Author: ilgrosso
Date: Tue Mar 5 15:34:56 2013
New Revision: 1452852
URL: http://svn.apache.org/r1452852
Log:
[SYNCOPE-328] Widespread check of non-null deref of global policies
Modified:
syncope/trunk/core/src/main/java/org/apache/syncope/core/connid/ConnObjectUtil.java
syncope/trunk/core/src/main/java/org/apache/syncope/core/connid/PasswordGenerator.java
syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/dao/PolicyDAO.java
syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/validation/entity/PolicyValidator.java
syncope/trunk/core/src/main/java/org/apache/syncope/core/rest/data/UserDataBinder.java
syncope/trunk/core/src/main/java/org/apache/syncope/core/sync/impl/SyncopeSyncResultHandler.java
syncope/trunk/core/src/main/java/org/apache/syncope/core/util/MappingUtil.java
syncope/trunk/core/src/test/java/org/apache/syncope/core/connid/PasswordGeneratorTest.java
Modified:
syncope/trunk/core/src/main/java/org/apache/syncope/core/connid/ConnObjectUtil.java
URL:
http://svn.apache.org/viewvc/syncope/trunk/core/src/main/java/org/apache/syncope/core/connid/ConnObjectUtil.java?rev=1452852&r1=1452851&r2=1452852&view=diff
==============================================================================
---
syncope/trunk/core/src/main/java/org/apache/syncope/core/connid/ConnObjectUtil.java
(original)
+++
syncope/trunk/core/src/main/java/org/apache/syncope/core/connid/ConnObjectUtil.java
Tue Mar 5 15:34:56 2013
@@ -44,6 +44,7 @@ import org.apache.syncope.core.persisten
import org.apache.syncope.core.persistence.beans.AbstractMappingItem;
import org.apache.syncope.core.persistence.beans.AbstractVirAttr;
import org.apache.syncope.core.persistence.beans.ExternalResource;
+import org.apache.syncope.core.persistence.beans.PasswordPolicy;
import org.apache.syncope.core.persistence.beans.SyncTask;
import org.apache.syncope.core.persistence.beans.membership.Membership;
import org.apache.syncope.core.persistence.beans.role.SyncopeRole;
@@ -133,7 +134,7 @@ public class ConnObjectUtil {
}
/**
- * Build an UserTO out of connector object attributes and schema mapping.
+ * Build a UserTO / RoleTO out of connector object attributes and schema
mapping.
*
* @param obj connector object
* @param syncTask synchronization task
@@ -147,37 +148,44 @@ public class ConnObjectUtil {
T subjectTO = getAttributableTOFromConnObject(obj, syncTask, attrUtil);
- // if password was not set above, generate
- if (AttributableType.USER == attrUtil.getType() &&
StringUtils.isBlank(((UserTO) subjectTO).getPassword())) {
+ // (for users) if password was not set above, generate
+ if (subjectTO instanceof UserTO && StringUtils.isBlank(((UserTO)
subjectTO).getPassword())) {
+ final UserTO userTO = (UserTO) subjectTO;
+
List<PasswordPolicySpec> ppSpecs = new
ArrayList<PasswordPolicySpec>();
- ppSpecs.add((PasswordPolicySpec)
policyDAO.getGlobalPasswordPolicy().getSpecification());
- for (MembershipTO memb : ((UserTO) subjectTO).getMemberships()) {
+ PasswordPolicy globalPP = policyDAO.getGlobalPasswordPolicy();
+ if (globalPP != null && globalPP.getSpecification() != null) {
+ ppSpecs.add(globalPP.<PasswordPolicySpec>getSpecification());
+ }
+
+ for (MembershipTO memb : userTO.getMemberships()) {
SyncopeRole role = roleDAO.find(memb.getRoleId());
if (role != null && role.getPasswordPolicy() != null
&& role.getPasswordPolicy().getSpecification() !=
null) {
- ppSpecs.add((PasswordPolicySpec)
role.getPasswordPolicy().getSpecification());
+
ppSpecs.add(role.getPasswordPolicy().<PasswordPolicySpec>getSpecification());
}
}
- for (String resName : subjectTO.getResources()) {
+
+ for (String resName : userTO.getResources()) {
ExternalResource resource = resourceDAO.find(resName);
if (resource != null && resource.getPasswordPolicy() != null
&& resource.getPasswordPolicy().getSpecification() !=
