protected ProvisioningResult<UserTO> doCreate( final UserTO userTO, final boolean storePassword, final boolean self, final boolean nullPriorityAsync) { Pair<UserTO, List<LogicActions>> before = beforeCreate(userTO); if (before.getLeft().getRealm() == null) { throw SyncopeClientException.build(ClientExceptionType.InvalidRealm); } if (!self) { Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_CREATE), before.getLeft().getRealm()); securityChecks(effectiveRealms, before.getLeft().getRealm(), null); } Pair<String, List<PropagationStatus>> created = provisioningManager.create(before.getLeft(), storePassword, nullPriorityAsync); return afterCreate( binder.returnUserTO(binder.getUserTO(created.getKey())), created.getRight(), before.getRight()); }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public ProvisioningResult<UserTO> unassign( final String key, final Collection<String> resources, final boolean nullPriorityAsync) { // security checks UserTO user = binder.getUserTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), user.getRealm()); securityChecks(effectiveRealms, user.getRealm(), user.getKey()); UserPatch patch = new UserPatch(); patch.setKey(key); patch.getResources().addAll(resources.stream().map(resource -> new StringPatchItem.Builder().operation(PatchOperation.DELETE).value(resource).build()). collect(Collectors.toList())); return update(patch, nullPriorityAsync); }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") public ProvisioningResult<UserTO> status(final StatusPatch statusPatch, final boolean nullPriorityAsync) { // security checks UserTO toUpdate = binder.getUserTO(statusPatch.getKey()); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), toUpdate.getRealm()); securityChecks(effectiveRealms, toUpdate.getRealm(), toUpdate.getKey()); // ensures the actual user key is effectively on the patch - as the binder.getUserTO(statusPatch.getKey()) // call above works with username as well statusPatch.setKey(toUpdate.getKey()); Pair<String, List<PropagationStatus>> updated = setStatusOnWfAdapter(statusPatch, nullPriorityAsync); return afterUpdate( binder.returnUserTO(binder.getUserTO(updated.getKey())), updated.getRight(), Collections.<LogicActions>emptyList(), false, Collections.<String>emptySet()); }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public UserTO link(final String key, final Collection<String> resources) { // security checks UserTO user = binder.getUserTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), user.getRealm()); securityChecks(effectiveRealms, user.getRealm(), user.getKey()); UserPatch patch = new UserPatch(); patch.setKey(key); patch.getResources().addAll(resources.stream().map(resource -> new StringPatchItem.Builder().operation(PatchOperation.ADD_REPLACE).value(resource).build()). collect(Collectors.toList())); return binder.returnUserTO(binder.getUserTO(provisioningManager.link(patch))); }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public UserTO unlink(final String key, final Collection<String> resources) { // security checks UserTO user = binder.getUserTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), user.getRealm()); securityChecks(effectiveRealms, user.getRealm(), user.getKey()); UserPatch patch = new UserPatch(); patch.setKey(key); patch.getResources().addAll(resources.stream().map(resource -> new StringPatchItem.Builder().operation(PatchOperation.DELETE).value(resource).build()). collect(Collectors.toList())); return binder.returnUserTO(binder.getUserTO(provisioningManager.unlink(patch))); }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public ProvisioningResult<UserTO> deprovision( final String key, final Collection<String> resources, final boolean nullPriorityAsync) { // security checks UserTO user = binder.getUserTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), user.getRealm()); securityChecks(effectiveRealms, user.getRealm(), user.getKey()); List<PropagationStatus> statuses = provisioningManager.deprovision(key, resources, nullPriorityAsync); ProvisioningResult<UserTO> result = new ProvisioningResult<>(); result.setEntity(binder.returnUserTO(binder.getUserTO(key))); result.getPropagationStatuses().addAll(statuses); return result; }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public ProvisioningResult<UserTO> provision( final String key, final Collection<String> resources, final boolean changePwd, final String password, final boolean nullPriorityAsync) { // security checks UserTO user = binder.getUserTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), user.getRealm()); securityChecks(effectiveRealms, user.getRealm(), user.getKey()); List<PropagationStatus> statuses = provisioningManager.provision(key, changePwd, password, resources, nullPriorityAsync); ProvisioningResult<UserTO> result = new ProvisioningResult<>(); result.setEntity(binder.returnUserTO(binder.getUserTO(key))); result.getPropagationStatuses().addAll(statuses); return result; }
