You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2013/04/24 15:29:39 UTC
svn commit: r1471403 - in /syncope/branches/1_1_X/core/src:
main/java/org/apache/syncope/core/propagation/impl/
main/java/org/apache/syncope/core/util/
test/java/org/apache/syncope/core/rest/
Author: ilgrosso
Date: Wed Apr 24 13:29:39 2013
New Revision: 1471403
URL: http://svn.apache.org/r1471403
Log:
[SYNCOPE-354] ResourceOperation.DELETE not always resolve to delete() on connector, it might also become update() - removing the condition from LDAPMembershipSyncActions
Modified:
syncope/branches/1_1_X/core/src/main/java/org/apache/syncope/core/propagation/impl/LDAPMembershipPropagationActions.java
syncope/branches/1_1_X/core/src/main/java/org/apache/syncope/core/util/URIUtil.java
syncope/branches/1_1_X/core/src/test/java/org/apache/syncope/core/rest/UserTestITCase.java
Modified: syncope/branches/1_1_X/core/src/main/java/org/apache/syncope/core/propagation/impl/LDAPMembershipPropagationActions.java
URL: http://svn.apache.org/viewvc/syncope/branches/1_1_X/core/src/main/java/org/apache/syncope/core/propagation/impl/LDAPMembershipPropagationActions.java?rev=1471403&r1=1471402&r2=1471403&view=diff
==============================================================================
--- syncope/branches/1_1_X/core/src/main/java/org/apache/syncope/core/propagation/impl/LDAPMembershipPropagationActions.java (original)
+++ syncope/branches/1_1_X/core/src/main/java/org/apache/syncope/core/propagation/impl/LDAPMembershipPropagationActions.java Wed Apr 24 13:29:39 2013
@@ -27,7 +27,6 @@ import org.apache.commons.jexl2.JexlCont
import org.apache.commons.jexl2.MapContext;
import org.apache.commons.lang.StringUtils;
import org.apache.syncope.common.types.AttributableType;
-import org.apache.syncope.common.types.ResourceOperation;
import org.apache.syncope.core.persistence.beans.PropagationTask;
import org.apache.syncope.core.persistence.beans.role.SyncopeRole;
import org.apache.syncope.core.persistence.beans.user.SyncopeUser;
@@ -45,7 +44,7 @@ import org.springframework.transaction.a
/**
* Simple action for propagating role memberships to LDAP groups, when the same resource is configured for both users
* and roles.
- *
+ *
* @see org.apache.syncope.core.sync.impl.LDAPMembershipSyncActions
*/
public class LDAPMembershipPropagationActions extends DefaultPropagationActions {
@@ -72,36 +71,30 @@ public class LDAPMembershipPropagationAc
public void before(final PropagationTask task, final ConnectorObject beforeObj) {
super.before(task, beforeObj);
- if (ResourceOperation.DELETE != task.getPropagationOperation()
- && AttributableType.USER == task.getSubjectType() && task.getResource().getRmapping() != null) {
-
+ if (AttributableType.USER == task.getSubjectType() && task.getResource().getRmapping() != null) {
SyncopeUser user = userDAO.find(task.getSubjectId());
- if (user == null) {
- throw new IllegalArgumentException("User " + task.getSubjectId() + " not found");
- }
-
- List<String> roleAccountLinks = new ArrayList<String>();
- for (SyncopeRole role : user.getRoles()) {
- if (role.getResourceNames().contains(task.getResource().getName())
- && StringUtils.isNotBlank(task.getResource().getRmapping().getAccountLink())) {
-
- LOG.debug("Evaluating accountLink for {}", role);
-
- final JexlContext jexlContext = new MapContext();
- jexlUtil.addFieldsToContext(role, jexlContext);
- jexlUtil.addAttrsToContext(role.getAttributes(), jexlContext);
- jexlUtil.addDerAttrsToContext(role.getDerivedAttributes(), role.getAttributes(), jexlContext);
- final String roleAccountLink = jexlUtil.evaluate(task.getResource().getRmapping().getAccountLink(),
- jexlContext);