null) {
- ppSpecs.add((PasswordPolicySpec)
resource.getPasswordPolicy().getSpecification());
+
ppSpecs.add(resource.getPasswordPolicy().<PasswordPolicySpec>getSpecification());
}
}
String password;
try {
- password = pwdGen.generatePasswordFromPwdSpec(ppSpecs);
+ password = pwdGen.generate(ppSpecs);
} catch (InvalidPasswordPolicySpecException e) {
- LOG.error("Could not generate policy-compliant random password
for {}", subjectTO, e);
+ LOG.error("Could not generate policy-compliant random password
for {}", userTO, e);
password = RandomStringUtils.randomAlphanumeric(16);
}
- ((UserTO) subjectTO).setPassword(password);
+ userTO.setPassword(password);
}
return subjectTO;
@@ -236,8 +244,7 @@ public class ConnObjectUtil {
final T attributableTO = attrUtil.newAttributableTO();
// 1. fill with data from connector object
- for (AbstractMappingItem item :
- attrUtil.getMappingItems(syncTask.getResource(),
MappingPurpose.SYNCHRONIZATION)) {
+ for (AbstractMappingItem item :
attrUtil.getMappingItems(syncTask.getResource(),
MappingPurpose.SYNCHRONIZATION)) {
Attribute attribute =
obj.getAttributeByName(item.getExtAttrName());
AttributeTO attributeTO;
Modified:
syncope/trunk/core/src/main/java/org/apache/syncope/core/connid/PasswordGenerator.java
URL:
http://svn.apache.org/viewvc/syncope/trunk/core/src/main/java/org/apache/syncope/core/connid/PasswordGenerator.java?rev=1452852&r1=1452851&r2=1452852&view=diff
==============================================================================
---
syncope/trunk/core/src/main/java/org/apache/syncope/core/connid/PasswordGenerator.java
(original)
+++
syncope/trunk/core/src/main/java/org/apache/syncope/core/connid/PasswordGenerator.java
Tue Mar 5 15:34:56 2013
@@ -19,84 +19,76 @@
package org.apache.syncope.core.connid;
import java.util.ArrayList;
-import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang.RandomStringUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.syncope.common.types.PasswordPolicySpec;
import org.apache.syncope.core.persistence.beans.ExternalResource;
+import org.apache.syncope.core.persistence.beans.PasswordPolicy;
import org.apache.syncope.core.persistence.beans.role.SyncopeRole;
import org.apache.syncope.core.persistence.beans.user.SyncopeUser;
import org.apache.syncope.core.persistence.dao.PolicyDAO;
import org.apache.syncope.core.policy.PolicyPattern;
import org.apache.syncope.core.util.InvalidPasswordPolicySpecException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
+/**
+ * Generate random passwords according to given policies.
+ *
+ * @see PasswordPolicy
+ */
@Component
public class PasswordGenerator {
- private static final Logger LOG =
LoggerFactory.getLogger(PasswordGenerator.class);
-
- private static final String[] SPECIAL_CHAR = {"", "!", "£", "%", "&",
"(", ")", "?", "#", "_", "$"};
+ private static final String[] SPECIAL_CHARS = {"", "!", "£", "%", "&",
"(", ")", "?", "#", "_", "$"};
@Autowired
private PolicyDAO policyDAO;
- public String generatePasswordFromPwdSpec(final List<PasswordPolicySpec>
passwordPolicySpecs)
+ public String generate(final List<PasswordPolicySpec> ppSpecs)
throws InvalidPasswordPolicySpecException {
- PasswordPolicySpec policySpec = mergePolicySpecs(passwordPolicySpecs);
+ PasswordPolicySpec policySpec = merge(ppSpecs);
- evaluateFinalPolicySpec(policySpec);
+ check(policySpec);
- return generatePassword(policySpec);
+ return generate(policySpec);
}
- public String generateUserPassword(final SyncopeUser user)
+ public String generate(final SyncopeUser user)
throws InvalidPasswordPolicySpecException {
- List<PasswordPolicySpec> userPasswordPolicies = new
ArrayList<PasswordPolicySpec>();
- PasswordPolicySpec passwordPolicySpec =
policyDAO.getGlobalPasswordPolicy().getSpecification();
