You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2013/11/07 17:40:03 UTC
svn commit: r1539708 - in /syncope/trunk/core/src:
main/java/org/apache/syncope/core/security/SyncopeAuthenticationProvider.java
main/resources/content.xml
test/java/org/apache/syncope/core/rest/AuthenticationTestITCase.java
test/resources/content.xml
Author: ilgrosso
Date: Thu Nov 7 16:40:03 2013
New Revision: 1539708
URL: http://svn.apache.org/r1539708
Log:
[SYNCOPE-434] Merge from 1_1_X
Modified:
syncope/trunk/core/src/main/java/org/apache/syncope/core/security/SyncopeAuthenticationProvider.java
syncope/trunk/core/src/main/resources/content.xml
syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/AuthenticationTestITCase.java
syncope/trunk/core/src/test/resources/content.xml
Modified: syncope/trunk/core/src/main/java/org/apache/syncope/core/security/SyncopeAuthenticationProvider.java
URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/main/java/org/apache/syncope/core/security/SyncopeAuthenticationProvider.java?rev=1539708&r1=1539707&r2=1539708&view=diff
==============================================================================
--- syncope/trunk/core/src/main/java/org/apache/syncope/core/security/SyncopeAuthenticationProvider.java (original)
+++ syncope/trunk/core/src/main/java/org/apache/syncope/core/security/SyncopeAuthenticationProvider.java Thu Nov 7 16:40:03 2013
@@ -20,12 +20,15 @@ package org.apache.syncope.core.security
import java.util.Date;
import javax.annotation.Resource;
+import org.apache.commons.lang3.ArrayUtils;
import org.apache.syncope.common.types.AuditElements.AuthenticationSubCategory;
import org.apache.syncope.common.types.AuditElements.Category;
import org.apache.syncope.common.types.AuditElements.Result;
import org.apache.syncope.common.types.CipherAlgorithm;
import org.apache.syncope.core.audit.AuditManager;
+import org.apache.syncope.core.persistence.beans.SyncopeConf;
import org.apache.syncope.core.persistence.beans.user.SyncopeUser;
+import org.apache.syncope.core.persistence.dao.ConfDAO;
import org.apache.syncope.core.persistence.dao.UserDAO;
import org.apache.syncope.core.util.PasswordEncoder;
import org.slf4j.Logger;
@@ -52,6 +55,9 @@ public class SyncopeAuthenticationProvid
private AuditManager auditManager;
@Autowired
+ private ConfDAO confDAO;
+
+ @Autowired
private UserDAO userDAO;
@Resource(name = "adminUser")
@@ -112,10 +118,19 @@ public class SyncopeAuthenticationProvid
} else {
user = userDAO.find(username);
- if (user != null && user.isSuspended() != null) {
- if (user.isSuspended()) {
+ if (user != null) {
+ if (user.isSuspended() != null && user.isSuspended()) {
throw new DisabledException("User " + user.getUsername() + " is suspended");
}
+
+ SyncopeConf authStatuses = confDAO.find("authentication.statuses", null);
+ if (authStatuses != null) {
+ String[] statuses = authStatuses.getValue().split("\\|");
+ if (!ArrayUtils.contains(statuses, user.getStatus())) {
+ throw new DisabledException("User " + user.getUsername() + " not allowed to authenticate");
+ }
+ }
+
authenticated = authenticate(
authentication.getCredentials().toString(),
user.getCipherAlgorithm(),
Modified: syncope/trunk/core/src/main/resources/content.xml
URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/main/resources/content.xml?rev=1539708&r1=1539707&r2=1539708&view=diff
==============================================================================
--- syncope/trunk/core/src/main/resources/content.xml (original)
+++ syncope/trunk/core/src/main/resources/content.xml Thu Nov 7 16:40:03 2013
@@ -30,6 +30,8 @@ under the License.
