date:20170915

[no subject]

2017-09-15 Thread Matteo Alessandroni

Hi Sergio,

could please add the "SakaiUserSearchScript.groovy" too?
I need to see whether the "eid" field is set correctly and does always return a 
value that will be mapped to "username".

Regards,
Matteo

On 2017-09-14 18:20, Sergio Muriel  wrote: 
> Hi Matteo,
> 
> please find the screenshots attached to this email.
> 
> 
> Thank you in advance!
> 
> 
> PD: If is not pictured then values are by default.
> 
> Best Regards,
> Sergio Muriel
> 
> 
> 
> From: Matteo Alessandroni 
> Sent: Thursday, September 14, 2017 2:23 AM
> To: user@syncope.apache.org
> Subject: Re: Scripted SQL Pull Task Error
> 
> Hi Sergio,
> 
> At this point could you please attach a screenshot of your mapping and also 
> the Connector and Resource configuration?
> 
> Regards,
> Matteo
> 
> On 14/09/2017 00:02, Sergio Muriel wrote:
> 
> Hi Matteo,
> 
>   *   "username" is mapped in my resource. The "Purpose" column for 
> "username" is set to the icon with both pull and push arrows. (That is Sync, 
> I believe).
>   *   All users have a valid non blank username value. Indeed, I checked with 
> a query, and it has been checked also by Sakai itself.
> 
> So far I have the same problem. This is what the logs say:
> 
> core-persistence.log shows this for each user creation attempt:
> 16:29:19.947 WARN  
> org.apache.syncope.core.persistence.jpa.validation.entity.EntityValidationListener
>  - Bean validation errors found: 
> [ConstraintViolationImpl{rootBean=JPAUser[null], propertyPath='username', 
> message='Blank username', leafBean=JPAUser[null], value=null}]
> 
> 
> core.log shows this for each user creation attempt:
> 16:26:28.884 ERROR 
> org.apache.syncope.core.provisioning.api.pushpull.SyncopeResultHandler - 
> Could not create USER f84440b0-3cc7-4d83-ae02-951c81faf2e22
> org.apache.syncope.core.persistence.api.attrvalue.validation.InvalidEntityException:
>  JPAUser [Standard]
> at 
> org.apache.syncope.core.persistence.jpa.validation.entity.EntityValidationListener.validate(EntityValidationListener.java:73)
>  ~[syncope-core-persistence-jpa-2.0.4.jar:2.0.4]
> at sun.reflect.GeneratedMethodAccessor517.invoke(Unknown Source) ~[?:?]
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) 
> ~[?:1.8.0_71]
> at java.lang.reflect.Method.invoke(Unknown Source) ~[?:1.8.0_71]
> at 
> org.apache.openjpa.event.BeanLifecycleCallbacks.makeCallback(BeanLifecycleCallbacks.java:85)
>  ~[openjpa-kernel-2.4.2.jar:2.4.2]
> at 
> org.apache.openjpa.persistence.PersistenceListenerAdapter.makeCallback(PersistenceListenerAdapter.java:71)
>  ~[openjpa-persistence-2.4.2.jar:2.4.2]
> at 
> org.apache.openjpa.persistence.PersistenceListenerAdapter.beforePersist(PersistenceListenerAdapter.java:85)
>  ~[openjpa-persistence-2.4.2.jar:2.4.2]
> at 
> org.apache.openjpa.event.LifecycleEventManager.fireEvent(LifecycleEventManager.java:404)
>  ~[openjpa-kernel-2.4.2.jar:2.4.2]
> at 
> org.apache.openjpa.event.LifecycleEventManager.fireEvent(LifecycleEventManager.java:308)
>  ~[openjpa-kernel-2.4.2.jar:2.4.2]
> at 
> org.apache.openjpa.kernel.BrokerImpl.fireLifecycleEvent(BrokerImpl.java:814) 
> ~[openjpa-kernel-2.4.2.jar:2.4.2]
> at 
> org.apache.openjpa.kernel.VersionAttachStrategy.attach(VersionAttachStrategy.java:140)
>  ~[openjpa-kernel-2.4.2.jar:2.4.2]
> at org.apache.openjpa.kernel.AttachManager.attach(AttachManager.java:252) 
> ~[openjpa-kernel-2.4.2.jar:2.4.2]
> at org.apache.openjpa.kernel.AttachManager.attach(AttachManager.java:105) 
> ~[openjpa-kernel-2.4.2.jar:2.4.2]
> at org.apache.openjpa.kernel.BrokerImpl.attach(BrokerImpl.java:3508) 
> ~[openjpa-kernel-2.4.2.jar:2.4.2]
> at 
> org.apache.openjpa.kernel.DelegatingBroker.attach(DelegatingBroker.java:1213) 
> ~[openjpa-kernel-2.4.2.jar:2.4.2]
> at 
> org.apache.openjpa.persistence.EntityManagerImpl.merge(EntityManagerImpl.java:879)
>  ~[openjpa-persistence-2.4.2.jar:2.4.2]
> at 
> org.apache.syncope.core.persistence.jpa.dao.AbstractAnyDAO.save(AbstractAnyDAO.java:543)
>  ~[syncope-core-persistence-jpa-2.0.4.jar:2.0.4]
> at 
> org.apache.syncope.core.persistence.jpa.dao.JPAUserDAO.save(JPAUserDAO.java:437)
>  ~[syncope-core-persistence-jpa-2.0.4.jar:2.0.4]
> at 
> org.apache.syncope.core.persistence.jpa.dao.JPAUserDAO.save(JPAUserDAO.java:84)
>  ~[syncope-core-persistence-jpa-2.0.4.jar:2.0.4]
> at sun.reflect.GeneratedMethodAccessor527.invoke(Unknown Source) ~[?:?]
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) 
> ~[?:1.8.0_71]
> at java.lang.reflect.Method.invoke(Unknown Source) ~[?:1.8.0_71]
> at 
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333)
>  ~[spring-aop-4.3.9.RELEASE.jar:4.3.9.RELEASE]
> at 
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207)
>  ~[spring-aop-4.3.9.RELEASE.jar:4.3.9.RELEASE]
> at com.sun.proxy.$Proxy85.save(Unknown Source) ~[?:?]
> at 
> org.apache.syncope.core.workflow.java.DefaultUserWorkflowAdapter.doCreate(DefaultUserWorkflow