+ List<PasswordPolicySpec> ppSpecs = new ArrayList<PasswordPolicySpec>();
- userPasswordPolicies.add(passwordPolicySpec);
+ PasswordPolicy globalPP = policyDAO.getGlobalPasswordPolicy();
+ if (globalPP != null && globalPP.getSpecification() != null) {
+ ppSpecs.add(globalPP.<PasswordPolicySpec>getSpecification());
+ }
- PasswordPolicySpec rolePasswordPolicySpec;
- if ((user.getRoles() != null) || (!user.getRoles().isEmpty())) {
- for (Iterator<SyncopeRole> rolesIterator =
user.getRoles().iterator(); rolesIterator.hasNext();) {
- SyncopeRole syncopeRole = rolesIterator.next();
- rolePasswordPolicySpec =
syncopeRole.getPasswordPolicy().getSpecification();
- userPasswordPolicies.add(rolePasswordPolicySpec);
+ for (SyncopeRole role : user.getRoles()) {
+ if (role.getPasswordPolicy() != null &&
role.getPasswordPolicy().getSpecification() != null) {
+
ppSpecs.add(role.getPasswordPolicy().<PasswordPolicySpec>getSpecification());
}
}
- PasswordPolicySpec resourcePasswordPolicySpec;
-
- if ((user.getResources() != null) || (!user.getResources().isEmpty()))
{
- for (Iterator<ExternalResource> resourcesIterator =
user.getResources().iterator();
- resourcesIterator.hasNext();) {
- ExternalResource externalResource = resourcesIterator.next();
- if (externalResource.getPasswordPolicy() != null) {
- resourcePasswordPolicySpec =
externalResource.getPasswordPolicy().getSpecification();
- userPasswordPolicies.add(resourcePasswordPolicySpec);
- }
+ for (ExternalResource resource : user.getResources()) {
+ if (resource.getPasswordPolicy() != null &&
resource.getPasswordPolicy().getSpecification() != null) {
+
ppSpecs.add(resource.getPasswordPolicy().<PasswordPolicySpec>getSpecification());
}
}
- PasswordPolicySpec policySpec = mergePolicySpecs(userPasswordPolicies);
- evaluateFinalPolicySpec(policySpec);
- return generatePassword(policySpec);
+ PasswordPolicySpec policySpec = merge(ppSpecs);
+ check(policySpec);
+ return generate(policySpec);
}
- private PasswordPolicySpec mergePolicySpecs(final List<PasswordPolicySpec>
userPasswordPolicies) {
+ private PasswordPolicySpec merge(final List<PasswordPolicySpec> ppSpecs) {
PasswordPolicySpec fpps = new PasswordPolicySpec();
fpps.setMinLength(0);
fpps.setMaxLength(1000);
- for (Iterator<PasswordPolicySpec> it =
userPasswordPolicies.iterator(); it.hasNext();) {
- PasswordPolicySpec policySpec = it.next();
+ for (PasswordPolicySpec policySpec : ppSpecs) {
if (policySpec.getMinLength() > fpps.getMinLength()) {
fpps.setMinLength(policySpec.getMinLength());
}
@@ -164,7 +156,7 @@ public class PasswordGenerator {
return fpps;
}
- private void evaluateFinalPolicySpec(final PasswordPolicySpec policySpec)
+ private void check(final PasswordPolicySpec policySpec)
throws InvalidPasswordPolicySpecException {
if (policySpec.getMinLength() == 0) {
@@ -208,7 +200,7 @@ public class PasswordGenerator {
}
}
- private String generatePassword(final PasswordPolicySpec policySpec) {
+ private String generate(final PasswordPolicySpec policySpec) {
String[] generatedPassword = new String[policySpec.getMinLength()];
for (int i = 0; i < generatedPassword.length; i++) {
@@ -289,35 +281,38 @@ public class PasswordGenerator {
private void checkRequired(final String[] generatedPassword, final
PasswordPolicySpec policySpec) {
if (policySpec.isDigitRequired()
&&
!PolicyPattern.DIGIT.matcher(StringUtils.join(generatedPassword)).matches()) {
+
generatedPassword[firstEmptyChar(generatedPassword)] =
RandomStringUtils.randomNumeric(1);
}
if (policySpec.isUppercaseRequired()
&&
!PolicyPattern.ALPHA_UPPERCASE.matcher(StringUtils.join(generatedPassword)).matches())
{
+
generatedPassword[firstEmptyChar(generatedPassword)] =
RandomStringUtils.randomAlphabetic(1).toUpperCase();
}
if (policySpec.isLowercaseRequired()
&&