<SyncopeConf confKey="token.expireTime" confValue="60"/>
<SyncopeConf confKey="selfRegistration.allowed" confValue="true"/>
<SyncopeConf confKey="notification.maxRetries" confValue="0"/>
+ <!-- when needing to provide more values, use '|' as separator and no spaces -->
+ <SyncopeConf confKey="authentication.statuses" confValue="active"/>
<!-- Authentication and authorization -->
<Entitlement name="SCHEMA_LIST"/>
Modified: syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/AuthenticationTestITCase.java
URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/AuthenticationTestITCase.java?rev=1539708&r1=1539707&r2=1539708&view=diff
==============================================================================
--- syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/AuthenticationTestITCase.java (original)
+++ syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/AuthenticationTestITCase.java Thu Nov 7 16:40:03 2013
@@ -27,6 +27,7 @@ import static org.junit.Assert.fail;
import java.security.AccessControlException;
import java.util.HashSet;
import java.util.List;
+import java.util.Map;
import java.util.Set;
import javax.ws.rs.core.Response;
@@ -35,6 +36,7 @@ import org.apache.syncope.common.mod.Sta
import org.apache.syncope.common.search.AttributeCond;
import org.apache.syncope.common.search.NodeCond;
+import org.apache.syncope.common.services.EntitlementService;
import org.apache.syncope.common.services.InvalidSearchConditionException;
import org.apache.syncope.common.services.SchemaService;
import org.apache.syncope.common.services.UserService;
@@ -44,12 +46,16 @@ import org.apache.syncope.common.to.Memb
import org.apache.syncope.common.to.RoleTO;
import org.apache.syncope.common.to.SchemaTO;
import org.apache.syncope.common.to.UserTO;
+import org.apache.syncope.common.to.WorkflowFormPropertyTO;
+import org.apache.syncope.common.to.WorkflowFormTO;
import org.apache.syncope.common.types.AttributableType;
import org.apache.syncope.common.types.AttributeSchemaType;
import org.apache.syncope.common.types.SchemaType;
import org.apache.syncope.common.types.ClientExceptionType;
import org.apache.syncope.common.util.CollectionWrapper;
import org.apache.syncope.common.validation.SyncopeClientException;
+import org.apache.syncope.core.workflow.ActivitiDetector;
+import org.junit.Assume;
import org.junit.FixMethodOrder;
import org.junit.Test;
import org.junit.runners.MethodSorters;
@@ -356,4 +362,42 @@ public class AuthenticationTestITCase ex
role1User = response.readEntity(UserTO.class);
assertNotNull(role1User);
}
+
+ @Test
+ public void issueSYNCOPE434() {
+ Assume.assumeTrue(ActivitiDetector.isActivitiEnabledForUsers());
+
+ // 1. create user with role 9 (users with role 9 are defined in workflow as subject to approval)
+ UserTO userTO = UserTestITCase.getUniqueSampleTO("createWithReject@syncope.apache.org");
+ MembershipTO membershipTO = new MembershipTO();
+ membershipTO.setRoleId(9L);
+ userTO.getMemberships().add(membershipTO);
+
+ userTO = createUser(userTO);
+ assertNotNull(userTO);
+ assertEquals("createApproval", userTO.getStatus());
+
+ // 2. try to authenticate: fail
+ EntitlementService myEntitlementService = clientFactory.create(userTO.getUsername(), "password123").
+ getService(EntitlementService.class);
+ try {
+ myEntitlementService.getOwnEntitlements();
+ fail();
+ } catch (AccessControlException e) {
+ assertNotNull(e);
+ }
+
+ // 3. approve user
+ WorkflowFormTO form = userWorkflowService.getFormForUser(userTO.getId());
+ form = userWorkflowService.claimForm(form.getTaskId());
+ Map<String, WorkflowFormPropertyTO> props = form.getPropertyMap();
+ props.get("approve").setValue(Boolean.TRUE.toString());
+ form.setProperties(props.values());
+ userTO = userWorkflowService.submitForm(form);
+ assertNotNull(userTO);
+ assertEquals("active", userTO.getStatus());
+
+ // 4. try to authenticate again: success
+ assertNotNull(myEntitlementService.getOwnEntitlements());
+ }
}
Modified: syncope/trunk/core/src/test/resources/content.xml
URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/test/resources/content.xml?rev=1539708&r1=1539707&r2=1539708&view=diff
==============================================================================
--- syncope/trunk/core/src/test/resources/content.xml (original)
+++ syncope/trunk/core/src/test/resources/content.xml Thu Nov 7 16:40:03 2013
@@ -30,6 +30,8 @@ under the License.
<SyncopeConf confKey="token.expireTime" confValue="60"/>
<SyncopeConf confKey="selfRegistration.allowed" confValue="true"/>
<SyncopeConf confKey="notification.maxRetries" confValue="3"/>
+ <!-- when needing to provide more values, use '|' as separator and no spaces -->
+ <SyncopeConf confKey="authentication.statuses" confValue="active"/>
<!-- sample policies -->
<Policy DTYPE="SyncPolicy" id="1" description="sync policy 1" type="GLOBAL_SYNC" specification="%3Corg.apache.syncope.common.types.SyncPolicySpec%2F%3E"/>