Call /self API with invalid credentials

2017-09-15 Thread Adrian Gonzalez

Hello,
I'm using Syncope 2.0.5.I'm calling /self REST API with invalid credentials 
(withcontent-type: application/json .)/self returns HTML code and not a JSON 
message body.
i.e. ```
curl -X GET \  http://localhost:9080/syncope/rest/users/self \  -H 
'authorization: Basic YmVsbGluaTpiZWxsaW5pNjY1' \  -H 'cache-control: no-cache' 
\  -H 'content-type: application/json' \  -H 'postman-token: 
477ebc5a-6350-4ba5-a8a2-4d6ecea31712'```

Returns an HTML error page i.e;HTTP 
Status 401 – Unauthorized...Message User bellini not 
authenticatedDescription The request has not been applied because 
it lacks valid authentication credentials for the target resource.Apache Tomcat/8.5.20
Shouldn't it be valid json (since I requested json ?)
The pb is that when I use the syncope client REST API, I get:2017-09-15 
11:17:13.625 -ERROR [http-apr-9080-exec-6] 
org.apache.cxf.jaxrs.utils.JAXRSUtils    : No message body reader has been 
found for class java.util.List, ContentType: text/html;charset=utf-82017-09-15 
11:17:13.626 -DEBUG [http-apr-9080-exec-6] 
o.a.s.c.lib.RestClientExceptionMapper    : Could not read 
org.apache.syncope.common.lib.to.ErrorTO list, attempting to read 
headers...javax.ws.rs.client.ResponseProcessingException: No message body 
reader has been found for class java.util.List, ContentType: 
text/html;charset=utf-8 at 
org.apache.cxf.jaxrs.impl.ResponseImpl.reportMessageHandlerProblem(ResponseImpl.java:439)
 at org.apache.cxf.jaxrs.impl.ResponseImpl.doReadEntity(ResponseImpl.java:390) 
at org.apache.cxf.jaxrs.impl.ResponseImpl.readEntity(ResponseImpl.java:326) at 
org.apache.cxf.jaxrs.impl.ResponseImpl.readEntity(ResponseImpl.java:314) at 
org.apache.syncope.client.lib.RestClientExceptionMapper.checkSyncopeClientCompositeException(RestClientExceptionMapper.java:98)
 at 
org.apache.syncope.client.lib.RestClientExceptionMapper.fromResponse(RestClientExceptionMapper.java:53)
 at 
org.apache.syncope.client.lib.RestClientExceptionMapper.fromResponse(RestClientExceptionMapper.java:42)
 at 
org.apache.cxf.jaxrs.client.ClientProxyImpl.checkResponse(ClientProxyImpl.java:313)
 at 
org.apache.cxf.jaxrs.client.ClientProxyImpl.handleResponse(ClientProxyImpl.java:876)
 at 
org.apache.cxf.jaxrs.client.ClientProxyImpl.doChainedInvocation(ClientProxyImpl.java:789)
 at 
org.apache.cxf.jaxrs.client.ClientProxyImpl.invoke(ClientProxyImpl.java:235) at 
com.sun.proxy.$Proxy641.read(Unknown Source) at 
org.apache.syncope.client.lib.SyncopeClient.self(SyncopeClient.java:132)
Should we modify the 
org.apache.syncope.core.spring.security.SyncopeBasicAuthenticationEntryPoint ? 
(not super because we'd need to handle manually XML and JSON formatting)
Thanks,Adrian

Re: Custom user account locking and password expiration in syncope

2017-09-15 Thread Adrian Gonzalez

Thanks for you answer Francesco
I finished implementing that feature yesterday but on the layer on top of
syncope (based on Spring Sec too with some UserDetailsChecker).
I need to look further at what I could to in the syncope securitycontext.xml
(didn't have time for the moment alas, we're approaching a delivery date).
Cheers,Adrian
Le jeudi 14 septembre 2017 à 09:59:15 UTC+2, Francesco Chicchiriccò
a écrit :

Hi Adrian,
the authentication and authorization process in Syncope (which already
includes some account lockout mechanism, defined via password policies) is
implemented via Spring Security.

The definitions are in

https://github.com/apache/syncope/blob/2_0_X/core/spring/src/main/resources/securityContext.xml

You might want to take a look there for your investigations.

Regards.