- LOG.debug("AccountLink for {} is '{}'", role, roleAccountLink);
- if (StringUtils.isNotBlank(roleAccountLink)) {
- roleAccountLinks.add(roleAccountLink);
+ if (user != null) {
+ List<String> roleAccountLinks = new ArrayList<String>();
+ for (SyncopeRole role : user.getRoles()) {
+ if (role.getResourceNames().contains(task.getResource().getName())
+ && StringUtils.isNotBlank(task.getResource().getRmapping().getAccountLink())) {
+
+ LOG.debug("Evaluating accountLink for {}", role);
+
+ final JexlContext jexlContext = new MapContext();
+ jexlUtil.addFieldsToContext(role, jexlContext);
+ jexlUtil.addAttrsToContext(role.getAttributes(), jexlContext);
+ jexlUtil.addDerAttrsToContext(role.getDerivedAttributes(), role.getAttributes(), jexlContext);
+ final String roleAccountLink =
+ jexlUtil.evaluate(task.getResource().getRmapping().getAccountLink(), jexlContext);
+ LOG.debug("AccountLink for {} is '{}'", role, roleAccountLink);
+ if (StringUtils.isNotBlank(roleAccountLink)) {
+ roleAccountLinks.add(roleAccountLink);
+ }
}
}
- }
- LOG.debug("Role accountLinks to propagate for membership: {}", roleAccountLinks);
+ LOG.debug("Role accountLinks to propagate for membership: {}", roleAccountLinks);
- if (!roleAccountLinks.isEmpty()) {
Set<Attribute> attributes = new HashSet<Attribute>(task.getAttributes());
attributes.add(AttributeBuilder.build(getGroupMembershipAttrName(), roleAccountLinks));
task.setAttributes(attributes);
Modified: syncope/branches/1_1_X/core/src/main/java/org/apache/syncope/core/util/URIUtil.java
URL: http://svn.apache.org/viewvc/syncope/branches/1_1_X/core/src/main/java/org/apache/syncope/core/util/URIUtil.java?rev=1471403&r1=1471402&r2=1471403&view=diff
==============================================================================
--- syncope/branches/1_1_X/core/src/main/java/org/apache/syncope/core/util/URIUtil.java (original)
+++ syncope/branches/1_1_X/core/src/main/java/org/apache/syncope/core/util/URIUtil.java Wed Apr 24 13:29:39 2013
@@ -43,14 +43,14 @@ public final class URIUtil {
public static URI buildForConnId(final String location) throws MalformedURLException, URISyntaxException {
final String candidate = location.trim();
- if (!location.startsWith("file:")
- && !location.startsWith("connid:") && !location.startsWith("connids:")) {
+ if (!candidate.startsWith("file:")
+ && !candidate.startsWith("connid:") && !candidate.startsWith("connids:")) {
throw new IllegalArgumentException(candidate + " is not a valid URI for file or connid(s) schemes");
}
URI uri;
- if (location.startsWith("file:")) {
+ if (candidate.startsWith("file:")) {
uri = new File(new URL(candidate).getFile()).getAbsoluteFile().toURI();
} else {
uri = new URI(candidate);
Modified: syncope/branches/1_1_X/core/src/test/java/org/apache/syncope/core/rest/UserTestITCase.java
URL: http://svn.apache.org/viewvc/syncope/branches/1_1_X/core/src/test/java/org/apache/syncope/core/rest/UserTestITCase.java?rev=1471403&r1=1471402&r2=1471403&view=diff
==============================================================================
--- syncope/branches/1_1_X/core/src/test/java/org/apache/syncope/core/rest/UserTestITCase.java (original)
+++ syncope/branches/1_1_X/core/src/test/java/org/apache/syncope/core/rest/UserTestITCase.java Wed Apr 24 13:29:39 2013
@@ -18,6 +18,7 @@
*/
package org.apache.syncope.core.rest;
+import static org.apache.syncope.core.rest.AbstractTest.getUUIDString;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotEquals;
@@ -47,6 +48,7 @@ import org.apache.syncope.common.to.Bulk
import org.apache.syncope.common.to.BulkActionRes.Status;
import org.apache.syncope.common.to.ConfigurationTO;
import org.apache.syncope.common.to.ConnObjectTO;
