Author: ilgrosso Date: Fri Dec 7 14:29:41 2012 New Revision: 1418327 URL: http://svn.apache.org/viewvc?rev=1418327&view=rev Log: Adding a utility PropagationActions class allowing transparent LDAP role membership propagation
Modified: syncope/branches/DEV_ROLE_PROVISIONING/core/src/main/java/org/apache/syncope/core/propagation/LDAPMembershipPropagationActions.java syncope/branches/DEV_ROLE_PROVISIONING/core/src/test/resources/content.xml Modified: syncope/branches/DEV_ROLE_PROVISIONING/core/src/main/java/org/apache/syncope/core/propagation/LDAPMembershipPropagationActions.java URL: http://svn.apache.org/viewvc/syncope/branches/DEV_ROLE_PROVISIONING/core/src/main/java/org/apache/syncope/core/propagation/LDAPMembershipPropagationActions.java?rev=1418327&r1=1418326&r2=1418327&view=diff ============================================================================== --- syncope/branches/DEV_ROLE_PROVISIONING/core/src/main/java/org/apache/syncope/core/propagation/LDAPMembershipPropagationActions.java (original) +++ syncope/branches/DEV_ROLE_PROVISIONING/core/src/main/java/org/apache/syncope/core/propagation/LDAPMembershipPropagationActions.java Fri Dec 7 14:29:41 2012 @@ -19,28 +19,42 @@ package org.apache.syncope.core.propagation; import java.util.ArrayList; +import java.util.HashSet; import java.util.List; +import java.util.Set; import org.apache.commons.jexl2.JexlContext; import org.apache.commons.jexl2.MapContext; import org.apache.commons.lang.StringUtils; import org.apache.syncope.core.persistence.beans.PropagationTask; import org.apache.syncope.core.persistence.beans.role.SyncopeRole; -import org.apache.syncope.core.persistence.dao.RoleDAO; +import org.apache.syncope.core.persistence.beans.user.SyncopeUser; +import org.apache.syncope.core.persistence.dao.UserDAO; import org.apache.syncope.core.util.JexlUtil; +import org.apache.syncope.types.AttributableType; +import org.apache.syncope.types.ResourceOperation; +import org.identityconnectors.framework.common.objects.Attribute; import org.identityconnectors.framework.common.objects.AttributeBuilder; import org.identityconnectors.framework.common.objects.ConnectorObject; -import org.identityconnectors.framework.common.objects.ObjectClass; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.transaction.annotation.Transactional; +/** + * Simple action for propagating role memberships to LDAP groups, when the same resource is configured for both users + * and roles. + */ public class LDAPMembershipPropagationActions extends DefaultPropagationActions { private static final Logger LOG = LoggerFactory.getLogger(LDAPMembershipPropagationActions.class); + /** + * Allows easy subclassing for the ConnId AD connector bundle. + */ + protected static final String GROUP_MEMBERSHIP_ATTR = "ldapGroups"; + @Autowired - private RoleDAO roleDAO; + private UserDAO userDAO; @Autowired private JexlUtil jexlUtil; @@ -50,10 +64,17 @@ public class LDAPMembershipPropagationAc public void before(final PropagationTask task, final ConnectorObject beforeObj) { super.before(task, beforeObj); - if (beforeObj.getObjectClass() == ObjectClass.ACCOUNT && task.getResource().getRmapping() != null) { + if (ResourceOperation.DELETE != task.getPropagationOperation() + && AttributableType.USER == task.getSubjectType() && task.getResource().getRmapping() != null) { + + SyncopeUser user = userDAO.find(task.getSubjectId()); + if (user == null) { + throw new IllegalArgumentException("User " + task.getSubjectId() + " not found"); + } + List<String> roleAccountLinks = new ArrayList<String>(); - for (SyncopeRole role : roleDAO.findAll()) { - if (role.getResources().contains(task.getResource()) + for (SyncopeRole role : user.getRoles()) { + if (role.getResourceNames().contains(task.getResource().getName()) && StringUtils.isNotBlank(task.getResource().getRmapping().getAccountLink())) { LOG.debug("Evaluating accountLink for {}", role); @@ -73,10 +94,12 @@ public class LDAPMembershipPropagationAc LOG.debug("Role accountLinks to propagate for membership: {}", roleAccountLinks); if (!roleAccountLinks.isEmpty()) { - task.getAttributes().add(AttributeBuilder.build("ldapGroups", roleAccountLinks)); + Set<Attribute> attributes = new HashSet<Attribute>(task.getAttributes()); + attributes.add(AttributeBuilder.build(GROUP_MEMBERSHIP_ATTR, roleAccountLinks)); + task.setAttributes(attributes); } } else { - LOG.debug("It's {}, not doing anything", beforeObj.getObjectClass()); + LOG.debug("Not about user, or role mapping missing for resource: not doing anything"); } } } Modified: syncope/branches/DEV_ROLE_PROVISIONING/core/src/test/resources/content.xml URL: http://svn.apache.org/viewvc/syncope/branches/DEV_ROLE_PROVISIONING/core/src/test/resources/content.xml?rev=1418327&r1=1418326&r2=1418327&view=diff ============================================================================== --- syncope/branches/DEV_ROLE_PROVISIONING/core/src/test/resources/content.xml (original) +++ syncope/branches/DEV_ROLE_PROVISIONING/core/src/test/resources/content.xml Fri Dec 7 14:29:41 2012 @@ -373,6 +373,7 @@ under the License. <ExternalResource name="resource-ldap" connector_id="105" enforceMandatoryCondition="1" propagationMode="ONE_PHASE" propagationPriority="0" propagationPrimary="1" + propagationActionsClassName="org.apache.syncope.core.propagation.LDAPMembershipPropagationActions" createTraceLevel="ALL" deleteTraceLevel="ALL" updateTraceLevel="ALL" syncTraceLevel="ALL"/> <ExternalResource name="ws-target-resource-nopropagation" connector_id="103" enforceMandatoryCondition="1" propagationMode="TWO_PHASES"