On 11/09/2017 17:26, Adrian Gonzalez wrote:

Hello,
I'd need to implement : - user account lockout - password expiration
User account lockout needs to work like this : - when user has made more than
in the last , then the
user-account will be temporarily locked. the account is automatically
unlocked after this (if no failed authentication attempt has
been made in between, otherwise, it's prolongated).
Password expiration needs to work like this: - when the lastPwdChange is more
than then the user needs to change his password before
being able to login.
Both user account (enabled, lockoutPeriod, failedAttempts) and password
expiration settings are specific for each tenant (1 user belonging to each
tenant)
As tenants are dynamic, we're not using Syncope domains for that.
I can implement both of those feature in my own authentication layer (a
wrapper around syncope REST API).
But I'd like to know if it's possible to implement that inside syncope
(perhaps it would be cleaner).
I looked at LogicActions, AccountRuleConf and creating a PasswordPolicy for
each of my tenants, but I don't think it will work. - I cannot compute the
lastFailedLoginDatelastFailedLogin date (i.e. to check if the account must
still be locked).
- once a user is suspended, I cannot automatically reactivate it once
lockoutPeriod has passed (perhaps adding a quartz job, but seems overweight). -
I don't know if the current authentication is a success or a failure (to update
the lastFailedLoginDate)
Perhaps I'm missing something like pre/post authentication hooks that are
able to update the current user and know the status of the current
authentication ?
Thanks, Adrian
--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/

Re: Call /self API with invalid credentials

2017-09-15 Thread Francesco Chicchiriccò


On 15/09/2017 15:17, Adrian Gonzalez wrote:

Hello,

I'm using Syncope 2.0.5.
I'm calling /self REST API with invalid credentials (withcontent-type: 
application/json .)

/self returns HTML code and not a JSON message body.

i.e.
```
curl -X GET \
  http://localhost:9080/syncope/rest/users/self \
  -H 'authorization: Basic YmVsbGluaTpiZWxsaW5pNjY1' \
  -H 'cache-control: no-cache' \
  -H 'content-type: application/json' \
  -H 'postman-token: 477ebc5a-6350-4ba5-a8a2-4d6ecea31712'
```

Returns an HTML error page i.e;
HTTP Status 401 – 
Unauthorized...Message User bellini not 
authenticatedDescription The request has not been 
applied because it lacks valid authentication credentials for the 
target resource.Apache 
Tomcat/8.5.20


Shouldn't it be valid json (since I requested json ?)

The pb is that when I use the syncope client REST API, I get:
2017-09-15 11:17:13.625 -ERROR [http-apr-9080-exec-6] 
org.apache.cxf.jaxrs.utils.JAXRSUtils    : No message body reader has 
been found for class java.util.List, ContentType: text/html;charset=utf-8
2017-09-15 11:17:13.626 -DEBUG [http-apr-9080-exec-6] 
o.a.s.c.lib.RestClientExceptionMapper    : Could not read 
org.apache.syncope.common.lib.to.ErrorTO list, attempting to read 
headers...
javax.ws.rs.client.ResponseProcessingException: No message body reader 
has been found for class java.util.List, ContentType: 
text/html;charset=utf-8
at 
org.apache.cxf.jaxrs.impl.ResponseImpl.reportMessageHandlerProblem(ResponseImpl.java:439)
at 
org.apache.cxf.jaxrs.impl.ResponseImpl.doReadEntity(ResponseImpl.java:390)
at 
org.apache.cxf.jaxrs.impl.ResponseImpl.readEntity(ResponseImpl.java:326)
at 
org.apache.cxf.jaxrs.impl.ResponseImpl.readEntity(ResponseImpl.java:314)
at 
org.apache.syncope.client.lib.RestClientExceptionMapper.checkSyncopeClientCompositeException(RestClientExceptionMapper.java:98)
at 
org.apache.syncope.client.lib.RestClientExceptionMapper.fromResponse(RestClientExceptionMapper.java:53)
at 
org.apache.syncope.client.lib.RestClientExceptionMapper.fromResponse(RestClientExceptionMapper.java:42)
at 
org.apache.cxf.jaxrs.client.ClientProxyImpl.checkResponse(ClientProxyImpl.java:313)
at 
org.apache.cxf.jaxrs.client.ClientProxyImpl.handleResponse(ClientProxyImpl.java:876)
at 
org.apache.cxf.jaxrs.client.ClientProxyImpl.doChainedInvocation(ClientProxyImpl.java:789)
at 
org.apache.cxf.jaxrs.client.ClientProxyImpl.invoke(ClientProxyImpl.java:235)

at com.sun.proxy.$Proxy641.read(Unknown Source)
at 
org.apache.syncope.client.lib.SyncopeClient.self(SyncopeClient.java:132)


Should we modify 
the org.apache.syncope.core.spring.security.SyncopeBasicAuthenticationEntryPoint 
? (not super because we'd need to handle manually XML and JSON formatting)


Hi Adrian,
your proposal makes sense but I remember (not well enough, 
unfortunately) that there were some related issues when attempting to 
change the AuthenticationEntryPoint due to some Spring Security internals.


Anyway, your contribution is more than welcome, as usual!

Regards.

--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/

Re: Call /self API with invalid credentials

2017-09-15 Thread Adrian Gonzalez

 Hi Francesco,
I'll try something - not sure if next week or the one after.In the meantime 
I've quickly developed this class (attached).
It really needs more polishing: - I'd like to do a bridge to 
RestServiceExceptionMapper so we have a central place for error handlig (but 
it's JAX-RS and I'm at servlet layer here). - I'd need to add types and codes 
in ClientExceptionType - I'd need to add the same customisation for 
syncopeAccessDeniedHandler
Thanks,Adrian
Le vendredi 15 septembre 2017 à 15:28:56 UTC+2, Francesco Chicchiriccò 
 a écrit :  
 
  On 15/09/2017 15:17, Adrian Gonzalez wrote:
  
  Hello, 
  I'm using Syncope 2.0.5. I'm calling /self REST API with invalid credentials 
(withcontent-type: application/json .) /self returns HTML code and not a JSON 
message body. 
  i.e.  ```
 curl -X GET \   http://localhost:9080/syncope/rest/users/self \   -H 
'authorization: Basic YmVsbGluaTpiZWxsaW5pNjY1' \   -H 'cache-control: 
no-cache' \   -H 'content-type: application/json' \   -H 'postman-token: 
477ebc5a-6350-4ba5-a8a2-4d6ecea31712'  ```
 
