branches/1_1_X/core/src/main/java/org/apache/syncope/core/connid/ConnObjectUtil.java
syncope/branches/1_1_X/core/src/main/java/org/apache/syncope/core/persistence/beans/SyncTask.java
syncope/branches/1_1_X/pom.xml
Modified:
syncope/branches/1_1_X/console/src/main/java/org/apache/syncope/console/pages/panels/RoleDetailsPanel.java
URL:
http://svn.apache.org/viewvc/syncope/branches/1_1_X/console/src/main/java/org/apache/syncope/console/pages/panels/RoleDetailsPanel.java?rev=1600646&r1=1600645&r2=1600646&view=diff
==============================================================================
---
syncope/branches/1_1_X/console/src/main/java/org/apache/syncope/console/pages/panels/RoleDetailsPanel.java
(original)
+++
syncope/branches/1_1_X/console/src/main/java/org/apache/syncope/console/pages/panels/RoleDetailsPanel.java
Thu Jun 5 13:18:41 2014
@@ -40,11 +40,18 @@ import org.apache.wicket.markup.html.pan
import org.apache.wicket.model.IModel;
import org.apache.wicket.model.PropertyModel;
import org.apache.wicket.spring.injection.annot.SpringBean;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
public class RoleDetailsPanel extends Panel {
private static final long serialVersionUID = 855618618337931784L;
+ /**
+ * Logger.
+ */
+ protected static final Logger LOG =
LoggerFactory.getLogger(RoleDetailsPanel.class);
+
@SpringBean
private UserRestClient userRestClient;
@@ -89,7 +96,7 @@ public class RoleDetailsPanel extends Pa
parent.setReadOnly(true);
parent.setOutputMarkupId(true);
parentFragment.add(parent);
- final IndicatingAjaxLink parentSelect = new
IndicatingAjaxLink("parentSelect") {
+ final IndicatingAjaxLink<Void> parentSelect = new
IndicatingAjaxLink<Void>("parentSelect") {
private static final long serialVersionUID =
-7978723352517770644L;
@@ -109,7 +116,7 @@ public class RoleDetailsPanel extends Pa
}
};
parentFragment.add(parentSelect);
- final IndicatingAjaxLink parentReset = new
IndicatingAjaxLink("parentReset") {
+ final IndicatingAjaxLink<Void> parentReset = new
IndicatingAjaxLink<Void>("parentReset") {
private static final long serialVersionUID =
-7978723352517770644L;
@@ -146,7 +153,7 @@ public class RoleDetailsPanel extends Pa
userOwner.setReadOnly(true);
userOwner.setOutputMarkupId(true);
ownerContainer.add(userOwner);
- final IndicatingAjaxLink userOwnerSelect = new
IndicatingAjaxLink("userOwnerSelect") {
+ final IndicatingAjaxLink<Void> userOwnerSelect = new
IndicatingAjaxLink<Void>("userOwnerSelect") {
private static final long serialVersionUID = -7978723352517770644L;
@@ -165,7 +172,7 @@ public class RoleDetailsPanel extends Pa
}
};
ownerContainer.add(userOwnerSelect);
- final IndicatingAjaxLink userOwnerReset = new
IndicatingAjaxLink("userOwnerReset") {
+ final IndicatingAjaxLink<Void> userOwnerReset = new
IndicatingAjaxLink<Void>("userOwnerReset") {
private static final long serialVersionUID = -7978723352517770644L;
@@ -182,7 +189,7 @@ public class RoleDetailsPanel extends Pa
roleOwner.setReadOnly(true);
roleOwner.setOutputMarkupId(true);
ownerContainer.add(roleOwner);
- final IndicatingAjaxLink roleOwnerSelect = new
IndicatingAjaxLink("roleOwnerSelect") {
+ final IndicatingAjaxLink<Void> roleOwnerSelect = new
IndicatingAjaxLink<Void>("roleOwnerSelect") {
private static final long serialVersionUID = -7978723352517770644L;
@@ -202,7 +209,7 @@ public class RoleDetailsPanel extends Pa
}
};
ownerContainer.add(roleOwnerSelect);
- final IndicatingAjaxLink roleOwnerReset = new
IndicatingAjaxLink("roleOwnerReset") {
+ final IndicatingAjaxLink<Void> roleOwnerReset = new
IndicatingAjaxLink<Void>("roleOwnerReset") {
