public static PasswordCapabilityType getEffectivePasswordCapability(ResourceType resource, ResourceObjectTypeDefinitionType def) { CredentialsCapabilityType cct = getEffectiveCapability(resource, def, CredentialsCapabilityType.class); if (cct == null || cct.getPassword() == null || Boolean.FALSE.equals(cct.getPassword().isEnabled())) { return null; } else { return cct.getPassword(); } }
private boolean getEvaluateWeak(LensProjectionContext projCtx) { CredentialsCapabilityType credentialsCapabilityType = ResourceTypeUtil.getEffectiveCapability(projCtx.getResource(), CredentialsCapabilityType.class); if (credentialsCapabilityType != null) { PasswordCapabilityType passwordCapabilityType = credentialsCapabilityType.getPassword(); if (passwordCapabilityType != null) { if (passwordCapabilityType.isEnabled() != Boolean.FALSE) { Boolean readable = passwordCapabilityType.isReadable(); if (readable != null && readable) { // If we have readable password then we can evaluate the weak mappings // normally (even if the reads return incomplete values). return true; } } } } // Password not readable. Therefore evaluate weak mappings only during add operaitons. // We do not know whether there is a password already set on the resource. And we do not // want to overwrite it every time. return projCtx.isAdd(); }
@Override public <F extends FocusType> String computeProjectionLifecycle(F focus, ShadowType shadow, ResourceType resource) { if (focus == null || shadow == null) { return null; } if (!(focus instanceof UserType)) { return null; } if (shadow.getKind() != null && shadow.getKind() != ShadowKindType.ACCOUNT) { return null; } ProtectedStringType passwordPs = FocusTypeUtil.getPasswordValue((UserType) focus); if (passwordPs != null && passwordPs.canGetCleartext()) { return null; } CredentialsCapabilityType credentialsCapabilityType = ResourceTypeUtil .getEffectiveCapability(resource, CredentialsCapabilityType.class); if (credentialsCapabilityType == null) { return null; } PasswordCapabilityType passwordCapabilityType = credentialsCapabilityType.getPassword(); if (passwordCapabilityType == null) { return null; } if (passwordCapabilityType.isEnabled() == Boolean.FALSE) { return null; } return SchemaConstants.LIFECYCLE_PROPOSED; }
} else { PasswordCapabilityType pc = cred.getPassword(); pc.setEnabled(def(pc.isEnabled(), true)); pc.setReturnedByDefault(def(pc.isReturnedByDefault(), true));