  Returns an HTML error page i.e; HTTP Status 401 – Unauthorized...Message 
User bellini not authenticatedDescription The request has not 
been applied because it lacks valid authentication credentials for the target 
resource.Apache Tomcat/8.5.20 
  Shouldn't it be valid json (since I requested json ?) 
  The pb is that when I use the syncope client REST API, I get:  2017-09-15 
11:17:13.625 -ERROR [http-apr-9080-exec-6] 
org.apache.cxf.jaxrs.utils.JAXRSUtils    : No message body reader has been 
found for class java.util.List, ContentType: text/html;charset=utf-8 2017-09-15 
11:17:13.626 -DEBUG [http-apr-9080-exec-6] 
o.a.s.c.lib.RestClientExceptionMapper    : Could not read 
org.apache.syncope.common.lib.to.ErrorTO list, attempting to read headers... 
javax.ws.rs.client.ResponseProcessingException: No message body reader has been 
found for class java.util.List, ContentType: text/html;charset=utf-8  
atorg.apache.cxf.jaxrs.impl.ResponseImpl.reportMessageHandlerProblem(ResponseImpl.java:439)
  atorg.apache.cxf.jaxrs.impl.ResponseImpl.doReadEntity(ResponseImpl.java:390)  
at org.apache.cxf.jaxrs.impl.ResponseImpl.readEntity(ResponseImpl.java:326)  at 
org.apache.cxf.jaxrs.impl.ResponseImpl.readEntity(ResponseImpl.java:314)  
atorg.apache.syncope.client.lib.RestClientExceptionMapper.checkSyncopeClientCompositeException(RestClientExceptionMapper.java:98)
  
atorg.apache.syncope.client.lib.RestClientExceptionMapper.fromResponse(RestClientExceptionMapper.java:53)
  
atorg.apache.syncope.client.lib.RestClientExceptionMapper.fromResponse(RestClientExceptionMapper.java:42)
  
atorg.apache.cxf.jaxrs.client.ClientProxyImpl.checkResponse(ClientProxyImpl.java:313)
  
atorg.apache.cxf.jaxrs.client.ClientProxyImpl.handleResponse(ClientProxyImpl.java:876)
  
atorg.apache.cxf.jaxrs.client.ClientProxyImpl.doChainedInvocation(ClientProxyImpl.java:789)
  
atorg.apache.cxf.jaxrs.client.ClientProxyImpl.invoke(ClientProxyImpl.java:235)  
at com.sun.proxy.$Proxy641.read(Unknown Source)  at 
org.apache.syncope.client.lib.SyncopeClient.self(SyncopeClient.java:132) 
  Should we modifythe 
org.apache.syncope.core.spring.security.SyncopeBasicAuthenticationEntryPoint ? 
(not super because we'd need to handle manually XML and JSON formatting)  
 
 Hi Adrian,
 your proposal makes sense but I remember (not well enough, unfortunately) that 
there were some related issues when attempting to change the 
AuthenticationEntryPoint due to some Spring Security internals.
 
 Anyway, your contribution is more than welcome, as usual!
 
 Regards.
 -- 
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/   
import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
import static org.springframework.http.MediaType.APPLICATION_XML_VALUE;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;

import org.apache.syncope.common.lib.to.ErrorTO;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.AuthenticationException;

import com.fasterxml.jackson.databind.ObjectMapper;

/**
 * Extend Syncope authenticationEntryPoint to handle JSON or XML exceptions.
 */
public class SyncopeBasicAuthenticationEntryPoint
extends org.apache.syncope.core.spring.security.SyncopeBasicAuthenticationEntryPoint {

private static final Logger LOGGER = LoggerFactory.getLogger(SyncopeBasicAuthenticationEntryPoint.class);

private ObjectMapper objectMapper;

private String realmName;

private JAXBContext jc;

public SyncopeBasicAuthenticationEntryPoin

Re: Scripted SQL Pull Task Error

2017-09-15 Thread Sergio Muriel

Hi Matteo,

please find the scripts attached to this email.

Thank you again!


Best Regards,
Sergio Muriel



From: Matteo Alessandroni 
Sent: Friday, September 15, 2017 2:25 AM
To: user@syncope.apache.org
Subject:

Hi Sergio,

could please add the "SakaiUserSearchScript.groovy" too?
I need to see whether the "eid" field is set correctly and does always return a 
value that will be mapped to "username".