!PolicyPattern.ALPHA_LOWERCASE.matcher(StringUtils.join(generatedPassword)).matches())
{
+
generatedPassword[firstEmptyChar(generatedPassword)] =
RandomStringUtils.randomAlphabetic(1).toLowerCase();
}
if (policySpec.isNonAlphanumericRequired()
&&
!PolicyPattern.NON_ALPHANUMERIC.matcher(StringUtils.join(generatedPassword)).matches())
{
- generatedPassword[firstEmptyChar(generatedPassword)] =
SPECIAL_CHAR[randomNumber(SPECIAL_CHAR.length - 1)];
+
+ generatedPassword[firstEmptyChar(generatedPassword)] =
+ SPECIAL_CHARS[randomNumber(SPECIAL_CHARS.length - 1)];
}
}
private void checkPrefixAndSuffix(final String[] generatedPassword, final
PasswordPolicySpec policySpec) {
- for (Iterator<String> it =
policySpec.getPrefixesNotPermitted().iterator(); it.hasNext();) {
- String prefix = it.next();
+ for (String prefix : policySpec.getPrefixesNotPermitted()) {
if (StringUtils.join(generatedPassword).startsWith(prefix)) {
checkStartChar(generatedPassword, policySpec);
}
}
- for (Iterator<String> it =
policySpec.getSuffixesNotPermitted().iterator(); it.hasNext();) {
- String suffix = it.next();
+ for (String suffix : policySpec.getSuffixesNotPermitted()) {
if (StringUtils.join(generatedPassword).endsWith(suffix)) {
checkEndChar(generatedPassword, policySpec);
}
Modified:
syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/dao/PolicyDAO.java
URL:
http://svn.apache.org/viewvc/syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/dao/PolicyDAO.java?rev=1452852&r1=1452851&r2=1452852&view=diff
==============================================================================
---
syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/dao/PolicyDAO.java
(original)
+++
syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/dao/PolicyDAO.java
Tue Mar 5 15:34:56 2013
@@ -30,10 +30,10 @@ public interface PolicyDAO extends DAO {
Policy find(Long id);
- PasswordPolicy getGlobalPasswordPolicy();
-
List<? extends Policy> find(PolicyType type);
+ PasswordPolicy getGlobalPasswordPolicy();
+
AccountPolicy getGlobalAccountPolicy();
SyncPolicy getGlobalSyncPolicy();
Modified:
syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/validation/entity/PolicyValidator.java
URL:
http://svn.apache.org/viewvc/syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/validation/entity/PolicyValidator.java?rev=1452852&r1=1452851&r2=1452852&view=diff
==============================================================================
---
syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/validation/entity/PolicyValidator.java
(original)
+++
syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/validation/entity/PolicyValidator.java
Tue Mar 5 15:34:56 2013
@@ -43,29 +43,26 @@ public class PolicyValidator extends Abs
@Override
public boolean isValid(final Policy object, final
ConstraintValidatorContext context) {
-
context.disableDefaultConstraintViolation();
if (object.getSpecification() != null
&& ((object instanceof PasswordPolicy &&
!(object.getSpecification() instanceof PasswordPolicySpec))
- || ((object instanceof AccountPolicy &&
!(object.getSpecification() instanceof AccountPolicySpec))) || ((object
instanceof SyncPolicy && !(object
- .getSpecification() instanceof SyncPolicySpec))))) {
+ || ((object instanceof AccountPolicy &&
!(object.getSpecification() instanceof AccountPolicySpec)))
+ || ((object instanceof SyncPolicy &&
!(object.getSpecification() instanceof SyncPolicySpec))))) {
- context.buildConstraintViolationWithTemplate("Invalid policy
specification").addNode(
- EntityViolationType.valueOf("Invalid" +
object.getClass().getSimpleName()).name())
- .addConstraintViolation();
+ context.buildConstraintViolationWithTemplate("Invalid policy
specification").
+ addNode(EntityViolationType.valueOf("Invalid" +
object.getClass().getSimpleName()).name()).
