Hi John,
Il 13/03/2015 13:51, Gmail ha scritto:
Thanks. Could you point me to an example of a scheduled task that is similar
to this? Something to get me started?
1. Create a new Java class for your Scheduled Job
2. Create a Scheduled Task [1]
3. Create from the console your new Configuration schema
1. Go to Schema Page
2. Tab Configuration
3. Create new configuration schema
4. Go to Configuration Page
5. Click on the rigth side on the Bullet List Icon
6. Set the value for your new configuration parameter
below the java class:
public class PasswordExpirationJob extends AbstractTransactionalTaskJob {
@Autowired
private UserController userController;
@Autowired
private ConfDAO confDAO;
@Autowired
private EntitlementDAO entitlementDAO;
@Autowired
private EntityManager entityManager;
@Override
protected String doExecute(final boolean dryRun) throws
JobExecutionException {
if (!(task instanceof SchedTask)) {
throw new JobExecutionException("Task " + taskId + " isn't
a SchedTask");
}
//Take the xDays parameter from Syncope configuration
final CAttr xDays = confDAO.find("xDays", 10);
// Build you time condition with xDays configuration parameter
final Calendar yourTimeCondition = ....
// Search all user that match your condition
final Query query = entityManager.createNativeQuery(
"SELECT id FROM SyncopeUser WHERE changePwdDate < ?1");
query.setParameter(1, yourTimeCondition);
@SuppressWarnings("unchecked")
final List<Long> users = (List<Long>) query.getResultList();
if (!dryRun) {
try {
// Exec the operation with admin user
final List<GrantedAuthority> authorities = new
ArrayList<GrantedAuthority>();
for (Entitlement entitlement : entitlementDAO.findAll()) {
authorities.add(new
SimpleGrantedAuthority(entitlement.getName()));
}
final UserDetails userDetails = new User("admin",
"FAKE_PASSWORD", true, true, true, true, authorities);
SecurityContextHolder.getContext().setAuthentication(
new
UsernamePasswordAuthenticationToken(userDetails, "FAKE_PASSWORD",
authorities));
// for all user
for (Long userId : users) {
final StatusMod statusMod = new StatusMod();
statusMod.setId(userId);
statusMod.setOnSyncope(true);
statusMod.setType(StatusMod.ModType.SUSPEND);
userController.status(statusMod);
}
} finally {
// Remove admin permission
SecurityContextHolder.clearContext();
}
}
return (dryRun
? "Will Suspend"
: "Suspended") + " " + users.size() + " utenti";
}
@Override
protected boolean hasToBeRegistered(final TaskExec execution) {
return true;
}
}
Now you are ready to run your new Scheduled Job.
Regards
Marco
[1]
https://cwiki.apache.org/confluence/display/SYNCOPE/Tasks#Tasks-ScheduledTask
Sent from my iPhone
On Mar 13, 2015, at 4:28 AM, Francesco Chicchiriccò <[email protected]> wrote:
On 12/03/2015 21:31, John Ellinwood wrote:
How do I setup Apache Syncope so that a user's account is locked if they don't
change their password in the last X days? Where X is configurable.
I see that the user details in Syncope have a "Last Change Password Date"
field. Do I have to setup a custom task for this somehow?
Hi John,
yes you need a scheduled task for this purpose.
Once more, I see room for an improvement (such a setting could be part of
account policy AFAICT): could you please file an issue on JIRA? Thanks.
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/
--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570
Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/