Regards,
Matteo

On 2017-09-14 18:20, Sergio Muriel  wrote:
> Hi Matteo,
>
> please find the screenshots attached to this email.
>
>
> Thank you in advance!
>
>
> PD: If is not pictured then values are by default.
>
> Best Regards,
> Sergio Muriel
>
>
> 
> From: Matteo Alessandroni 
> Sent: Thursday, September 14, 2017 2:23 AM
> To: user@syncope.apache.org
> Subject: Re: Scripted SQL Pull Task Error
>
> Hi Sergio,
>
> At this point could you please attach a screenshot of your mapping and also 
> the Connector and Resource configuration?
>
> Regards,
> Matteo
>
> On 14/09/2017 00:02, Sergio Muriel wrote:
>
> Hi Matteo,
>
>   *   "username" is mapped in my resource. The "Purpose" column for 
> "username" is set to the icon with both pull and push arrows. (That is Sync, 
> I believe).
>   *   All users have a valid non blank username value. Indeed, I checked with 
> a query, and it has been checked also by Sakai itself.
>
> So far I have the same problem. This is what the logs say:
>
> core-persistence.log shows this for each user creation attempt:
> 16:29:19.947 WARN  
> org.apache.syncope.core.persistence.jpa.validation.entity.EntityValidationListener
>  - Bean validation errors found: 
> [ConstraintViolationImpl{rootBean=JPAUser[null], propertyPath='username', 
> message='Blank username', leafBean=JPAUser[null], value=null}]
>
>
> core.log shows this for each user creation attempt:
> 16:26:28.884 ERROR 
> org.apache.syncope.core.provisioning.api.pushpull.SyncopeResultHandler - 
> Could not create USER f84440b0-3cc7-4d83-ae02-951c81faf2e22
> org.apache.syncope.core.persistence.api.attrvalue.validation.InvalidEntityException:
>  JPAUser [Standard]
> at 
> org.apache.syncope.core.persistence.jpa.validation.entity.EntityValidationListener.validate(EntityValidationListener.java:73)
>  ~[syncope-core-persistence-jpa-2.0.4.jar:2.0.4]
> at sun.reflect.GeneratedMethodAccessor517.invoke(Unknown Source) ~[?:?]
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) 
> ~[?:1.8.0_71]
> at java.lang.reflect.Method.invoke(Unknown Source) ~[?:1.8.0_71]
> at 
> org.apache.openjpa.event.BeanLifecycleCallbacks.makeCallback(BeanLifecycleCallbacks.java:85)
>  ~[openjpa-kernel-2.4.2.jar:2.4.2]
> at 
> org.apache.openjpa.persistence.PersistenceListenerAdapter.makeCallback(PersistenceListenerAdapter.java:71)
>  ~[openjpa-persistence-2.4.2.jar:2.4.2]
> at 
> org.apache.openjpa.persistence.PersistenceListenerAdapter.beforePersist(PersistenceListenerAdapter.java:85)
>  ~[openjpa-persistence-2.4.2.jar:2.4.2]
> at 
> org.apache.openjpa.event.LifecycleEventManager.fireEvent(LifecycleEventManager.java:404)
>  ~[openjpa-kernel-2.4.2.jar:2.4.2]
> at 
> org.apache.openjpa.event.LifecycleEventManager.fireEvent(LifecycleEventManager.java:308)
>  ~[openjpa-kernel-2.4.2.jar:2.4.2]
> at 
> org.apache.openjpa.kernel.BrokerImpl.fireLifecycleEvent(BrokerImpl.java:814) 
> ~[openjpa-kernel-2.4.2.jar:2.4.2]
> at 
> org.apache.openjpa.kernel.VersionAttachStrategy.attach(VersionAttachStrategy.java:140)
>  ~[openjpa-kernel-2.4.2.jar:2.4.2]
> at org.apache.openjpa.kernel.AttachManager.attach(AttachManager.java:252) 
> ~[openjpa-kernel-2.4.2.jar:2.4.2]
> at org.apache.openjpa.kernel.AttachManager.attach(AttachManager.java:105) 
> ~[openjpa-kernel-2.4.2.jar:2.4.2]
> at org.apache.openjpa.kernel.BrokerImpl.attach(BrokerImpl.java:3508) 
> ~[openjpa-kernel-2.4.2.jar:2.4.2]
> at 
> org.apache.openjpa.kernel.DelegatingBroker.attach(DelegatingBroker.java:1213) 
> ~[openjpa-kernel-2.4.2.jar:2.4.2]
> at 
> org.apache.openjpa.persistence.EntityManagerImpl.merge(EntityManagerImpl.java:879)
>  ~[openjpa-persistence-2.4.2.jar:2.4.2]
> at 
> org.apache.syncope.core.persistence.jpa.dao.AbstractAnyDAO.save(AbstractAnyDAO.java:543)
>  ~[syncope-core-persistence-jpa-2.0.4.jar:2.0.4]
> at 
> org.apache.syncope.core.persistence.jpa.dao.JPAUserDAO.save(JPAUserDAO.java:437)
>  ~[syncope-core-persistence-jpa-2.0.4.jar:2.0.4]
> at 
> org.apache.syncope.core.persistence.jpa.dao.JPAUserDAO.save(JPAUserDAO.java:84)
>  ~[syncope-core-persistence-jpa-2.0.4.jar:2.0.4]
> at sun.reflect.GeneratedMethodAccessor527.invoke(Unknown Source) ~[?:?]
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) 
> ~[?:1.8.0_71]
> at java.lang.reflect.Method.invoke(Unknown Source) ~[?:1.8.0_71]
> at 
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333)
>  ~[spring-aop-4.3.9.RELEASE.jar:4.3.9.RELEASE]
> at 
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDy

Re: Call /self API with invalid credentials

2017-09-15 Thread Adrian Gonzalez

 btw, the attached file doesn't work with the Syncope client (I forgot to set 
the contentType in the response header I think)
Le vendredi 15 septembre 2017 à 17:12:17 UTC+2, Adrian Gonzalez 
 a écrit :  
 
  Hi Francesco,
I'll try something - not sure if next week or the one after.In the meantime 
I've quickly developed this class (attached).
It really needs more polishing: - I'd like to do a bridge to 
RestServiceExceptionMapper so we have a central place for error handlig (but 
it's JAX-RS and I'm at servlet layer here). - I'd need to add types and codes 
in ClientExceptionType - I'd need to add the same customisation for 
syncopeAccessDeniedHandler
Thanks,Adrian
Le vendredi 15 septembre 2017 à 15:28:56 UTC+2, Francesco Chicchiriccò 
 a écrit :  
 