+ addConstraintViolation();
return false;
}
switch (object.getType()) {
case GLOBAL_PASSWORD:
-
// just one GLOBAL_PASSWORD policy
final PasswordPolicy passwordPolicy =
policyDAO.getGlobalPasswordPolicy();
if (passwordPolicy != null &&
!passwordPolicy.getId().equals(object.getId())) {
-
context.buildConstraintViolationWithTemplate("Password
policy already exists").addNode(
EntityViolationType.InvalidPasswordPolicy.name()).addConstraintViolation();
@@ -74,12 +71,10 @@ public class PolicyValidator extends Abs
break;
case GLOBAL_ACCOUNT:
-
// just one GLOBAL_ACCOUNT policy
final AccountPolicy accountPolicy =
policyDAO.getGlobalAccountPolicy();
if (accountPolicy != null &&
!accountPolicy.getId().equals(object.getId())) {
-
context.buildConstraintViolationWithTemplate("Global
Account policy already exists").addNode(
EntityViolationType.InvalidAccountPolicy.name()).addConstraintViolation();
@@ -88,12 +83,10 @@ public class PolicyValidator extends Abs
break;
case GLOBAL_SYNC:
-
// just one GLOBAL_SYNC policy
final SyncPolicy syncPolicy = policyDAO.getGlobalSyncPolicy();
if (syncPolicy != null &&
!syncPolicy.getId().equals(object.getId())) {
-
context.buildConstraintViolationWithTemplate("Global Sync
policy already exists").addNode(
EntityViolationType.InvalidSyncPolicy.name()).addConstraintViolation();
Modified:
syncope/trunk/core/src/main/java/org/apache/syncope/core/rest/data/UserDataBinder.java
URL:
http://svn.apache.org/viewvc/syncope/trunk/core/src/main/java/org/apache/syncope/core/rest/data/UserDataBinder.java?rev=1452852&r1=1452851&r2=1452852&view=diff
==============================================================================
---
syncope/trunk/core/src/main/java/org/apache/syncope/core/rest/data/UserDataBinder.java
(original)
+++
syncope/trunk/core/src/main/java/org/apache/syncope/core/rest/data/UserDataBinder.java
Tue Mar 5 15:34:56 2013
@@ -40,7 +40,7 @@ import org.apache.syncope.core.persisten
import org.apache.syncope.core.persistence.beans.AbstractMappingItem;
import org.apache.syncope.core.persistence.beans.AbstractVirAttr;
import org.apache.syncope.core.persistence.beans.ExternalResource;
-import org.apache.syncope.core.persistence.beans.Policy;
+import org.apache.syncope.core.persistence.beans.PasswordPolicy;
import org.apache.syncope.core.persistence.beans.membership.MAttr;
import org.apache.syncope.core.persistence.beans.membership.MDerAttr;
import org.apache.syncope.core.persistence.beans.membership.MVirAttr;
@@ -136,10 +136,8 @@ public class UserDataBinder extends Abst
* Get predefined password cipher algorithm from SyncopeConf.
*
* @return cipher algorithm.
- * @throws NotFoundException in case of algorithm not included into
<code>CipherAlgorithm</code>.
*/
private CipherAlgorithm getPredefinedCipherAlgoritm() {
-
final String algorithm = confDAO.find("password.cipher.algorithm",
"AES").getValue();
try {
@@ -149,6 +147,27 @@ public class UserDataBinder extends Abst
}
}
+ private void setPassword(final SyncopeUser user, final String password,
+ final SyncopeClientCompositeErrorException scce) {
+
+ int passwordHistorySize = 0;
+ PasswordPolicy policy = policyDAO.getGlobalPasswordPolicy();
+ if (policy != null && policy.getSpecification() != null) {
+ passwordHistorySize =
policy.<PasswordPolicySpec>getSpecification().getHistoryLength();
+ }
+
+ try {
+ user.setPassword(password, getPredefinedCipherAlgoritm(),
passwordHistorySize);
+ } catch (NotFoundException e) {
+ final SyncopeClientException invalidCiperAlgorithm =
+ new
SyncopeClientException(SyncopeClientExceptionType.NotFound);
+ invalidCiperAlgorithm.addElement(e.getMessage());
+ scce.addException(invalidCiperAlgorithm);
+
+ throw scce;
+ }
+ }
+
public void create(final SyncopeUser user, final UserTO userTO) {
SyncopeClientCompositeErrorException scce = new
SyncopeClientCompositeErrorException(HttpStatus.BAD_REQUEST);
@@ -184,29 +203,10 @@ public class UserDataBinder extends Abst
fill(user, userTO,
AttributableUtil.getInstance(AttributableType.USER), scce);