private static final long serialVersionUID = -7978723352517770644L;
@@ -265,9 +272,14 @@ public class RoleDetailsPanel extends Pa
switch (type) {
case USER:
if (roleTO.getUserOwner() != null) {
- UserTO user =
userRestClient.read(roleTO.getUserOwner());
+ UserTO user = null;
+ try {
+ user = userRestClient.read(roleTO.getUserOwner());
+ } catch (Exception e) {
+ LOG.warn("Could not find user with id {},
ignoring", roleTO.getUserOwner(), e);
+ }
if (user == null) {
- object = String.valueOf(roleTO.getUserOwner());
+ roleTO.setUserOwner(null);
} else {
object = user.getId() + " " + user.getUsername();
}
@@ -275,10 +287,15 @@ public class RoleDetailsPanel extends Pa
break;
case ROLE:
+ RoleTO role = null;
if (roleTO.getRoleOwner() != null) {
- RoleTO role =
roleRestClient.read(roleTO.getRoleOwner());
+ try {
+ role = roleRestClient.read(roleTO.getRoleOwner());
+ } catch (Exception e) {
+ LOG.warn("Could not find role with id {},
ignoring", roleTO.getRoleOwner(), e);
+ }
if (role == null) {
- object = String.valueOf(roleTO.getRoleOwner());
+ roleTO.setRoleOwner(null);
} else {
object = role.getDisplayName();
}
@@ -328,9 +345,14 @@ public class RoleDetailsPanel extends Pa
public Object getObject() {
Object object = null;
if (roleTO.getParent() != 0) {
- RoleTO parent = roleRestClient.read(roleTO.getParent());
+ RoleTO parent = null;
+ try {
+ parent = roleRestClient.read(roleTO.getParent());
+ } catch (Exception e) {
+ LOG.warn("Could not find role with id {}, ignoring",
roleTO.getParent(), e);
+ }
if (parent == null) {
- object = String.valueOf(roleTO.getParent());
+ roleTO.setParent(0);
} else {
object = parent.getDisplayName();
}
@@ -340,9 +362,7 @@ public class RoleDetailsPanel extends Pa
@Override
public void setObject(final Object object) {
- long parentId = (object instanceof Long)
- ? ((Long) object).longValue() : 0;
- roleTO.setParent(parentId);
+ roleTO.setParent((object instanceof Long) ? ((Long) object) : 0);
}
@Override
Modified:
syncope/branches/1_1_X/console/src/main/java/org/apache/syncope/console/pages/panels/RolePanel.java
URL:
http://svn.apache.org/viewvc/syncope/branches/1_1_X/console/src/main/java/org/apache/syncope/console/pages/panels/RolePanel.java?rev=1600646&r1=1600645&r2=1600646&view=diff
==============================================================================
---
syncope/branches/1_1_X/console/src/main/java/org/apache/syncope/console/pages/panels/RolePanel.java
(original)
+++
syncope/branches/1_1_X/console/src/main/java/org/apache/syncope/console/pages/panels/RolePanel.java
Thu Jun 5 13:18:41 2014
@@ -98,8 +98,7 @@ public class RolePanel extends Panel {
private RolePanel(final Builder builder) {
super(builder.id);
- this.add(new RoleDetailsPanel(
- "details", builder.roleTO, builder.mode ==
RoleModalPage.Mode.TEMPLATE));
+ this.add(new RoleDetailsPanel("details", builder.roleTO, builder.mode
== RoleModalPage.Mode.TEMPLATE));
if (builder.pageReference == null || builder.roleTO.getId() == 0) {
this.add(new Label("statuspanel", ""));
@@ -151,16 +150,14 @@ public class RolePanel extends Panel {
//--------------------------------
// Security container
//--------------------------------
-
this.add(new RoleSecurityPanel("security",
builder.roleTO).setOutputMarkupId(true));
//--------------------------------
//--------------------------------
// Resources container
//--------------------------------
-
- this.add(new
ResourcesPanel.Builder("resources").attributableTO(builder.roleTO).build()
- .setOutputMarkupId(true));
+ this.add(new
ResourcesPanel.Builder("resources").attributableTO(builder.roleTO).build().