  On 15/09/2017 15:17, Adrian Gonzalez wrote:
  
  Hello, 
  I'm using Syncope 2.0.5. I'm calling /self REST API with invalid credentials 
(withcontent-type: application/json .) /self returns HTML code and not a JSON 
message body. 
  i.e.  ```
 curl -X GET \   http://localhost:9080/syncope/rest/users/self \   -H 
'authorization: Basic YmVsbGluaTpiZWxsaW5pNjY1' \   -H 'cache-control: 
no-cache' \   -H 'content-type: application/json' \   -H 'postman-token: 
477ebc5a-6350-4ba5-a8a2-4d6ecea31712'  ```
 
  Returns an HTML error page i.e; HTTP Status 401 – Unauthorized...Message 
User bellini not authenticatedDescription The request has not 
been applied because it lacks valid authentication credentials for the target 
resource.Apache Tomcat/8.5.20 
  Shouldn't it be valid json (since I requested json ?) 
  The pb is that when I use the syncope client REST API, I get:  2017-09-15 
11:17:13.625 -ERROR [http-apr-9080-exec-6] 
org.apache.cxf.jaxrs.utils.JAXRSUtils    : No message body reader has been 
found for class java.util.List, ContentType: text/html;charset=utf-8 2017-09-15 
11:17:13.626 -DEBUG [http-apr-9080-exec-6] 
o.a.s.c.lib.RestClientExceptionMapper    : Could not read 
org.apache.syncope.common.lib.to.ErrorTO list, attempting to read headers... 
javax.ws.rs.client.ResponseProcessingException: No message body reader has been 
found for class java.util.List, ContentType: text/html;charset=utf-8  
atorg.apache.cxf.jaxrs.impl.ResponseImpl.reportMessageHandlerProblem(ResponseImpl.java:439)
  atorg.apache.cxf.jaxrs.impl.ResponseImpl.doReadEntity(ResponseImpl.java:390)  
at org.apache.cxf.jaxrs.impl.ResponseImpl.readEntity(ResponseImpl.java:326)  at 
org.apache.cxf.jaxrs.impl.ResponseImpl.readEntity(ResponseImpl.java:314)  
atorg.apache.syncope.client.lib.RestClientExceptionMapper.checkSyncopeClientCompositeException(RestClientExceptionMapper.java:98)
  
atorg.apache.syncope.client.lib.RestClientExceptionMapper.fromResponse(RestClientExceptionMapper.java:53)
  
atorg.apache.syncope.client.lib.RestClientExceptionMapper.fromResponse(RestClientExceptionMapper.java:42)
  
atorg.apache.cxf.jaxrs.client.ClientProxyImpl.checkResponse(ClientProxyImpl.java:313)
  
atorg.apache.cxf.jaxrs.client.ClientProxyImpl.handleResponse(ClientProxyImpl.java:876)
  
atorg.apache.cxf.jaxrs.client.ClientProxyImpl.doChainedInvocation(ClientProxyImpl.java:789)
  
atorg.apache.cxf.jaxrs.client.ClientProxyImpl.invoke(ClientProxyImpl.java:235)  
at com.sun.proxy.$Proxy641.read(Unknown Source)  at 
org.apache.syncope.client.lib.SyncopeClient.self(SyncopeClient.java:132) 
  Should we modifythe 
org.apache.syncope.core.spring.security.SyncopeBasicAuthenticationEntryPoint ? 
(not super because we'd need to handle manually XML and JSON formatting)  
 
 Hi Adrian,
 your proposal makes sense but I remember (not well enough, unfortunately) that 
there were some related issues when attempting to change the 
AuthenticationEntryPoint due to some Spring Security internals.
 
 Anyway, your contribution is more than welcome, as usual!
 
 Regards.
 -- 
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/

Re: Scripted SQL Pull Task Error

2017-09-15 Thread Matteo Alessandroni


Hi Sergio,

could you please add a little piece of the result of your query:

SELECT * FROM sakai_user u, sakai_user_id_map m WHERE u.USER_ID = 
m.USER_ID ...


from your "SakaiUserSearchScript.groovy" script?
Also please check that your mysql is case insensitive, otherwise ensure 
that "it.eid" values are always set.


Regards,
Matteo



On 15/09/2017 17:17, Sergio Muriel wrote:


Hi Matteo,

please find the scripts attached to this email.

Thank you again!



Best Regards,
Sergio Muriel



*From:* Matteo Alessandroni 
*Sent:* Friday, September 15, 2017 2:25 AM
*To:* user@syncope.apache.org
*Subject:*
Hi Sergio,

could please add the "SakaiUserSearchScript.groovy" too?
I need to see whether the "eid" field is set correctly and does always 
return a value that will be mapped to "username".


Regards,
Matteo

On 2017-09-14 18:20, Sergio Muriel  wrote:
> Hi Matteo,
>
> please find the screenshots attached to this email.
>
>
> Thank you in advance!
>
>
> PD: If is not pictured then values are by default.
>
> Best Regards,
> Sergio Muriel
>
>
> 
> From: Matteo Alessandroni 
> Sent: Thursday, September 14, 2017 2:23 AM
> To: user@syncope.apache.org
> Subject: Re: Scripted SQL Pull Task Error
>
> Hi Sergio,
>
> At this point could you please attach a screenshot of your mapping 
and also the Connector and Resource configuration?

>
> Regards,
> Matteo
>
> On 14/09/2017 00:02, Sergio Muriel wrote:
>
> Hi Matteo,
>
>   *   "username" is mapped in my resource. The "Purpose" column for 
"username" is set to the icon with both pull and push arrows. (That is 
Sync, I believe).
>   *   All users have a valid non blank username value. Indeed, I 
checked with a query, and it has been checked also by Sakai itself.