// set password
- int passwordHistorySize = 0;
-
- try {
- Policy policy = policyDAO.getGlobalPasswordPolicy();
- PasswordPolicySpec passwordPolicy = policy.getSpecification();
- passwordHistorySize = passwordPolicy.getHistoryLength();
- } catch (Exception ignore) {
- // ignore exceptions
- }
-
- if (userTO.getPassword() == null || userTO.getPassword().isEmpty()) {
+ if (StringUtils.isBlank(userTO.getPassword())) {
LOG.error("No password provided");
} else {
- try {
- user.setPassword(userTO.getPassword(),
getPredefinedCipherAlgoritm(), passwordHistorySize);
- } catch (NotFoundException e) {
- final SyncopeClientException invalidAlgorith =
- new
SyncopeClientException(SyncopeClientExceptionType.NotFound);
- invalidAlgorith.addElement(e.getMessage());
- scce.addException(invalidAlgorith);
-
- throw scce;
- }
+ setPassword(user, userTO.getPassword(), scce);
}
// set username
@@ -222,7 +222,6 @@ public class UserDataBinder extends Abst
* @param user to be updated
* @param userMod bean containing update request
* @return updated user + propagation by resource
- * @throws SyncopeClientCompositeErrorException if anything goes wrong
* @see PropagationByResource
*/
public PropagationByResource update(final SyncopeUser user, final UserMod
userMod) {
@@ -236,26 +235,8 @@ public class UserDataBinder extends Abst
Set<String> currentResources = user.getResourceNames();
// password
- if (userMod.getPassword() != null) {
- int passwordHistorySize = 0;
- try {
- Policy policy = policyDAO.getGlobalPasswordPolicy();
- PasswordPolicySpec passwordPolicy = policy.getSpecification();
- passwordHistorySize = passwordPolicy.getHistoryLength();
- } catch (Exception ignore) {
- // ignore exceptions
- }
-
- try {
- user.setPassword(userMod.getPassword(),
getPredefinedCipherAlgoritm(), passwordHistorySize);
- } catch (NotFoundException e) {
- final SyncopeClientException invalidAlgorith =
- new
SyncopeClientException(SyncopeClientExceptionType.NotFound);
- invalidAlgorith.addElement(e.getMessage());
- scce.addException(invalidAlgorith);
-
- throw scce;
- }
+ if (StringUtils.isNotBlank(userMod.getPassword())) {
+ setPassword(user, userMod.getPassword(), scce);
user.setChangePwdDate(new Date());
Modified:
syncope/trunk/core/src/main/java/org/apache/syncope/core/sync/impl/SyncopeSyncResultHandler.java
URL:
http://svn.apache.org/viewvc/syncope/trunk/core/src/main/java/org/apache/syncope/core/sync/impl/SyncopeSyncResultHandler.java?rev=1452852&r1=1452851&r2=1452852&view=diff
==============================================================================
---
syncope/trunk/core/src/main/java/org/apache/syncope/core/sync/impl/SyncopeSyncResultHandler.java
(original)
+++
syncope/trunk/core/src/main/java/org/apache/syncope/core/sync/impl/SyncopeSyncResultHandler.java
Tue Mar 5 15:34:56 2013
@@ -50,12 +50,14 @@ import org.apache.syncope.core.persisten
import org.apache.syncope.core.persistence.beans.AbstractMappingItem;
import org.apache.syncope.core.persistence.beans.AbstractSchema;
import org.apache.syncope.core.persistence.beans.PropagationTask;
+import org.apache.syncope.core.persistence.beans.SyncPolicy;
import org.apache.syncope.core.persistence.beans.SyncTask;
import org.apache.syncope.core.persistence.beans.role.SyncopeRole;
import org.apache.syncope.core.persistence.beans.user.SyncopeUser;
import org.apache.syncope.core.persistence.dao.AttributableSearchDAO;
import org.apache.syncope.core.persistence.dao.EntitlementDAO;
import org.apache.syncope.core.persistence.dao.NotFoundException;
+import org.apache.syncope.core.persistence.dao.PolicyDAO;
import org.apache.syncope.core.persistence.dao.RoleDAO;
import org.apache.syncope.core.persistence.dao.SchemaDAO;
import org.apache.syncope.core.persistence.dao.UserDAO;
@@ -99,6 +101,12 @@ public class SyncopeSyncResultHandler im
protected static final Logger LOG =
LoggerFactory.getLogger(SyncopeSyncResultHandler.class);
/**
+ * Policy DAO.
+ */
+ @Autowired
+ private PolicyDAO policyDAO;
+
+ /**
* Entitlement DAO.