protected ProvisioningResult<UserTO> doDelete( final UserTO userTO, final boolean self, final boolean nullPriorityAsync) { Pair<UserTO, List<LogicActions>> before = beforeDelete(userTO); if (!self) { Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_DELETE), before.getLeft().getRealm()); securityChecks(effectiveRealms, before.getLeft().getRealm(), before.getLeft().getKey()); } List<Group> ownedGroups = groupDAO.findOwnedByUser(before.getLeft().getKey()); if (!ownedGroups.isEmpty()) { SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.GroupOwnership); sce.getElements().addAll(ownedGroups.stream(). map(group -> group.getKey() + " " + group.getName()).collect(Collectors.toList())); throw sce; } List<PropagationStatus> statuses = provisioningManager.delete(before.getLeft().getKey(), nullPriorityAsync); UserTO deletedTO; if (userDAO.find(before.getLeft().getKey()) == null) { deletedTO = new UserTO(); deletedTO.setKey(before.getLeft().getKey()); } else { deletedTO = binder.getUserTO(before.getLeft().getKey()); } return afterDelete(binder.returnUserTO(deletedTO), statuses, before.getRight()); }
protected ProvisioningResult<UserTO> doUpdate( final UserPatch userPatch, final boolean self, final boolean nullPriorityAsync) { UserTO userTO = binder.getUserTO(userPatch.getKey()); Set<String> dynRealmsBefore = new HashSet<>(userTO.getDynRealms()); Pair<UserPatch, List<LogicActions>> before = beforeUpdate(userPatch, userTO.getRealm()); boolean authDynRealms = false; if (!self && before.getLeft().getRealm() != null && StringUtils.isNotBlank(before.getLeft().getRealm().getValue())) { Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), before.getLeft().getRealm().getValue()); authDynRealms = securityChecks(effectiveRealms, before.getLeft().getRealm().getValue(), before.getLeft().getKey()); } Pair<UserPatch, List<PropagationStatus>> updated = provisioningManager.update(before.getLeft(), nullPriorityAsync); return afterUpdate( binder.returnUserTO(binder.getUserTO(updated.getLeft().getKey())), updated.getRight(), before.getRight(), authDynRealms, dynRealmsBefore); }
Realm realm = realmDAO.findByFullPath(userTO.getRealm()); if (realm != null) { realmDAO.findAncestors(realm).stream().
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public ProvisioningResult<UserTO> assign( final String key, final Collection<String> resources, final boolean changepwd, final String password, final boolean nullPriorityAsync) { // security checks UserTO user = binder.getUserTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), user.getRealm()); securityChecks(effectiveRealms, user.getRealm(), user.getKey()); UserPatch patch = new UserPatch(); patch.setKey(key); patch.getResources().addAll(resources.stream().map(resource -> new StringPatchItem.Builder().operation(PatchOperation.ADD_REPLACE).value(resource).build()). collect(Collectors.toList())); if (changepwd) { patch.setPassword(new PasswordPatch.Builder(). value(password).onSyncope(false).resources(resources).build()); } return update(patch, nullPriorityAsync); }
UserCR req = new UserCR.Builder(userTO.getRealm(), userTO.getUsername()). password(userTO.getPassword()). mustChangePassword(userTO.isMustChangePassword()).
@Transactional(propagation = Propagation.REQUIRES_NEW) public String create(final SAML2IdPEntity idp, final SAML2LoginResponseTO responseTO, final String nameID) { UserTO userTO = new UserTO(); if (idp.getUserTemplate() != null) { templateUtils.apply(userTO, idp.getUserTemplate()); } List<SAML2IdPActions> actions = getActions(idp); for (SAML2IdPActions action : actions) { userTO = action.beforeCreate(userTO, responseTO); } fill(idp.getKey(), responseTO, userTO); if (userTO.getRealm() == null) { userTO.setRealm(SyncopeConstants.ROOT_REALM); } if (userTO.getUsername() == null) { userTO.setUsername(nameID); } Pair<String, List<PropagationStatus>> created = provisioningManager.create(userTO, false, false); userTO = binder.getUserTO(created.getKey()); for (SAML2IdPActions action : actions) { userTO = action.afterCreate(userTO, responseTO); } return userTO.getUsername(); }
@Transactional(propagation = Propagation.REQUIRES_NEW) public String create(final OIDCProvider op, final OIDCLoginResponseTO responseTO, final String email) { UserTO userTO = new UserTO(); if (op.getUserTemplate() != null && op.getUserTemplate().get() != null) { templateUtils.apply(userTO, op.getUserTemplate().get()); } List<OIDCProviderActions> actions = getActions(op); for (OIDCProviderActions action : actions) { userTO = action.beforeCreate(userTO, responseTO); } fill(op, responseTO, userTO); if (userTO.getRealm() == null) { userTO.setRealm(SyncopeConstants.ROOT_REALM); } if (userTO.getUsername() == null) { userTO.setUsername(email); } Pair<String, List<PropagationStatus>> created = provisioningManager.create(userTO, false, false); userTO = binder.getUserTO(created.getKey()); for (OIDCProviderActions action : actions) { userTO = action.afterCreate(userTO, responseTO); } return userTO.getUsername(); }