>
> So far I have the same problem. This is what the logs say:
>
> core-persistence.log shows this for each user creation attempt:
> 16:29:19.947 WARN 
org.apache.syncope.core.persistence.jpa.validation.entity.EntityValidationListener 
- Bean validation errors found: 
[ConstraintViolationImpl{rootBean=JPAUser[null], 
propertyPath='username', message='Blank username', 
leafBean=JPAUser[null], value=null}]

>
>
> core.log shows this for each user creation attempt:
> 16:26:28.884 ERROR 
org.apache.syncope.core.provisioning.api.pushpull.SyncopeResultHandler 
- Could not create USER f84440b0-3cc7-4d83-ae02-951c81faf2e22
> 
org.apache.syncope.core.persistence.api.attrvalue.validation.InvalidEntityException: 
JPAUser [Standard]
> at 
org.apache.syncope.core.persistence.jpa.validation.entity.EntityValidationListener.validate(EntityValidationListener.java:73) 
~[syncope-core-persistence-jpa-2.0.4.jar:2.0.4]

> at sun.reflect.GeneratedMethodAccessor517.invoke(Unknown Source) ~[?:?]
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) 
~[?:1.8.0_71]

> at java.lang.reflect.Method.invoke(Unknown Source) ~[?:1.8.0_71]
> at 
org.apache.openjpa.event.BeanLifecycleCallbacks.makeCallback(BeanLifecycleCallbacks.java:85) 
~[openjpa-kernel-2.4.2.jar:2.4.2]
> at 
org.apache.openjpa.persistence.PersistenceListenerAdapter.makeCallback(PersistenceListenerAdapter.java:71) 
~[openjpa-persistence-2.4.2.jar:2.4.2]
> at 
org.apache.openjpa.persistence.PersistenceListenerAdapter.beforePersist(PersistenceListenerAdapter.java:85) 
~[openjpa-persistence-2.4.2.jar:2.4.2]
> at 
org.apache.openjpa.event.LifecycleEventManager.fireEvent(LifecycleEventManager.java:404) 
~[openjpa-kernel-2.4.2.jar:2.4.2]
> at 
org.apache.openjpa.event.LifecycleEventManager.fireEvent(LifecycleEventManager.java:308) 
~[openjpa-kernel-2.4.2.jar:2.4.2]
> at 
org.apache.openjpa.kernel.BrokerImpl.fireLifecycleEvent(BrokerImpl.java:814) 
~[openjpa-kernel-2.4.2.jar:2.4.2]
> at 
org.apache.openjpa.kernel.VersionAttachStrategy.attach(VersionAttachStrategy.java:140) 
~[openjpa-kernel-2.4.2.jar:2.4.2]
> at 
org.apache.openjpa.kernel.AttachManager.attach(AttachManager.java:252) 
~[openjpa-kernel-2.4.2.jar:2.4.2]
> at 
org.apache.openjpa.kernel.AttachManager.attach(AttachManager.java:105) 
~[openjpa-kernel-2.4.2.jar:2.4.2]
> at org.apache.openjpa.kernel.BrokerImpl.attach(BrokerImpl.java:3508) 
~[openjpa-kernel-2.4.2.jar:2.4.2]
> at 
org.apache.openjpa.kernel.DelegatingBroker.attach(DelegatingBroker.java:1213) 
~[openjpa-kernel-2.4.2.jar:2.4.2]
> at 
org.apache.openjpa.persistence.EntityManagerImpl.merge(EntityManagerImpl.java:879) 
~[openjpa-persistence-2.4.2.jar:2.4.2]
> at 
org.apache.syncope.core.persistence.jpa.dao.AbstractAnyDAO.save(AbstractAnyDAO.java:543) 
~[syncope-core-persistence-jpa-2.0.4.jar:2.0.4]
> at 
org.apache.syncope.core.persistence.jpa.dao.JPAUserDAO.save(JPAUserDAO.java:437) 
~[syncope-core-persistence-jpa-2.0.4.jar:2.0.4]
> at 
org.apache.syncope.core.persistence.jpa.dao.JPAUserDAO.save(JPAUserDAO.java:84) 
~[syncope-core-persistence-jpa-2.0.4.jar:2.0.4]

> at sun.reflect.GeneratedMethodAccessor527.invoke(Unknown Source) ~[?:?]
> at sun.ref

Re: Scripted SQL Pull Task Error

2017-09-15 Thread Sergio Muriel

Hi Matteo,

Sure!