+ setOutputMarkupId(true));
//--------------------------------
ListModel<String> selectedEntitlements = new
ListModel<String>(builder.roleTO.getEntitlements());
Modified:
syncope/branches/1_1_X/core/src/main/java/org/apache/syncope/core/connid/ConnObjectUtil.java
URL:
http://svn.apache.org/viewvc/syncope/branches/1_1_X/core/src/main/java/org/apache/syncope/core/connid/ConnObjectUtil.java?rev=1600646&r1=1600645&r2=1600646&view=diff
==============================================================================
---
syncope/branches/1_1_X/core/src/main/java/org/apache/syncope/core/connid/ConnObjectUtil.java
(original)
+++
syncope/branches/1_1_X/core/src/main/java/org/apache/syncope/core/connid/ConnObjectUtil.java
Thu Jun 5 13:18:41 2014
@@ -52,6 +52,7 @@ import org.apache.syncope.core.persisten
import org.apache.syncope.core.persistence.dao.PolicyDAO;
import org.apache.syncope.core.persistence.dao.ResourceDAO;
import org.apache.syncope.core.persistence.dao.RoleDAO;
+import org.apache.syncope.core.persistence.dao.UserDAO;
import org.apache.syncope.core.propagation.ConnectorFactory;
import org.apache.syncope.core.propagation.Connector;
import org.apache.syncope.core.rest.controller.UnauthorizedRoleException;
@@ -96,6 +97,9 @@ public class ConnObjectUtil {
private PolicyDAO policyDAO;
@Autowired
+ private UserDAO userDAO;
+
+ @Autowired
private RoleDAO roleDAO;
@Autowired
@@ -379,10 +383,25 @@ public class ConnObjectUtil {
}
}
- ((RoleTO) attributableTO).setParent(((RoleTO)
template).getParent());
+ if (((RoleTO) template).getParent() != 0) {
+ final SyncopeRole parentRole = roleDAO.find(((RoleTO)
template).getParent());
+ if (parentRole != null) {
+ ((RoleTO)
attributableTO).setParent(parentRole.getId());
+ }
+ }
- ((RoleTO) attributableTO).setUserOwner(((RoleTO)
template).getUserOwner());
- ((RoleTO) attributableTO).setRoleOwner(((RoleTO)
template).getRoleOwner());
+ if (((RoleTO) template).getUserOwner() != null) {
+ final SyncopeUser userOwner = userDAO.find(((RoleTO)
template).getUserOwner());
+ if (userOwner != null) {
+ ((RoleTO)
attributableTO).setUserOwner(userOwner.getId());
+ }
+ }
+ if (((RoleTO) template).getRoleOwner() != null) {
+ final SyncopeRole roleOwner = roleDAO.find(((RoleTO)
template).getRoleOwner());
+ if (roleOwner != null) {
+ ((RoleTO)
attributableTO).setRoleOwner(roleOwner.getId());
+ }
+ }
((RoleTO) attributableTO).setEntitlements(((RoleTO)
template).getEntitlements());
@@ -537,7 +556,7 @@ public class ConnObjectUtil {
final String accountId =
attrUtil.getAccountIdItem(resource) == null
? null
: MappingUtil.getAccountIdValue(
- owner, resource,
attrUtil.getAccountIdItem(resource));
+ owner, resource,
attrUtil.getAccountIdItem(resource));
if (StringUtils.isBlank(accountId)) {
throw new IllegalArgumentException("No AccountId
found for " + resource.getName());
Modified:
syncope/branches/1_1_X/core/src/main/java/org/apache/syncope/core/persistence/beans/SyncTask.java
URL:
http://svn.apache.org/viewvc/syncope/branches/1_1_X/core/src/main/java/org/apache/syncope/core/persistence/beans/SyncTask.java?rev=1600646&r1=1600645&r2=1600646&view=diff
==============================================================================
---
syncope/branches/1_1_X/core/src/main/java/org/apache/syncope/core/persistence/beans/SyncTask.java
(original)
+++
syncope/branches/1_1_X/core/src/main/java/org/apache/syncope/core/persistence/beans/SyncTask.java
Thu Jun 5 13:18:41 2014
@@ -27,6 +27,7 @@ import javax.validation.constraints.Min;
import org.apache.syncope.common.to.RoleTO;
import org.apache.syncope.common.to.UserTO;
import org.apache.syncope.core.persistence.validation.entity.SyncTaskCheck;
+import org.apache.syncope.core.sync.impl.SyncJob;
import org.apache.syncope.core.util.XMLSerializer;
@Entity
@@ -80,7 +81,7 @@ public class SyncTask extends SchedTask
public SyncTask() {
super();
- super.setJobClassName("org.apache.syncope.core.sync.impl.SyncJob");
+ super.setJobClassName(SyncJob.class.getName());
}
@Override
@@ -92,7 +93,7 @@ public class SyncTask extends SchedTask
return resource;
}
- public void setResource(ExternalResource resource) {
+ public void setResource(final ExternalResource resource) {
this.resource = resource;
}
Modified: syncope/branches/1_1_X/pom.xml
URL:
http://svn.apache.org/viewvc/syncope/branches/1_1_X/pom.xml?rev=1600646&r1=1600645&r2=1600646&view=diff
==============================================================================
--- syncope/branches/1_1_X/pom.xml (original)
+++ syncope/branches/1_1_X/pom.xml Thu Jun 5 13:18:41 2014
@@ -307,7 +307,7 @@ under the License.
<jstl.version>1.2</jstl.version>
<connid.version>1.3.3</connid.version>
- <connid.soap.version>1.2.6</connid.soap.version>
+ <connid.soap.version>1.2.7</connid.soap.version>
<connid.db.table.version>2.1.6</connid.db.table.version>
<connid.csvdir.version>0.7</connid.csvdir.version>
<connid.ldap.version>1.3.6</connid.ldap.version>