+import org.apache.syncope.common.to.MappingItemTO;
import org.apache.syncope.common.to.MembershipTO;
import org.apache.syncope.common.to.PasswordPolicyTO;
import org.apache.syncope.common.to.PolicyTO;
@@ -54,6 +56,7 @@ import org.apache.syncope.common.to.Prop
import org.apache.syncope.common.to.PropagationStatusTO;
import org.apache.syncope.common.to.PropagationTaskTO;
import org.apache.syncope.common.to.ResourceTO;
+import org.apache.syncope.common.to.RoleTO;
import org.apache.syncope.common.to.UserTO;
import org.apache.syncope.common.to.WorkflowFormPropertyTO;
import org.apache.syncope.common.to.WorkflowFormTO;
@@ -560,7 +563,7 @@ public class UserTestITCase extends Abst
Assume.assumeTrue(ActivitiDetector.isActivitiEnabledForUsers());
UserTO userTO = getUniqueSampleTO("createWithReject@syncope.apache.org");
- userTO.addResource("resource-testdb");
+ userTO.addResource(RESOURCE_NAME_TESTDB);
// User with role 9 are defined in workflow as subject to approval
MembershipTO membershipTO = new MembershipTO();
@@ -2119,6 +2122,66 @@ public class UserTestITCase extends Abst
assertEquals(1, res.getResultByStatus(Status.FAILURE).size());
}
+ @Test
+ public void issueSYNCOPE354() {
+ // change resource-ldap role mapping for including uniqueMember (need for assertions below)
+ ResourceTO ldap = resourceService.read(RESOURCE_NAME_LDAP);
+ for (MappingItemTO item : ldap.getRmapping().getItems()) {
+ if ("description".equals(item.getExtAttrName())) {
+ item.setExtAttrName("uniqueMember");
+ }
+ }
+ resourceService.update(ldap.getName(), ldap);
+
+ // 1. create role with LDAP resource
+ RoleTO roleTO = new RoleTO();
+ roleTO.setName("SYNCOPE354-" + getUUIDString());
+ roleTO.setParent(8L);
+ roleTO.addResource(RESOURCE_NAME_LDAP);
+
+ roleTO = createRole(roleService, roleTO);
+ assertNotNull(roleTO);
+
+ // 2. create user with LDAP resource and membership of the above role
+ UserTO userTO = getUniqueSampleTO("syncope354@syncope.apache.org");
+ userTO.addResource(RESOURCE_NAME_LDAP);
+ MembershipTO membershipTO = new MembershipTO();
+ membershipTO.setRoleId(roleTO.getId());
+ userTO.addMembership(membershipTO);
+
+ userTO = createUser(userTO);
+ assertTrue(userTO.getResources().contains(RESOURCE_NAME_LDAP));
+
+ // 3. read role on resource, check that user DN is included in uniqueMember
+ ConnObjectTO connObj =
+ resourceService.getConnectorObject(RESOURCE_NAME_LDAP, AttributableType.ROLE, roleTO.getId());
+ assertNotNull(connObj);
+ assertTrue(connObj.getAttributeMap().get("uniqueMember").getValues().
+ contains("uid=" + userTO.getUsername() + ",ou=people,o=isp"));
+
+ // 4. remove membership
+ UserMod userMod = new UserMod();
+ userMod.setId(userTO.getId());
+ userMod.addMembershipToBeRemoved(userTO.getMemberships().iterator().next().getId());
+
+ userTO = userService.update(userMod.getId(), userMod);
+ assertTrue(userTO.getResources().contains(RESOURCE_NAME_LDAP));
+
+ // 5. read role on resource, check that user DN was removed from uniqueMember
+ connObj = resourceService.getConnectorObject(RESOURCE_NAME_LDAP, AttributableType.ROLE, roleTO.getId());
+ assertNotNull(connObj);
+ assertFalse(connObj.getAttributeMap().get("uniqueMember").getValues().
+ contains("uid=" + userTO.getUsername() + ",ou=people,o=isp"));
+
+ // 6. restore original resource-ldap role mapping
+ for (MappingItemTO item : ldap.getRmapping().getItems()) {
+ if ("uniqueMember".equals(item.getExtAttrName())) {
+ item.setExtAttrName("description");
+ }
+ }
+ resourceService.update(ldap.getName(), ldap);
+ }
+
private boolean getBooleanAttribute(ConnObjectTO connObjectTO, String attrName) {
return Boolean.parseBoolean(getStringAttribute(connObjectTO, attrName));
}