SELECT * FROM sakai_user u, sakai_user_id_map m WHERE u.USER_ID = m.USER_ID


"USER_ID"; "EMAIL"; "EMAIL_LC"; "FIRST_NAME";"LAST_NAME";"TYPE"; "PW"; 
"CREATEDBY"; "MODIFIEDBY"; "CREATEDON"; "MODIFIEDON"; "USER_ID"; "EID"
"-62e7-425e-be28-12345678abcd"; "sampl...@abc.com"; "sampl...@abc.com"; 
"Vi"; "Du"; "guest"; "pRCclQ==:KzTo0T9rfw45tgrsegfdCh/x3QJu/kragzJi4a8tCNk="; 
"admin"; "admin"; "2016-08-08 14:04:53"; "2017-07-29 03:46:08"; 
"-62e7-425e-be28-12345678abcd"; "987854"
"-54ae-418e-95ce-12345678abcd"; "sampl...@abc.com"; "sampl...@abc.com"; 
"Bar"; "Than"; "guest"; 
"pfAqaw==:wx5Wc/M5msdfgdffsdffgf+mGPSSiFzs/omJF+wIFYU="; "admin"; "admin"; 
"2015-02-17 15:54:17"; "2017-07-29 03:44:55"; 
"-54ae-418e-95ce-12345678abcd"; "987655"
"-20e7-4905-b044-12345678abcd"; "sampl...@abc.com"; "sampl...@abc.com"; 
"Joseph"; "Donovan"; "guest"; 
"psLZjA==:pNYul7adfadfadfasdfadssaPEIPTzrFLPdxC346gro="; 
"-f21d-4179-85e5-12345678abcd"; "-20e7-4905-b044-12345678abcd"; 
"2013-04-01 14:05:11"; "2013-04-02 14:47:23"; 
"-20e7-4905-b044-12345678abcd"; "987656"
"-9e65-41ce-a434-12345678abcd"; "sampl...@abc.com"; "sampl...@abc.com"; 
"Habibah"; "Assisi"; "guest"; 
"AvC7MQ==:2WCl8JQTasdfafeg452fgsgr45gsfsdg+XOMOUCLcfQ="; 
"-f21d-4179-85e5-12345678abcd"; "-f21d-4179-85e5-12345678abcd"; 
"2013-08-26 19:42:24"; "2013-08-26 19:42:24"; 
"-9e65-41ce-a434-12345678abcd"; "987657"
"-f75c-42df-beaf-12345678abcd"; "sampl...@abc.com"; "sampl...@abc.com"; 
"Keith"; "Roberts"; "guest"; 
"k/R8Mg==:vyM1Adfgsdfgsdget4563457tryeetyr1xSAHJXcqWk="; 
"-f21d-4179-85e5-12345678abcd"; "-fe13-4bcc-84a7-12345678abcd"; 
"2015-03-30 22:34:04"; "2017-05-06 13:09:25"; 
"-f75c-42df-beaf-12345678abcd"; "987658"


...

/* Affected rows: 0  Found rows: 5,103  Warnings: 0  Duration for 1 query: 
0.000 sec. (+ 0.125 sec. network) */


Yes, my MySQL is case insensitive.
SELECT *,m.EID FROM .
and
SELECT *,m.eid FROM .
both work the same.

Best Regards,
Sergio Muriel



From: Matteo Alessandroni 
Sent: Friday, September 15, 2017 10:45 AM
To: user@syncope.apache.org
Subject: Re: Scripted SQL Pull Task Error

Hi Sergio,

could you please add a little piece of the result of your query:

SELECT * FROM sakai_user u, sakai_user_id_map m WHERE u.USER_ID = m.USER_ID ...

from your "SakaiUserSearchScript.groovy" script?
Also please check that your mysql is case insensitive, otherwise ensure that 
"it.eid" values are always set.

Regards,
Matteo



On 15/09/2017 17:17, Sergio Muriel wrote:

Hi Matteo,

please find the scripts attached to this email.

Thank you again!


Best Regards,
Sergio Muriel



From: Matteo Alessandroni 
Sent: Friday, September 15, 2017 2:25 AM
To: user@syncope.apache.org
Subject:

Hi Sergio,

could please add the "SakaiUserSearchScript.groovy" too?
I need to see whether the "eid" field is set correctly and does always return a 
value that will be mapped to "username".

Regards,
Matteo

On 2017-09-14 18:20, Sergio Muriel 
 wrote:
> Hi Matteo,
>
> please find the screenshots attached to this email.
>
>
> Thank you in advance!
>
>
> PD: If is not pictured then values are by default.
>
> Best Regards,
> Sergio Muriel
>
>
> 
> From: Matteo Alessandroni 
> 
> Sent: Thursday, September 14, 2017 2:23 AM
> To: user@syncope.apache.org
> Subject: Re: Scripted SQL Pull Task Error
>
> Hi Sergio,
>
> At this point could you please attach a screenshot of your mapping and also 
> the Connector and Resource configuration?
>
> Regards,
> Matteo
>
> On 14/09/2017 00:02, Sergio Muriel wrote:
>
> Hi Matteo,
>
>   *   "username" is mapped in my resource. The "Purpose" column for 
> "username" is set to the icon with both pull and push arrows. (That is Sync, 
> I believe).
>   *   All users have a valid non blank username value. Indeed, I checked with 
> a query, and it has been checked also by Sakai itself.
>
> So far I have the same problem. This is what the logs say:
>
> core-persistence.log shows this for each user creation attempt:
> 16:29:19.947 WARN  
> org.apache.syncope.core.persistence.jpa.validation.entity.EntityValidationListener
>  - Bean validation errors found: 
> [ConstraintViolationImpl{rootBean=JPAUser[null], propertyPath='username', 
> message='Blank username', leafBean=JPAUser[null], value=null}]
>
>
> core.log shows this for each user creation attempt:
> 16:26:28.884 ERROR 
> org.apache.syncope.core.provisioning.api.pushpull.SyncopeResultHandler - 
> Could not create USER f84440b0-3cc7-4d83-ae02-951c81faf2e22
> org.apache.syncope.core.persistence.api.attrvalue.validation.InvalidEntityException:
>  JPAUser [Standard]
> at 
> org.apache.syncope.core

[no subject]

Call /self API with invalid credentials

Re: Custom user account locking and password expiration in syncope

Re: Call /self API with invalid credentials

Re: Call /self API with invalid credentials

Re: Scripted SQL Pull Task Error

Re: Call /self API with invalid credentials

Re: Scripted SQL Pull Task Error

Re: Scripted SQL Pull Task Error

9 matches

Site Navigation

Mail list logo

Footer information