*/
@Autowired
@@ -420,18 +428,25 @@ public class SyncopeSyncResultHandler im
* @param attrUtil attributable util
* @return list of matching users / roles
*/
- public List<Long> findExisting(final String uid, final ConnectorObject
connObj, final AttributableUtil attrUtil) {
- SyncPolicySpec policySpec = null;
- if (syncTask.getResource().getSyncPolicy() != null) {
- policySpec = (SyncPolicySpec)
syncTask.getResource().getSyncPolicy().getSpecification();
+ protected List<Long> findExisting(final String uid, final ConnectorObject
connObj,
+ final AttributableUtil attrUtil) {
+
+ SyncPolicySpec syncPolicySpec = null;
+ if (syncTask.getResource().getSyncPolicy() == null) {
+ SyncPolicy globalSP = policyDAO.getGlobalSyncPolicy();
+ if (globalSP != null) {
+ syncPolicySpec = globalSP.<SyncPolicySpec>getSpecification();
+ }
+ } else {
+ syncPolicySpec =
syncTask.getResource().getSyncPolicy().<SyncPolicySpec>getSpecification();
}
SyncRule syncRule = null;
List<String> altSearchSchemas = null;
- if (policySpec != null) {
- syncRule = attrUtil.getCorrelationRule(policySpec);
- altSearchSchemas = attrUtil.getAltSearchSchemas(policySpec);
+ if (syncPolicySpec != null) {
+ syncRule = attrUtil.getCorrelationRule(syncPolicySpec);
+ altSearchSchemas = attrUtil.getAltSearchSchemas(syncPolicySpec);
}
return syncRule == null ? altSearchSchemas == null
@@ -809,30 +824,30 @@ public class SyncopeSyncResultHandler im
final String uid = delta.getPreviousUid() == null
? delta.getUid().getUidValue()
: delta.getPreviousUid().getUidValue();
- final List<Long> subjects = findExisting(uid, delta.getObject(),
attrUtil);
+ final List<Long> subjectIds = findExisting(uid, delta.getObject(),
attrUtil);
if (SyncDeltaType.CREATE_OR_UPDATE == delta.getDeltaType()) {
- if (subjects.isEmpty()) {
+ if (subjectIds.isEmpty()) {
results.addAll(create(delta, attrUtil, dryRun));
- } else if (subjects.size() == 1) {
- results.addAll(update(delta, subjects.subList(0, 1), attrUtil,
dryRun));
+ } else if (subjectIds.size() == 1) {
+ results.addAll(update(delta, subjectIds.subList(0, 1),
attrUtil, dryRun));
} else {
switch (resAct) {
case IGNORE:
- LOG.error("More than one match {}", subjects);
+ LOG.error("More than one match {}", subjectIds);
break;
case FIRSTMATCH:
- results.addAll(update(delta, subjects.subList(0, 1),
attrUtil, dryRun));
+ results.addAll(update(delta, subjectIds.subList(0, 1),
attrUtil, dryRun));
break;
case LASTMATCH:
- results.addAll(update(delta,
subjects.subList(subjects.size() - 1, subjects.size()), attrUtil,
- dryRun));
+ results.addAll(update(delta,
subjectIds.subList(subjectIds.size() - 1, subjectIds.size()),
+ attrUtil, dryRun));
break;
case ALL:
- results.addAll(update(delta, subjects, attrUtil,
dryRun));
+ results.addAll(update(delta, subjectIds, attrUtil,
dryRun));
break;
default:
@@ -841,27 +856,28 @@ public class SyncopeSyncResultHandler im
}
if (SyncDeltaType.DELETE == delta.getDeltaType()) {
- if (subjects.isEmpty()) {
+ if (subjectIds.isEmpty()) {
LOG.debug("No match found for deletion");
- } else if (subjects.size() == 1) {
- results.addAll(delete(delta, subjects, attrUtil, dryRun));
+ } else if (subjectIds.size() == 1) {
+ results.addAll(delete(delta, subjectIds, attrUtil, dryRun));
} else {
switch (resAct) {
case IGNORE:
- LOG.error("More than one match {}", subjects);
+ LOG.error("More than one match {}", subjectIds);
break;
case FIRSTMATCH:
- results.addAll(delete(delta, subjects.subList(0, 1),
attrUtil, dryRun));
+ results.addAll(delete(delta, subjectIds.subList(0, 1),
attrUtil, dryRun));
break;
case LASTMATCH:
- results.addAll(delete(delta,
subjects.subList(subjects.size() - 1, subjects.size()), attrUtil,
+ results.addAll(delete(delta,
subjectIds.subList(subjectIds.size() - 1, subjectIds.size()),
+ attrUtil,
dryRun));
break;
case ALL:
- results.addAll(delete(delta, subjects, attrUtil,
dryRun));
+ results.addAll(delete(delta, subjectIds, attrUtil,
dryRun));
break;
default:
Modified:
syncope/trunk/core/src/main/java/org/apache/syncope/core/util/MappingUtil.java
URL:
http://svn.apache.org/viewvc/syncope/trunk/core/src/main/java/org/apache/syncope/core/util/MappingUtil.java?rev=1452852&r1=1452851&r2=1452852&view=diff
==============================================================================
---
syncope/trunk/core/src/main/java/org/apache/syncope/core/util/MappingUtil.java
(original)
+++
syncope/trunk/core/src/main/java/org/apache/syncope/core/util/MappingUtil.java
Tue Mar 5 15:34:56 2013
@@ -219,7 +219,7 @@ public final class MappingUtil {
}
} else if (resource.isRandomPwdIfNotProvided()) {
try {
- passwordAttrValue =
passwordGenerator.generateUserPassword(user);
+ passwordAttrValue = passwordGenerator.generate(user);
} catch (InvalidPasswordPolicySpecException e) {
LOG.error("Could not generate policy-compliant random
password for {}", user, e);
Modified:
syncope/trunk/core/src/test/java/org/apache/syncope/core/connid/PasswordGeneratorTest.java
URL:
http://svn.apache.org/viewvc/syncope/trunk/core/src/test/java/org/apache/syncope/core/connid/PasswordGeneratorTest.java?rev=1452852&r1=1452851&r2=1452852&view=diff
==============================================================================
---
syncope/trunk/core/src/test/java/org/apache/syncope/core/connid/PasswordGeneratorTest.java
(original)
+++
syncope/trunk/core/src/test/java/org/apache/syncope/core/connid/PasswordGeneratorTest.java
Tue Mar 5 15:34:56 2013
@@ -49,7 +49,7 @@ public class PasswordGeneratorTest exten
SyncopeUser user = userDAO.find(5L);
String password = "";
try {
- password = passwordGenerator.generateUserPassword(user);
+ password = passwordGenerator.generate(user);
} catch (InvalidPasswordPolicySpecException ex) {
fail(ex.getMessage());
}
@@ -67,7 +67,7 @@ public class PasswordGeneratorTest exten
String password = "";
try {
- password = passwordGenerator.generateUserPassword(user);
+ password = passwordGenerator.generate(user);
} catch (InvalidPasswordPolicySpecException ex) {
fail(ex.getMessage());
@@ -89,7 +89,7 @@ public class PasswordGeneratorTest exten
List<PasswordPolicySpec> passwordPolicySpecs = new
ArrayList<PasswordPolicySpec>();
passwordPolicySpecs.add(passwordPolicySpec);
passwordPolicySpecs.add(passwordPolicySpec2);
- String generatedPassword =
passwordGenerator.generatePasswordFromPwdSpec(passwordPolicySpecs);
+ String generatedPassword =
passwordGenerator.generate(passwordPolicySpecs);
assertTrue(Character.isDigit(generatedPassword.charAt(0)));
assertTrue(Character.isDigit(generatedPassword.charAt(generatedPassword.length()
- 1)));
}
@@ -106,7 +106,7 @@ public class PasswordGeneratorTest exten
List<PasswordPolicySpec> passwordPolicySpecs = new
ArrayList<PasswordPolicySpec>();
passwordPolicySpecs.add(passwordPolicySpec);
passwordPolicySpecs.add(passwordPolicySpec2);
- String generatedPassword =
passwordGenerator.generatePasswordFromPwdSpec(passwordPolicySpecs);
+ String generatedPassword =
passwordGenerator.generate(passwordPolicySpecs);
assertTrue(Character.isDigit(generatedPassword.charAt(0)));
assertTrue(Character.isLetter(generatedPassword.charAt(generatedPassword.length()
- 1)));
}
@@ -123,7 +123,7 @@ public class PasswordGeneratorTest exten
List<PasswordPolicySpec> passwordPolicySpecs = new
ArrayList<PasswordPolicySpec>();
passwordPolicySpecs.add(passwordPolicySpec);
passwordPolicySpecs.add(passwordPolicySpec2);
- String generatedPassword =
passwordGenerator.generatePasswordFromPwdSpec(passwordPolicySpecs);
+ String generatedPassword =
passwordGenerator.generate(passwordPolicySpecs);
assertTrue(PolicyPattern.NON_ALPHANUMERIC.matcher(generatedPassword).matches());
assertTrue(Character.isLetter(generatedPassword.charAt(generatedPassword.length()
- 1)));
}
@@ -141,7 +141,7 @@ public class PasswordGeneratorTest exten
List<PasswordPolicySpec> passwordPolicySpecs = new
ArrayList<PasswordPolicySpec>();
passwordPolicySpecs.add(passwordPolicySpec);
passwordPolicySpecs.add(passwordPolicySpec2);
- passwordGenerator.generatePasswordFromPwdSpec(passwordPolicySpecs);
+ passwordGenerator.generate(passwordPolicySpecs);
}
private PasswordPolicySpec createBasePasswordPolicySpec() {
